This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
[Ada] [3.1] Remove buffer overflow in __gnat_tmp_name
- From: Florian Weimer <fw at deneb dot enyo dot de>
- To: gcc-patches at gcc dot gnu dot org
- Cc: dewar at gnat dot com
- Date: Sat, 20 Apr 2002 21:36:40 +0200
- Subject: [Ada] [3.1] Remove buffer overflow in __gnat_tmp_name
The patch below is a minimal one which removes the buffer overflow bug
on GNU/Linux mentioned in PR ada/5903.
It's not a real solution (especially if we want to port GNAT to The
Hurd one day, where no proper path length limit exists), but for the
3.1 release, it will do.
(Note that other, not so obvious potential buffer overflows remain. A
couple of months ago, I listed them in a message to gcc-patches,
IIRC.)
2002-04-20 Florian Weimer <fw@deneb.enyo.de>
* adaint.c (__gnat_tmp_name): Remove buffer overflow bug on
GNU/Linux.
Index: adaint.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/ada/adaint.c,v
retrieving revision 1.7
diff -c -p -r1.7 adaint.c
*** adaint.c 7 Feb 2002 23:53:29 -0000 1.7
--- adaint.c 20 Apr 2002 19:30:46 -0000
*************** __gnat_tmp_name (tmp_filename)
*** 713,719 ****
if (tmpdir == NULL)
strcpy (tmp_filename, "/tmp/gnat-XXXXXX");
else
! sprintf (tmp_filename, "%s/gnat-XXXXXX", tmpdir);
close (mkstemp(tmp_filename));
#else
--- 713,719 ----
if (tmpdir == NULL)
strcpy (tmp_filename, "/tmp/gnat-XXXXXX");
else
! sprintf (tmp_filename, "%200s/gnat-XXXXXX", tmpdir);
close (mkstemp(tmp_filename));
#else