This is the mail archive of the
mailing list for the GCC project.
Re: Potential Ada tweak: those who know ada please comment.
- From: Zack Weinberg <zack at codesourcery dot com>
- To: Nathanael Nerode <neroden at twcny dot rr dot com>
- Cc: gcc-patches at gcc dot gnu dot org
- Date: Fri, 15 Nov 2002 18:07:21 -0800
- Subject: Re: Potential Ada tweak: those who know ada please comment.
- References: <20021116013349.GA10051@doctormoo>
Nathanael Nerode <firstname.lastname@example.org> writes:
> I was told that this is in fact the correct way to solve the buffer
> overflow problem. What do I know? Nothing. So I'm throwing it to the list.
> - sprintf (tmp_filename, "%200s/gnat-XXXXXX", tmpdir);
> + sprintf (tmp_filename, "%.200s/gnat-XXXXXX", tmpdir);
Yes, in the sense that %200s won't stop it overflowing the buffer and
%.200s will. No, in the sense that this fails in an unpredictable
manner if the string is too long.
The actual length of the buffer is __gnat_max_path_len-1 bytes (since
these C routines require one byte for a terminator), so the _proper_
fix would look more like
tmpdir = getenv (TMPDIR);
tmplen = strlen (tmplen);
if (tmplen + sizeof "/gnat-XXXXXX" >= __gnat_max_path_len)
// signal an error
sprintf(tmp_filename, "%s/gnat-XXXXXX", tmpdir); // now safe