[Ada] [3.1] Remove buffer overflow in __gnat_tmp_name
Florian Weimer
fw@deneb.enyo.de
Sat Apr 20 12:36:00 GMT 2002
The patch below is a minimal one which removes the buffer overflow bug
on GNU/Linux mentioned in PR ada/5903.
It's not a real solution (especially if we want to port GNAT to The
Hurd one day, where no proper path length limit exists), but for the
3.1 release, it will do.
(Note that other, not so obvious potential buffer overflows remain. A
couple of months ago, I listed them in a message to gcc-patches,
IIRC.)
2002-04-20 Florian Weimer <fw@deneb.enyo.de>
* adaint.c (__gnat_tmp_name): Remove buffer overflow bug on
GNU/Linux.
Index: adaint.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/ada/adaint.c,v
retrieving revision 1.7
diff -c -p -r1.7 adaint.c
*** adaint.c 7 Feb 2002 23:53:29 -0000 1.7
--- adaint.c 20 Apr 2002 19:30:46 -0000
*************** __gnat_tmp_name (tmp_filename)
*** 713,719 ****
if (tmpdir == NULL)
strcpy (tmp_filename, "/tmp/gnat-XXXXXX");
else
! sprintf (tmp_filename, "%s/gnat-XXXXXX", tmpdir);
close (mkstemp(tmp_filename));
#else
--- 713,719 ----
if (tmpdir == NULL)
strcpy (tmp_filename, "/tmp/gnat-XXXXXX");
else
! sprintf (tmp_filename, "%200s/gnat-XXXXXX", tmpdir);
close (mkstemp(tmp_filename));
#else
More information about the Gcc-patches
mailing list