Avoid buffer overflow on strncat usage

strncat() does not want the total size but the maximum length (without trailing NUL) that can still be added. Switch over to snprintf which is both more readable and avoids this issue. Signed-off-by: Dirk Mueller <dmueller@suse.com> Signed-off-by: Simon Horman <horms@verge.net.au>
author: Dirk Mueller <dmueller@suse.com> 2014-02-03 18:50:04 +0100
committer: Simon Horman <horms@verge.net.au> 2014-02-04 21:36:12 +0900
commit: fe2c38cc0fc32573726797e6496c3056d10949c5 (patch)
tree: d416f62d34d2098e79d699949fd93f7011842626
parent: d58ad564852c1dea9cbff3272df533a1bb078030 (diff)
1 files changed, 2 insertions, 5 deletions
diff --git a/kexec/fs2dt.c b/kexec/fs2dt.c
index 73c1fb9..5e6b98d 100644
--- a/kexec/fs2dt.c
+++ b/kexec/fs2dt.c
@@ -619,8 +619,7 @@ static void putnode(void)
 		 * code can print 'I'm in purgatory' message. Currently only
 		 * pseries/hvcterminal is supported.
 		 */
-		strcpy(filename, pathname);
-		strncat(filename, "linux,stdout-path", MAXPATH);
+		snprintf(filename, MAXPATH, "%slinux,stdout-path", pathname);
 		fd = open(filename, O_RDONLY);
 		if (fd == -1) {
 			printf("Unable to find %s, printing from purgatory is diabled\n",
@@ -648,9 +647,7 @@ static void putnode(void)
 														filename);
 			goto no_debug;
 		}
-		strncpy(filename, "/proc/device-tree/", MAXPATH);
-		strncat(filename, buff, MAXPATH);
-		strncat(filename, "/compatible", MAXPATH);
+		snprintf(filename, MAXPATH, "/proc/device-tree/%s/compatible", buff);
 		fd = open(filename, O_RDONLY);
 		if (fd == -1) {
 			printf("Unable to find %s printing from purgatory is diabled\n",
author	Dirk Mueller <dmueller@suse.com>	2014-02-03 18:50:04 +0100
committer	Simon Horman <horms@verge.net.au>	2014-02-04 21:36:12 +0900
commit	fe2c38cc0fc32573726797e6496c3056d10949c5 (patch)
tree	d416f62d34d2098e79d699949fd93f7011842626
parent	d58ad564852c1dea9cbff3272df533a1bb078030 (diff)