kconfig: use snprintf for formatting pathnames

Valid pathnames will never exceed PATH_MAX, but these file names are unsanitized and can cause buffer overflow if set incorrectly. Use snprintf to avoid this. This was flagged during a Coverity scan of the coreboot project, which also uses kconfig for its build system. Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
author: Jacob Garber <jgarber1@ualberta.ca> 2019-05-10 13:28:52 -0600
committer: Masahiro Yamada <yamada.masahiro@socionext.com> 2019-05-14 23:23:25 +0900
commit: b9d1a8e9302e68ee03571a286aadeb8041e0b2ca (patch)
tree: 372b2d2bee6137d794110d7ff7e106b086dfbe99 /scripts/kconfig/confdata.c
parent: kconfig: remove useless NULL pointer check in conf_write_dep() (diff)
download: linux-dev-b9d1a8e9302e68ee03571a286aadeb8041e0b2ca.tar.xz
linux-dev-b9d1a8e9302e68ee03571a286aadeb8041e0b2ca.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index b7bdd9690319..8bb74d468f45 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -241,7 +241,7 @@ char *conf_get_default_confname(void)
 	name = expand_string(conf_defname);
 	env = getenv(SRCTREE);
 	if (env) {
-		sprintf(fullname, "%s/%s", env, name);
+		snprintf(fullname, sizeof(fullname), "%s/%s", env, name);
 		if (is_present(fullname))
 			return fullname;
 	}
author	Jacob Garber <jgarber1@ualberta.ca>	2019-05-10 13:28:52 -0600
committer	Masahiro Yamada <yamada.masahiro@socionext.com>	2019-05-14 23:23:25 +0900
commit	b9d1a8e9302e68ee03571a286aadeb8041e0b2ca (patch)
tree	372b2d2bee6137d794110d7ff7e106b086dfbe99 /scripts/kconfig/confdata.c
parent	kconfig: remove useless NULL pointer check in conf_write_dep() (diff)
download	linux-dev-b9d1a8e9302e68ee03571a286aadeb8041e0b2ca.tar.xz linux-dev-b9d1a8e9302e68ee03571a286aadeb8041e0b2ca.zip