more snprintf(3) checks, check against the correct

size of the buffer, close RCSFILE on error.

ok xsa@

1 files changed, 13 insertions, 4 deletions

diff --git a/usr.bin/cvs/status.c b/usr.bin/cvs/status.c
index 651038c68c7..8febd9f5d0f 100644
--- a/usr.bin/cvs/status.c
+++ b/usr.bin/cvs/status.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: status.c,v 1.33 2005/07/07 15:10:17 xsa Exp $	*/
+/*	$OpenBSD: status.c,v 1.34 2005/07/07 15:52:26 joris Exp $	*/
 /*
  * Copyright (c) 2004 Jean-Francois Brousseau <jfb@openbsd.org>
  * All rights reserved.
@@ -225,19 +225,28 @@ cvs_status_local(CVSFILE *cf, void *arg)
 		    rcsnum_tostr(cf->cf_lrev, buf, sizeof(buf)));
 	}
 
-	if (len == -1 || len >= (int)sizeof(len))
+	if (len == -1 || len >= (int)sizeof(buf)) {
+		if (rf != NULL)
+			rcs_close(rf);
 		return (CVS_EX_DATA);
+	}
 
 	cvs_printf("   Working revision:\t%s\n", buf);
 
 	if (cf->cf_cvstat == CVS_FST_UNKNOWN) {
-		snprintf(buf, sizeof(buf), "%s", "No revision control file\n");
+		len = snprintf(buf, sizeof(buf), "No revision control file\n");
 	} else {
-		snprintf(buf, sizeof(buf), "%s\t%s",
+		len = snprintf(buf, sizeof(buf), "%s\t%s",
 		    rcsnum_tostr(rf->rf_head, numbuf, sizeof(numbuf)),
 		    rcspath);
 	}
 
+	if (len == -1 || len >= (int)sizeof(buf)) {
+		if (rf != NULL)
+			rcs_close(rf);
+		return (CVS_EX_DATA);
+	}
+
 	cvs_printf("   Repository revision:\t%s\n", buf);
 
 	/* If the file is unknown, no other output is needed after this. */