Check snprintf(3) return value for error or truncation.

Mostly path construction, where truncation could be bad.

ok and input from deraadt@ millert@ ray@

2 files changed, 12 insertions, 6 deletions

diff --git a/lib/libc/db/hash/hash_page.c b/lib/libc/db/hash/hash_page.c
index c32e2820069..a744e689b41 100644
--- a/lib/libc/db/hash/hash_page.c
+++ b/lib/libc/db/hash/hash_page.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hash_page.c,v 1.17 2005/08/05 13:03:00 espie Exp $	*/
+/*	$OpenBSD: hash_page.c,v 1.18 2007/09/17 07:07:23 moritz Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -832,13 +832,18 @@ static int
 open_temp(HTAB *hashp)
 {
 	sigset_t set, oset;
+	int len;
 	char *envtmp = NULL;
 	char path[MAXPATHLEN];
-	
+
 	if (issetugid() == 0)
 		envtmp = getenv("TMPDIR");
-	(void)snprintf(path,
+	len = snprintf(path,
 	    sizeof(path), "%s/_hash.XXXXXX", envtmp ? envtmp : "/tmp");
+	if (len < 0 || len >= sizeof(path)) {
+		errno = ENAMETOOLONG;
+		return (-1);
+	}
 
 	/* Block signals; make sure file goes away at process exit. */
 	(void)sigfillset(&set);
diff --git a/lib/libc/db/hash/ndbm.c b/lib/libc/db/hash/ndbm.c
index 58f2cf040a8..5e4c3655dc8 100644
--- a/lib/libc/db/hash/ndbm.c
+++ b/lib/libc/db/hash/ndbm.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ndbm.c,v 1.21 2005/08/08 08:05:33 espie Exp $	*/
+/*	$OpenBSD: ndbm.c,v 1.22 2007/09/17 07:07:23 moritz Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993
@@ -189,8 +189,10 @@ _dbm_open(file, suff, flags, mode)
 {
 	HASHINFO info;
 	char path[MAXPATHLEN];
+	int len;
 
-	if (strlen(file) + strlen(suff) > sizeof(path) - 1) {
+	len = snprintf(path, sizeof path, "%s%s", file, suff);
+	if (len < 0 || len >= sizeof path) {
 		errno = ENAMETOOLONG;
 		return (NULL);
 	}
@@ -205,7 +207,6 @@ _dbm_open(file, suff, flags, mode)
 	info.cachesize = 0;
 	info.hash = NULL;
 	info.lorder = 0;
-	snprintf(path, sizeof path, "%s%s", file, suff);
 	return ((DBM *)__hash_open(path, flags, mode, &info, 0));
 }