8000 chroot_realpath: Replace sprintf with snprintf · containers/crun@fc084fd · GitHub
[go: up one dir, main page]
Skip to content

Commit fc084fd

Browse files
osamakaderosamakader
committed
chroot_realpath: Replace sprintf with snprintf
Replace sprintf with snprintf to prevent buffer overflows in chroot_realpath.c. This follows the security hardening mentioned in NEWS.md where sprintf was replaced with safer alternatives. The function uses PATH_MAX as the buffer size since sizeof on array function parameters returns the pointer size, not the actual buffer size. Signed-off-by: Osama Abdelkader <osama.abdelkader@gmail.com>
1 parent 7417ead commit fc084fd

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

src/libcrun/chroot_realpath.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -135,7 +135,11 @@ char *chroot_realpath(const char *chroot, const char *path, char resolved_path[]
135135
if (n < 0) {
136136
/* If a component doesn't exist, then return what we could translate. */
137137
if (errno == ENOENT) {
138-
sprintf (resolved_path, "%s%s%s", got_path, path[0] == '/' || path[0] == '\0' ? "" : "/", path);
138+
int ret = snprintf (resolved_path, PATH_MAX, "%s%s%s", got_path, path[0] == '/' || path[0] == '\0' ? "" : "/", path);
139+
if (ret >= PATH_MAX) {
140+
__set_errno(ENAMETOOLONG);
141+
return NULL;
142+
}
139143
return resolved_path;
140144
}
141145
/* EINVAL means the file exists but isn't a symlink. */

0 commit comments

Comments
 (0)
0