scrips/kconfig: use snprintf() vs sprintf()

Coverity reported 150819 issue, which steams off Flex generated code
from zconf.l in which sprintf() was use. Because of that, the
conf_read_simple() @name parameter could be used to overrun
zconf_open() @fullname by crafting SRCTREE and KCONFIG_ALLCONFIG
environment variables.

Change-Id: I2cff817dccafe0e06b35636bbb7be95e062410af
Coverity-ID: 150819
Signed-off-by: Inaky Perez-Gonzalez <inaky.perez-gonzalez@intel.com>
This commit is contained in:
Inaky Perez-Gonzalez 2016-11-16 15:42:53 -08:00 committed by Anas Nashif
commit ababbf7815

View file

@ -277,7 +277,8 @@ FILE *zconf_fopen(const char *name)
if (!f && name != NULL && name[0] != '/') {
env = getenv(SRCTREE);
if (env) {
sprintf(fullname, "%s/%s", env, name);
snprintf(fullname, sizeof(fullname),
"%s/%s", env, name);
f = fopen(fullname, "r");
}
}