MFC r300564
Fix CID
1006692 in /usr/sbin/pw pw_log() function and other fixes
The length of the name returned from the $LOGNAME and $USER can be
very long and it was being concatenated to a fixed length buffer
with no bounds checking. Fix this problem by limiting the length
of the name copied.
Additionally, this name is actually used to create a format string
to be used in adding log file entries so embedded % characters in
the name could confuse *printf(), and embedded whitespace could
confuse a log file parser. Handle the former by escaping each %
with an additional %, and handle the latter by simply stripping it
out.
Clean up the code by moving the variable declarations to the top
of the function, formatting them to conform with style, and moving
intialization elsewhere.
Reduce code indentation by returning early in a couple of places.
Reported by: Coverity
CID:
1006692
Reviewed by: markj (previous version)
Differential Revision: https://reviews.freebsd.org/D6490
git-svn-id: svn://svn.freebsd.org/base/stable/10@301557
ccf9f872-aa2e-dd11-9fc8-
001c23d0bc1f
projects / FreeBSD / stable / 10.git / commit