From 023ad9c14bd2cba83e29348771859198431f6622 Mon Sep 17 00:00:00 2001 From: truckman Date: Wed, 15 Jun 2016 06:33:40 +0000 Subject: [PATCH] MFC r301582 Explicitly NUL terminate the buffer filled by fread(). The fix in r300649 was not sufficient to convince Coverity that the buffer was NUL terminated, even with the buffer pre-zeroed. Swap the size and nmemb arguments to fread() so that a valid lenght is returned, which we can use to terminate the string in the buffer at the correct location. This should also quiet the complaint about the return value of fread() not being checked. Reported by: Coverity CID: 1019054, 1009614 Secur3ty: Sponsore dby: git-svn-id: svn://svn.freebsd.org/base/stable/10@301919 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- bin/setfacl/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/setfacl/file.c b/bin/setfacl/file.c index e5e19a247..7499f1cec 100644 --- a/bin/setfacl/file.c +++ b/bin/setfacl/file.c @@ -43,13 +43,12 @@ acl_t get_acl_from_file(const char *filename) { FILE *file; + size_t len; char buf[BUFSIZ+1]; if (filename == NULL) err(1, "(null) filename in get_acl_from_file()"); - bzero(&buf, sizeof(buf)); - if (strcmp(filename, "-") == 0) { if (have_stdin != 0) err(1, "cannot specify more than one stdin"); @@ -61,7 +60,8 @@ get_acl_from_file(const char *filename) err(1, "fopen() %s failed", filename); } - fread(buf, sizeof(buf) - 1, (size_t)1, file); + len = fread(buf, (size_t)1, sizeof(buf) - 1, file); + buf[len] = '\0'; if (ferror(file) != 0) { fclose(file); err(1, "error reading from %s", filename); -- 2.42.0