From: Jonathan Dieter <jdieter@gmail.com>
Date: Tue, 18 Sep 2018 12:54:28 +0000 (+0100)
Subject: Coverity doesn't like that tmpdir can be changed by an environmental
X-Git-Tag: archive/raspbian/1.1.9+ds1-1+rpi1~1^2~104
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1e4cf7f4a7fc3bb2c6e795664a5f0f9bc9ef64fc;p=zchunk.git

Coverity doesn't like that tmpdir can be changed by an environmental
variable, so we're going to untaint it by manually doing an equivalent of
strcpy().
(Coverity ID: 310902)

Signed-off-by: Jonathan Dieter <jdieter@gmail.com>
---

diff --git a/src/lib/zck.c b/src/lib/zck.c
index 3b2fa07..46768c9 100644
--- a/src/lib/zck.c
+++ b/src/lib/zck.c
@@ -135,9 +135,17 @@ int get_tmp_fd(zckCtx *zck) {
     }
 
     fname = zmalloc(strlen(template) + strlen(tmpdir) + 2);
-    strncpy(fname, tmpdir, strlen(tmpdir));
-    strncpy(fname+strlen(tmpdir), "/", 2);
-    strncpy(fname+strlen(tmpdir)+1, template, strlen(template));
+    int i=0;
+    for(i=0; i<strlen(tmpdir); i++)
+        fname[i] = tmpdir[i];
+    int offset = i;
+    fname[offset] = '/';
+    offset++;
+    for(i=0; i<strlen(template); i++)
+        fname[offset + i] = template[i];
+    offset += i;
+    fname[offset] = '\0';
+    printf("File name: %s", fname);
 
     mode_t old_mode_mask;
     old_mode_mask = umask (S_IXUSR | S_IRWXG | S_IRWXO);