summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoel Sherrill <joel@rtems.org>2018-08-21 10:32:48 -0500
committerJoel Sherrill <joel@rtems.org>2018-08-29 12:52:08 -0500
commit14a218fd20a5e1a449d6305836d147a5e3e40eea (patch)
treef14af5cd508e8dde7459a7bac7271fd0588bd537
parentcba349cf304527562ed34fdfe9c5f1b7656dacc4 (diff)
downloadrtems-14a218fd20a5e1a449d6305836d147a5e3e40eea.tar.bz2
cpukit/telnetd/pty.c: Fix format overflow warning on sprintf()
cpukit/telnetd/pty.c:436:47: warning: '%X' directive writing between 1 and 8 bytes into a region of size 3 [-Wformat-overflow=] The devname area was malloc'ed. Now it is statically allocated and sufficiently large to account for the potential buffer overflow.
-rw-r--r--cpukit/telnetd/pty.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/cpukit/telnetd/pty.c b/cpukit/telnetd/pty.c
index 14d688018f..3c511f9e98 100644
--- a/cpukit/telnetd/pty.c
+++ b/cpukit/telnetd/pty.c
@@ -71,7 +71,7 @@ struct pty_tt;
typedef struct pty_tt pty_t;
struct pty_tt {
- char *devname;
+ char devname[17];
struct rtems_termios_tty *ttyp;
tcflag_t c_cflag;
int opened;
@@ -432,8 +432,8 @@ rtems_device_driver my_pty_initialize(
*/
for (ndx=0;ndx<rtems_telnetd_maximum_ptys;ndx++) {
- telnet_ptys[ndx].devname = (char*)malloc(strlen("/dev/ptyXX")+1);
- sprintf(telnet_ptys[ndx].devname,"/dev/pty%X",ndx);
+ /* devname is included in the structure */
+ sprintf(telnet_ptys[ndx].devname,"/dev/pty%02X",ndx);
telnet_ptys[ndx].ttyp = NULL;
telnet_ptys[ndx].c_cflag = CS8|B9600;
telnet_ptys[ndx].socket = -1;
@@ -491,8 +491,9 @@ static int pty_do_finalize(void)
status = (rtems_status_code)unlink(telnet_ptys[ndx].devname);
if (status != RTEMS_SUCCESSFUL)
perror("removing pty device node from file system");
- else
- free(telnet_ptys[ndx].devname);
+ else {
+ telnet_ptys[ndx].devname[0] = '\0';
+ }
};
free ( telnet_ptys );