From b63280f52f997466f0a8bb70f89a3b705b2eb015 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Oct 2017 21:39:24 +0200 Subject: [PATCH] Use stack-allocated strings for temporary filenames. --- src/conf.c | 7 +++---- src/tincd.c | 14 ++++++-------- 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/src/conf.c b/src/conf.c index 997a05e..2e13e45 100644 --- a/src/conf.c +++ b/src/conf.c @@ -487,6 +487,7 @@ FILE *ask_and_open(const char *filename, const char *what) { FILE *r; char *directory; char line[PATH_MAX]; + char abspath[PATH_MAX]; const char *fn; /* Check stdin and stdout */ @@ -520,12 +521,10 @@ FILE *ask_and_open(const char *filename, const char *what) { if(fn[0] != '/') { #endif /* The directory is a relative path or a filename. */ - char *p; - directory = get_current_dir_name(); - xasprintf(&p, "%s/%s", directory, fn); + snprintf(abspath, sizeof abspath, "%s/%s", directory, fn); free(directory); - fn = p; + fn = abspath; } umask(0077); /* Disallow everything for group and other */ diff --git a/src/tincd.c b/src/tincd.c index 22fb726..84ce0d4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -390,7 +390,7 @@ static bool keygen(int bits) { BIGNUM *e = NULL; RSA *rsa_key; FILE *f; - char *pubname, *privname; + char filename[PATH_MAX]; BN_GENCB *cb; int result; @@ -417,9 +417,8 @@ static bool keygen(int bits) { } else fprintf(stderr, "Done.\n"); - xasprintf(&privname, "%s/rsa_key.priv", confbase); - f = ask_and_open(privname, "private RSA key"); - free(privname); + snprintf(filename, sizeof filename, "%s/rsa_key.priv", confbase); + f = ask_and_open(filename, "private RSA key"); if(!f) return false; @@ -436,14 +435,13 @@ static bool keygen(int bits) { char *name = get_name(); if(name) { - xasprintf(&pubname, "%s/hosts/%s", confbase, name); + snprintf(filename, sizeof filename, "%s/hosts/%s", confbase, name); free(name); } else { - xasprintf(&pubname, "%s/rsa_key.pub", confbase); + snprintf(filename, sizeof filename, "%s/rsa_key.pub", confbase); } - f = ask_and_open(pubname, "public RSA key"); - free(pubname); + f = ask_and_open(filename, "public RSA key"); if(!f) return false; -- 2.25.1