hlr_auc_gw: Hide a bogus static analyzer warning

For some reason, snprintf() was not seen as sufficient to remove
potentially tainted string from fgets() before passing this to rename().
This does not make much sense, but anyway, try to get rid of the warning
by using a separate buffer for the internally written file names.
(CID 72690)

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2015-07-18 22:53:07 +03:00
parent 3b765ea545
commit 3dfaedb433

View file

@ -550,7 +550,7 @@ static int read_milenage(const char *fname)
static void update_milenage_file(const char *fname) static void update_milenage_file(const char *fname)
{ {
FILE *f, *f2; FILE *f, *f2;
char buf[500], *pos; char name[500], buf[500], *pos;
char *end = buf + sizeof(buf); char *end = buf + sizeof(buf);
struct milenage_parameters *m; struct milenage_parameters *m;
size_t imsi_len; size_t imsi_len;
@ -561,10 +561,10 @@ static void update_milenage_file(const char *fname)
return; return;
} }
snprintf(buf, sizeof(buf), "%s.new", fname); snprintf(name, sizeof(name), "%s.new", fname);
f2 = fopen(buf, "w"); f2 = fopen(name, "w");
if (f2 == NULL) { if (f2 == NULL) {
printf("Could not write Milenage data file '%s'\n", buf); printf("Could not write Milenage data file '%s'\n", name);
fclose(f); fclose(f);
return; return;
} }
@ -606,14 +606,14 @@ static void update_milenage_file(const char *fname)
fclose(f2); fclose(f2);
fclose(f); fclose(f);
snprintf(buf, sizeof(buf), "%s.bak", fname); snprintf(name, sizeof(name), "%s.bak", fname);
if (rename(fname, buf) < 0) { if (rename(fname, name) < 0) {
perror("rename"); perror("rename");
return; return;
} }
snprintf(buf, sizeof(buf), "%s.new", fname); snprintf(name, sizeof(name), "%s.new", fname);
if (rename(buf, fname) < 0) { if (rename(name, fname) < 0) {
perror("rename"); perror("rename");
return; return;
} }