kconfig: use snprintf for formatting pathnames

Valid pathnames will never exceed PATH_MAX, but these file names
are unsanitized and can cause buffer overflow if set incorrectly.
Use snprintf to avoid this. This was flagged during a Coverity scan
of the coreboot project, which also uses kconfig for its build system.

Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

2 files changed, 3 insertions, 2 deletions

diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c
index b7bdd9690319..8bb74d468f45 100644
--- a/scripts/kconfig/confdata.c
+++ b/scripts/kconfig/confdata.c
@@ -241,7 +241,7 @@ char *conf_get_default_confname(void)
         name = expand_string(conf_defname);
         env = getenv(SRCTREE);
         if (env) {
-                sprintf(fullname, "%s/%s", env, name);
+                snprintf(fullname, sizeof(fullname), "%s/%s", env, name);
                 if (is_present(fullname))
                         return fullname;
         }
diff --git a/scripts/kconfig/lexer.l b/scripts/kconfig/lexer.l
index c9df1c8b9824..6354c905b006 100644
--- a/scripts/kconfig/lexer.l
+++ b/scripts/kconfig/lexer.l
@@ -378,7 +378,8 @@ FILE *zconf_fopen(const char *name)
         if (!f && name != NULL && name[0] != '/') {
                 env = getenv(SRCTREE);
                 if (env) {
-                        sprintf(fullname, "%s/%s", env, name);
+                        snprintf(fullname, sizeof(fullname),
+                                 "%s/%s", env, name);
                         f = fopen(fullname, "r");
                 }
         }