From 746a4321651afba5ff233efecab3c13e480d2594 Mon Sep 17 00:00:00 2001
From: Nate Williams <nate@FreeBSD.org>
Date: Fri, 12 Jul 1996 04:00:15 +0000
Subject: Changed all sprintf() calls to snprintf().

Obtained from:	Christos Zoulas <christos@deshaw.com> via NetBSD PR 2621,

[ slightly modified since we don't use libcompat anymore. ]

I'm not sure if this fixes the rdist security bug completely, but it
sure can't hurt!
---
 usr.bin/rdist/expand.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'usr.bin/rdist/expand.c')

diff --git a/usr.bin/rdist/expand.c b/usr.bin/rdist/expand.c
index 6b5fd17d233f..555dbf14776d 100644
--- a/usr.bin/rdist/expand.c
+++ b/usr.bin/rdist/expand.c
@@ -180,12 +180,13 @@ expstr(s)
 			*tail = savec;
 		if (tp != NULL) {
 			for (; tp != NULL; tp = tp->n_next) {
-				sprintf(buf, "%s%s%s", s, tp->n_name, tail);
+				snprintf(buf, sizeof(buf), 
+				    "%s%s%s", s, tp->n_name, tail);
 				expstr(buf);
 			}
 			return;
 		}
-		sprintf(buf, "%s%s", s, tail);
+		snprintf(buf, sizeof(buf), "%s%s", s, tail);
 		expstr(buf);
 		return;
 	}
-- 
cgit v1.2.3