- markus@cvs.openbsd.org 2001/02/08 21:58:28 [channels.c] nuke sprintf, ok deraadt@

commit: b3211a85894b06bd3060a1e2b3b18c3fba536da9 [log] [tgz]
author: Ben Lindstrom <mouring@eviladmin.org> Sat Feb 10 22:33:19 2001 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> Sat Feb 10 22:33:19 2001 +0000
tree: a8eaa3ca3b5cafa9bc42820f0ad9ddb05a2118eb
parent: 36d7bd00f9fe2b704e85d6f90da18835412b11e0 [diff] [blame]
diff --git a/channels.c b/channels.c
index 354160e..a079fc2 100644
--- a/channels.c
+++ b/channels.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.89 2001/02/04 15:32:23 stevesk Exp $");
+RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -2227,7 +2227,7 @@
     const char *proto, const char *data)
 {
 	u_int data_len = (u_int) strlen(data) / 2;
-	u_int i, value;
+	u_int i, value, len;
 	char *new_data;
 	int screen_number;
 	const char *cp;
@@ -2265,9 +2265,11 @@
 	x11_fake_data_len = data_len;
 
 	/* Convert the fake data into hex. */
-	new_data = xmalloc(2 * data_len + 1);
+	len = 2 * data_len + 1;
+	new_data = xmalloc(len);
 	for (i = 0; i < data_len; i++)
-		sprintf(new_data + 2 * i, "%02x", (u_char) x11_fake_data[i]);
+		snprintf(new_data + 2 * i, len - 2 * i,
+		    "%02x", (u_char) x11_fake_data[i]);
 
 	/* Send the request packet. */
 	if (compat20) {
commit	b3211a85894b06bd3060a1e2b3b18c3fba536da9	[log] [tgz]
author	Ben Lindstrom <mouring@eviladmin.org>	Sat Feb 10 22:33:19 2001 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	Sat Feb 10 22:33:19 2001 +0000
tree	a8eaa3ca3b5cafa9bc42820f0ad9ddb05a2118eb
parent	36d7bd00f9fe2b704e85d6f90da18835412b11e0 [diff] [blame]