From a14390ccec36f2d3676c5fbd97f2a137a9e543df Mon Sep 17 00:00:00 2001
From: Ollivier Robert <roberto@FreeBSD.org>
Date: Thu, 20 Feb 1997 22:16:39 +0000
Subject: Security patch from OpenBSD: fixes potential buffer overflow in a
 static buffer (so more difficult to exploit but better safe than sorry).
 Found by comparing FreeBSD & OpenBSD sources/logs for the auditing process.

Reviewed by:	Warner Losh
Obtained from:	OpenBSD
---
 sbin/route/route.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'sbin')

diff --git a/sbin/route/route.c b/sbin/route/route.c
index 66cbfae097dc..47923e0b22ee 100644
--- a/sbin/route/route.c
+++ b/sbin/route/route.c
@@ -1023,7 +1023,7 @@ ns_print(sns)
 	struct ns_addr work;
 	union { union ns_net net_e; u_long long_e; } net;
 	u_short port;
-	static char mybuf[50], cport[10], chost[25];
+	static char mybuf[50+MAXHOSTNAMELEN], cport[10], chost[25];
 	char *host = "";
 	register char *p;
 	register u_char *q;
@@ -1056,7 +1056,8 @@ ns_print(sns)
 	else
 		*cport = 0;
 
-	(void) sprintf(mybuf,"%lxH.%s%s", (unsigned long)ntohl(net.long_e),
+	(void) snprintf(mybuf, sizeof(mybuf), "%lxH.%s%s", 
+                    (unsigned long)ntohl(net.long_e),
 		       host, cport);
 	return (mybuf);
 }
-- 
cgit v1.2.3