From: Markus Armbruster <armbru@pond.sub.org>
Date: Fri, 14 Dec 2007 06:01:13 +0000 (+0000)
Subject: (sendcmd): Don't overflow buf[].  The bug was fairly harmless, because
X-Git-Tag: v4.3.11~32
X-Git-Url: http://git.pond.sub.org/?p=empserver;a=commitdiff_plain;h=92a14cca4d9061a6471b88054ba4c9c7bbd877f4

(sendcmd): Don't overflow buf[].  The bug was fairly harmless, because
the overflowing data comes from the local user.
---

diff --git a/src/client/expect.c b/src/client/expect.c
index 5ea380a05..3d1429ccb 100644
--- a/src/client/expect.c
+++ b/src/client/expect.c
@@ -126,11 +126,14 @@ void
 sendcmd(int s, char *cmd, char *arg)
 {
     char buf[128];
-    int cc;
-    int len;
+    int cc, len;
 
-    (void)sprintf(buf, "%s %s\n", cmd, arg != NULL ? arg : "");
-    len = strlen(buf);
+    len = snprintf(buf, sizeof(buf), "%s %s\n",
+		   cmd, arg != NULL ? arg : "");
+    if (len >= (int)sizeof(buf)) {
+	fprintf(stderr, "%s too long\n", cmd);
+	exit(1);
+    }
     cc = write(s, buf, len);
     if (cc < 0) {
 	perror("sendcmd: write");