From 92a14cca4d9061a6471b88054ba4c9c7bbd877f4 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 14 Dec 2007 06:01:13 +0000 Subject: [PATCH] (sendcmd): Don't overflow buf[]. The bug was fairly harmless, because the overflowing data comes from the local user. --- src/client/expect.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/client/expect.c b/src/client/expect.c index 5ea380a05..3d1429ccb 100644 --- a/src/client/expect.c +++ b/src/client/expect.c @@ -126,11 +126,14 @@ void sendcmd(int s, char *cmd, char *arg) { char buf[128]; - int cc; - int len; + int cc, len; - (void)sprintf(buf, "%s %s\n", cmd, arg != NULL ? arg : ""); - len = strlen(buf); + len = snprintf(buf, sizeof(buf), "%s %s\n", + cmd, arg != NULL ? arg : ""); + if (len >= (int)sizeof(buf)) { + fprintf(stderr, "%s too long\n", cmd); + exit(1); + } cc = write(s, buf, len); if (cc < 0) { perror("sendcmd: write"); -- 2.43.0