(sendcmd): Don't overflow buf[]. The bug was fairly harmless, because

the overflowing data comes from the local user.
2007-12-14 06:01:13 +00:00 · 2007-12-14 06:01:13 +00:00 · 92a14cca4d
commit 92a14cca4d
parent bac5345914
1 changed files with 7 additions and 4 deletions
--- a/src/client/expect.c
+++ b/src/client/expect.c
@ -126,11 +126,14 @@ void
 sendcmd(int s, char *cmd, char *arg)
 {
    char buf[128];
-    int cc;
-    int len;
+    int cc, len;

-    (void)sprintf(buf, "%s %s\n", cmd, arg != NULL ? arg : "");
-    len = strlen(buf);
+    len = snprintf(buf, sizeof(buf), "%s %s\n",
+		   cmd, arg != NULL ? arg : "");
+    if (len >= (int)sizeof(buf)) {
+	fprintf(stderr, "%s too long\n", cmd);
+	exit(1);
+    }
    cc = write(s, buf, len);
    if (cc < 0) {
 	perror("sendcmd: write");