- markus@cvs.openbsd.org 2001/02/08 21:58:28

[channels.c] nuke sprintf, ok deraadt@
2001-02-10 22:33:19 +00:00 · 2001-02-10 22:33:19 +00:00 · b3211a8589
parent 36d7bd00f9
commit b3211a8589
2 changed files with 15 additions and 6 deletions
--- a/11
+++ b/11
@ -46,7 +46,14 @@
   - markus@cvs.openbsd.org 2001/02/09 13:38:07
     [auth-options.c]
     reset options if no option is given; from han.holl@prismant.nl
-   instead of '0'  (from the OpenBSD tree)
+   - markus@cvs.openbsd.org 2001/02/08 21:58:28
     [channels.c]
     nuke sprintf, ok deraadt@
   - markus@cvs.openbsd.org 2001/02/08 21:58:28
     [channels.c]
     nuke sprintf, ok deraadt@
 - (bal) fixed sftp-client.c.  Return 'status' instead of '0'  
   (from the OpenBSD tree)
 - (bal) Synced ssh.1 and sshd.8 w/ OpenBSD
 20010210
@ -3831,4 +3838,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.725 2001/02/10 22:27:19 mouring Exp $
+$Id: ChangeLog,v 1.726 2001/02/10 22:33:19 mouring Exp $
--- a/channels.c
+++ b/channels.c
@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.89 2001/02/04 15:32:23 stevesk Exp $");
+RCSID("$OpenBSD: channels.c,v 1.90 2001/02/08 21:58:28 markus Exp $");
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@ -2227,7 +2227,7 @@ x11_request_forwarding_with_spoofing(int client_session_id,
    const char *proto, const char *data)
 {
 	u_int data_len = (u_int) strlen(data) / 2;
-	u_int i, value;
+	u_int i, value, len;
 	char *new_data;
 	int screen_number;
 	const char *cp;
@ -2265,9 +2265,11 @@ x11_request_forwarding_with_spoofing(int client_session_id,
 	x11_fake_data_len = data_len;
 	/* Convert the fake data into hex. */
-	new_data = xmalloc(2 * data_len + 1);
+	len = 2 * data_len + 1;
 	new_data = xmalloc(len);
 	for (i = 0; i < data_len; i++)
-		sprintf(new_data + 2 * i, "%02x", (u_char) x11_fake_data[i]);
+		snprintf(new_data + 2 * i, len - 2 * i,
 		    "%02x", (u_char) x11_fake_data[i]);
 	/* Send the request packet. */
 	if (compat20) {