Fix a buffer overflow by using strncpy() instead of strcpy().

Also, use strdup() instead of malloc()/strcpy(). PR: 64164
author: das <das@FreeBSD.org> 2004-09-19 20:34:30 +0000
committer: das <das@FreeBSD.org> 2004-09-19 20:34:30 +0000
commit: 09baad31f132c62e94eec636c0627192f0006ea1 (patch)
tree: 9fa25d04638f2cd9316a56c8f438f6164f096c49
parent: 2993d4cdf26aff636277e257bb77826f1dba87d3 (diff)
download: FreeBSD-src-09baad31f132c62e94eec636c0627192f0006ea1.zip
FreeBSD-src-09baad31f132c62e94eec636c0627192f0006ea1.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/usr.bin/indent/args.c b/usr.bin/indent/args.c
index eb93960..f139de5 100644
--- a/usr.bin/indent/args.c
+++ b/usr.bin/indent/args.c
@@ -49,6 +49,7 @@ __FBSDID("$FreeBSD$");
 
 #include <ctype.h>
 #include <err.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -171,10 +172,10 @@ void
 set_profile(void)
 {
     FILE *f;
-    char        fname[BUFSIZ];
+    char fname[PATH_MAX];
     static char prof[] = ".indent.pro";
 
-    sprintf(fname, "%s/%s", getenv("HOME"), prof);
+    snprintf(fname, sizeof(fname), "%s/%s", getenv("HOME"), prof);
     if ((f = fopen(option_source = fname, "r")) != NULL) {
 	scan_profile(f);
 	(void) fclose(f);
@@ -288,10 +289,9 @@ found:
 	    if (*param_start == 0)
 		goto need_param;
 	    {
-		char *str = (char *) malloc(strlen(param_start) + 1);
+		char *str = strdup(param_start);
 		if (str == NULL)
 			err(1, NULL);
-		strcpy(str, param_start);
 		addkey(str, 4);
 	    }
 	    break;
author	das <das@FreeBSD.org>	2004-09-19 20:34:30 +0000
committer	das <das@FreeBSD.org>	2004-09-19 20:34:30 +0000
commit	09baad31f132c62e94eec636c0627192f0006ea1 (patch)
tree	9fa25d04638f2cd9316a56c8f438f6164f096c49
parent	2993d4cdf26aff636277e257bb77826f1dba87d3 (diff)
download	FreeBSD-src-09baad31f132c62e94eec636c0627192f0006ea1.zip FreeBSD-src-09baad31f132c62e94eec636c0627192f0006ea1.tar.gz