* Buffer-safe string function cleanup. There are a couple of strcpy()

  and strcat()s which would be more difficult to fix, but I think they're
  safe anyway.
* Don't crash at runtime by overflowing a buffer with constant data in
  print-icmp.c on a long hostname.
* Don't overflow a static buffer by trying to decode an AFS ACL into a buffer
  which is way too small for it.

Reviewed by:    -audit

1 files changed, 4 insertions, 2 deletions

diff --git a/contrib/tcpdump/print-fr.c b/contrib/tcpdump/print-fr.c
index 80364d3..7039338 100644
--- a/contrib/tcpdump/print-fr.c
+++ b/contrib/tcpdump/print-fr.c
@@ -17,6 +17,8 @@
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ * $FreeBSD$
  */
 
 #ifndef lint
@@ -395,12 +397,12 @@ q933_print(const u_char *p, int length)
 		    break;
 		case LINK_VERIFY_IE_91:
 		case LINK_VERIFY_IE_94:
-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
+		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
 			    ptemp[2], ptemp[3]);
 		    decode_str = temp_str;
 		    break;
 		case PVC_STATUS_IE:
-		    sprintf(temp_str,"DLCI %d: status %s %s",
+		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
 			    ptemp[4] & 0x8 ?"new,":" ",
 			    ptemp[4] & 0x2 ?"Active":"Inactive");