Examine all occurrences of sprintf(), strcat(), and str[n]cpy()

for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/sys/dev/fdc/fdc.c b/sys/dev/fdc/fdc.c
index d6a7659..3bb7737 100644
--- a/sys/dev/fdc/fdc.c
+++ b/sys/dev/fdc/fdc.c
@@ -43,7 +43,7 @@
  * SUCH DAMAGE.
  *
  *	from:	@(#)fd.c	7.4 (Berkeley) 5/25/91
- *	$Id: fd.c,v 1.123 1998/09/15 22:07:24 gibbs Exp $
+ *	$Id: fd.c,v 1.124 1998/10/22 05:58:38 bde Exp $
  *
  */
 
@@ -340,7 +340,7 @@ fd_cmd(fdcu_t fdcu, int n_out, ...)
 		if (out_fdc(fdcu, va_arg(ap, int)) < 0)
 		{
 			char msg[50];
-			sprintf(msg,
+			snprintf(msg, sizeof(msg),
 				"cmd %x failed at out byte %d of %d\n",
 				cmd, n + 1, n_out);
 			return fdc_err(fdcu, msg);
@@ -353,7 +353,7 @@ fd_cmd(fdcu_t fdcu, int n_out, ...)
 		if (fd_in(fdcu, ptr) < 0)
 		{
 			char msg[50];
-			sprintf(msg,
+			snprintf(msg, sizeof(msg),
 				"cmd %02x failed at in byte %d of %d\n",
 				cmd, n + 1, n_in);
 			return fdc_err(fdcu, msg);