o Use snprintf rather than sprintf

o Add more checks for buffer overflows
o Use snprintf rather than strcat/cpy and have better checks for max
  length exceeded.

Most of these changes are not exploitable buffer overruns, but it never
hurts to be safe.

Inspired by and obtained from: OpenBSD

1 files changed, 3 insertions, 3 deletions

diff --git a/usr.bin/systat/mbufs.c b/usr.bin/systat/mbufs.c
index 08e4347..dc27c5f 100644
--- a/usr.bin/systat/mbufs.c
+++ b/usr.bin/systat/mbufs.c
@@ -34,7 +34,7 @@
 #ifndef lint
 static char sccsid[] = "@(#)mbufs.c	8.1 (Berkeley) 6/6/93";
 static const char rcsid[] =
-	"$Id: mbufs.c,v 1.5 1997/02/24 20:59:03 wollman Exp $";
+	"$Id: mbufs.c,v 1.6 1997/09/24 02:43:40 wollman Exp $";
 #endif /* not lint */
 
 #include <sys/param.h>
@@ -121,7 +121,7 @@ showmbufs()
 			mvwprintw(wnd, 1+j, 0, "%-10.10s", mtnames[index]);
 		wmove(wnd, 1 + j, 10);
 		if (max > 60) {
-			sprintf(buf, " %d", max);
+			snprintf(buf, sizeof(buf), " %d", max);
 			max = 60;
 			while (max--)
 				waddch(wnd, 'X');
@@ -136,7 +136,7 @@ showmbufs()
 	if (mb->m_mbufs) {
 		mvwprintw(wnd, 1+j, 0, "%-10.10s", "free");
 		if (mb->m_mbufs > 60) {
-			sprintf(buf, " %d", mb->m_mbufs);
+			snprintf(buf, sizeof(buf), " %d", mb->m_mbufs);
 			mb->m_mbufs = 60;
 			while (mb->m_mbufs--)
 				waddch(wnd, 'X');