String buffer safety cleanup. I don't think any of these were exploitable

remotely, but they would be if e.g. it happened to call the logging
function using a DNS hostname.

Also replace random() by arc4random() - only one of these is arguably
required since it's directly used in the protocol, but we might as
well replace both to avoid using two different PRNGs.

Reviewed by:	green, alex

1 files changed, 4 insertions, 4 deletions

diff --git a/usr.sbin/mrouted/cfparse.y b/usr.sbin/mrouted/cfparse.y
index f244d9c..2f74399 100644
--- a/usr.sbin/mrouted/cfparse.y
+++ b/usr.sbin/mrouted/cfparse.y
@@ -658,7 +658,7 @@ static void
 fatal(char *fmt, ...)
 {
 	va_list ap;
-	char buf[200];
+	char buf[MAXHOSTNAMELEN + 100];
 
 	va_start(ap, fmt);
 #else
@@ -669,11 +669,11 @@ char *fmt;
 va_dcl
 {
 	va_list ap;
-	char buf[200];
+	char buf[MAXHOSTNAMELEN + 100];
 
 	va_start(ap);
 #endif
-	vsprintf(buf, fmt, ap);
+	vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
 
 	log(LOG_ERR,0,"%s: %s near line %d", configfilename, buf, lineno);
@@ -699,7 +699,7 @@ va_dcl
 
 	va_start(ap);
 #endif
-	vsprintf(buf, fmt, ap);
+	vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
 
 	log(LOG_WARNING,0,"%s: %s near line %d", configfilename, buf, lineno);