From 4a5ab955ca5be11c420646ad76e13e55113ada02 Mon Sep 17 00:00:00 2001
From: dillon <dillon@FreeBSD.org>
Date: Sat, 12 Dec 1998 20:56:53 +0000
Subject: PR: bin/9031

    Changed unbounded strcpy() to snprintf() to fix buffer overrun exploit
---
 libexec/bootpd/bootpd.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'libexec/bootpd')

diff --git a/libexec/bootpd/bootpd.c b/libexec/bootpd/bootpd.c
index 68e35d5..99d0351 100644
--- a/libexec/bootpd/bootpd.c
+++ b/libexec/bootpd/bootpd.c
@@ -19,7 +19,7 @@ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 SOFTWARE.
 
-	$Id: bootpd.c,v 1.7 1997/05/11 14:27:03 phk Exp $
+	$Id: bootpd.c,v 1.8 1998/06/03 20:01:28 joerg Exp $
 
 ************************************************************************/
 
@@ -833,7 +833,7 @@ HW addr type is IEEE 802.  convert to %s and check again\n",
 	 * daemon chroot directory (i.e. /tftpboot).
 	 */
 	if (hp->flags.tftpdir) {
-		strcpy(realpath, hp->tftpdir->string);
+		snprintf(realpath, sizeof(realpath), "%s", hp->tftpdir->string);
 		clntpath = &realpath[strlen(realpath)];
 	} else {
 		realpath[0] = '\0';
-- 
cgit v1.1