From 037a2d5b0f32db271e17f4fec9bd102b36a4da0b Mon Sep 17 00:00:00 2001
From: joe <joe@FreeBSD.org>
Date: Sun, 30 Apr 2000 21:04:36 +0000
Subject: Fixes a potential buffer overflow with the pid filename.

Submitted by:	Mike Heffner <spock@techfour.net>
Submitted on:	audit@freebsd.org
---
 sbin/startslip/startslip.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'sbin/startslip/startslip.c')

diff --git a/sbin/startslip/startslip.c b/sbin/startslip/startslip.c
index f0d5ce6..f273ab3 100644
--- a/sbin/startslip/startslip.c
+++ b/sbin/startslip/startslip.c
@@ -214,7 +214,9 @@ main(argc, argv)
 		dvname = devicename;
 	else
 		dvname++;
-	sprintf(pidfile, PIDFILE, _PATH_VARRUN, dvname);
+	if (snprintf(pidfile, sizeof(pidfile), PIDFILE, _PATH_VARRUN, dvname) >= sizeof(pidfile))
+		usage();
+
 	if ((pfd = fopen(pidfile, "r")) != NULL) {
 		if (fscanf(pfd, "%ld\n", &lpid) == 1) {
 			pid = lpid;
-- 
cgit v1.1