From 09baad31f132c62e94eec636c0627192f0006ea1 Mon Sep 17 00:00:00 2001
From: das <das@FreeBSD.org>
Date: Sun, 19 Sep 2004 20:34:30 +0000
Subject: Fix a buffer overflow by using strncpy() instead of strcpy(). Also,
 use strdup() instead of malloc()/strcpy().

PR:		64164
---
 usr.bin/indent/args.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'usr.bin/indent')

diff --git a/usr.bin/indent/args.c b/usr.bin/indent/args.c
index eb93960..f139de5 100644
--- a/usr.bin/indent/args.c
+++ b/usr.bin/indent/args.c
@@ -49,6 +49,7 @@ __FBSDID("$FreeBSD$");
 
 #include <ctype.h>
 #include <err.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -171,10 +172,10 @@ void
 set_profile(void)
 {
     FILE *f;
-    char        fname[BUFSIZ];
+    char fname[PATH_MAX];
     static char prof[] = ".indent.pro";
 
-    sprintf(fname, "%s/%s", getenv("HOME"), prof);
+    snprintf(fname, sizeof(fname), "%s/%s", getenv("HOME"), prof);
     if ((f = fopen(option_source = fname, "r")) != NULL) {
 	scan_profile(f);
 	(void) fclose(f);
@@ -288,10 +289,9 @@ found:
 	    if (*param_start == 0)
 		goto need_param;
 	    {
-		char *str = (char *) malloc(strlen(param_start) + 1);
+		char *str = strdup(param_start);
 		if (str == NULL)
 			err(1, NULL);
-		strcpy(str, param_start);
 		addkey(str, 4);
 	    }
 	    break;
-- 
cgit v1.1