summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Unangst <tedu@cvs.openbsd.org>2003-04-08 19:55:53 +0000
committerTed Unangst <tedu@cvs.openbsd.org>2003-04-08 19:55:53 +0000
commit0d7fc03c7b5740c57d4058ec7bc8a7b129f9c174 (patch)
tree1e17759d61a85e777961d6f27aae3b5310e0fd1f
parented5e3bd927e1250f902a666a9d6c134f6ee27643 (diff)
more correct snprintf bound. ok deraadt@
-rw-r--r--usr.sbin/ppp/ppp/chap.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c
index f1d8b3c41cb..0e56d899b48 100644
--- a/usr.sbin/ppp/ppp/chap.c
+++ b/usr.sbin/ppp/ppp/chap.c
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: chap.c,v 1.38 2003/04/07 23:58:53 deraadt Exp $
+ * $OpenBSD: chap.c,v 1.39 2003/04/08 19:55:52 tedu Exp $
*/
#include <sys/param.h>
@@ -605,8 +605,10 @@ chap_Failure(struct authinfo *authp)
snprintf(buf, sizeof(buf), "E=691 R=0 C=");
ptr += strlen(ptr);
for (i=0; i<16; i++) {
- snprintf(ptr, 3, "%02X", *(auth2chap(authp)->challenge.local+1+i));
+ snprintf(ptr, buf + sizeof buf - ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
ptr += strlen(ptr);
+ if (ptr > buf + sizeof buf)
+ break;
}
snprintf(ptr, buf + sizeof buf - ptr, " V=3 M=Invalid!");