very unlikely overflow. but sticking to the idiom is important: thereby,

example by example, we teach people how to actually use snprintf.  because
it is clear (especially judging by code coming from netbsd hint hint perhaps
if i say it like this they will finally learn) that people are not paying
attention, and replacing one security problem with another.

in the early days we replaced buffer the typical ANSI-C standardized function
buffer overflows (by which I mean strcpy, strcat, and sprintf) with
non-overflowing ones -- range checking varients.  We knew we were fixing
a major problem.  The damn overflows.  But we did not have time in all cases
to handle the next problem we were not handling:  string truncation.  Now we
need to (I hope not slowly) start fixing the string truncations.

Anyone going to help?

1 files changed, 6 insertions, 1 deletions

diff --git a/usr.sbin/user/user.c b/usr.sbin/user/user.c
index b67ac306a44..782ee7b34e8 100644
--- a/usr.sbin/user/user.c
+++ b/usr.sbin/user/user.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: user.c,v 1.61 2004/09/30 15:07:41 otto Exp $ */
+/* $OpenBSD: user.c,v 1.62 2005/04/13 03:46:28 deraadt Exp $ */
 /* $NetBSD: user.c,v 1.69 2003/04/14 17:40:07 agc Exp $ */
 
 /*
@@ -1114,6 +1114,11 @@ adduser(char *login_name, user_t *up)
 	}
 	if (yp) {
 		cc = snprintf(buf, sizeof(buf), "+:*::::::::\n");
+		if (cc == -1 || cc > sizeof(buf)) {
+			(void) close(ptmpfd);
+			pw_abort();
+			errx(EXIT_FAILURE, "can't add `%s', line too long", buf);
+		}
 		if (write(ptmpfd, buf, (size_t) cc) != cc) {
 			(void) close(ptmpfd);
 			pw_abort();