From 0d7fc03c7b5740c57d4058ec7bc8a7b129f9c174 Mon Sep 17 00:00:00 2001
From: Ted Unangst <tedu@cvs.openbsd.org>
Date: Tue, 8 Apr 2003 19:55:53 +0000
Subject: more correct snprintf bound.  ok deraadt@

---
 usr.sbin/ppp/ppp/chap.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/usr.sbin/ppp/ppp/chap.c b/usr.sbin/ppp/ppp/chap.c
index f1d8b3c41cb..0e56d899b48 100644
--- a/usr.sbin/ppp/ppp/chap.c
+++ b/usr.sbin/ppp/ppp/chap.c
@@ -25,7 +25,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $OpenBSD: chap.c,v 1.38 2003/04/07 23:58:53 deraadt Exp $
+ * $OpenBSD: chap.c,v 1.39 2003/04/08 19:55:52 tedu Exp $
  */
 
 #include <sys/param.h>
@@ -605,8 +605,10 @@ chap_Failure(struct authinfo *authp)
     snprintf(buf, sizeof(buf), "E=691 R=0 C=");
     ptr += strlen(ptr);
     for (i=0; i<16; i++) {
-      snprintf(ptr, 3, "%02X", *(auth2chap(authp)->challenge.local+1+i));
+      snprintf(ptr, buf + sizeof buf - ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
       ptr += strlen(ptr);
+      if (ptr > buf + sizeof buf)
+        break;
     }
 
     snprintf(ptr, buf + sizeof buf - ptr, " V=3 M=Invalid!");
-- 
cgit v1.2.3