From 2edaa2eb24e3ee2b87abd6c51b93abf94544dd30 Mon Sep 17 00:00:00 2001
From: Karl Ramm <kcr@mit.edu>
Date: Sun, 21 Dec 2008 08:45:58 +0000
Subject: complicated krb4 arithmetic -> MAX_PRINCIPAL_SIZE also check the size
 of what we're sprintfing into

---
 server/dispatch.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'server/dispatch.c')

diff --git a/server/dispatch.c b/server/dispatch.c
index 01c5a2f..56c38ad 100644
--- a/server/dispatch.c
+++ b/server/dispatch.c
@@ -320,7 +320,7 @@ sendit(ZNotice_t *notice,
        int external)
 {
     static int send_counter = 0;
-    char recipbuf[ANAME_SZ + INST_SZ + REALM_SZ + 3], *recipp;
+    char recipbuf[MAX_PRINCIPAL_SIZE], *recipp;
     int any = 0;
     Acl *acl;
     Destination dest;
@@ -389,7 +389,8 @@ sendit(ZNotice_t *notice,
       strncpy(recipbuf, notice->z_recipient, sizeof(recipbuf));
       recipp = strrchr(recipbuf, '@');
       if (recipp)
-	sprintf(recipp + 1, "%s", realm_expand_realm(recipp + 1));
+	snprintf(recipp + 1, sizeof(recipbuf) - (recipp - recipbuf),
+		 "%s", realm_expand_realm(recipp + 1));
       dest.recip = make_string(recipbuf, 0);
     }
 
-- 
cgit v1.2.3