From 6566763d0c306ad4dca003f2c4b9dd354d3d14fb Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 5 Nov 2008 16:09:22 +0000
Subject: [PATCH] Replace strcpy/strcat/sprintf uses in a couple of sample code
 files with strncpy/strncat.  Since this is sample code, we can't rely on
 build system support for asprintf/strlcpy/strlcat.

ticket: 6200
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21000 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/sample/sclient/sclient.c       | 9 +++++++--
 src/plugins/authdata/greet/greet_auth.c | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/appl/sample/sclient/sclient.c b/src/appl/sample/sclient/sclient.c
index 6ad305a88..bd9c4e889 100644
--- a/src/appl/sample/sclient/sclient.c
+++ b/src/appl/sample/sclient/sclient.c
@@ -159,11 +159,16 @@ main(int argc, char *argv[])
 	if (getnameinfo(ap->ai_addr, ap->ai_addrlen, abuf, sizeof(abuf),
 			pbuf, sizeof(pbuf), NI_NUMERICHOST | NI_NUMERICSERV)) {
 	    memset(abuf, 0, sizeof(abuf));
+	    memset(pbuf, 0, sizeof(pbuf));
 	    strncpy(abuf, "[error, cannot print address?]",
 		    sizeof(abuf)-1);
-	    strcpy(pbuf, "[?]");
+	    strncpy(pbuf, "[?]", sizeof(pbuf)-1);
 	}
-	sprintf(mbuf, "error contacting %s port %s", abuf, pbuf);
+	memset(mbuf, 0, sizeof(mbuf));
+	strncpy(mbuf, "error contacting ", sizeof(mbuf)-1);
+	strncat(mbuf, abuf, sizeof(mbuf) - strlen(mbuf) - 1);
+	strncat(mbuf, " port ", sizeof(mbuf) - strlen(mbuf) - 1);
+	strncat(mbuf, pbuf, sizeof(mbuf) - strlen(mbuf) - 1);
 	sock = socket(ap->ai_family, SOCK_STREAM, 0);
 	if (sock < 0) {
 	    fprintf(stderr, "%s: socket: %s\n", mbuf, strerror(errno));
diff --git a/src/plugins/authdata/greet/greet_auth.c b/src/plugins/authdata/greet/greet_auth.c
index a9d359eaa..f7b6dd733 100644
--- a/src/plugins/authdata/greet/greet_auth.c
+++ b/src/plugins/authdata/greet/greet_auth.c
@@ -65,7 +65,7 @@ greet_authdata(krb5_context ctx, krb5_db_entry *client,
 	free(a);
 	return ENOMEM;
     }
-    strcpy(p, "hello there");
+    strncpy(p, "hello there", GREET_SIZE-1);
     a->magic = KV5M_AUTHDATA;
     a->ad_type = -42;
     a->length = GREET_SIZE;
-- 
2.26.2