- (djm) [auth-pam.c] Don't use crappy APIs like sprintf. Thanks bal

1 files changed, 8 insertions, 5 deletions

diff --git a/auth-pam.c b/auth-pam.c
index 057164ad..9ca18e77 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
 
 /* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
 #include "includes.h"
-RCSID("$Id: auth-pam.c,v 1.64 2003/06/03 00:25:48 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.65 2003/07/30 04:53:11 djm Exp $");
 
 #ifdef USE_PAM
 #include <security/pam_appl.h>
@@ -373,6 +373,7 @@ sshpam_query(void *ctx, char **name, char **info,
 	size_t plen;
 	u_char type;
 	char *msg;
+	size_t len;
 
 	buffer_init(&buffer);
 	*name = xstrdup("");
@@ -388,16 +389,18 @@ sshpam_query(void *ctx, char **name, char **info,
 		case PAM_PROMPT_ECHO_ON:
 		case PAM_PROMPT_ECHO_OFF:
 			*num = 1;
-			**prompts = xrealloc(**prompts, plen + strlen(msg) + 1);
-			plen += sprintf(**prompts + plen, "%s", msg);
+			len = plen + strlen(msg) + 1;
+			**prompts = xrealloc(**prompts, len);
+			plen += snprintf(**prompts + plen, len, "%s", msg);
 			**echo_on = (type == PAM_PROMPT_ECHO_ON);
 			xfree(msg);
 			return (0);
 		case PAM_ERROR_MSG:
 		case PAM_TEXT_INFO:
 			/* accumulate messages */
-			**prompts = xrealloc(**prompts, plen + strlen(msg) + 1);
-			plen += sprintf(**prompts + plen, "%s", msg);
+			len = plen + strlen(msg) + 1;
+			**prompts = xrealloc(**prompts, len);
+			plen += snprintf(**prompts + plen, len, "%s", msg);
 			xfree(msg);
 			break;
 		case PAM_NEW_AUTHTOK_REQD: