Examine all occurrences of sprintf(), strcat(), and str[n]cpy()

for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c
index d6149e9175e1..2488b31a1a36 100644
--- a/sys/net/if_vlan.c
+++ b/sys/net/if_vlan.c
@@ -26,7 +26,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$Id: if_vlan.c,v 1.2 1998/05/15 20:02:47 wollman Exp $
+ *	$Id: if_vlan.c,v 1.3 1998/08/23 03:07:10 wollman Exp $
  */
 
 /*
@@ -334,8 +334,8 @@ vlan_ioctl(struct ifnet *ifp, u_long cmd, caddr_t data)
 	case SIOCGETVLAN:
 		bzero(&vlr, sizeof vlr);
 		if (ifv->ifv_p) {
-			sprintf(vlr.vlr_parent, "%s%d", ifv->ifv_p->if_name,
-				ifv->ifv_p->if_unit);
+			snprintf(vlr.vlr_parent, sizeof(vlr.vlr_parent),
+			    "%s%d", ifv->ifv_p->if_name, ifv->ifv_p->if_unit);
 			vlr.vlr_tag = ifv->ifv_tag;
 		}
 		error = copyout(&vlr, ifr->ifr_data, sizeof vlr);