From daad5b9ba054e17d8bcfb0b8c76d67dc19c64e0e Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Wed, 9 Oct 2013 21:46:42 +0200
Subject: Corrected possible buffer overruns in included programs and examples.

Corrected possible buffer overruns in included programs and examples.
Reported by Pedro Ribeiro <pedrib@gmail.com>.
---
 src/srptool.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/srptool.c')

diff --git a/src/srptool.c b/src/srptool.c
index f50264cc91..5fcd17eaab 100644
--- a/src/srptool.c
+++ b/src/srptool.c
@@ -602,13 +602,13 @@ crypt_int (const char *username, const char *passwd, int salt_size,
       FILE *fd2;
       int put;
 
-      if (strlen (tpasswd) > sizeof (tmpname) + 5)
+      if (strlen (tpasswd) + 5 > sizeof (tmpname))
         {
           fprintf (stderr, "file '%s' is tooooo long\n", tpasswd);
           return -1;
         }
-      strcpy (tmpname, tpasswd);
-      strcat (tmpname, ".tmp");
+
+      snprintf(tmpname, sizeof(tmpname), "%s.tmp", tpasswd);
 
       if (stat (tmpname, &st) != -1)
         {
-- 
cgit v1.2.1