use strlcpy here; the destination string is passed to strtok_r, and if it

is not NUL terminated, bad things can happen.
2019-10-03 17:08:26 +00:00 · 2019-10-03 17:08:26 +00:00 · 194e441521
commit 194e441521
parent 01d1183f90
1 changed files with 3 additions and 3 deletions
--- a/lib/libskey/put.c
+++ b/lib/libskey/put.c
@ -1,4 +1,4 @@
-/*	$NetBSD: put.c,v 1.13 2005/02/04 16:14:55 perry Exp $	*/
+/*	$NetBSD: put.c,v 1.14 2019/10/03 17:08:26 christos Exp $	*/

 /* S/KEY v1.1b (put.c)
 *
@ -12,7 +12,7 @@
 */

 #include <sys/cdefs.h>
-__RCSID("$NetBSD: put.c,v 1.13 2005/02/04 16:14:55 perry Exp $");
+__RCSID("$NetBSD: put.c,v 1.14 2019/10/03 17:08:26 christos Exp $");

 #include <stdio.h>
 #include <string.h>
@ -2129,7 +2129,7 @@ int etob(char *out, const char *e)
  if (e == NULL)
    return -1;

-  strncpy (input, e, sizeof (input));
+  strlcpy (input, e, sizeof (input));
  memset (b, 0, sizeof (b));
  memset (out, 0, 8);
  for (i = 0, p = 0; i < 6; i++, p += 11)