Avoid sprintf buffer overrun if huge hostname

[openldap] / servers / slurpd / sanity.c

diff --git a/servers/slurpd/sanity.c b/servers/slurpd/sanity.c
index 1cf266943228c747f4cf9c133834227c03386743..5539dc392adec0c7cd86c8f8276f6c8d1e131bca 100644 (file)
--- a/servers/slurpd/sanity.c
+++ b/servers/slurpd/sanity.c
@@ -1,10 +1,18 @@
 /* $OpenLDAP$ */
-/*
- * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
- * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
+/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2006 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
  */
-/*
- * Copyright (c) 1996 Regents of the University of Michigan.
+/* Portions Copyright (c) 1996 Regents of the University of Michigan.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms are permitted
@@ -14,6 +22,10 @@
  * software without specific prior written permission. This software
  * is provided ``as is'' without express or implied warranty.
  */
+/* ACKNOWLEDGEMENTS:
+ * This work was originally developed by the University of Michigan
+ * (as part of U-MICH LDAP).
+ */
 
 
 /*
@@ -27,6 +39,7 @@
 
 #include <stdio.h>
 
+#include <ac/stdlib.h>
 #include <ac/unistd.h>
 #include <ac/string.h>
 
@@ -184,8 +197,8 @@ filecheck(
     char               *p;
     unsigned int       ret = 0;
 
-    strcpy( dir, f );
-    p = strrchr( dir, '/' );
+       snprintf( dir, sizeof dir, "%s", f );
+    p = strrchr( dir, LDAP_DIRSEP[0] );
     if ( p != NULL ) {
        *p = '\0';
     }