- char buf[256];
- int i = s - vals[0].bv_val;
- strncpy(buf, vals[0].bv_val, i);
- s = buf+i;
- strcpy(s, pw->pw_name);
- *s = TOUPPER((unsigned char)*s);
- strcat(s, vals[0].bv_val+i+1);
- vals[0].bv_val = buf;
+ char buf[1024];
+
+ if( vals[0].bv_len + pwlen < sizeof(buf) ) {
+ int i = s - vals[0].bv_val;
+ strncpy(buf, vals[0].bv_val, i);
+ s = buf+i;
+ strcpy(s, pw->pw_name);
+ *s = TOUPPER((unsigned char)*s);
+ strcat(s, vals[0].bv_val+i+1);
+ vals[0].bv_val = buf;
+ }