From 46f22576b0f3e076ae20e6981c01bb1f0f4ae9c9 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 8 Oct 2012 22:12:40 +0200
Subject: legacy: Use snprintf instead of sprintf.

Found by Coverity.
---
 src/legacy.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/legacy.c b/src/legacy.c
index ba04c79d..6ad4fdc2 100644
--- a/src/legacy.c
+++ b/src/legacy.c
@@ -106,16 +106,17 @@ int ssh_userauth_privatekey_file(ssh_session session,
   ssh_private_key privkey = NULL;
   int type = 0;
   int rc = SSH_AUTH_ERROR;
+  size_t klen = strlen(filename) + 4 + 1;
 
   enter_function();
 
-  pubkeyfile = malloc(strlen(filename) + 1 + 4);
+  pubkeyfile = malloc(klen);
   if (pubkeyfile == NULL) {
     ssh_set_error_oom(session);
     leave_function();
     return SSH_AUTH_ERROR;
   }
-  sprintf(pubkeyfile, "%s.pub", filename);
+  snprintf(pubkeyfile, klen, "%s.pub", filename);
 
   pubkey = publickey_from_file(session, pubkeyfile, &type);
   if (pubkey == NULL) {
-- 
cgit v1.2.3