radius: Prevent buffer overflow in rc_mksid()

On some systems getpid() can return a value greater than 65535.
Increase the size of buf[] to allow for this, and use slprintf()
to make sure we never overflow it.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>

diff --git a/pppd/plugins/radius/util.c b/pppd/plugins/radius/util.c
index 6f976a712951947217977c57e8606b1cbafec597..740131e8377c51f326b1f465ca94a12526563712 100644 (file)
--- a/pppd/plugins/radius/util.c
+++ b/pppd/plugins/radius/util.c
@@ -73,9 +73,9 @@ void rc_mdelay(int msecs)
 char *
 rc_mksid (void)
 {
 char *
 rc_mksid (void)
 {

-  static char buf[15];
+  static char buf[32];

   static unsigned short int cnt = 0;
   static unsigned short int cnt = 0;

-  sprintf (buf, "%08lX%04X%02hX",
+  slprintf(buf, sizeof(buf), "%08lX%04X%02hX",

           (unsigned long int) time (NULL),
           (unsigned int) getpid (),
           cnt & 0xFF);
           (unsigned long int) time (NULL),
           (unsigned int) getpid (),
           cnt & 0xFF);