dtsession/SmUI: fix tainted var (CID 88216)

author Jon Trulson <jon@radscan.com>

Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)

committer Jon Trulson <jon@radscan.com>

Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)
author Jon Trulson <jon@radscan.com>
Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)
committer Jon Trulson <jon@radscan.com>
Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)
diff --git a/cde/programs/dtsession/SmUI.c b/cde/programs/dtsession/SmUI.c

index c92ea588a360ece1053a59858e2fc12670c8c4ab..7885a0c642fe2d6206615493aa2030264c7c7712 100644 (file)
--- a/cde/programs/dtsession/SmUI.c
+++ b/cde/programs/dtsession/SmUI.c
@@ -907,9 +907,8 @@ CreateLockDialogWithCover(
       */
      i = 0;
      envLog = getenv("LOGNAME");
-    lockMessage = XtMalloc(100 + strlen(envLog));
-    sprintf(
-       lockMessage,
+    lockMessage = XtCalloc(1, 100 + strlen(envLog));
+    snprintf(lockMessage, 100 + strlen(envLog) - 1,
         ((char *)GETMESSAGE(18, 1, "Display locked by user %s.")), envLog);
      lockString = XmStringCreateLocalized(lockMessage);
      XtSetArg(uiArgs[i], XmNtopAttachment, XmATTACH_POSITION); i++;
author	Jon Trulson <jon@radscan.com>
	Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)
committer	Jon Trulson <jon@radscan.com>
	Sun, 28 Dec 2014 02:52:37 +0000 (19:52 -0700)