From: Jon Trulson <jon@radscan.com>
Date: Sun, 28 Dec 2014 02:52:37 +0000 (-0700)
Subject: dtsession/SmUI: fix tainted var (CID 88216)
X-Git-Tag: 2.2.3~60^2~2
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=aa2daba4af0e59b2daebf478724ecd8e4870a68c;p=oweals%2Fcde.git

dtsession/SmUI: fix tainted var (CID 88216)
---

diff --git a/cde/programs/dtsession/SmUI.c b/cde/programs/dtsession/SmUI.c
index c92ea588..7885a0c6 100644
--- a/cde/programs/dtsession/SmUI.c
+++ b/cde/programs/dtsession/SmUI.c
@@ -907,9 +907,8 @@ CreateLockDialogWithCover(
      */
     i = 0;
     envLog = getenv("LOGNAME");
-    lockMessage = XtMalloc(100 + strlen(envLog));
-    sprintf(
-	lockMessage,
+    lockMessage = XtCalloc(1, 100 + strlen(envLog));
+    snprintf(lockMessage, 100 + strlen(envLog) - 1,
 	((char *)GETMESSAGE(18, 1, "Display locked by user %s.")), envLog);
     lockString = XmStringCreateLocalized(lockMessage);
     XtSetArg(uiArgs[i], XmNtopAttachment, XmATTACH_POSITION); i++;