From aa2daba4af0e59b2daebf478724ecd8e4870a68c Mon Sep 17 00:00:00 2001 From: Jon Trulson Date: Sat, 27 Dec 2014 19:52:37 -0700 Subject: [PATCH] dtsession/SmUI: fix tainted var (CID 88216) --- cde/programs/dtsession/SmUI.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/cde/programs/dtsession/SmUI.c b/cde/programs/dtsession/SmUI.c index c92ea588..7885a0c6 100644 --- a/cde/programs/dtsession/SmUI.c +++ b/cde/programs/dtsession/SmUI.c @@ -907,9 +907,8 @@ CreateLockDialogWithCover( */ i = 0; envLog = getenv("LOGNAME"); - lockMessage = XtMalloc(100 + strlen(envLog)); - sprintf( - lockMessage, + lockMessage = XtCalloc(1, 100 + strlen(envLog)); + snprintf(lockMessage, 100 + strlen(envLog) - 1, ((char *)GETMESSAGE(18, 1, "Display locked by user %s.")), envLog); lockString = XmStringCreateLocalized(lockMessage); XtSetArg(uiArgs[i], XmNtopAttachment, XmATTACH_POSITION); i++; -- 2.25.1