From b41a74b595422d30e4b1353cc4caa7e2773ba046 Mon Sep 17 00:00:00 2001
From: Jon Trulson <jon@radscan.com>
Date: Fri, 26 Dec 2014 14:22:05 -0700
Subject: [PATCH] dtsession: Coverity (memory corruption)

---
 cde/programs/dtsession/SmRestore.c | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/cde/programs/dtsession/SmRestore.c b/cde/programs/dtsession/SmRestore.c
index 28748abf..348db9ba 100644
--- a/cde/programs/dtsession/SmRestore.c
+++ b/cde/programs/dtsession/SmRestore.c
@@ -914,7 +914,9 @@ RestoreResources( Boolean errorHandlerInstalled, ... )
 	{
             char   clientMessage[MAXPATHLEN + 256];
 
-	    sprintf(clientMessage, ((char *)GETMESSAGE(16, 1, "Unable to exec process %s.  No session resources will be restored.")), pgrm);
+            memset(clientMessage, 0, MAXPATHLEN + 256);
+	    snprintf(clientMessage, (MAXPATHLEN + 256) - 1,
+                     ((char *)GETMESSAGE(16, 1, "Unable to exec process %s.  No session resources will be restored.")), pgrm);
 	    PrintErrnoError(DtError, clientMessage);
 	    SM_EXIT(-1);
 	}
@@ -1637,8 +1639,10 @@ RestoreIndependentResources( void )
 	    sessionType = SM_CURRENT_FONT_DIRECTORY;
 	}
 
-	sprintf(fontPath, "%s/%s/%s/%s.%s", smGD.savePath, sessionType,
-		currentLangPtr, SM_FONT_FILE, sessionRes);
+        memset(fontPath, 0, MAXPATHLEN + 1);
+	snprintf(fontPath, MAXPATHLEN, "%s/%s/%s/%s.%s",
+                 smGD.savePath, sessionType,
+                 currentLangPtr, SM_FONT_FILE, sessionRes);
 	status = stat(fontPath, &buf);
 	if(status == -1)
 	{
@@ -1646,16 +1650,16 @@ RestoreIndependentResources( void )
 	     * User has nothing there - look in the system defaults
 	     * first in the language dep -then in lang independent
 	     */
-            fontPath[0] = '\0';
+            memset(fontPath, 0, MAXPATHLEN + 1);
 
             if((currentLangPtr != NULL) && (*currentLangPtr != 0))
             {
                 strcat(fontPath, "/");
-                strcat(fontPath, currentLangPtr);
+                strncat(fontPath, currentLangPtr, MAXPATHLEN);
             }
 
-            strcat(fontPath, "/");
-            strcat(fontPath, SM_SYSTEM_FONT_FILE);
+            strncat(fontPath, "/", MAXPATHLEN);
+            strncat(fontPath, SM_SYSTEM_FONT_FILE, MAXPATHLEN);
 
             FixPath(fontPath);
 
@@ -1665,8 +1669,9 @@ RestoreIndependentResources( void )
                 if((currentLangPtr != NULL) && (*currentLangPtr != 0) &&
                    (strcmp(currentLangPtr, "C")))
                 {
-                   strcpy(fontPath, "/C/");
-                    strcat(fontPath, SM_SYSTEM_FONT_FILE);
+                    memset(fontPath, 0, MAXPATHLEN + 1);
+                    strcpy(fontPath, "/C/");
+                    strncat(fontPath, SM_SYSTEM_FONT_FILE, MAXPATHLEN);
 
                     FixPath(fontPath);
 		
-- 
2.25.1