From c26c35e7d9d946a90fced6875aee2235ec0fa450 Mon Sep 17 00:00:00 2001
From: "Tim J. Robbins" <tjr@FreeBSD.org>
Date: Fri, 1 Nov 2002 11:53:52 +0000
Subject: [PATCH] Avoid buffer overflow when constructing filenames.

---
 usr.bin/mkstr/mkstr.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/usr.bin/mkstr/mkstr.c b/usr.bin/mkstr/mkstr.c
index f2d2b610c1e5..ab87c73a8dfd 100644
--- a/usr.bin/mkstr/mkstr.c
+++ b/usr.bin/mkstr/mkstr.c
@@ -47,6 +47,7 @@ static char sccsid[] = "@(#)mkstr.c	8.1 (Berkeley) 6/6/93";
 __FBSDID("$FreeBSD$");
 
 #include <err.h>
+#include <errno.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -95,6 +96,7 @@ int
 main(int argc, char *argv[])
 {
 	char addon = 0;
+	size_t namelen;
 
 	argc--, argv++;
 	if (argc > 1 && argv[0][0] == '-')
@@ -109,11 +111,19 @@ main(int argc, char *argv[])
 		err(1, "%s", argv[0]);
 	inithash();
 	argc--, argv++;
-	strcpy(name, argv[0]);
-	np = name + strlen(name);
+	namelen = strlcpy(name, argv[0], sizeof(name));
+	if (namelen >= sizeof(name)) {
+		errno = ENAMETOOLONG;
+		err(1, "%s", argv[0]);
+	}
+	np = name + namelen;
 	argc--, argv++;
 	do {
-		strcpy(np, argv[0]);
+		if (strlcpy(np, argv[0], sizeof(name) - namelen) >=
+		    sizeof(name) - namelen) {
+			errno = ENAMETOOLONG;
+			err(1, "%s%s", name, argv[0]);
+		}
 		if (freopen(name, "w", stdout) == NULL)
 			err(1, "%s", name);
 		if (freopen(argv[0], "r", stdin) == NULL)