From 01d6e4371f2c49459f3600a2bbadbc66a94f870b Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Mon, 3 Feb 2014 18:50:04 +0100
Subject: [PATCH] Avoid buffer overflow on strncat usage

strncat() does not want the total size but the maximum length
(without trailing NUL) that can still be added. Switch over
to snprintf which is both more readable and avoids this issue.

Signed-off-by: Dirk Mueller <dmueller@suse.com>
---
 kexec/fs2dt.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/kexec/fs2dt.c b/kexec/fs2dt.c
index 73c1fb9..5e6b98d 100644
--- a/kexec/fs2dt.c
+++ b/kexec/fs2dt.c
@@ -619,8 +619,7 @@ static void putnode(void)
 		 * code can print 'I'm in purgatory' message. Currently only
 		 * pseries/hvcterminal is supported.
 		 */
-		strcpy(filename, pathname);
-		strncat(filename, "linux,stdout-path", MAXPATH);
+		snprintf(filename, MAXPATH, "%slinux,stdout-path", pathname);
 		fd = open(filename, O_RDONLY);
 		if (fd == -1) {
 			printf("Unable to find %s, printing from purgatory is diabled\n",
@@ -648,9 +647,7 @@ static void putnode(void)
 														filename);
 			goto no_debug;
 		}
-		strncpy(filename, "/proc/device-tree/", MAXPATH);
-		strncat(filename, buff, MAXPATH);
-		strncat(filename, "/compatible", MAXPATH);
+		snprintf(filename, MAXPATH, "/proc/device-tree/%s/compatible", buff);
 		fd = open(filename, O_RDONLY);
 		if (fd == -1) {
 			printf("Unable to find %s printing from purgatory is diabled\n",
-- 
1.8.4.1