===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/tildexpand.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- src/usr.bin/ssh/Attic/tildexpand.c	1999/11/24 19:53:54	1.5
+++ src/usr.bin/ssh/Attic/tildexpand.c	1999/12/06 19:10:38	1.6
@@ -6,7 +6,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: tildexpand.c,v 1.5 1999/11/24 19:53:54 markus Exp $");
+RCSID("$Id: tildexpand.c,v 1.6 1999/12/06 19:10:38 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -23,6 +23,7 @@
 	char *expanded;
 	struct passwd *pw;
 	char user[100];
+	int len;
 
 	/* Return immediately if no tilde. */
 	if (filename[0] != '~')
@@ -56,7 +57,10 @@
 		return xstrdup(pw->pw_dir);
 	}
 	/* Build a path combining the specified directory and path. */
-	expanded = xmalloc(strlen(pw->pw_dir) + strlen(cp + 1) + 2);
-	sprintf(expanded, "%s/%s", pw->pw_dir, cp + 1);
+	len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
+	if (len > MAXPATHLEN)
+		fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
+	expanded = xmalloc(len);
+	snprintf(expanded, len, "%s/%s", pw->pw_dir, cp + 1);
 	return expanded;
 }