From c60d05f51272fc55c084dc66b750264fc8ec033d Mon Sep 17 00:00:00 2001
From: millert <>
Date: Wed, 2 Apr 2003 20:35:29 +0000
Subject: [PATCH] Use snprintf instead of a strcpy(), strncat() and strcat()
 sequence deraadt@ OK

---
 src/lib/libc/crypt/md5crypt.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c
index 56ab66fb..04885849 100644
--- a/src/lib/libc/crypt/md5crypt.c
+++ b/src/lib/libc/crypt/md5crypt.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: md5crypt.c,v 1.10 2002/02/16 21:27:22 millert Exp $	*/
+/*	$OpenBSD: md5crypt.c,v 1.11 2003/04/02 20:35:29 millert Exp $	*/
 
 /*
  * ----------------------------------------------------------------------------
@@ -13,7 +13,7 @@
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
-static char rcsid[] = "$OpenBSD: md5crypt.c,v 1.10 2002/02/16 21:27:22 millert Exp $";
+static char rcsid[] = "$OpenBSD: md5crypt.c,v 1.11 2003/04/02 20:35:29 millert Exp $";
 #endif /* LIBC_SCCS and not lint */
 
 #include <unistd.h>
@@ -108,9 +108,8 @@ md5crypt(pw, salt)
 		    MD5Update(&ctx, (const unsigned char *)pw, 1);
 
 	/* Now make the output string */
-	strcpy(passwd,(const char *)magic);
-	strncat(passwd,(const char *)sp,sl);
-	strcat(passwd,"$");
+	snprintf(passwd, sizeof(passwd), "%s%.*s$", (char *)magic,
+	    sl, (const char *)sp);
 
 	MD5Final(final,&ctx);