From 3712337aef87733474bf44a788e40ddb343d84b6 Mon Sep 17 00:00:00 2001
From: Josef Karthauser <joe@FreeBSD.org>
Date: Sun, 5 Dec 1999 20:05:45 +0000
Subject: [PATCH] Fixed a potential buffer overflow problem, in the device name
 handling.

PR:		bin/15101
---
 usr.sbin/cdcontrol/cdcontrol.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/usr.sbin/cdcontrol/cdcontrol.c b/usr.sbin/cdcontrol/cdcontrol.c
index 7fad22e177b..c38fdb2bc4b 100644
--- a/usr.sbin/cdcontrol/cdcontrol.c
+++ b/usr.sbin/cdcontrol/cdcontrol.c
@@ -33,6 +33,7 @@ static const char rcsid[] =
 #include <sys/file.h>
 #include <sys/cdio.h>
 #include <sys/ioctl.h>
+#include <sys/param.h>
 #include <histedit.h>
 
 #define VERSION "2.0"
@@ -1036,17 +1037,18 @@ char *parse (char *buf, int *cmd)
 
 int open_cd ()
 {
-	char devbuf[80];
+	char devbuf[MAXPATHLEN];
 
 	if (fd > -1)
 		return (1);
 
-	if (*cdname == '/')
-		strcpy (devbuf, cdname);
-	else if (*cdname == 'r')
-		sprintf (devbuf, "/dev/%s", cdname);
-	else
-		sprintf (devbuf, "/dev/r%s", cdname);
+	if (*cdname == '/') {
+		snprintf (devbuf, MAXPATHLEN, "%s", cdname);
+	} else if (*cdname == 'r') {
+		snprintf (devbuf, MAXPATHLEN, "/dev/%s", cdname);
+	} else {
+		snprintf (devbuf, MAXPATHLEN, "/dev/r%s", cdname);
+	}
 
 	fd = open (devbuf, O_RDONLY);