From cb4cbf9c34aa5138f755849cb8b61c2d8d04db17 Mon Sep 17 00:00:00 2001
From: "Tim J. Robbins" <tjr@FreeBSD.org>
Date: Fri, 1 Nov 2002 12:48:28 +0000
Subject: [PATCH] Another buffer overflow similar to the recent one in
 mkstr(1).

---
 usr.bin/xstr/xstr.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr.bin/xstr/xstr.c b/usr.bin/xstr/xstr.c
index 2ffbc72f632..6195ff2b353 100644
--- a/usr.bin/xstr/xstr.c
+++ b/usr.bin/xstr/xstr.c
@@ -231,6 +231,8 @@ yankstr(char **cpp)
 	static char tmp[] = "b\bt\tr\rn\nf\f\\\\\"\"";
 
 	while ((c = *cp++)) {
+		if (dp == dbuf + sizeof(dbuf) - 3)
+			errx(1, "message too long");
 		switch (c) {
 
 		case '"':