From a9825785e864fa795d4b39d99d14bc6f9995a7dc Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 18 May 2003 20:53:10 +1000
Subject:    - itojun@cvs.openbsd.org 2003/05/17 03:25:58      [auth-rhosts.c] 
     just in case, put numbers to sscanf %s arg.

---
 auth-rhosts.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'auth-rhosts.c')

diff --git a/auth-rhosts.c b/auth-rhosts.c
index de2cb67f..a3847810 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.29 2003/04/08 20:21:28 itojun Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.30 2003/05/17 03:25:58 itojun Exp $");
 
 #include "packet.h"
 #include "uidswap.h"
@@ -68,7 +68,8 @@ check_rhosts_file(const char *filename, const char *hostname,
 		 * This should be safe because each buffer is as big as the
 		 * whole string, and thus cannot be overwritten.
 		 */
-		switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) {
+		switch (sscanf(buf, "%1023s %1023s %1023s", hostbuf, userbuf,
+		    dummy)) {
 		case 0:
 			auth_debug_add("Found empty line in %.100s.", filename);
 			continue;
-- 
cgit v1.2.1