From 2753da56a1b5e1d972d23b9cb184248907a92c52 Mon Sep 17 00:00:00 2001
From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Mon, 10 Apr 2017 21:41:43 -0700
Subject: [PATCH] mfiutil - Fix static buffer overflow

* Fix static buffer that is too small.  Use a dynamic asprintf()
  instead.

Dragonfly-bugs: 3002 (dcb)
---
 usr.sbin/mfiutil/mfi_foreign.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/mfiutil/mfi_foreign.c b/usr.sbin/mfiutil/mfi_foreign.c
index 8983b8f17d..140b7854ff 100644
--- a/usr.sbin/mfiutil/mfi_foreign.c
+++ b/usr.sbin/mfiutil/mfi_foreign.c
@@ -171,8 +171,8 @@ static int
 foreign_show_cfg(int fd, uint32_t opcode, uint8_t cfgidx)
 {
 	struct mfi_config_data *config;
-	char prefix[26];
 	int error;
+	char *prefix;
 	uint8_t mbox[4];
 
 	bzero(mbox, sizeof(mbox));
@@ -186,9 +186,9 @@ foreign_show_cfg(int fd, uint32_t opcode, uint8_t cfgidx)
 	}
 
 	if (opcode == MFI_DCMD_CFG_FOREIGN_PREVIEW)
-		sprintf(prefix, "Foreign configuration preview %d", cfgidx);
+		asprintf(&prefix, "Foreign configuration preview %d", cfgidx);
 	else
-		sprintf(prefix, "Foreign configuration %d", cfgidx);
+		asprintf(&prefix, "Foreign configuration %d", cfgidx);
 	/*
 	 * MegaCli uses DCMD opcodes: 0x03100200 (which fails) followed by
 	 * 0x1a721880 which returns what looks to be drive / volume info
@@ -197,6 +197,7 @@ foreign_show_cfg(int fd, uint32_t opcode, uint8_t cfgidx)
 	 */
 	dump_config(fd, config, prefix);
 	free(config);
+	free(prefix);
 
 	return (0);
 }
-- 
2.11.4.GIT