From 2eb0d6ec824d49aab266a2f7e2ad17b05c407809 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Sun, 11 Dec 2011 18:08:05 -0800
Subject: [PATCH] dont entrust sprintf to encode binary packets

---
 kpasswd/kpasswdd.c | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c
index a9a41f6bf..8432229bb 100644
--- a/kpasswd/kpasswdd.c
+++ b/kpasswd/kpasswdd.c
@@ -123,21 +123,26 @@ make_result (krb5_data *data,
 	     uint16_t result_code,
 	     const char *expl)
 {
-    char *str;
-    krb5_data_zero (data);
-
-    data->length = asprintf (&str,
-			     "%c%c%s",
-			     (result_code >> 8) & 0xFF,
-			     result_code & 0xFF,
-			     expl);
+    krb5_error_code ret;
+    krb5_storage *sp;
+
+    sp = krb5_storage_emem();
+    if (sp == NULL) goto out;
+    ret = krb5_store_uint32(sp, result_code);
+    if (ret) goto out;
+    ret = krb5_store_stringz(sp, expl);
+    if (ret) goto out;
+    ret = krb5_storage_to_data(sp, data);
+    if (ret) goto out;
+    krb5_storage_free(sp);
 
-    if (str == NULL) {
-	krb5_warnx (context, "Out of memory generating error reply");
-	return 1;
-    }
-    data->data = str;
     return 0;
+ out:
+    if (sp)
+	krb5_storage_free(sp);
+
+    krb5_warnx (context, "Out of memory generating error reply");
+    return 1;
 }
 
 static void
-- 
2.11.4.GIT