* md5 string
*/
-char *make_apop_string(char *realpass, char *nonce, char *buffer)
+char *make_apop_string(char *realpass, char *nonce, char *buffer, size_t n)
{
struct MD5Context ctx;
u_char rawdigest[MD5_DIGEST_LEN];
MD5Final(rawdigest, &ctx);
for (i=0; i<MD5_DIGEST_LEN; i++)
{
- sprintf(&buffer[i*2], "%02X", (unsigned char) (rawdigest[i] & 0xff));
+ snprintf(&buffer[i*2], n - i*2, "%02X", (unsigned char) (rawdigest[i] & 0xff));
buffer[i*2] = tolower(buffer[i*2]);
buffer[(i*2)+1] = tolower(buffer[(i*2)+1]);
}