From 5fdf736d34e42b844ab403d71634983d0183bb9f Mon Sep 17 00:00:00 2001
From: gilles <gilles@openbsd.org>
Date: Tue, 6 Oct 2015 06:44:47 +0000
Subject: [PATCH] fix snprintf() error checking in token expansion code, these
 can't possibly fail but it's no excuse for getting the checks wrong.

spotted by qualys
---
 usr.sbin/smtpd/lka_session.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c
index 0996d66e236..f36642396ea 100644
--- a/usr.sbin/smtpd/lka_session.c
+++ b/usr.sbin/smtpd/lka_session.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: lka_session.c,v 1.70 2015/10/02 00:29:51 gilles Exp $	*/
+/*	$OpenBSD: lka_session.c,v 1.71 2015/10/06 06:44:47 gilles Exp $	*/
 
 /*
  * Copyright (c) 2011 Gilles Chehade <gilles@poolp.org>
@@ -623,19 +623,19 @@ lka_expand_token(char *dest, size_t len, const char *token,
 	/* token -> expanded token */
 	if (! strcasecmp("sender", rtoken)) {
 		if (snprintf(tmp, sizeof tmp, "%s@%s",
-			ep->sender.user, ep->sender.domain) <= 0)
+			ep->sender.user, ep->sender.domain) >= (int)sizeof tmp)
 			return 0;
 		string = tmp;
 	}
 	else if (! strcasecmp("dest", rtoken)) {
 		if (snprintf(tmp, sizeof tmp, "%s@%s",
-			ep->dest.user, ep->dest.domain) <= 0)
+			ep->dest.user, ep->dest.domain) >= (int)sizeof tmp)
 			return 0;
 		string = tmp;
 	}
 	else if (! strcasecmp("rcpt", rtoken)) {
 		if (snprintf(tmp, sizeof tmp, "%s@%s",
-			ep->rcpt.user, ep->rcpt.domain) <= 0)
+			ep->rcpt.user, ep->rcpt.domain) >= (int)sizeof tmp)
 			return 0;
 		string = tmp;
 	}
-- 
2.20.1