libss: fix potential buffer overrun in list_rqs

Addresses-Coverity-Bug: #709516

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>

lib/ss/list_rqs.c

@@ -18,20 +18,15 @@
 
 typedef void sigret_t;
 
-static char const twentyfive_spaces[26] =
-    "                         ";
-static char const NL[2] = "\n";
-
 void ss_list_requests(int argc __SS_ATTR((unused)),
 		      const char * const *argv __SS_ATTR((unused)),
 		      int sci_idx, void *infop __SS_ATTR((unused)))
 {
     ss_request_entry *entry;
     char const * const *name;
-    int spacing;
+    int i, spacing;
     ss_request_table **table;
 
-    char buffer[BUFSIZ];
     FILE *output;
     int fd;
     sigset_t omask, igmask;
@@ -60,27 +55,24 @@ void ss_list_requests(int argc __SS_ATTR((unused)),
         entry = (*table)->requests;
         for (; entry->command_names; entry++) {
             spacing = -2;
-            buffer[0] = '\0';
             if (entry->flags & SS_OPT_DONT_LIST)
                 continue;
             for (name = entry->command_names; *name; name++) {
                 int len = strlen(*name);
-                strncat(buffer, *name, len);
+                fputs(*name, output);
                 spacing += len + 2;
                 if (name[1]) {
-                    strcat(buffer, ", ");
+                    fputs(", ", output);
                 }
             }
             if (spacing > 23) {
-                strcat(buffer, NL);
+                fputc('\n', output);
-                fputs(buffer, output);
                 spacing = 0;
-                buffer[0] = '\0';
             }
-            strncat(buffer, twentyfive_spaces, 25-spacing);
+            for (i = 0; i < 25 - spacing; i++)
-            strcat(buffer, entry->info_string);
+                fputc(' ', output);
-            strcat(buffer, NL);
+            fputs(entry->info_string, output);
-            fputs(buffer, output);
+            fputc('\n', output);
         }
     }
     fclose(output);