diff -up nfs-utils-1.3.0/utils/exportfs/exportfs.c.orig nfs-utils-1.3.0/utils/exportfs/exportfs.c --- nfs-utils-1.3.0/utils/exportfs/exportfs.c.orig 2016-05-03 11:06:55.925043000 -0400 +++ nfs-utils-1.3.0/utils/exportfs/exportfs.c 2016-05-03 11:11:58.680677000 -0400 @@ -508,9 +508,10 @@ unexportfs(char *arg, int verbose) static int can_test(void) { - char buf[1024]; + char buf[1024] = { 0 }; int fd; int n; + size_t bufsiz = sizeof(buf); fd = open("/proc/net/rpc/auth.unix.ip/channel", O_WRONLY); if (fd < 0) @@ -523,9 +524,9 @@ static int can_test(void) * commit 2f74f972 (sunrpc: prepare NFS for 2038). */ if (time(NULL) > INT_TO_LONG_THRESHOLD_SECS) - sprintf(buf, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX); + snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %ld -test-client-\n", LONG_MAX); else - sprintf(buf, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX); + snprintf(buf, bufsiz-1, "nfsd 0.0.0.0 %d -test-client-\n", INT_MAX); n = write(fd, buf, strlen(buf)); close(fd); @@ -541,7 +542,8 @@ static int can_test(void) static int test_export(char *path, int with_fsid) { - char buf[1024]; + /* beside max path, buf size should take protocol str into account */ + char buf[NFS_MAXPATHLEN+1+64] = { 0 }; char *bp = buf; int len = sizeof(buf); int fd, n; @@ -766,7 +768,8 @@ dumpopt(char c, char *fmt, ...) static void dump(int verbose, int export_format) { - char buf[1024]; + /* buf[] size should >= sizeof(struct exportent->e_path) */ + char buf[NFS_MAXPATHLEN+1] = { 0 }; char *bp; int len; nfs_export *exp;