--- /dev/null
+Bottom: 94cf3ac2f65474e3ae10d0759a997a516a0f0222
+Top: 18781a75a9389459fd54f05e6690f13c88dca330
+Author: Dotan Barak <dotanb@dev.mellanox.co.il>
+Date: 2012-04-23 09:09:44 -0700
+
+ibacm: security fix replace sprintf with snprintf
+
+Replace sprintf with snprintf to protects from buffer overflow.
+
+Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il>
+Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
+Signed-off-by: Sean Hefty <sean.hefty@intel.com>
+
+
+---
+
+diff --git a/linux/acme_linux.c b/linux/acme_linux.c
+index 9477d29..1039645 100644
+--- a/linux/acme_linux.c
++++ b/linux/acme_linux.c
+@@ -53,7 +53,7 @@ get_pkey(struct ifreq *ifreq, uint16_t *pkey)
+ FILE *f;
+ int ret;
+
+- sprintf(buf, "//sys//class//net//%s//pkey", ifreq->ifr_name);
++ snprintf(buf, sizeof buf, "//sys//class//net//%s//pkey", ifreq->ifr_name);
+ f = fopen(buf, "r");
+ if (!f) {
+ printf("failed to open %s\n", buf);
+@@ -79,7 +79,7 @@ get_sgid(struct ifreq *ifr, union ibv_gid *sgid)
+ FILE *f;
+ int i, p, ret;
+
+- sprintf(buf, "//sys//class//net//%s//address", ifr->ifr_name);
++ snprintf(buf, sizeof buf, "//sys//class//net//%s//address", ifr->ifr_name);
+ f = fopen(buf, "r");
+ if (!f) {
+ printf("failed to open %s\n", buf);
+diff --git a/src/acm.c b/src/acm.c
+index 099e84e..376f294 100644
+--- a/src/acm.c
++++ b/src/acm.c
+@@ -268,7 +268,7 @@ acm_format_name(int level, char *name, size_t name_size,
+ case ACM_EP_INFO_PATH:
+ path = (struct ibv_path_record *) addr;
+ if (path->dlid) {
+- sprintf(name, "SLID(%u) DLID(%u)",
++ snprintf(name, name_size, "SLID(%u) DLID(%u)",
+ ntohs(path->slid), ntohs(path->dlid));
+ } else {
+ acm_format_name(level, name, name_size, ACM_ADDRESS_GID,
+@@ -276,7 +276,7 @@ acm_format_name(int level, char *name, size_t name_size,
+ }
+ break;
+ case ACM_ADDRESS_LID:
+- sprintf(name, "LID(%u)", ntohs(*((uint16_t *) addr)));
++ snprintf(name, name_size, "LID(%u)", ntohs(*((uint16_t *) addr)));
+ break;
+ default:
+ strcpy(name, "Unknown");
+@@ -3125,7 +3125,7 @@ static int acm_open_lock_file(void)
+ return -1;
+ }
+
+- sprintf(pid, "%d\n", getpid());
++ snprintf(pid, sizeof pid, "%d\n", getpid());
+ write(lock_fd, pid, strlen(pid));
+ return 0;
+ }
+diff --git a/src/parse.c b/src/parse.c
+index 9a01afb..83ce843 100644
+--- a/src/parse.c
++++ b/src/parse.c
+@@ -52,7 +52,7 @@ static char *expand(char *basename, char *args, int *str_cnt, int *str_size)
+ }
+
+ while (from <= to) {
+- sprintf(buf, "%s%0*d", basename, width, from);
++ snprintf(buf, sizeof buf, "%s%0*d", basename, width, from);
+ str_buf = realloc(str_buf, size + strlen(buf)+1);
+ strcpy(&str_buf[size], buf);