Patch from Scott McKellar to repair srfsh buffer overflow:

Patch from Scott McKellar to repair srfsh buffer overflow:

The potential overflow occurs in handle_introspection(), which in the
existing code uses sprintf() to insert some user-supplied input into a
fixed length buffer, without checking the length of the user-supplied
input.

There's always more than one way to fix this sort of thing.  For
example I could have formatted into a growing_buffer.  Instead, I
chose to calculate the necessary buffer size and then declare a
variable-length buffer.  That way I avoid two mallocs and two frees.

I tested this change by inserting some temporary printfs to capture
the commands being sent to parse_request().  The outputs before and
after the change were identical.

There's at least one more such potential overflow that I haven't
addressed yet.  It's near the top of handle_login(), where we
use sprintf() to insert a username into a fixed length buffer.
There may be others that I haven't noticed yet.

Scott McKellar
http://home.swbell.net/mck9/ct/

git-svn-id: svn://svn.open-ils.org/OpenSRF/trunk@1038 9efc2488-bf62-4759-914b-345cdb29e865