Index: hcid/lib.c
===================================================================
RCS file: /cvsroot/bluez/utils/hcid/lib.c,v
retrieving revision 1.4
diff -u -b -w -B -r1.4 lib.c
--- hcid/lib.c	28 Apr 2004 12:09:32 -0000	1.4
+++ hcid/lib.c	21 Jun 2004 12:28:22 -0000
@@ -53,7 +53,7 @@
  * Device name expansion 
  * 	%d - device id
  */
-char *expand_name(char *dst, char *str, int dev_id)
+char *expand_name(char *dst, int size, char *str, int dev_id)
 {
 	register int sp, np, olen;
 	char *opt, buf[10];
@@ -62,7 +62,7 @@
 		return NULL;
 
 	sp = np = 0;
-	while (str[sp]) {
+	while (np < size - 1 && str[sp]) {
 		switch (str[sp]) {
 		case '%':
 			opt = NULL;
@@ -88,6 +88,7 @@
 			if (opt) {
 				/* substitute */
 				olen = strlen(opt);
+				if (np + olen < size - 1)
 				memcpy(dst + np, opt, olen);
 				np += olen;
 			}
Index: hcid/lib.h
===================================================================
RCS file: /cvsroot/bluez/utils/hcid/lib.h,v
retrieving revision 1.3
diff -u -b -w -B -r1.3 lib.h
--- hcid/lib.h	28 Apr 2004 12:09:32 -0000	1.3
+++ hcid/lib.h	21 Jun 2004 12:28:22 -0000
@@ -30,7 +30,7 @@
 
 #include <errno.h>
 
-char *expand_name(char *dst, char *str, int dev_id);
+char *expand_name(char *dst, int size, char *str, int dev_id);
 
 char *get_host_name(void);
 
Index: hcid/main.c
===================================================================
RCS file: /cvsroot/bluez/utils/hcid/main.c,v
retrieving revision 1.15
diff -u -b -w -B -r1.15 main.c
--- hcid/main.c	7 May 2004 23:08:03 -0000	1.15
+++ hcid/main.c	21 Jun 2004 12:28:22 -0000
@@ -227,7 +227,8 @@
 	/* Set device name */
 	if (device_opts->name) {
 		change_local_name_cp cp;
-		expand_name(cp.name, device_opts->name, hdev);
+		memset(cp.name, 0, sizeof(cp.name));
+		expand_name(cp.name, sizeof(cp.name), device_opts->name, hdev);
 
 		hci_send_cmd(s, OGF_HOST_CTL, OCF_CHANGE_LOCAL_NAME,
 			CHANGE_LOCAL_NAME_CP_SIZE, (void *) &cp);