--- cmkdir.c.orig	Sun Dec 14 22:54:50 1997
+++ cmkdir.c	Sat Nov 30 21:44:13 2013
@@ -18,9 +18,14 @@
 /*
  * client cfs mkdir - 1.4.0
  */
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 #include <stdio.h>
 #include <rpc/rpc.h>
 #include <sys/time.h>
+#include <assert.h>
 #include "nfsproto.h"
 #include "admproto.h"
 #include "cfs.h"
@@ -48,8 +53,9 @@ main(argc,argv)
 	int smsize=LARGESMSIZE;
 	unsigned char ekey[128];
 	unsigned char ek1[128];
-	unsigned int l;
 	int keycheck=1;
+	int l;
+	int rfd; /* File descriptor for /dev/srandom.*/
 	
 	while (--argc && (**++argv == '-')) {
 		for (flg= ++*argv; *flg; ++flg)
@@ -102,7 +108,7 @@ main(argc,argv)
 			fprintf(stderr,"Can't get key\n");
 			exit(1);
 		}
-		strcpy(pword,pw);
+		(void)strlcpy(pword, pw, sizeof(pword));
 		if (strlen(pw)<16) {
 			fprintf(stderr,"Key must be at least 16 chars.\n");
 			exit(1);
@@ -116,6 +122,7 @@ main(argc,argv)
 			"Keys don't match; drink some coffee and try again\n");
 		     exit(1);
 		}
+		pw = pword;
 	}
 	else { /* just accept key from stdio */
 		if (fgets(pword,256,stdin) == NULL) {
@@ -129,8 +136,13 @@ main(argc,argv)
 			pw[n-1] = '\0';
 	}
 	if (smsize != LARGESMSIZE)
-		sprintf(pw,"%s%d",pword,smsize);
+		(void)snprintf(pw, 256, "%s%d", pw, smsize);
 	k.cipher=ciph;
+	rfd = open("/dev/srandom", O_RDONLY);
+	if (rfd < 0) {
+		perror ("/dev/srandom");
+		exit (1);
+	}
 	if (cfmt==0) { 
 		if (old_pwcrunch(pw,&k)!=0) {
 			fprintf(stderr,"Invalid key\n");
@@ -145,7 +157,13 @@ main(argc,argv)
 		/* now we xor in some truerand bytes for good measure */
 		bcopy(&k,ekey,32);  /* assumes key material < 32 bytes */
 		for (i=0; i<32; i++) {
-			ekey[i] ^= randbyte(); 
+			char b; /* Random byte */
+			if (1 != read (rfd, &b, 1))
+			{
+				perror ("/dev/srandom read 1");
+				exit (1);
+			}
+			ekey[i] ^= b;
 		}
 		encrypt_key(&k,ekey);
 		bcopy(ekey,ek1,32);
@@ -156,10 +174,22 @@ main(argc,argv)
 		perror("cmkdir");
 		exit(1);
 	}
-	sprintf(path,"%s/...",argv[0]);
+	l = snprintf(path, sizeof(path), "%s/...", argv[0]);
+	if (l < 0 || l >= sizeof(path)) {
+	  fprintf(stderr, "File name too long: %s/...\n", argv[0]);
+	  exit(1);
+	}
 	strcpy(str,"qua!");
 	/* now randomize the end of str.. */
-	r = trand32();
+	assert(1 == read(rfd, ((char*)&r), 1));
+	for (i=0; i<sizeof(r); i++) {
+		if (1 != read (rfd, ((char*)&r)+i, 1))
+		{
+			perror ("/dev/srandom read 1");
+			exit (1);
+		}
+	}
+	(void) close (rfd);
 	for (i=0; i<4; i++)
 		str[i+4]=(r<<(i*8))&0377;
 	copykey(&k,&kt);
@@ -172,14 +202,14 @@ main(argc,argv)
 	}
 	fwrite(str,8,1,fp);
 	fclose(fp);
-	sprintf(path,"%s/..c",argv[0]);
+	(void)snprintf(path, sizeof(path), "%s/..c", argv[0]);
 	if ((fp=fopen(path,"w")) == NULL) {
 		perror("cmkdir");
 		exit(1);
 	}
 	fprintf(fp,"%d",k.cipher);
 	fclose(fp);
-	sprintf(path,"%s/..s",argv[0]);
+	(void)snprintf(path, sizeof(path), "%s/..s", argv[0]);
 	if ((fp=fopen(path,"w")) == NULL) {
 		perror("cmkdir");
 		exit(1);
@@ -187,7 +217,7 @@ main(argc,argv)
 	fprintf(fp,"%d\n",smsize);
 	fclose(fp);
 	if (cfmt) {
-		sprintf(path,"%s/..k",argv[0]);
+		(void)snprintf(path, sizeof(path), "%s/..k", argv[0]);
 		if ((fp=fopen(path,"w")) == NULL) {
 			perror("cmkdir");
 			exit(1);
