Index: usr.sbin/pw/pw_log.c
===================================================================
--- usr.sbin/pw/pw_log.c
+++ usr.sbin/pw/pw_log.c
@@ -29,6 +29,8 @@
   "$FreeBSD$";
 #endif /* not lint */
 
+#include <ctype.h>
+#include <err.h>
 #include <fcntl.h>
 #include <string.h>
 #include <stdarg.h>
@@ -50,19 +52,52 @@
 		if (logfile != NULL) {
 			va_list         argp;
 			time_t          now = time(NULL);
-			struct tm      *t = localtime(&now);
-			char            nfmt[256];
+			const char     *cp;
 			const char     *name;
+			struct tm      *t = localtime(&now);
+			int		i, rlen;
+			char            nfmt[256], sname[32];
 
-			if ((name = getenv("LOGNAME")) == NULL && (name = getenv("USER")) == NULL)
-				name = "unknown";
+			if ((name = getenv("LOGNAME")) == NULL &&
+			    (name = getenv("USER")) == NULL) {
+				strcpy(sname, "unknown");
+			} else {
+				for (i = 0, cp = name;
+				    *cp != '\0' &&
+				    i < (int)sizeof(sname) - 1; ) {
+					if (isspace(*cp)) {
+						cp++;
+					} else if (*cp == '%') {
+						if (i < (int)sizeof(sname) - 2) {
+							sname[i++] = '%';
+							sname[i++] = '%';
+						} else {
+							break;
+						}
+						cp++;
+					} else {
+						sname[i++] = *cp++;
+					}
+				}
+				if (i == 0) {
+					strcpy(sname, "unknown");
+				} else {
+					sname[i] = '\0';
+				}
+			}
 			/* ISO 8601 International Standard Date format */
 			strftime(nfmt, sizeof nfmt, "%Y-%m-%d %T ", t);
-			sprintf(nfmt + strlen(nfmt), "[%s:%s%s] %s\n", name, Which[which], Modes[mode], fmt);
-			va_start(argp, fmt);
-			vfprintf(logfile, nfmt, argp);
-			va_end(argp);
-			fflush(logfile);
+			rlen = sizeof(nfmt) - strlen(nfmt);
+			if (rlen <= 0 || snprintf(nfmt + strlen(nfmt), rlen,
+			    "[%s:%s%s] %s\n", sname, Which[which], Modes[mode],
+			    fmt) >= rlen) {
+				warnx("log format overflow");
+			} else {
+				va_start(argp, fmt);
+				vfprintf(logfile, nfmt, argp);
+				va_end(argp);
+				fflush(logfile);
+			}
 		}
 	}
 }