diff --git a/ChangeLog b/ChangeLog
index a640db71..270a231a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2011-09-18  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
+	the format fits in rounds_prefix.
+
 2011-09-18  Nicolas François  <nicolas.francois@centraliens.net>
 
 	* src/grpconv.c: Fail if not called correctly.
@@ -37,7 +42,7 @@
 	* src/su.c: Too much const were added on 2011-08-15. pw in
 	save_caller_context() is allocated and freed.
 	* src/su.c: Added missing #endif indication
-	* src/su.c save_caller_context(): password only needed if
+	* src/su.c (save_caller_context): password only needed if
 	SU_ACCESS and !USE_PAM.
 
 2011-09-18  Nicolas François  <nicolas.francois@centraliens.net>
diff --git a/libmisc/salt.c b/libmisc/salt.c
index 1a3fd4b3..174f5542 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -106,7 +106,7 @@ static size_t SHA_salt_size (void)
  */
 static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds)
 {
-	static char rounds_prefix[18];
+	static char rounds_prefix[18]; /* Max size: rounds=999999999$ */
 	long rounds;
 
 	if (NULL == prefered_rounds) {
@@ -150,13 +150,8 @@ static /*@observer@*/const char *SHA_salt_rounds (/*@null@*/int *prefered_rounds
 		rounds = ROUNDS_MAX;
 	}
 
-	(void) snprintf (rounds_prefix, 18, "rounds=%ld$", rounds);
-
-	/* Sanity checks. That should not be necessary. */
-	rounds_prefix[17] = '\0';
-	if ('$' != rounds_prefix[16]) {
-		rounds_prefix[17] = '$';
-	}
+	(void) snprintf (rounds_prefix, sizeof rounds_prefix,
+	                 "rounds=%ld$", rounds);
 
 	return rounds_prefix;
 }