From e06e5376e1a2d70de256fe9da0ea78d2a7695a98 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 4 May 2017 16:21:17 +0200 Subject: [PATCH] utils: replace sprintf use with snprintf to avoid overflows Signed-off-by: Felix Fietkau --- utils.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/utils.c b/utils.c index 537c629..875a141 100644 --- a/utils.c +++ b/utils.c @@ -485,18 +485,21 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z, fw3_foreach(dev, &z->devices) { + char *ep; + if (!dev) continue; p = buf; + ep = buf + sizeof(buf); if (dev->invert) - p += sprintf(p, "!"); + p += snprintf(p, ep - p, "!"); if (*dev->network) - p += sprintf(p, "%s@%s", dev->name, dev->network); + p += snprintf(p, ep - p, "%s@%s", dev->name, dev->network); else - p += sprintf(p, "%s", dev->name); + p += snprintf(p, ep - p, "%s", dev->name); ptr.value = buf; uci_add_list(ctx, &ptr); -- 2.25.1