worked around the buffer overrun in smprintf()

This commit is contained in:
Ali H. Fardan 2016-08-28 18:19:53 +03:00
parent 1d257999ed
commit 94a62b864b
1 changed files with 5 additions and 4 deletions

View File

@ -78,14 +78,15 @@ setstatus(const char *str)
static char * static char *
smprintf(const char *fmt, ...) smprintf(const char *fmt, ...)
{ {
/* FIXME: This code should have
bound checks, it is vulnerable to
buffer overflows */
va_list ap; va_list ap;
char tmp[120];
char *ret = NULL; char *ret = NULL;
va_start(ap, fmt); va_start(ap, fmt);
if (vasprintf(&ret, fmt, ap) < 0) vsnprintf(tmp, sizeof(tmp)-1, fmt, ap);
tmp[strlen(tmp)+1] = '\0';
if (asprintf(&ret, "%s", tmp) < 0)
return NULL; return NULL;
va_end(ap); va_end(ap);