worked around the buffer overrun in smprintf()

author: Ali H. Fardan <raiz@firemail.cc> 2016-08-28 18:19:53 +0300
committer: Ali H. Fardan <raiz@firemail.cc> 2016-08-28 18:19:53 +0300
commit: 94a62b864b56d8bad1fb68925dcee7c71015bc54 (patch)
tree: 3798b3492c838feed18250912a3b9be160f37bbf
parent: 1d257999ed6049dce4d1305c4dc3304ea9910ca7 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/slstatus.c b/slstatus.c
index 628c0f4..08866d2 100644
--- a/slstatus.c
+++ b/slstatus.c
@@ -78,14 +78,15 @@ setstatus(const char *str)
 static char *
 smprintf(const char *fmt, ...)
 {
-	/* FIXME: This code should have
-	bound checks, it is vulnerable to
-	buffer overflows */
 	va_list ap;
+	char tmp[120];
 	char *ret = NULL;
 
 	va_start(ap, fmt);
-	if (vasprintf(&ret, fmt, ap) < 0)
+	vsnprintf(tmp, sizeof(tmp)-1, fmt, ap);
+	tmp[strlen(tmp)+1] = '\0';
+
+	if (asprintf(&ret, "%s", tmp) < 0)
 		return NULL;
 
 	va_end(ap);
author	Ali H. Fardan <raiz@firemail.cc>	2016-08-28 18:19:53 +0300
committer	Ali H. Fardan <raiz@firemail.cc>	2016-08-28 18:19:53 +0300
commit	94a62b864b56d8bad1fb68925dcee7c71015bc54 (patch)
tree	3798b3492c838feed18250912a3b9be160f37bbf
parent	1d257999ed6049dce4d1305c4dc3304ea9910ca7 (diff)