From 94a62b864b56d8bad1fb68925dcee7c71015bc54 Mon Sep 17 00:00:00 2001 From: "Ali H. Fardan" Date: Sun, 28 Aug 2016 18:19:53 +0300 Subject: worked around the buffer overrun in smprintf() --- slstatus.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/slstatus.c b/slstatus.c index 628c0f4..08866d2 100644 --- a/slstatus.c +++ b/slstatus.c @@ -78,14 +78,15 @@ setstatus(const char *str) static char * smprintf(const char *fmt, ...) { - /* FIXME: This code should have - bound checks, it is vulnerable to - buffer overflows */ va_list ap; + char tmp[120]; char *ret = NULL; va_start(ap, fmt); - if (vasprintf(&ret, fmt, ap) < 0) + vsnprintf(tmp, sizeof(tmp)-1, fmt, ap); + tmp[strlen(tmp)+1] = '\0'; + + if (asprintf(&ret, "%s", tmp) < 0) return NULL; va_end(ap); -- cgit v1.2.3