diff options
| author | Felix Fietkau <nbd@nbd.name> | 2017-05-04 16:21:17 +0200 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2017-05-04 16:21:17 +0200 |
| commit | e06e5376e1a2d70de256fe9da0ea78d2a7695a98 (patch) | |
| tree | 64feee20de5efb221ec39f260041b150a58d42e5 | |
| parent | 533f8345ab185d0c6f93565e68056edb093e3c75 (diff) | |
| download | firewall3-e06e5376e1a2d70de256fe9da0ea78d2a7695a98.tar.gz | |
utils: replace sprintf use with snprintf to avoid overflows
Signed-off-by: Felix Fietkau <nbd@nbd.name>
| -rw-r--r-- | utils.c | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -485,18 +485,21 @@ write_zone_uci(struct uci_context *ctx, struct fw3_zone *z, fw3_foreach(dev, &z->devices) { + char *ep; + if (!dev) continue; p = buf; + ep = buf + sizeof(buf); if (dev->invert) - p += sprintf(p, "!"); + p += snprintf(p, ep - p, "!"); if (*dev->network) - p += sprintf(p, "%s@%s", dev->name, dev->network); + p += snprintf(p, ep - p, "%s@%s", dev->name, dev->network); else - p += sprintf(p, "%s", dev->name); + p += snprintf(p, ep - p, "%s", dev->name); ptr.value = buf; uci_add_list(ctx, &ptr); |