FIXME: buffer overflow warning

author Ali H. Fardan <[email protected]>

Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)

committer Ali H. Fardan <[email protected]>

Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)
author Ali H. Fardan <[email protected]>
Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)
committer Ali H. Fardan <[email protected]>
Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)
diff --git a/slstatus.c b/slstatus.c

index 90534d9..4dbe650 100644 (file)
--- a/slstatus.c
+++ b/slstatus.c
@@ -78,17 +78,17 @@ setstatus(const char *str)
  static char *
  smprintf(const char *fmt, ...)
  {
  static char *
  smprintf(const char *fmt, ...)
  {
-       va_list fmtargs;
-       char tmp[120];
+       /* FIXME: This code should have
+       bound checks, it is vulnerable to
+       buffer overflows */
+       va_list ap;
         char *ret = NULL;
  
         char *ret = NULL;
  
-       va_start(fmtargs, fmt);
-       snprintf(tmp, sizeof(tmp)-1, fmt, fmtargs);
-       tmp[sizeof(tmp)] = '\0';
-       if (asprintf(&ret, "%s", tmp) < 0)
+       va_start(ap, fmt);
+       if (vasprintf(&ret, fmt, ap) < 0)
                 return NULL;
  
                 return NULL;
  
-       va_end(fmtargs);
+       va_end(ap);
         return ret;
  }
  
         return ret;
  }
author	Ali H. Fardan <[email protected]>
	Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)
committer	Ali H. Fardan <[email protected]>
	Sun, 28 Aug 2016 13:30:12 +0000 (16:30 +0300)