From 274d3db34da764344a7a402ee74e6080350ac0cd Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Sat, 23 Mar 2024 22:03:02 -0400 Subject: [PATCH] fix unbounded write of sprintf Buffer write operations that do not control the length of data written may overflow. Fix by replacing sprintf() with snprintf(). --- libgamestream/http.c | 4 ++-- src/config.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libgamestream/http.c b/libgamestream/http.c index 795fb0d..0ca97f0 100644 --- a/libgamestream/http.c +++ b/libgamestream/http.c @@ -51,10 +51,10 @@ int http_init(const char* keyDirectory, int logLevel) { return GS_FAILED; char certificateFilePath[4096]; - sprintf(certificateFilePath, "%s/%s", keyDirectory, CERTIFICATE_FILE_NAME); + snprintf(certificateFilePath, sizeof(certificateFilePath), "%s/%s", keyDirectory, CERTIFICATE_FILE_NAME); char keyFilePath[4096]; - sprintf(&keyFilePath[0], "%s/%s", keyDirectory, KEY_FILE_NAME); + snprintf(keyFilePath, sizeof(keyFilePath), "%s/%s", keyDirectory, KEY_FILE_NAME); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L); diff --git a/src/config.c b/src/config.c index c6ff242..91f2061 100644 --- a/src/config.c +++ b/src/config.c @@ -411,11 +411,11 @@ void config_parse(int argc, char* argv[], PCONFIGURATION config) { struct passwd *pw = getpwuid(getuid()); const char *dir; if ((dir = getenv("XDG_CACHE_DIR")) != NULL) - sprintf(config->key_dir, "%s" MOONLIGHT_PATH, dir); + snprintf(config->key_dir, sizeof(config->key_dir), "%s" MOONLIGHT_PATH, dir); else if ((dir = getenv("HOME")) != NULL) - sprintf(config->key_dir, "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, dir); + snprintf(config->key_dir, sizeof(config->key_dir), "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, dir); else - sprintf(config->key_dir, "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, pw->pw_dir); + snprintf(config->key_dir, sizeof(config->key_dir), "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, pw->pw_dir); } if (config->stream.bitrate == -1) {