fix unbounded write of sprintf

Buffer write operations that do not control the length of data written may overflow. Fix by replacing sprintf() with snprintf().
2025-07-01 07:15:54 +00:00 · 2024-03-23 22:03:02 -04:00 · 2024-03-23 22:03:02 -04:00 · 274d3db34d
commit 274d3db34d
parent 014af67397
2 changed files with 5 additions and 5 deletions
--- a/libgamestream/http.c
+++ b/libgamestream/http.c
@ -51,10 +51,10 @@ int http_init(const char* keyDirectory, int logLevel) {
    return GS_FAILED;

  char certificateFilePath[4096];
-  sprintf(certificateFilePath, "%s/%s", keyDirectory, CERTIFICATE_FILE_NAME);
+  snprintf(certificateFilePath, sizeof(certificateFilePath), "%s/%s", keyDirectory, CERTIFICATE_FILE_NAME);

  char keyFilePath[4096];
-  sprintf(&keyFilePath[0], "%s/%s", keyDirectory, KEY_FILE_NAME);
+  snprintf(keyFilePath, sizeof(keyFilePath), "%s/%s", keyDirectory, KEY_FILE_NAME);

  curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
  curl_easy_setopt(curl, CURLOPT_SSLENGINE_DEFAULT, 1L);
--- a/src/config.c
+++ b/src/config.c
@ -411,11 +411,11 @@ void config_parse(int argc, char* argv[], PCONFIGURATION config) {
    struct passwd *pw = getpwuid(getuid());
    const char *dir;
    if ((dir = getenv("XDG_CACHE_DIR")) != NULL)
-      sprintf(config->key_dir, "%s" MOONLIGHT_PATH, dir);
+      snprintf(config->key_dir, sizeof(config->key_dir), "%s" MOONLIGHT_PATH, dir);
    else if ((dir = getenv("HOME")) != NULL)
-      sprintf(config->key_dir, "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, dir);
+      snprintf(config->key_dir, sizeof(config->key_dir), "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, dir);
    else
-      sprintf(config->key_dir, "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, pw->pw_dir);
+      snprintf(config->key_dir, sizeof(config->key_dir), "%s" DEFAULT_CACHE_DIR MOONLIGHT_PATH, pw->pw_dir);
  }

  if (config->stream.bitrate == -1) {