From 734ad4020e6ff0c47c27b3b9096cbc996b5e1ee7 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 3 May 2018 22:27:03 +0200 Subject: xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds nft-arp.c:112:3: note: 'sprintf' output between 2 and 21 bytes into a destination of size 20 sprintf(buf, "/%s", addr_to_dotted(mask)); Signed-off-by: Florian Westphal --- iptables/nft-arp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c index 0e13b8c5..4eacc61b 100644 --- a/iptables/nft-arp.c +++ b/iptables/nft-arp.c @@ -92,7 +92,7 @@ static char * mask_to_dotted(const struct in_addr *mask) { int i; - static char buf[20]; + static char buf[22]; u_int32_t maskaddr, bits; maskaddr = ntohl(mask->s_addr); @@ -109,7 +109,7 @@ mask_to_dotted(const struct in_addr *mask) sprintf(buf, "/%d", i); else /* mask was not a decent combination of 1's and 0's */ - sprintf(buf, "/%s", addr_to_dotted(mask)); + snprintf(buf, sizeof(buf), "/%s", addr_to_dotted(mask)); return buf; } -- cgit v1.2.3