auth.c: Replace sprintf(3) with snprintf(3)

Even if this specific use of sprintf(3) was safe because sizeof sha256_str > (sizeof sha256 * 2), some implementations would consider sprintf(3) unsafe anyway.
author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2024-08-21 23:47:17 +0200
committer: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2024-08-21 23:47:17 +0200
commit: d73097dd74625711dd02d5e3a6cb6bdca5ca8150 (patch)
tree: 8a401e14f5baabe17c34cd251f1d3f7b5b941a49 /auth.c
parent: 37c4b2967863fe5ba265a7fefad60dbd96a09f17 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/auth.c b/auth.c
index e642ccd..8fc1d95 100644
--- a/auth.c
+++ b/auth.c
@@ -238,10 +238,21 @@ static int compare_pwd(const char *const salt, const char *const password,
     char sha256_str[sizeof
         "00000000000000000000000000000000"
         "00000000000000000000000000000000"];
+    size_t sz = sizeof sha256_str;
 
     for (struct {char *p; size_t i;} a = {.p = sha256_str};
         a.i < sizeof sha256 / sizeof *sha256; a.i++, a.p += 2)
-        sprintf(a.p, "%02x", sha256[a.i]);
+    {
+        int n = snprintf(a.p, sz, "%02x", sha256[a.i]);
+
+        if (n < 0 || n >= sz)
+        {
+            fprintf(stderr, "%s: snprintf(3) failed with %d\n", __func__, n);
+            return -1;
+        }
+
+        sz -= n;
+    }
 
     if (!strcmp(sha256_str, exp_password))
         ret = 0;
author	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2024-08-21 23:47:17 +0200
committer	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2024-08-21 23:47:17 +0200
commit	d73097dd74625711dd02d5e3a6cb6bdca5ca8150 (patch)
tree	8a401e14f5baabe17c34cd251f1d3f7b5b941a49 /auth.c
parent	37c4b2967863fe5ba265a7fefad60dbd96a09f17 (diff)