From d73097dd74625711dd02d5e3a6cb6bdca5ca8150 Mon Sep 17 00:00:00 2001 From: Xavier Del Campo Romero Date: Wed, 21 Aug 2024 23:47:17 +0200 Subject: auth.c: Replace sprintf(3) with snprintf(3) Even if this specific use of sprintf(3) was safe because sizeof sha256_str > (sizeof sha256 * 2), some implementations would consider sprintf(3) unsafe anyway. --- auth.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/auth.c b/auth.c index e642ccd..8fc1d95 100644 --- a/auth.c +++ b/auth.c @@ -238,10 +238,21 @@ static int compare_pwd(const char *const salt, const char *const password, char sha256_str[sizeof "00000000000000000000000000000000" "00000000000000000000000000000000"]; + size_t sz = sizeof sha256_str; for (struct {char *p; size_t i;} a = {.p = sha256_str}; a.i < sizeof sha256 / sizeof *sha256; a.i++, a.p += 2) - sprintf(a.p, "%02x", sha256[a.i]); + { + int n = snprintf(a.p, sz, "%02x", sha256[a.i]); + + if (n < 0 || n >= sz) + { + fprintf(stderr, "%s: snprintf(3) failed with %d\n", __func__, n); + return -1; + } + + sz -= n; + } if (!strcmp(sha256_str, exp_password)) ret = 0; -- cgit v1.2.3