From cd0e48234a079813664052b56c501e854753303a Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Tue, 6 Feb 2018 22:12:08 -0800
Subject: [PATCH] GUACAMOLE-500: Explicitly guarantee typescript filename
 cannot exceed buffer size.

---
 src/terminal/typescript.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/terminal/typescript.c b/src/terminal/typescript.c
index 69c8a1db..23338455 100644
--- a/src/terminal/typescript.c
+++ b/src/terminal/typescript.c
@@ -130,8 +130,13 @@ guac_terminal_typescript* guac_terminal_typescript_alloc(const char* path,
     }
 
     /* Append suffix to basename */
-    sprintf(typescript->timing_filename, "%s.%s", typescript->data_filename,
-            GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX);
+    if (snprintf(typescript->timing_filename, sizeof(typescript->timing_filename),
+                "%s.%s", typescript->data_filename, GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX)
+            >= sizeof(typescript->timing_filename)) {
+        close(typescript->data_fd);
+        free(typescript);
+        return NULL;
+    }
 
     /* Attempt to open typescript timing file */
     typescript->timing_fd = open(typescript->timing_filename,