GUACAMOLE-500: Explicitly guarantee typescript filename cannot exceed buffer size.

2018-02-06 22:12:08 -08:00 · 2018-02-06 22:12:08 -08:00 · cd0e48234a
commit cd0e48234a
parent 5b58c7e15b
1 changed files with 7 additions and 2 deletions
--- a/src/terminal/typescript.c
+++ b/src/terminal/typescript.c
@ -130,8 +130,13 @@ guac_terminal_typescript* guac_terminal_typescript_alloc(const char* path,
    }

    /* Append suffix to basename */
-    sprintf(typescript->timing_filename, "%s.%s", typescript->data_filename,
-            GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX);
+    if (snprintf(typescript->timing_filename, sizeof(typescript->timing_filename),
+                "%s.%s", typescript->data_filename, GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX)
+            >= sizeof(typescript->timing_filename)) {
+        close(typescript->data_fd);
+        free(typescript);
+        return NULL;
+    }

    /* Attempt to open typescript timing file */
    typescript->timing_fd = open(typescript->timing_filename,