Fix potentially overrunning write of sprintf

szsam · szsam · commit c958d1d5b91a · 2023-04-19T16:50:00.000-04:00
Format string "%d" requires 12 bytes (including the null terminator).
Also, use snprintf instead of sprintf to prevent buffer overflow.
diff --git a/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp b/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp
@@ -186,8 +186,8 @@ nsapi_error_t GEMALTO_CINTERION_CellularStack::socket_open_defer(CellularSocket
                         }
                     }
                     if (strcmp(paramTag, "conId") == 0) {
-                        char buf[10];
-                        std::sprintf(buf, "%d", _cid);
+                        char buf[12];
+                        std::snprintf(buf, sizeof(buf), "%d", _cid);
                         if (strcmp(paramValue, buf) == 0) {
                             foundConIdType = true;
                         }

Original file line number	Diff line number	Diff line change
`@@ -186,8 +186,8 @@ nsapi_error_t GEMALTO_CINTERION_CellularStack::socket_open_defer(CellularSocket`
`186`	`186`	`}`
`187`	`187`	`}`
`188`	`188`	`if (strcmp(paramTag, "conId") == 0) {`
`189`		`- char buf[10];`
`190`		`- std::sprintf(buf, "%d", _cid);`
	`189`	`+ char buf[12];`
	`190`	`+ std::snprintf(buf, sizeof(buf), "%d", _cid);`
`191`	`191`	`if (strcmp(paramValue, buf) == 0) {`
`192`	`192`	`foundConIdType = true;`
`193`	`193`	`}`