commit cd0e48234a079813664052b56c501e854753303a
author Michael Jumper <mjumper@apache.org> Tue Feb 06 22:12:08 2018 -0800
committer Michael Jumper <mjumper@apache.org> Tue Feb 06 22:13:55 2018 -0800
tree 67fe465ae0995c053e5189c66c90612a2c4113f0
parent 5b58c7e15b6ba74b72c1ac3ebaaad22476259583

GUACAMOLE-500: Explicitly guarantee typescript filename cannot exceed buffer size.

src/terminal/typescript.c

diff --git a/src/terminal/typescript.c b/src/terminal/typescript.c
index 69c8a1d..2333845 100644
--- a/src/terminal/typescript.c
+++ b/src/terminal/typescript.c
@@ -130,8 +130,13 @@
     }
 
     /* Append suffix to basename */
-    sprintf(typescript->timing_filename, "%s.%s", typescript->data_filename,
-            GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX);
+    if (snprintf(typescript->timing_filename, sizeof(typescript->timing_filename),
+                "%s.%s", typescript->data_filename, GUAC_TERMINAL_TYPESCRIPT_TIMING_SUFFIX)
+            >= sizeof(typescript->timing_filename)) {
+        close(typescript->data_fd);
+        free(typescript);
+        return NULL;
+    }
 
     /* Attempt to open typescript timing file */
     typescript->timing_fd = open(typescript->timing_filename,