firewall3: Fix GCC8 warnings by replacing sprintf with snprintf

error: ‘%u’ directive writing between 1 and 10 bytes into a region of size
between 7 and 11 [-Werror=format-overflow=]
sprintf(buf, "%u-%u", port->port_min, port->port_max);
                 ^~
note: directive argument in the range [0, 2147483647]
sprintf(buf, "%u-%u", port->port_min, port->port_max);
             ^~~~~~~
note: ‘sprintf’ output between 4 and 17 bytes into a destination of size
13
sprintf(buf, "%u-%u", port->port_min, port->port_max);

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/iptables.c b/iptables.c
index f8d4d46ec7717fca1f38f77c23092342b576e3c6..adf64c05c4311ed75135cdb9c927da75ae4553c4 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -899,7 +899,7 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                if (sp->port_min == sp->port_max)
                        sprintf(buf, "%u", sp->port_min);
                else
-                       sprintf(buf, "%u:%u", sp->port_min, sp->port_max);
+                       snprintf(buf, sizeof(buf), "%u:%u", sp->port_min, sp->port_max);
 
                fw3_ipt_rule_addarg(r, sp->invert, "--sport", buf);
        }
@@ -909,7 +909,7 @@ fw3_ipt_rule_sport_dport(struct fw3_ipt_rule *r,
                if (dp->port_min == dp->port_max)
                        sprintf(buf, "%u", dp->port_min);
                else
-                       sprintf(buf, "%u:%u", dp->port_min, dp->port_max);
+                       snprintf(buf, sizeof(buf), "%u:%u", dp->port_min, dp->port_max);
 
                fw3_ipt_rule_addarg(r, dp->invert, "--dport", buf);
        }
@@ -955,7 +955,7 @@ fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
                if (icmp->code6_min == 0 && icmp->code6_max == 0xFF)
                        sprintf(buf, "%u", icmp->type6);
                else
-                       sprintf(buf, "%u/%u", icmp->type6, icmp->code6_min);
+                       snprintf(buf, sizeof(buf), "%u/%u", icmp->type6, icmp->code6_min);
 
                fw3_ipt_rule_addarg(r, icmp->invert, "--icmpv6-type", buf);
        }
@@ -965,7 +965,7 @@ fw3_ipt_rule_icmptype(struct fw3_ipt_rule *r, struct fw3_icmptype *icmp)
                if (icmp->code_min == 0 && icmp->code_max == 0xFF)
                        sprintf(buf, "%u", icmp->type);
                else
-                       sprintf(buf, "%u/%u", icmp->type, icmp->code_min);
+                       snprintf(buf, sizeof(buf), "%u/%u", icmp->type, icmp->code_min);
 
                fw3_ipt_rule_addarg(r, icmp->invert, "--icmp-type", buf);
        }

diff --git a/redirects.c b/redirects.c
index 7f9948cd3bb77a3a83b3553615d5e3ef4d677404..6cd09f16143d84d3737c3157e4c3b23b1e280f94 100644 (file)
--- a/redirects.c
+++ b/redirects.c
@@ -466,7 +466,7 @@ set_redirect(struct fw3_ipt_rule *r, struct fw3_port *port)
                if (port->port_min == port->port_max)
                        sprintf(buf, "%u", port->port_min);
                else
-                       sprintf(buf, "%u-%u", port->port_min, port->port_max);
+                       snprintf(buf, sizeof(buf), "%u-%u", port->port_min, port->port_max);
 
                fw3_ipt_rule_addarg(r, false, "--to-ports", buf);
        }