From f59b3c89f6fd0c84cd04fe68f2e2e04b476839c2 Mon Sep 17 00:00:00 2001
From: Lee Ballard <ballle98@gmail.com>
Date: Wed, 18 Nov 2020 13:07:45 -0600
Subject: [PATCH] sfeakes/AqualinkD#135: Buffer overflow in action_web_request

---
 net_services.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net_services.c b/net_services.c
index b096417..10c0eaf 100644
--- a/net_services.c
+++ b/net_services.c
@@ -1589,8 +1589,8 @@ void action_web_request(struct mg_connection *nc, struct http_message *http_msg)
       mg_send_head(nc, 200, strlen(GET_RTN_UNKNOWN), CONTENT_TEXT);
       mg_send(nc, GET_RTN_UNKNOWN, strlen(GET_RTN_UNKNOWN));
     }
-
-    sprintf(buf, "action_web_request() request '%.*s' took",(int)http_msg->uri.len, http_msg->uri.p);
+    snprintf(buf, sizeof(buf), "action_web_request() request '%.*s' took",
+             (int)http_msg->uri.len, http_msg->uri.p);
 
     DEBUG_TIMER_STOP(tid, NET_LOG, buf);
   }
@@ -2171,4 +2171,4 @@ bool start_net_services(/*struct mg_mgr *mgr, */struct aqualinkdata *aqdata)
   return true;
 }
 
-#endif
\ No newline at end of file
+#endif