From 8fba38b82cc8c19299338346b3101bbfe0d785ca Mon Sep 17 00:00:00 2001
From: Lee Ballard <ballle98@gmail.com>
Date: Wed, 18 Nov 2020 13:07:45 -0600
Subject: [PATCH] sfeakes/AqualinkD#135: Buffer overflow in action_web_request

---
 net_services.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net_services.c b/net_services.c
index 44920a1f..ad025bce 100644
--- a/net_services.c
+++ b/net_services.c
@@ -1399,8 +1399,8 @@ void action_web_request(struct mg_connection *nc, struct http_message *http_msg)
       mg_send_head(nc, 200, strlen(GET_RTN_UNKNOWN), CONTENT_TEXT);
       mg_send(nc, GET_RTN_UNKNOWN, strlen(GET_RTN_UNKNOWN));
     }
-
-    sprintf(buf, "action_web_request() request '%.*s' took",(int)http_msg->uri.len, http_msg->uri.p);
+    snprintf(buf, sizeof(buf), "action_web_request() request '%.*s' took",
+             (int)http_msg->uri.len, http_msg->uri.p);
 
     DEBUG_TIMER_STOP(tid, NET_LOG, buf);
   }
@@ -2407,4 +2407,4 @@ void OLD_action_websocket_request(struct mg_connection *nc, struct websocket_mes
   } 
 }
 
-#endif // INCLUDE_V1_API
\ No newline at end of file
+#endif // INCLUDE_V1_API