From de5c8688030a4271960d7791eaca4683e25f72ef Mon Sep 17 00:00:00 2001
From: Lee Ballard <ballle98@gmail.com>
Date: Wed, 18 Nov 2020 13:07:45 -0600
Subject: [PATCH] sfeakes/AqualinkD#135: Buffer overflow in action_web_request

---
 net_services.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net_services.c b/net_services.c
index e333ebc6..c6cd8961 100644
--- a/net_services.c
+++ b/net_services.c
@@ -1076,7 +1076,7 @@ void action_web_request(struct mg_connection *nc, struct http_message *http_msg)
     }
   //} else if (strstr(http_msg->method.p, "PUT")) {
   } else {
-    char buf[50];
+    char buf[200];
     float value = 0;
     DEBUG_TIMER_START(&tid);
 
@@ -1160,7 +1160,8 @@ void action_web_request(struct mg_connection *nc, struct http_message *http_msg)
       mg_send_head(nc, 200, strlen(GET_RTN_UNKNOWN), CONTENT_TEXT);
       mg_send(nc, GET_RTN_UNKNOWN, strlen(GET_RTN_UNKNOWN));
     }
-    sprintf(buf, "action_web_request() request '%.*s' took",http_msg->uri.len, http_msg->uri.p);
+    snprintf(buf, sizeof(buf), "action_web_request() request '%.*s' took",
+             http_msg->uri.len, http_msg->uri.p);
 
     DEBUG_TIMER_STOP(tid, NET_LOG, buf);
   }