From 7d064970c846c6d52af1c114b213a1cd89d88865 Mon Sep 17 00:00:00 2001 From: Paul Buetow Date: Thu, 19 Mar 2026 08:30:51 +0200 Subject: fix: bound capture command formatting (task 472) --- ioriot/src/capture/capture.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ioriot/src/capture/capture.c b/ioriot/src/capture/capture.c index 249066d..0791c86 100644 --- a/ioriot/src/capture/capture.c +++ b/ioriot/src/capture/capture.c @@ -34,8 +34,12 @@ status_e capture_run(options_s *opts) } Put("Release of currently running Kernel: %s", uts.release); - char modules_dir[128]; - sprintf(modules_dir, "/opt/ioriot/systemtap/%s", uts.release); + char modules_dir[MAX_LINE_LEN]; + if (snprintf(modules_dir, sizeof(modules_dir), + "/opt/ioriot/systemtap/%s", uts.release) + >= (int) sizeof(modules_dir)) { + Error("Module path is too long for the capture buffer!"); + } Put("Changing directory to module path: %s/", modules_dir); if (0 != chdir(modules_dir)) { @@ -65,13 +69,21 @@ status_e capture_run(options_s *opts) "runtime (usually package 'systemtap-runtime') installed!"); } - char staprun_command[128]; + char staprun_command[MAX_LINE_LEN]; if (opts->pid >= 0) { - sprintf(staprun_command, "%s %s -v -o %s -x %d", staprun_path, opts->module, - opts->capture_file, opts->pid); + if (snprintf(staprun_command, sizeof(staprun_command), + "%s %s -v -o %s -x %d", staprun_path, opts->module, + opts->capture_file, opts->pid) + >= (int) sizeof(staprun_command)) { + Error("staprun command is too long for the capture buffer!"); + } } else { - sprintf(staprun_command, "%s %s -v -o %s", staprun_path, opts->module, - opts->capture_file); + if (snprintf(staprun_command, sizeof(staprun_command), + "%s %s -v -o %s", staprun_path, opts->module, + opts->capture_file) + >= (int) sizeof(staprun_command)) { + Error("staprun command is too long for the capture buffer!"); + } } Out("NOTICE: It is good practise first to stop all processes, then to "); -- cgit v1.2.3