monitor: Replace vulnerable sprintf to snprintf

Change-Id: I6baf894343dfa1db050bdf5ac20af735dc7c5185
Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>

diff --git a/src/monitor/request-handler.c b/src/monitor/request-handler.c
index 3e54ac9..c27e544 100644 (file)
--- a/src/monitor/request-handler.c
+++ b/src/monitor/request-handler.c
@@ -206,6 +206,7 @@ static void handle_request(struct request_client *client, char *buffer)
        char *args;
        int request_type;
        int ret, len;
+       int buffer_len = REQUEST_BUFFER_MAX;
 
        request_type = split_request_type_and_args(buffer, &args);
 
@@ -213,8 +214,9 @@ static void handle_request(struct request_client *client, char *buffer)
         * Format of response
         *  - <REQUEST_TYPE[:REQUEST_RESULT_PAYLOAD]:REQUEST_RESULT_VALUE>
         */
-       len = sprintf(response, "%d:", request_type);
+       len = snprintf(response, buffer_len, "%d:", request_type);
        response += len;
+       buffer_len -= len;
 
        switch (request_type) {
        case REQUEST_CREATE_RESOURCE:
@@ -245,8 +247,9 @@ static void handle_request(struct request_client *client, char *buffer)
                        if (ret < 0)
                                _D("failed to get value");
 
-                       len = sprintf(response, "%d:", value);
+                       len = snprintf(response, buffer_len, "%d:", value);
                        response += len;
+                       buffer_len -= len;
                }
                break;
        default:
@@ -254,7 +257,7 @@ static void handle_request(struct request_client *client, char *buffer)
                ret = -EINVAL;
                break;
        }
-       sprintf(response, "%d", ret);
+       snprintf(response, buffer_len, "%d", ret);
 
        if (send(client->socket_fd, _response, strlen(_response), 0) < 0)
                _E("Failed to send respones, error: %s", strerror(errno));