summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/httpd/src/ap/ap_snprintf.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/usr.sbin/httpd/src/ap/ap_snprintf.c b/usr.sbin/httpd/src/ap/ap_snprintf.c
index 3009e5237d8..880dab19388 100644
--- a/usr.sbin/httpd/src/ap/ap_snprintf.c
+++ b/usr.sbin/httpd/src/ap/ap_snprintf.c
@@ -513,7 +513,7 @@ static char *conv_sockaddr_in(struct sockaddr_in *si, char *buf_end, int *len)
*/
static char *conv_fp(register char format, register double num,
boolean_e add_dp, int precision, bool_int *is_negative,
- char *buf, int *len)
+ char *buf, int *len, int buflen)
{
register char *s = buf;
register char *p;
@@ -529,7 +529,7 @@ static char *conv_fp(register char format, register double num,
* Check for Infinity and NaN
*/
if (ap_isalpha(*p)) {
- *len = strlen(strcpy(buf, p));
+ *len = strlcpy(buf, p, buflen); /* we really need the wanted len here */
*is_negative = FALSE;
return (buf);
}
@@ -952,7 +952,8 @@ API_EXPORT(int) ap_vformatter(int (*flush_func)(ap_vformatter_buff *),
{
s = conv_fp(*fmt, fp_num, alternate_form,
(adjust_precision == NO) ? FLOAT_DIGITS : precision,
- &is_negative, &num_buf[1], &s_len);
+ &is_negative, &num_buf[1], &s_len,
+ sizeof(num_buf) - 1);
if (is_negative)
prefix_char = '-';
else if (print_sign)