[PATCH phosphor-host-ipmid v2 7/7] buffer overrun in sensor handling

[OpenBMC Patches]

From: Chris Austen <austenc at us.ibm.com>

---
 ipmisensor.C | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/ipmisensor.C b/ipmisensor.C
index f60db18..4768bc1 100644
--- a/ipmisensor.C
+++ b/ipmisensor.C
@@ -98,19 +98,18 @@ char *getfw02string(uint8_t b) {
 //  prior to calling the dbus code.  
 int set_sensor_dbus_state_fwprogress(const sensorRES_t *pRec, const lookup_t *pTable, const char *value) {
 
-	char valuestring[32];
-	char* pStr = valuestring;
+	char message[128];
 
 	switch (pTable->offset) {
 
-		case 0x00 : sprintf(valuestring, "POST Error, 0x%02x", pRec->event_data2);
+		case 0x00 : snprintf(message, sizeof(message), "POST Error, 0x%02x", pRec->event_data2);
 					break;
-		case 0x01 : sprintf(valuestring, "FW Hang, 0x%02x", pRec->event_data2);
+		case 0x01 : snprintf(message, sizeof(message), "FW Hang, 0x%02x", pRec->event_data2);
 					break;
-		case 0x02 : sprintf(valuestring, "FW Progress, %s", getfw02string(pRec->event_data2));
+		case 0x02 : snprintf(message, sizeof(message), "FW Progress, %s", getfw02string(pRec->event_data2));
 	}
 
-	return set_sensor_dbus_state_v(pRec->sensor_number, pTable->method, pStr);
+	return set_sensor_dbus_state_v(pRec->sensor_number, pTable->method, message);
 }
 
 // Handling this special OEM sensor by coping what is in byte 4.  I also think that is odd
-- 
2.6.0