From 0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd Mon Sep 17 00:00:00 2001
From: Joachim Nilsson <troglobit@gmail.com>
Date: Sat, 31 Aug 2019 10:07:39 +0200
Subject: [PATCH] FTP: Fix buffer overflow in PORT parser, reported by Aaron
 Esau

Signed-off-by: Joachim Nilsson <troglobit@gmail.com>
---
 src/ftpcmd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ftpcmd.c b/src/ftpcmd.c
index b318711..34686a4 100644
--- a/src/ftpcmd.c
+++ b/src/ftpcmd.c
@@ -441,7 +441,7 @@ static void handle_PORT(ctrl_t *ctrl, char *str)
 
 	/* Convert PORT command's argument to IP address + port */
 	sscanf(str, "%d,%d,%d,%d,%d,%d", &a, &b, &c, &d, &e, &f);
-	sprintf(addr, "%d.%d.%d.%d", a, b, c, d);
+	snprintf(addr, sizeof(addr), "%d.%d.%d.%d", a, b, c, d);
 
 	/* Check IPv4 address using inet_aton(), throw away converted result */
 	if (!inet_aton(addr, &(sin.sin_addr))) {