xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds

nft-arp.c:112:3: note: 'sprintf' output between 2 and 21 bytes into a destination of size 20
sprintf(buf, "/%s", addr_to_dotted(mask));

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/iptables/nft-arp.c b/iptables/nft-arp.c
index 0e13b8c5a033a1518e52ca314daf5172f86e20aa..4eacc61bf4fc7eda14120d858a14b599b8944650 100644 (file)
--- a/iptables/nft-arp.c
+++ b/iptables/nft-arp.c
@@ -92,7 +92,7 @@ static char *
 mask_to_dotted(const struct in_addr *mask)
 {
        int i;
-       static char buf[20];
+       static char buf[22];
        u_int32_t maskaddr, bits;
 
        maskaddr = ntohl(mask->s_addr);
@@ -109,7 +109,7 @@ mask_to_dotted(const struct in_addr *mask)
                sprintf(buf, "/%d", i);
        else
                /* mask was not a decent combination of 1's and 0's */
-               sprintf(buf, "/%s", addr_to_dotted(mask));
+               snprintf(buf, sizeof(buf), "/%s", addr_to_dotted(mask));
 
        return buf;
 }