From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 9 Oct 2019 12:39:29 +0000 (+0200)
Subject: Using a variable format string opens up all kinds of cans of worms.
X-Git-Tag: dnsdist-1.4.0-rc4~35^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4338e69fd9ee0c1ec300fe10eece6609be7a7f53;p=thirdparty%2Fpdns.git

Using a variable format string opens up all kinds of cans of worms.
---

diff --git a/pdns/zoneparser-tng.cc b/pdns/zoneparser-tng.cc
index 49841c4b73..7ac0c5fe64 100644
--- a/pdns/zoneparser-tng.cc
+++ b/pdns/zoneparser-tng.cc
@@ -193,11 +193,22 @@ bool ZoneParserTNG::getTemplateLine()
         char radix='d';
         sscanf(spec.c_str(), "%d,%d,%c", &offset, &width, &radix);  // parse format specifier
 
-        char sformat[12];
-        snprintf(sformat, sizeof(sformat), "%%0%d%c", width, radix); // make into printf-style format
-
         char tmp[80];
-        snprintf(tmp, sizeof(tmp), sformat, d_templatecounter + offset); // and do the actual printing
+        switch (radix) {
+        case 'o':
+          snprintf(tmp, sizeof(tmp), "%0*o", width, d_templatecounter + offset);
+          break;
+        case 'x':
+          snprintf(tmp, sizeof(tmp), "%0*x", width, d_templatecounter + offset);
+          break;
+        case 'X':
+          snprintf(tmp, sizeof(tmp), "%0*X", width, d_templatecounter + offset);
+          break;
+        case 'd':
+        default:
+          snprintf(tmp, sizeof(tmp), "%0*d", width, d_templatecounter + offset);
+          break;
+        }
         outpart+=tmp;
       }
       else