From 9158ed64ef6f68b927fd012577ce62f78aebcf0f Mon Sep 17 00:00:00 2001
From: Cyril Soler <csoler@users.sourceforge.net>
Date: Sat, 3 Oct 2015 10:46:36 -0400
Subject: [PATCH] fixed potential buffer overrun (reported by GuessWho)

---
 libretroshare/src/util/extaddrfinder.cc | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libretroshare/src/util/extaddrfinder.cc b/libretroshare/src/util/extaddrfinder.cc
index e67aee4a9..226f27f92 100644
--- a/libretroshare/src/util/extaddrfinder.cc
+++ b/libretroshare/src/util/extaddrfinder.cc
@@ -104,12 +104,18 @@ static void getPage(const std::string& server_name,std::string& page)
 #endif
 
 	// envoi 
-	sprintf( request, 
+	if(snprintf( request, 
+			1024,
 			"GET / HTTP/1.0\r\n"
 			"Host: %s:%d\r\n"
 			"Connection: Close\r\n"
 			"\r\n", 
-			server_name.c_str(), 80);
+			server_name.c_str(), 80) > 1020)
+	{
+		std::cerr << "ExtAddrFinder: buffer overrun. The server name \"" << server_name << "\" is too long. This is quite unexpected." << std::endl;
+		unix_close(sockfd);
+		return ;
+	}
 
 	if(send(sockfd,request,strlen(request),0)== -1)
 	{