From ab9c1c0d86b35fb159a6c173134e4ae816f130f3 Mon Sep 17 00:00:00 2001
From: jmaloy <jmaloy@redhat.com>
Date: Thu, 14 May 2020 21:13:12 +0100
Subject: [PATCH 4/6] tftp: use slirp_fmt0()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: jmaloy <jmaloy@redhat.com>
Message-id: <20200514211314.1534001-5-jmaloy@redhat.com>
Patchwork-id: 96588
O-Subject: [RHEL-8.2.0 qemu-kvm PATCH v2 4/6] tftp: use slirp_fmt0()
Bugzilla: 1834477
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Stefano Garzarella <sgarzare@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>

From: Marc-André Lureau <marcandre.lureau@redhat.com>

Make it OOB-safe, warn on truncation, always \0-end, abort on error.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Message-Id: <20200127092414.169796-5-marcandre.lureau@redhat.com>

(cherry picked from libslirp commit 98968c4f94330b3e4fe48dc79a851eff5e8a5962)
Signed-off-by: Jon Maloy <jmaloy@redhat.com>

Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
---
 slirp/tftp.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/slirp/tftp.c b/slirp/tftp.c
index a9bc4bb..c3a2ce6 100644
--- a/slirp/tftp.c
+++ b/slirp/tftp.c
@@ -184,10 +184,8 @@ static int tftp_send_oack(struct tftp_session *spt,
 
     tp->tp_op = htons(TFTP_OACK);
     for (i = 0; i < nb; i++) {
-        n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s",
-                      keys[i]) + 1;
-        n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u",
-                      values[i]) + 1;
+        n += slirp_fmt0(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", keys[i]);
+        n += slirp_fmt0(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", values[i]);
     }
 
     m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX + 2) + n
-- 
1.8.3.1