libknet/tests: fix potential overflow with sprintf

kronosnet.spec

@@ -21,10 +21,11 @@
 Name:                kronosnet
 Summary:             Multipoint-to-Multipoint VPN daemon
 Version:             1.28
-Release:             1
+Release:             2
 License:             GPLv2+ and LGPLv2+
 URL:                 https://kronosnet.org
 Source0:             https://kronosnet.org/releases/%{name}-%{version}.tar.xz
+Patch0:              libknet-tests-fix-potential-overflow-with-sprintf.patch
 BuildRequires:       gcc chrpath make libqb-devel
 %if %{with buildman}
 BuildRequires:       libxml2-devel doxygen doxygen2man
@@ -407,6 +408,9 @@ Requires:            libknet1%{_isa} = %{version}-%{release}
 %endif
 
 %changelog
+* Tue Mar 05 2024 zouzhimin <zouzhimin@kylinos.cn> - 1.28-2
+- fix potential overflow with sprintf
+
 * Thu Oct 26 2023 xu_ping <707078654@qq.com> - 1.28-1
 - Update package to version 1.28
 

libknet-tests-fix-potential-overflow-with-sprintf.patch

@@ -0,0 +1,29 @@
+From c8ef1946266f8ab4f4cdfb9675aad780087420c4 Mon Sep 17 00:00:00 2001
+From: cglosner <cglosner@gmail.com>
+Date: Sun, 26 Nov 2023 11:17:17 -0500
+Subject: [PATCH] libknet/tests: fix potential overflow with sprintf
+
+---
+ libknet/tests/knet_bench.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libknet/tests/knet_bench.c b/libknet/tests/knet_bench.c
+index d9b9deea..674febb3 100644
+--- a/libknet/tests/knet_bench.c
++++ b/libknet/tests/knet_bench.c
+@@ -129,10 +129,10 @@ static void parse_nodes(char *nodesinfo[MAX_NODES], int onidx, int port, struct
+ {
+ 	int i;
+ 	char *temp = NULL;
+-	char port_str[10];
++	char port_str[11];
+ 
+ 	memset(port_str, 0, sizeof(port_str));
+-	sprintf(port_str, "%d", port);
++	snprintf(port_str, sizeof(port_str), "%d", port);
+ 
+ 	for (i = 0; i < onidx; i++) {
+ 		nodes[i].nodeid = atoi(strtok(nodesinfo[i], ","));
+-- 
+2.25.1
+