From fc42d8237fa49de90fadbc515c8828ee0f57da1b Mon Sep 17 00:00:00 2001
From: John Vogel <jvogel4@stny.rr.com>
Date: Mon, 9 Oct 2023 10:32:34 -0400
Subject: [PATCH 2/4] essid.c: take some care

Copy the interface name with strcpy, not sprint.
Return from put_status with error if the format is not able to
handle a string param.
---
 essid.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/essid.c b/essid.c
index de45164..3050bd7 100644
--- a/essid.c
+++ b/essid.c
@@ -21,6 +21,9 @@ char name[IW_ESSID_MAX_SIZE + 1] = {0};
 
 int put_status(int fd, struct iwreq *rqt)
 {
+    if (strstr(format, "%s") == NULL)
+        return -1;
+
     rqt->u.essid.pointer = name;
     rqt->u.essid.length = IW_ESSID_MAX_SIZE + 1;
     if (ioctl(fd, SIOCGIWESSID, rqt) == -1) {
@@ -64,7 +67,7 @@ int main(int argc, char *argv[])
     struct iwreq request;
     int sock_fd;
     memset(&request, 0, sizeof(struct iwreq));
-    sprintf(request.ifr_name, interface);
+    strncpy(request.ifr_name, interface, strlen(interface));
 
     if ((sock_fd = socket(AF_INET, SOCK_DGRAM, 0)) == -1) {
         perror("socket");
-- 
2.42.0