From f0ea5f0f74ad9f6f2d7faf116919b779f9762612 Mon Sep 17 00:00:00 2001
From: Godmar Back <godmar@gmail.com>
Date: Tue, 1 May 2018 15:53:30 -0400
Subject: [PATCH] fixed out-of-bound error caused by wrong use of vsnprintf

---
 src/http.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/http.c b/src/http.c
index c680be7..d0b687a 100644
--- a/src/http.c
+++ b/src/http.c
@@ -124,7 +124,8 @@ http_add_header(buffer_t * resp, char* key, char* fmt, ...)
 
     va_start(ap, fmt);
     char *error = buffer_ensure_capacity(resp, MAX_HEADER_LEN);
-    resp->len += vsnprintf(error, MAX_HEADER_LEN, fmt, ap);
+    int len = vsnprintf(error, MAX_HEADER_LEN, fmt, ap);
+    resp->len += len > MAX_HEADER_LEN ? MAX_HEADER_LEN - 1 : len;
     va_end(ap);
 
     buffer_appends(resp, "\r\n");
@@ -222,7 +223,8 @@ send_error(struct http_transaction * ta, enum http_response_status status, const
 
     va_start(ap, fmt);
     char *error = buffer_ensure_capacity(&ta->resp_body, MAX_ERROR_LEN);
-    ta->resp_body.len += vsnprintf(error, MAX_ERROR_LEN, fmt, ap);
+    int len = vsnprintf(error, MAX_ERROR_LEN, fmt, ap);
+    ta->resp_body.len += len > MAX_ERROR_LEN ? MAX_ERROR_LEN - 1 : len;
     va_end(ap);
     ta->resp_status = status;
     return send_response(ta);