From 4029c5b813bf292c6bb7ab5752c254913fffdd2b Mon Sep 17 00:00:00 2001
From: Jon Trulson <jon@radscan.com>
Date: Sun, 19 Dec 2021 12:25:50 -0700
Subject: [PATCH] dtcm/RFCMIME: fix a guaranteed buffer overflow

---
 cde/programs/dtcm/dtcm/RFCMIME.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cde/programs/dtcm/dtcm/RFCMIME.c b/cde/programs/dtcm/dtcm/RFCMIME.c
index af8e2c0b9..88c6b2ae9 100644
--- a/cde/programs/dtcm/dtcm/RFCMIME.c
+++ b/cde/programs/dtcm/dtcm/RFCMIME.c
@@ -1300,8 +1300,9 @@ writeQPrint(char *buf, const char * bp, const unsigned long bp_len,
 	 */
 	    if ( *cur == (char)0x1b ) {
 		/* Only 0x1b ????? */
-		char tmp[3];
-		sprintf(tmp, "=%02X", (int)(unsigned char)*cur);
+                const int tmpsz = 4;
+		char tmp[tmpsz];
+		snprintf(tmp, tmpsz, "=%02X", (int)(unsigned char)*cur);
 		memcpy(&line_buf[off], tmp, 3);
 		off += 3;
 		continue;