From f4a1d25b72d3d2044c95e148c80b1909c449b4ae Mon Sep 17 00:00:00 2001
From: Gabriele Gristina <matrix@users.noreply.github.com>
Date: Mon, 8 May 2023 01:34:46 +0200
Subject: [PATCH] Hardware Monitor: avoid sprintf in src/ext_iokit.c

---
 docs/changes.txt | 1 +
 src/ext_iokit.c  | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index c9250a89a..0447b6e43 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -86,6 +86,7 @@
 - SecureCRT MasterPassphrase v2: update module, pure kernels and test unit. Add optimized kernels.
 - Metal Backend: added workaround to prevent 'Infinite Loop' bug when build kernels
 - User Options: added --metal-compiler-runtime option
+- Hardware Monitor: avoid sprintf in src/ext_iokit.c
 
 * changes v6.2.5 -> v6.2.6
 
diff --git a/src/ext_iokit.c b/src/ext_iokit.c
index adeb9291d..78a7cada3 100644
--- a/src/ext_iokit.c
+++ b/src/ext_iokit.c
@@ -37,7 +37,7 @@ void hm_IOKIT_ultostr (char *str, UInt32 val)
 {
   str[0] = '\0';
 
-  sprintf (str, "%c%c%c%c", (unsigned int) (val >> 24), (unsigned int) (val >> 16), (unsigned int) (val >> 8), (unsigned int) (val));
+  snprintf (str, 5, "%c%c%c%c", (unsigned int) (val >> 24), (unsigned int) (val >> 16), (unsigned int) (val >> 8), (unsigned int) (val));
 }
 
 kern_return_t hm_IOKIT_SMCOpen (void *hashcat_ctx, io_connect_t *conn)
@@ -301,6 +301,9 @@ int hm_IOKIT_get_fan_speed_current (void *hashcat_ctx, char *fan_speed_buf)
 
     if (totalFans <= 0) return -1;
 
+    // limit totalFans to 10
+    if (totalFans > 10) totalFans = 10;
+
     char tmp_buf[16];
 
     for (int i = 0; i < totalFans; i++)
@@ -310,12 +313,12 @@ int hm_IOKIT_get_fan_speed_current (void *hashcat_ctx, char *fan_speed_buf)
       float maximum_speed = 0.0f;
 
       memset (&key, 0, sizeof (UInt32Char_t));
-      sprintf (key, "F%dAc", i);
+      snprintf (key, 5, "F%dAc", i);
       hm_IOKIT_SMCGetFanRPM (key, iokit->conn, &actual_speed);
       if (actual_speed < 0.f) continue;
 
       memset (&key, 0, sizeof (UInt32Char_t));
-      sprintf (key, "F%dMx", i);
+      snprintf (key, 5, "F%dMx", i);
       hm_IOKIT_SMCGetFanRPM (key, iokit->conn, &maximum_speed);
       if (maximum_speed < 0.f) continue;