From c958d1d5b91aeea0c7ba2378d10e8ba46e31f6a4 Mon Sep 17 00:00:00 2001
From: Mingjie Shen <shen497@purdue.edu>
Date: Wed, 19 Apr 2023 16:50:00 -0400
Subject: [PATCH] Fix potentially overrunning write of sprintf

Format string "%d" requires 12 bytes (including the null terminator).
Also, use snprintf instead of sprintf to prevent buffer overflow.
---
 .../GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp b/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp
index 1353c300192..a78e89a062b 100644
--- a/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp
+++ b/connectivity/drivers/cellular/GEMALTO/CINTERION/GEMALTO_CINTERION_CellularStack.cpp
@@ -186,8 +186,8 @@ nsapi_error_t GEMALTO_CINTERION_CellularStack::socket_open_defer(CellularSocket
                         }
                     }
                     if (strcmp(paramTag, "conId") == 0) {
-                        char buf[10];
-                        std::sprintf(buf, "%d", _cid);
+                        char buf[12];
+                        std::snprintf(buf, sizeof(buf), "%d", _cid);
                         if (strcmp(paramValue, buf) == 0) {
                             foundConIdType = true;
                         }