From 65c9bf7e5284f2dc9112afcecabe57bf45fdf287 Mon Sep 17 00:00:00 2001
From: MichaelDvP <github@mdvp.de>
Date: Wed, 14 Jul 2021 17:00:14 +0200
Subject: [PATCH] check bufferlength, add formatstrings

---
 lib/ESPAsyncWebServer/WebResponses.cpp |  2 +-
 src/devices/thermostat.cpp             |  6 +++++-
 src/emsesp.cpp                         | 18 +++++++++---------
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/lib/ESPAsyncWebServer/WebResponses.cpp b/lib/ESPAsyncWebServer/WebResponses.cpp
index adeab988b..6e24444b7 100644
--- a/lib/ESPAsyncWebServer/WebResponses.cpp
+++ b/lib/ESPAsyncWebServer/WebResponses.cpp
@@ -321,7 +321,7 @@ size_t AsyncAbstractResponse::_ack(AsyncWebServerRequest *request, size_t len, u
           free(buf);
           return 0;
       }
-      outLen = sprintf_P((char*)buf+headLen, PSTR("%x"), readLen) + headLen;
+      outLen = snprintf_P((char*)buf+headLen, sizeof(buf)-headLen-2, PSTR("%x"), readLen) + headLen;
       while(outLen < headLen + 4) buf[outLen++] = ' ';
       buf[outLen++] = '\r';
       buf[outLen++] = '\n';
diff --git a/src/devices/thermostat.cpp b/src/devices/thermostat.cpp
index 66c58d5cc..b57d9bc69 100644
--- a/src/devices/thermostat.cpp
+++ b/src/devices/thermostat.cpp
@@ -1475,7 +1475,11 @@ bool Thermostat::set_datetime(const char * value, const int8_t id) {
 // sets the thermostat working mode, where mode is a string
 // converts string mode to HeatingCircuit::Mode
 bool Thermostat::set_mode(const char * value, const int8_t id) {
-    std::string mode(10, '\0');
+    std::string mode(20, '\0');
+    if (strlen(value) >= 20) {
+        LOG_WARNING(F("Set mode: Invalid mode"));
+        return false;
+    }
 
     if (value[0] >= '0' && value[0] <= '9') {
         uint8_t num = value[0] - '0';
diff --git a/src/emsesp.cpp b/src/emsesp.cpp
index fc384d844..aa125ceec 100644
--- a/src/emsesp.cpp
+++ b/src/emsesp.cpp
@@ -613,10 +613,10 @@ std::string EMSESP::pretty_telegram(std::shared_ptr<const Telegram> telegram) {
     uint8_t offset = telegram->offset;
 
     // find name for src and dest by looking up known devices
-    std::string src_name;
-    std::string dest_name;
-    std::string type_name;
-    std::string direction;
+    std::string src_name("");
+    std::string dest_name("");
+    std::string type_name("");
+    std::string direction("");
     for (const auto & emsdevice : emsdevices) {
         if (emsdevice) {
             // get src & dest
@@ -774,7 +774,7 @@ void EMSESP::process_version(std::shared_ptr<const Telegram> telegram) {
 bool EMSESP::process_telegram(std::shared_ptr<const Telegram> telegram) {
     // if watching or reading...
     if ((telegram->type_id == read_id_) && (telegram->dest == txservice_.ems_bus_id())) {
-        LOG_NOTICE(pretty_telegram(telegram).c_str());
+        LOG_NOTICE(F("%s"), pretty_telegram(telegram).c_str());
         publish_response(telegram);
         if (!read_next_) {
             read_id_ = WATCH_ID_NONE;
@@ -783,12 +783,12 @@ bool EMSESP::process_telegram(std::shared_ptr<const Telegram> telegram) {
     } else if (watch() == WATCH_ON) {
         if ((watch_id_ == WATCH_ID_NONE) || (telegram->type_id == watch_id_)
             || ((watch_id_ < 0x80) && ((telegram->src == watch_id_) || (telegram->dest == watch_id_)))) {
-            LOG_NOTICE(pretty_telegram(telegram).c_str());
+            LOG_NOTICE(F("%s"), pretty_telegram(telegram).c_str());
         } else if (!trace_raw_) {
-            LOG_TRACE(pretty_telegram(telegram).c_str());
+            LOG_TRACE(F("%s"), pretty_telegram(telegram).c_str());
         }
     } else if (!trace_raw_) {
-        LOG_TRACE(pretty_telegram(telegram).c_str());
+        LOG_TRACE(F("%s"), pretty_telegram(telegram).c_str());
     }
 
     // only process broadcast telegrams or ones sent to us on request
@@ -840,7 +840,7 @@ bool EMSESP::process_telegram(std::shared_ptr<const Telegram> telegram) {
     if (!found) {
         LOG_DEBUG(F("No telegram type handler found for ID 0x%02X (src 0x%02X)"), telegram->type_id, telegram->src);
         if (watch() == WATCH_UNKNOWN) {
-            LOG_NOTICE(pretty_telegram(telegram).c_str());
+            LOG_NOTICE(F("%s"), pretty_telegram(telegram).c_str());
         }
         if (first_scan_done_ && !knowndevice && (telegram->src != EMSbus::ems_bus_id()) && (telegram->src != 0x0B) && (telegram->src != 0x0C)
             && (telegram->src != 0x0D)) {