From 4fd6d671b239942c93a2f48850b32b9be150b1ba Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 29 Oct 2019 10:25:49 +0100
Subject: [PATCH] BUG/MINOR: spoe: fix off-by-one length in UUID format string

The per-thread UUID string produced by generate_pseudo_uuid() could be
off by one character due to too small of size limit in snprintf(). In
practice the UUID remains large enough to avoid any collision though.

This should be backported to 2.0 and 1.9.
---
 src/flt_spoe.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/flt_spoe.c b/src/flt_spoe.c
index fe219ea306..f23cafed73 100644
--- a/src/flt_spoe.c
+++ b/src/flt_spoe.c
@@ -276,7 +276,7 @@ generate_pseudo_uuid()
 		last >>= 32u;
 		bits  -= 32;
 	}
-	snprintf(uuid, 36, "%8.8x-%4.4x-%4.4x-%4.4x-%12.12llx",
+	snprintf(uuid, 37, "%8.8x-%4.4x-%4.4x-%4.4x-%12.12llx",
 			     rnd[0],
 			     rnd[1] & 0xFFFF,
 			     ((rnd[1] >> 16u) & 0xFFF) | 0x4000,  // highest 4 bits indicate the uuid version