From 107bfe469a4f4dabc725aa9f12e6af4a6492c2ec Mon Sep 17 00:00:00 2001
From: Doridian <git@doridian.net>
Date: Fri, 10 Jun 2022 13:16:04 -0700
Subject: [PATCH] down to precisely 300 problems

---
 client/src/cmdhffido.c | 14 +++++++++-----
 client/src/cmdhflist.c |  5 +++--
 client/src/cmdhflto.c  |  3 +--
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/client/src/cmdhffido.c b/client/src/cmdhffido.c
index f518be172..4609b93cb 100644
--- a/client/src/cmdhffido.c
+++ b/client/src/cmdhffido.c
@@ -372,11 +372,15 @@ static int CmdHFFidoRegister(const char *cmd) {
     PrintAndLogEx(INFO, "");
     PrintAndLogEx(INFO, "auth command: ");
     char command[500] = {0};
-    sprintf(command, "hf fido auth --kh %s", sprint_hex_inrow(&buf[67], keyHandleLen));
-    if (chlen)
-        sprintf(command + strlen(command), " --%s %s", cpplain ? "cp" : "cpx", cpplain ? (char *)cdata : sprint_hex_inrow(cdata, 32));
-    if (applen)
-        sprintf(command + strlen(command), " --%s %s", applain ? "cp" : "cpx", applain ? (char *)adata : sprint_hex_inrow(adata, 32));
+    snprintf(command, sizeof(command), "hf fido auth --kh %s", sprint_hex_inrow(&buf[67], keyHandleLen));
+    if (chlen) {
+        size_t command_len = strlen(command);
+        snprintf(command + command_len, sizeof(command) - command_len, " --%s %s", cpplain ? "cp" : "cpx", cpplain ? (char *)cdata : sprint_hex_inrow(cdata, 32));
+    }
+    if (applen) {
+        size_t command_len = strlen(command);
+        snprintf(command + command_len, sizeof(command) - command_len, " --%s %s", applain ? "cp" : "cpx", applain ? (char *)adata : sprint_hex_inrow(adata, 32));
+    }
     PrintAndLogEx(INFO, "%s", command);
 
     if (root) {
diff --git a/client/src/cmdhflist.c b/client/src/cmdhflist.c
index ae3f2fb81..04256eed8 100644
--- a/client/src/cmdhflist.c
+++ b/client/src/cmdhflist.c
@@ -1521,10 +1521,11 @@ static void mf_get_paritybinstr(char *s, uint32_t val, uint8_t par) {
     num_to_bytes(val, sizeof(uint32_t), foo);
     for (uint8_t i = 0; i < 4; i++) {
         if (oddparity8(foo[i]) != ((par >> (7 - (i & 0x0007))) & 0x01))
-            sprintf(s++, "1");
+            *(s++) = '1';
         else
-            sprintf(s++, "0");
+            *(s++) = '0';
     }
+    s[0] = '\0';
 }
 
 bool DecodeMifareData(uint8_t *cmd, uint8_t cmdsize, uint8_t *parity, bool isResponse, uint8_t *mfData, size_t *mfDataLen, const uint64_t *dicKeys, uint32_t dicKeysCount) {
diff --git a/client/src/cmdhflto.c b/client/src/cmdhflto.c
index 136895c19..feed30cf3 100644
--- a/client/src/cmdhflto.c
+++ b/client/src/cmdhflto.c
@@ -683,8 +683,7 @@ static int CmdHfLTODump(const char *Cmd) {
     }
 
     if (strlen(filename) == 0) {
-        char *fptr = filename;
-        fptr += sprintf(fptr, "hf-lto-");
+        char *fptr = filename + snprintf(filename, sizeof(filename), "hf-lto-");
         FillFileNameByUID(fptr, dump, "-dump", 5);
     }
     saveFile(filename, ".bin", dump, dump_len);