From fd1add66cfd6fc475f83e7e3e695aba37648d8c6 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Fri, 26 Aug 2022 13:07:28 +0200
Subject: [PATCH] misc: Fix format truncation in ssh_path_expand_escape()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

error: ‘%u’ directive output may be truncated writing between 1 and 10
bytes into a region of size 6.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
(cherry picked from commit 20406e51c9e1e096dc8ba47975abad448a51bfc1)

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 include/libssh/session.h |  2 +-
 src/misc.c               | 13 ++++++-------
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/include/libssh/session.h b/include/libssh/session.h
index 22256150..03c2bb64 100644
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@@ -219,7 +219,7 @@ struct ssh_session_struct {
         char *custombanner;
         unsigned long timeout; /* seconds */
         unsigned long timeout_usec;
-        unsigned int port;
+        uint16_t port;
         socket_t fd;
         int StrictHostKeyChecking;
         char compressionlevel;
diff --git a/src/misc.c b/src/misc.c
index 0f1a7d49..8d7e2150 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -1164,14 +1164,13 @@ char *ssh_path_expand_escape(ssh_session session, const char *s) {
                 x = strdup(session->opts.username);
                 break;
             case 'p':
-                if (session->opts.port < 65536) {
-                    char tmp[6];
+                if (session->opts.port > 0) {
+                  char tmp[6];
 
-                    snprintf(tmp,
-                             sizeof(tmp),
-                             "%u",
-                             session->opts.port > 0 ? session->opts.port : 22);
-                    x = strdup(tmp);
+                  snprintf(tmp, sizeof(tmp), "%hu",
+                           (uint16_t)(session->opts.port > 0 ? session->opts.port
+                                                             : 22));
+                  x = strdup(tmp);
                 }
                 break;
             default: