From 4338e69fd9ee0c1ec300fe10eece6609be7a7f53 Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 9 Oct 2019 14:39:29 +0200
Subject: [PATCH] Using a variable format string opens up all kinds of cans of
 worms.

---
 pdns/zoneparser-tng.cc | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/pdns/zoneparser-tng.cc b/pdns/zoneparser-tng.cc
index 49841c4b7..7ac0c5fe6 100644
--- a/pdns/zoneparser-tng.cc
+++ b/pdns/zoneparser-tng.cc
@@ -193,11 +193,22 @@ bool ZoneParserTNG::getTemplateLine()
         char radix='d';
         sscanf(spec.c_str(), "%d,%d,%c", &offset, &width, &radix);  // parse format specifier
 
-        char sformat[12];
-        snprintf(sformat, sizeof(sformat), "%%0%d%c", width, radix); // make into printf-style format
-
         char tmp[80];
-        snprintf(tmp, sizeof(tmp), sformat, d_templatecounter + offset); // and do the actual printing
+        switch (radix) {
+        case 'o':
+          snprintf(tmp, sizeof(tmp), "%0*o", width, d_templatecounter + offset);
+          break;
+        case 'x':
+          snprintf(tmp, sizeof(tmp), "%0*x", width, d_templatecounter + offset);
+          break;
+        case 'X':
+          snprintf(tmp, sizeof(tmp), "%0*X", width, d_templatecounter + offset);
+          break;
+        case 'd':
+        default:
+          snprintf(tmp, sizeof(tmp), "%0*d", width, d_templatecounter + offset);
+          break;
+        }
         outpart+=tmp;
       }
       else
-- 
2.40.0