From 7fb6d8fd371aeeea05473d2679a0a899f3387fbc Mon Sep 17 00:00:00 2001
From: os04 <176501065+os04@users.noreply.github.com>
Date: Wed, 24 Jul 2024 09:15:22 -0500
Subject: [PATCH] Fix use-after-free when using custom ntp server

---
 opensprinkler_server.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/opensprinkler_server.cpp b/opensprinkler_server.cpp
index 42b3aed8..44e716d3 100644
--- a/opensprinkler_server.cpp
+++ b/opensprinkler_server.cpp
@@ -2285,6 +2285,7 @@ void handle_web_request(char *p) {
 // othewise, using UDP is much faster for NTP sync
 ulong getNtpTime() {
 	static bool configured = false;
+	static char customAddress[16];
 	if(!configured) {
 		unsigned char ntpip[4] = {
 		os.iopts[IOPT_NTP_IP1],
@@ -2297,7 +2298,9 @@ ulong getNtpTime() {
 		} else {
 			DEBUG_PRINTLN(F("using custom time server"));
 			String ntp = IPAddress(ntpip[0],ntpip[1],ntpip[2],ntpip[3]).toString();
-			configTime(0, 0, ntp.c_str(), "time.google.com", "time.nist.gov");
+			strncpy(customAddress, ntp.c_str(), sizeof customAddress);
+			customAddress[sizeof customAddress - 1] = 0;
+			configTime(0, 0, customAddress, "time.google.com", "time.nist.gov");
 		}
 		configured = true;
 	}