https://github.com/warmcat/libwebsockets/issues/706
This fixes a problem where the check for the existing pw was
skipped when a logged-in user is changing his password.
It's not good but because the user has to be logged in, it only affected
the situation someone changes his password on his logged in session.
Thanks to Fabrice Gilot for reporting the problem that led to uncovering this.
Due to a misunderstanding of the return value of snprintf (it is not truncated according
to the max size passed in) in several places relying on snprintf to truncate the length
overflows are possible.
This patch wraps snprintf with a new lws_snprintf() which does truncate its length to allow
the buffer limiting scheme to work properly.
All users should update with these fixes.