summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2016-10-08 13:39:29 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-10-08 15:13:46 +0200
commit8238ba9c5f10414a88f502bf3f5d5a42d632984c (patch)
treeeeeb5d93d5435b83f678a54bdffd52d0c287c846
parent9885c9508ec757f7f658dab11658e4a3e643a420 (diff)
downloadcurl-8238ba9c5f10414a88f502bf3f5d5a42d632984c.tar.gz
ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
-rw-r--r--lib/ftp.c10
-rw-r--r--lib/ftp.h4
-rw-r--r--lib/krb5.c12
-rw-r--r--lib/security.c2
4 files changed, 16 insertions, 12 deletions
diff --git a/lib/ftp.c b/lib/ftp.c
index 3e8a22be9..d50547bc1 100644
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -4091,8 +4091,7 @@ static CURLcode ftp_do(struct connectdata *conn, bool *done)
}
-CURLcode Curl_ftpsendf(struct connectdata *conn,
- const char *fmt, ...)
+CURLcode Curl_ftpsend(struct connectdata *conn, const char *cmd)
{
ssize_t bytes_written;
#define SBUF_SIZE 1024
@@ -4104,10 +4103,9 @@ CURLcode Curl_ftpsendf(struct connectdata *conn,
enum protection_level data_sec = conn->data_prot;
#endif
- va_list ap;
- va_start(ap, fmt);
- write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);
- va_end(ap);
+ write_len = strlen(cmd);
+ if(write_len > (sizeof(s) -3))
+ return CURLE_BAD_FUNCTION_ARGUMENT;
strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
write_len +=2;
diff --git a/lib/ftp.h b/lib/ftp.h
index 2ed5b434e..dbd8567f5 100644
--- a/lib/ftp.h
+++ b/lib/ftp.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -31,7 +31,7 @@ extern const struct Curl_handler Curl_handler_ftp;
extern const struct Curl_handler Curl_handler_ftps;
#endif
-CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...);
+CURLcode Curl_ftpsend(struct connectdata *, const char *cmd);
CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn,
int *ftpcode);
#endif /* CURL_DISABLE_FTP */
diff --git a/lib/krb5.c b/lib/krb5.c
index 87ce8ee6c..5d5c00395 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -182,7 +182,7 @@ krb5_auth(void *app_data, struct connectdata *conn)
for(;;) {
/* this really shouldn't be repeated here, but can't help it */
if(service == srv_host) {
- result = Curl_ftpsendf(conn, "AUTH GSSAPI");
+ result = Curl_ftpsend(conn, "AUTH GSSAPI");
if(result)
return -2;
@@ -243,16 +243,22 @@ krb5_auth(void *app_data, struct connectdata *conn)
}
if(output_buffer.length != 0) {
+ char *cmd;
+
result = Curl_base64_encode(data, (char *)output_buffer.value,
output_buffer.length, &p, &base64_sz);
if(result) {
Curl_infof(data, "base64-encoding: %s\n",
curl_easy_strerror(result));
- ret = AUTH_CONTINUE;
+ ret = AUTH_ERROR;
break;
}
- result = Curl_ftpsendf(conn, "ADAT %s", p);
+ cmd = aprintf("ADAT %s", p);
+ if(cmd)
+ result = Curl_ftpsend(conn, cmd);
+ else
+ result = CURLE_OUT_OF_MEMORY;
free(p);
diff --git a/lib/security.c b/lib/security.c
index a0bcaeaee..a268d4a62 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -122,7 +122,7 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...)
vsnprintf(print_buffer, sizeof(print_buffer), message, args);
va_end(args);
- if(Curl_ftpsendf(conn, print_buffer)) {
+ if(Curl_ftpsend(conn, print_buffer)) {
ftp_code = -1;
}
else {