diff options
author | Daniel Stenberg <daniel@haxx.se> | 2013-03-06 13:27:51 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-03-07 11:08:05 +0100 |
commit | 7f963a19ecbceef5d7e95e677ccc089d04ef987f (patch) | |
tree | 459db8c1b5d5243e9b5e3ebfd3e8974131d321de /src/tool_dirhie.c | |
parent | 9ceee69ff7d6139de759a4f25051e0d661e0c2b0 (diff) | |
download | curl-7f963a19ecbceef5d7e95e677ccc089d04ef987f.tar.gz |
checksrc: ban unsafe functions
The list of unsafe functions currently consists of sprintf, vsprintf,
strcat, strncat and gets.
Subsequently, some existing code needed updating to avoid warnings on
this.
Diffstat (limited to 'src/tool_dirhie.c')
-rw-r--r-- | src/tool_dirhie.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c index 4ba1c4375..5965f7a74 100644 --- a/src/tool_dirhie.c +++ b/src/tool_dirhie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -98,12 +98,14 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors) char *outdup; char *dirbuildup; CURLcode result = CURLE_OK; + size_t outlen; + outlen = strlen(outfile); outdup = strdup(outfile); if(!outdup) return CURLE_OUT_OF_MEMORY; - dirbuildup = malloc(strlen(outfile) + 1); + dirbuildup = malloc(outlen + 1); if(!dirbuildup) { Curl_safefree(outdup); return CURLE_OUT_OF_MEMORY; @@ -119,12 +121,12 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors) if(tempdir2 != NULL) { size_t dlen = strlen(dirbuildup); if(dlen) - sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir); + snprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir); else { if(0 != strncmp(outdup, DIR_CHAR, 1)) strcpy(dirbuildup, tempdir); else - sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir); + snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir); } if(access(dirbuildup, F_OK) == -1) { if(-1 == mkdir(dirbuildup,(mode_t)0000750)) { |