summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/tool_dirhie.c10
-rw-r--r--src/tool_operate.c14
-rw-r--r--src/tool_operhlp.c14
-rw-r--r--src/tool_parsecfg.c23
-rw-r--r--src/tool_setopt.c8
5 files changed, 35 insertions, 34 deletions
diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c
index 4ba1c4375..5965f7a74 100644
--- a/src/tool_dirhie.c
+++ b/src/tool_dirhie.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -98,12 +98,14 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
char *outdup;
char *dirbuildup;
CURLcode result = CURLE_OK;
+ size_t outlen;
+ outlen = strlen(outfile);
outdup = strdup(outfile);
if(!outdup)
return CURLE_OUT_OF_MEMORY;
- dirbuildup = malloc(strlen(outfile) + 1);
+ dirbuildup = malloc(outlen + 1);
if(!dirbuildup) {
Curl_safefree(outdup);
return CURLE_OUT_OF_MEMORY;
@@ -119,12 +121,12 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
if(tempdir2 != NULL) {
size_t dlen = strlen(dirbuildup);
if(dlen)
- sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
+ snprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir);
else {
if(0 != strncmp(outdup, DIR_CHAR, 1))
strcpy(dirbuildup, tempdir);
else
- sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
+ snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir);
}
if(access(dirbuildup, F_OK) == -1) {
if(-1 == mkdir(dirbuildup,(mode_t)0000750)) {
diff --git a/src/tool_operate.c b/src/tool_operate.c
index 5e73d86d4..3151f416f 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -805,18 +805,18 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
/*
* Then append ? followed by the get fields to the url.
*/
- urlbuffer = malloc(strlen(this_url) + strlen(httpgetfields) + 3);
- if(!urlbuffer) {
- res = CURLE_OUT_OF_MEMORY;
- goto show_error;
- }
if(pc)
- sprintf(urlbuffer, "%s%c%s", this_url, sep, httpgetfields);
+ urlbuffer = aprintf("%s%c%s", this_url, sep, httpgetfields);
else
/* Append / before the ? to create a well-formed url
if the url contains a hostname only
*/
- sprintf(urlbuffer, "%s/?%s", this_url, httpgetfields);
+ urlbuffer = aprintf("%s/?%s", this_url, httpgetfields);
+
+ if(!urlbuffer) {
+ res = CURLE_OUT_OF_MEMORY;
+ goto show_error;
+ }
Curl_safefree(this_url); /* free previous URL */
this_url = urlbuffer; /* use our new URL instead! */
diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index 631488727..d3c1a88a9 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -123,22 +123,20 @@ char *add_file_name_to_url(CURL *curl, char *url, const char *filename)
/* URL encode the file name */
encfile = curl_easy_escape(curl, filep, 0 /* use strlen */);
if(encfile) {
- char *urlbuffer = malloc(strlen(url) + strlen(encfile) + 3);
- if(!urlbuffer) {
- curl_free(encfile);
- Curl_safefree(url);
- return NULL;
- }
+ char *urlbuffer;
if(ptr)
/* there is a trailing slash on the URL */
- sprintf(urlbuffer, "%s%s", url, encfile);
+ urlbuffer = aprintf("%s%s", url, encfile);
else
/* there is no trailing slash on the URL */
- sprintf(urlbuffer, "%s/%s", url, encfile);
+ urlbuffer = aprintf("%s/%s", url, encfile);
curl_free(encfile);
Curl_safefree(url);
+ if(!urlbuffer)
+ return NULL;
+
url = urlbuffer; /* use our new URL instead! */
}
}
diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c
index 561dada11..680688ab7 100644
--- a/src/tool_parsecfg.c
+++ b/src/tool_parsecfg.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -275,32 +275,33 @@ static char *my_get_line(FILE *fp)
{
char buf[4096];
char *nl = NULL;
- char *retval = NULL;
+ char *line = NULL;
do {
if(NULL == fgets(buf, sizeof(buf), fp))
break;
- if(!retval) {
- retval = strdup(buf);
- if(!retval)
+ if(!line) {
+ line = strdup(buf);
+ if(!line)
return NULL;
}
else {
char *ptr;
- ptr = realloc(retval, strlen(retval) + strlen(buf) + 1);
+ size_t linelen = strlen(line);
+ ptr = realloc(line, linelen + strlen(buf) + 1);
if(!ptr) {
- Curl_safefree(retval);
+ Curl_safefree(line);
return NULL;
}
- retval = ptr;
- strcat(retval, buf);
+ line = ptr;
+ strcpy(&line[linelen], buf);
}
- nl = strchr(retval, '\n');
+ nl = strchr(line, '\n');
} while(!nl);
if(nl)
*nl = '\0';
- return retval;
+ return line;
}
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 4014177f2..4493e5f8d 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -199,7 +199,7 @@ static char *c_escape(const char *str)
e += 2;
}
else if(! isprint(c)) {
- sprintf(e, "\\%03o", c);
+ snprintf(e, 4, "\\%03o", c);
e += 4;
}
else
@@ -270,7 +270,7 @@ CURLcode tool_setopt_flags(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
- sprintf(preamble, "%*s", strlen(preamble), "");
+ snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.
@@ -313,7 +313,7 @@ CURLcode tool_setopt_bitmask(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
- sprintf(preamble, "%*s", strlen(preamble), "");
+ snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.