From 7f963a19ecbceef5d7e95e677ccc089d04ef987f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 6 Mar 2013 13:27:51 +0100 Subject: checksrc: ban unsafe functions The list of unsafe functions currently consists of sprintf, vsprintf, strcat, strncat and gets. Subsequently, some existing code needed updating to avoid warnings on this. --- src/tool_dirhie.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/tool_dirhie.c') diff --git a/src/tool_dirhie.c b/src/tool_dirhie.c index 4ba1c4375..5965f7a74 100644 --- a/src/tool_dirhie.c +++ b/src/tool_dirhie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -98,12 +98,14 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors) char *outdup; char *dirbuildup; CURLcode result = CURLE_OK; + size_t outlen; + outlen = strlen(outfile); outdup = strdup(outfile); if(!outdup) return CURLE_OUT_OF_MEMORY; - dirbuildup = malloc(strlen(outfile) + 1); + dirbuildup = malloc(outlen + 1); if(!dirbuildup) { Curl_safefree(outdup); return CURLE_OUT_OF_MEMORY; @@ -119,12 +121,12 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors) if(tempdir2 != NULL) { size_t dlen = strlen(dirbuildup); if(dlen) - sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir); + snprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir); else { if(0 != strncmp(outdup, DIR_CHAR, 1)) strcpy(dirbuildup, tempdir); else - sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir); + snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir); } if(access(dirbuildup, F_OK) == -1) { if(-1 == mkdir(dirbuildup,(mode_t)0000750)) { -- cgit v1.2.1