From 49cc97565fbe2928388a1e437c44429097a504ae Mon Sep 17 00:00:00 2001 From: Aleksey Sanin Date: Fri, 14 Jun 2002 17:07:10 +0000 Subject: replaced sprintf() with snprintf() to prevent possible buffer overflow * DOCBparser.c HTMLparser.c debugXML.c encoding.c nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c xmllint.c xpath.c: replaced sprintf() with snprintf() to prevent possible buffer overflow (the bug was pointed out by Anju Premachandran) --- tree.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'tree.c') diff --git a/tree.c b/tree.c index b4b143b8..f958cb20 100644 --- a/tree.c +++ b/tree.c @@ -4599,17 +4599,17 @@ xmlNewReconciliedNs(xmlDocPtr doc, xmlNodePtr tree, xmlNsPtr ns) { * Let's strip namespace prefixes longer than 20 chars ! */ if (ns->prefix == NULL) - sprintf((char *) prefix, "default"); + snprintf((char *) prefix, sizeof(prefix), "default"); else - sprintf((char *) prefix, "%.20s", ns->prefix); + snprintf((char *) prefix, sizeof(prefix), "%.20s", ns->prefix); def = xmlSearchNs(doc, tree, prefix); while (def != NULL) { if (counter > 1000) return(NULL); if (ns->prefix == NULL) - sprintf((char *) prefix, "default%d", counter++); + snprintf((char *) prefix, sizeof(prefix), "default%d", counter++); else - sprintf((char *) prefix, "%.20s%d", ns->prefix, counter++); + snprintf((char *) prefix, sizeof(prefix), "%.20s%d", ns->prefix, counter++); def = xmlSearchNs(doc, tree, prefix); } -- cgit v1.2.1