generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that

Browse Source 
curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.
This commit is contained in:
Daniel Stenberg 2009-03-08 22:42:50 +00:00
parent 983a539503
commit 9274d31690
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES
View File

@ -6,6 +6,13 @@
Changelog Changelog
Daniel Stenberg (8 Mar 2009)
- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
curl didn't use sprintf() in a way that is documented to work in POSIX but
since we use our own printf() code (from libcurl) that shouldn't be a
problem. Nonetheless I modified the code to not rely on such particular
features and to not cause further raised eyebrowse with no good reason.
Daniel Fandrich (5 Mar 2009) Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover - Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using more issues for authors to consider when writing robust libcurl-using

2
RELEASE-NOTES
View File

@ -23,6 +23,6 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
David James, Chris Deidun Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

9
src/main.c
View File

@ -5286,13 +5286,14 @@ static int create_dir_hierarchy(const char *outfile, FILE *errors)
/* since strtok returns a token for the last word even /* since strtok returns a token for the last word even
if not ending with DIR_CHAR, we need to prune it */ if not ending with DIR_CHAR, we need to prune it */
if (tempdir2 != NULL) { if (tempdir2 != NULL) {
if (strlen(dirbuildup) > 0) size_t dlen = strlen(dirbuildup);
sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir); if (dlen)
sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
else { else {
if (0 != strncmp(outdup, DIR_CHAR, 1)) if (0 != strncmp(outdup, DIR_CHAR, 1))
sprintf(dirbuildup,"%s",tempdir); strcpy(dirbuildup, tempdir);
else else
sprintf(dirbuildup,"%s%s", DIR_CHAR, tempdir); sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
} }
if (access(dirbuildup, F_OK) == -1) { if (access(dirbuildup, F_OK) == -1) {
result = mkdir(dirbuildup,(mode_t)0000750); result = mkdir(dirbuildup,(mode_t)0000750);