Replaced all uses of sprintf() with the safer snprintf(). It is just a

precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
parent 5e34f3dc01
commit feb2dd2835
13 changed files with 490 additions and 486 deletions
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -160,22 +160,22 @@ size_t Curl_base64_encode(const char *inp, size_t insize, char **outptr)

    switch(inputparts) {
    case 1: /* only one byte read */
-      sprintf(output, "%c%c==",
-              table64[obuf[0]],
-              table64[obuf[1]]);
+      snprintf(output, 5, "%c%c==",
+               table64[obuf[0]],
+               table64[obuf[1]]);
      break;
    case 2: /* two bytes read */
-      sprintf(output, "%c%c%c=",
-              table64[obuf[0]],
-              table64[obuf[1]],
-              table64[obuf[2]]);
+      snprintf(output, 5, "%c%c%c=",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]]);
      break;
    default:
-      sprintf(output, "%c%c%c%c",
-              table64[obuf[0]],
-              table64[obuf[1]],
-              table64[obuf[2]],
-              table64[obuf[3]] );
+      snprintf(output, 5, "%c%c%c%c",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]],
+               table64[obuf[3]] );
      break;
    }
    output += 4;