generic-library/libupnp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Replace sprintf by snprintf in http_WriteHttpPost

Browse Source 
Replace sprintf by snprintf in http_WriteHttpPost to avoid buffer
overflow.
This commit is contained in:
Fabrice Fontaine
2012-03-18 16:14:41 +01:00
parent e13ffe3bf8
commit a04c36f47e
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
upnp/src/genlib/net/http/httpreadwrite.c
View File

@@ -875,13 +875,13 @@ int http_WriteHttpPost( IN void *Handle,
}
if (handle->contentLength == UPNP_USING_CHUNKED) {
if (*size) {
size_t tempSize = (size_t)0;
tempbuf = malloc(*size +
CHUNK_HEADER_SIZE + CHUNK_TAIL_SIZE);
size_t tempSize = *size +
CHUNK_HEADER_SIZE + CHUNK_TAIL_SIZE;
tempbuf = malloc(tempSize);
if (!tempbuf)
return UPNP_E_OUTOF_MEMORY;
/* begin chunk */
sprintf(tempbuf, "%" PRIzx "\r\n", *size);
snprintf(tempbuf, tempSize, "%" PRIzx "\r\n", *size);
tempSize = strlen(tempbuf);
memcpy(tempbuf + tempSize, buf, *size);
memcpy(tempbuf + tempSize + *size, "\r\n", (size_t)2);