www.libssh2.org | Daily snapshots | Mailing list archive | Docs | Examples | github

Archive Index This month's Index

Subject: [PATCH] Use safer snprintf rather then sprintf in scp_recv()

[PATCH] Use safer snprintf rather then sprintf in scp_recv()

From: Steven Dake <sdake_at_redhat.com>
Date: Tue, 6 Mar 2012 00:23:51 -0700

While the buffer is indeed allocated to a safe length, better safe then sorry.

Signed-off-by: Steven Dake <sdake_at_redhat.com>

---
 src/scp.c |    3 +--
 1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/scp.c b/src/scp.c
index 649c2a6..a40f7e9 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -294,8 +294,7 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
             return NULL;
         }
 
-        /* sprintf() is fine here since we allocated a large enough buffer */
-        sprintf((char *)session->scpRecv_command, "scp -%sf ", sb?"p":"");
+        snprintf((char *)session->scpRecv_command, session->scpRecv_command_len, "scp -%sf ", sb?"p":"");
 
         cmd_len = strlen((char *)session->scpRecv_command);
 
-- 
1.7.7.6
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-03-06

the libssh2 team