httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r987498 - /httpd/httpd/trunk/support/htdigest.c
Date Fri, 20 Aug 2010 13:16:24 GMT
Author: trawick
Date: Fri Aug 20 13:16:24 2010
New Revision: 987498

URL: http://svn.apache.org/viewvc?rev=987498&view=rev
Log:
Fortify falsely complained that the sprintf() result was unbounded.
We may as well use apr_snprintf() though, as well as comment on the
available space for "::\0" (for people like me).

Modified:
    httpd/httpd/trunk/support/htdigest.c

Modified: httpd/httpd/trunk/support/htdigest.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=987498&r1=987497&r2=987498&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdigest.c (original)
+++ httpd/httpd/trunk/support/htdigest.c Fri Aug 20 13:16:24 2010
@@ -124,7 +124,7 @@ static void add_password(const char *use
     char *pw;
     apr_md5_ctx_t context;
     unsigned char digest[16];
-    char string[3 * MAX_STRING_LEN];
+    char string[3 * MAX_STRING_LEN]; /* this includes room for 2 * ':' + '\0' */
     char pwin[MAX_STRING_LEN];
     char pwv[MAX_STRING_LEN];
     unsigned int i;
@@ -144,7 +144,7 @@ static void add_password(const char *use
     apr_file_printf(f, "%s:%s:", user, realm);
 
     /* Do MD5 stuff */
-    sprintf(string, "%s:%s:%s", user, realm, pw);
+    apr_snprintf(string, sizeof(string), "%s:%s:%s", user, realm, pw);
 
     apr_md5_init(&context);
 #if APR_CHARSET_EBCDIC



Mime
View raw message