Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
commit: 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree: 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/kdb
parent: 57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index a20af6b175..2b6ed2c642 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -269,8 +269,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
     } else
 #endif
     {
-	sprintf(buf, "Program not built to support %s database type\n",
-		lib_name);
+	snprintf(buf, sizeof(buf),
+		 "Program not built to support %s database type\n",
+		 lib_name);
 	status = KRB5_KDB_DBTYPE_NOSUP;
 	krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
 	goto clean_n_exit;
@@ -282,8 +283,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
     if ((status = (*lib)->vftabl.init_library())) {
 	/* ERROR. library not initialized cleanly */
-	sprintf(buf, "%s library initialization failed, error code %ld\n",
-		lib_name, status);
+	snprintf(buf, sizeof(buf),
+		 "%s library initialization failed, error code %ld\n",
+		 lib_name, status);
 	status = KRB5_KDB_DBTYPE_INIT;
 	krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
 	goto clean_n_exit;
author	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
commit	52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree	9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/kdb
parent	57913ccc175061dd41e98914d50eda56dd9685c0 (diff)