Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
commit: 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree: 9f108e05e8881ea19954b4959fdca96d47daa615 /src/util/profile
parent: 57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
download: krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.gz
krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.xz
krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.zip
1 files changed, 8 insertions, 9 deletions
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
index 265ccd6cf9..74d553ee63 100644
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -407,15 +407,14 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
 	retval = ENOMEM;
 	
 	new_file = old_file = 0;
-	new_file = malloc(strlen(outfile) + 5);
-	if (!new_file)
-		goto errout;
-	old_file = malloc(strlen(outfile) + 5);
-	if (!old_file)
-		goto errout;
-
-	sprintf(new_file, "%s.$$$", outfile);
-	sprintf(old_file, "%s.bak", outfile);
+	if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
+	    new_file = NULL;
+	    goto errout;
+	}
+	if (asprintf(&old_file, "%s.bak", outfile) < 0) {
+	    old_file = NULL;
+	    goto errout;
+	}
 
 	errno = 0;
author	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
commit	52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree	9f108e05e8881ea19954b4959fdca96d47daa615 /src/util/profile
parent	57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
download	krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.gz krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.xz krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.zip