Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
commit: 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree: 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/krb5/keytab
parent: 57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
1 files changed, 6 insertions, 7 deletions
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index df0a80501..2652c00af 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -607,14 +607,13 @@ krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet
 		fnamep = ktfile_def_name;
 	    namelen += (strlen(fnamep)+1);
 
-	    if ((ktname = (char *) malloc(namelen))) {
-		/* Format the keytab name. */
-		if (keytab->ops && keytab->ops->prefix)
-		    sprintf(ktname, "%s:%s", keytab->ops->prefix, fnamep);
-
-		else
-		    strcpy(ktname, fnamep);
+	    if (keytab->ops && keytab->ops->prefix) {
+		if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0)
+		    ktname = NULL;
+	    } else
+		ktname = strdup(fnamep);
 
+	    if (ktname) {
 		/* Fill in the file-specific keytab information. */
 		if (ktdata) {
 		    if (ktdata->openf) {
author	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
commit	52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree	9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/krb5/keytab
parent	57913ccc175061dd41e98914d50eda56dd9685c0 (diff)