From 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Thu, 12 Jul 2007 23:33:25 +0000
Subject: Avoid use of unchecked sprintf in libraries.  Use asprintf if the
 output buffer is allocated according to the size of data to be written, or
 snprintf otherwise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/kdb/kdb5.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'src/lib/kdb')

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index a20af6b17..2b6ed2c64 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -269,8 +269,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
     } else
 #endif
     {
-	sprintf(buf, "Program not built to support %s database type\n",
-		lib_name);
+	snprintf(buf, sizeof(buf),
+		 "Program not built to support %s database type\n",
+		 lib_name);
 	status = KRB5_KDB_DBTYPE_NOSUP;
 	krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
 	goto clean_n_exit;
@@ -282,8 +283,9 @@ kdb_load_library(krb5_context kcontext, char *lib_name, db_library * lib)
 
     if ((status = (*lib)->vftabl.init_library())) {
 	/* ERROR. library not initialized cleanly */
-	sprintf(buf, "%s library initialization failed, error code %ld\n",
-		lib_name, status);
+	snprintf(buf, sizeof(buf),
+		 "%s library initialization failed, error code %ld\n",
+		 lib_name, status);
 	status = KRB5_KDB_DBTYPE_INIT;
 	krb5_db_set_err(kcontext, krb5_err_have_str, status, buf);
 	goto clean_n_exit;
-- 
cgit