Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
commit: 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree: 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/gssapi/generic
parent: 57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
download: krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.zip
krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.gz
krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.bz2
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/gssapi/generic/disp_major_status.c b/src/lib/gssapi/generic/disp_major_status.c
index 218370d..0648192 100644
--- a/src/lib/gssapi/generic/disp_major_status.c
+++ b/src/lib/gssapi/generic/disp_major_status.c
@@ -115,11 +115,8 @@ display_unknown(kind, value, buffer)
 {
    char *str;
 
-   if ((str =
-	(char *) xmalloc(strlen(unknown_error)+strlen(kind)+7)) == NULL)
-      return(0);
-
-   sprintf(str, unknown_error, kind, value);
+   if (asprintf(&str, unknown_error, kind, value) < 0)
+       return(0);
 
    buffer->length = strlen(str);
    buffer->value = str;
author	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
commit	52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree	9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/gssapi/generic
parent	57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
download	krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.zip krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.gz krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.bz2