[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Improper fixed-size buffer usage in connect_to_gserver()
From: |
Alexey Mahotkin |
Subject: |
Re: Improper fixed-size buffer usage in connect_to_gserver() |
Date: |
Wed, 13 Jun 2001 22:24:24 +0400 (MSD) |
>>>>> "LJ" == Larry Jones <larry.jones@sdrc.com> writes:
LJ> Alexey Mahotkin writes:
>> + snprintf (buf, BUFSIZE, "cvs@%s", hostinfo->h_name);
LJ> snprintf() isn't portable.
ok, will that do? "%*s" is documented in K&R.
--- client.c Tue Apr 24 22:14:53 2001
+++ client.c-new Wed Jun 13 22:21:53 2001
@@ -4189,13 +4189,15 @@
/* Connect to the server using GSSAPI authentication. */
+#define BUFSIZE 1024
+
static int
connect_to_gserver (sock, hostinfo)
int sock;
struct hostent *hostinfo;
{
char *str;
- char buf[1024];
+ char buf[BUFSIZE];
gss_buffer_desc *tok_in_ptr, tok_in, tok_out;
OM_uint32 stat_min, stat_maj;
gss_name_t server_name;
@@ -4205,7 +4207,7 @@
if (send (sock, str, strlen (str), 0) < 0)
error (1, 0, "cannot send: %s", SOCK_STRERROR (SOCK_ERRNO));
- sprintf (buf, "cvs@%s", hostinfo->h_name);
+ sprintf (buf, "cvs@%*s", BUFSIZE, hostinfo->h_name);
tok_in.length = strlen (buf);
tok_in.value = buf;
gss_import_name (&stat_min, &tok_in, GSS_C_NT_HOSTBASED_SERVICE,
--alexm