Skip to content

Commit

Permalink
use snprintf instead of sprintf. It will prevent BOF.
Browse files Browse the repository at this point in the history
  • Loading branch information
maneulyori committed Aug 2, 2012
1 parent 3354b25 commit 4c9863d
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions bti.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -547,7 +547,8 @@ static int request_access_token(struct session *session)

static int send_request(struct session *session)
{
char endpoint[2000];
const int endpoint_size = 2000;
char endpoint[endpoint_size];
char user_password[500];
char data[500];
struct bti_curl_buffer *curl_buf;
Expand Down Expand Up @@ -611,43 +612,43 @@ static int send_request(struct session *session)
slist = curl_slist_append(slist, "Expect:");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);

sprintf(endpoint, "%s%s", session->hosturl, update_uri);
snprintf(endpoint, endpoint_size, "%s%s", session->hosturl, update_uri);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
curl_easy_setopt(curl, CURLOPT_USERPWD, user_password);
break;

case ACTION_FRIENDS:
snprintf(user_password, sizeof(user_password), "%s:%s",
session->account, session->password);
sprintf(endpoint, "%s%s?page=%d", session->hosturl,
snprintf(endpoint, endpoint_size, "%s%s?page=%d", session->hosturl,
friends_uri, session->page);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
curl_easy_setopt(curl, CURLOPT_USERPWD, user_password);
break;

case ACTION_USER:
sprintf(endpoint, "%s%s%s.xml?page=%d", session->hosturl,
snprintf(endpoint, endpoint_size, "%s%s%s.xml?page=%d", session->hosturl,
user_uri, session->user, session->page);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
break;

case ACTION_REPLIES:
snprintf(user_password, sizeof(user_password), "%s:%s",
session->account, session->password);
sprintf(endpoint, "%s%s?page=%d", session->hosturl,
snprintf(endpoint, endpoint_size, "%s%s?page=%d", session->hosturl,
replies_uri, session->page);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
curl_easy_setopt(curl, CURLOPT_USERPWD, user_password);
break;

case ACTION_PUBLIC:
sprintf(endpoint, "%s%s?page=%d", session->hosturl,
snprintf(endpoint, endpoint_size, "%s%s?page=%d", session->hosturl,
public_uri, session->page);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
break;

case ACTION_GROUP:
sprintf(endpoint, "%s%s%s.xml?page=%d",
snprintf(endpoint, endpoint_size, "%s%s%s.xml?page=%d",
session->hosturl, group_uri, session->group,
session->page);
curl_easy_setopt(curl, CURLOPT_URL, endpoint);
Expand Down

0 comments on commit 4c9863d

Please sign in to comment.