On 06-03-13 13:34, Daniel Stenberg wrote: > Hi, > > As a result of the last security vulnerability we had, I'm adding new > code to checksrc that will alert us on uses of (v)sprintf, strcat and > gets in the code base. > > This is meant to be an additional tool to help us detect unsafe code > easier, since all those functions are too easily use without careful > considerations of all possible side-effects. > > I also had to clean up some code so that this wouldn't immediately start > complaining! =) > > Comments or improvements?
You've used aprintf(). I personally love aprintf(), but OSX 10.6 and a
lot of older systems are not equipped with such beautiful feature.
Probably not even POSIX.
To do the same I recommend
count = snprintf(NULL, 0, "myformat");
buf = malloc(count);
snprintf(buf, count, "myformat");
Or solve it with macro-foo to introduce the equivalence of aprintf()
into libcurl.
Oscar
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
