While the buffer is indeed allocated to a safe length, better safe then sorry.
Signed-off-by: Steven Dake <sd...@redhat.com>
---
src/scp.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/scp.c b/src/scp.c
index 649c2a6..a40f7e9 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -294,8 +294,7 @@ scp_recv(LIBSSH2_SESSION * session, const char *path,
struct stat * sb)
return NULL;
}
- /* sprintf() is fine here since we allocated a large enough buffer */
- sprintf((char *)session->scpRecv_command, "scp -%sf ", sb?"p":"");
+ snprintf((char *)session->scpRecv_command,
session->scpRecv_command_len, "scp -%sf ", sb?"p":"");
cmd_len = strlen((char *)session->scpRecv_command);
--
1.7.7.6
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
