romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-27 05:25:39 +03:00
Code Issues Projects Releases Packages Wiki Activity

checksrc: ban unsafe functions

Browse source 
The list of unsafe functions currently consists of sprintf, vsprintf,
strcat, strncat and gets.

Subsequently, some existing code needed updating to avoid warnings on
this.
This commit is contained in:
Daniel Stenberg 2013-03-06 13:27:51 +01:00
parent 9ceee69ff7
commit 7f963a19ec
10 changed files with 65 additions and 160 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/tool_dirhie.c
View file

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -98,12 +98,14 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
char *outdup;
char *dirbuildup;
CURLcode result = CURLE_OK;
size_t outlen;
outlen = strlen(outfile);
outdup = strdup(outfile);
if(!outdup)
return CURLE_OUT_OF_MEMORY;
dirbuildup = malloc(strlen(outfile) + 1);
dirbuildup = malloc(outlen + 1);
if(!dirbuildup) {
Curl_safefree(outdup);
return CURLE_OUT_OF_MEMORY;
@ -119,12 +121,12 @@ CURLcode create_dir_hierarchy(const char *outfile, FILE *errors)
if(tempdir2 != NULL) {
size_t dlen = strlen(dirbuildup);
if(dlen)
sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
snprintf(&dirbuildup[dlen], outlen - dlen, "%s%s", DIR_CHAR, tempdir);
else {
if(0 != strncmp(outdup, DIR_CHAR, 1))
strcpy(dirbuildup, tempdir);
else
sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
snprintf(dirbuildup, outlen, "%s%s", DIR_CHAR, tempdir);
}
if(access(dirbuildup, F_OK) == -1) {
if(-1 == mkdir(dirbuildup,(mode_t)0000750)) {

14
src/tool_operate.c
View file

@ -805,18 +805,18 @@ int operate(struct Configurable *config, int argc, argv_item_t argv[])
/*
* Then append ? followed by the get fields to the url.
*/
urlbuffer = malloc(strlen(this_url) + strlen(httpgetfields) + 3);
if(!urlbuffer) {
res = CURLE_OUT_OF_MEMORY;
goto show_error;
}
if(pc)
sprintf(urlbuffer, "%s%c%s", this_url, sep, httpgetfields);
urlbuffer = aprintf("%s%c%s", this_url, sep, httpgetfields);
else
/* Append / before the ? to create a well-formed url
if the url contains a hostname only
*/
sprintf(urlbuffer, "%s/?%s", this_url, httpgetfields);
urlbuffer = aprintf("%s/?%s", this_url, httpgetfields);
if(!urlbuffer) {
res = CURLE_OUT_OF_MEMORY;
goto show_error;
}
Curl_safefree(this_url); /* free previous URL */
this_url = urlbuffer; /* use our new URL instead! */

14
src/tool_operhlp.c
View file

@ -123,22 +123,20 @@ char *add_file_name_to_url(CURL *curl, char *url, const char *filename)
/* URL encode the file name */
encfile = curl_easy_escape(curl, filep, 0 /* use strlen */);
if(encfile) {
char *urlbuffer = malloc(strlen(url) + strlen(encfile) + 3);
if(!urlbuffer) {
curl_free(encfile);
Curl_safefree(url);
return NULL;
}
char *urlbuffer;
if(ptr)
/* there is a trailing slash on the URL */
sprintf(urlbuffer, "%s%s", url, encfile);
urlbuffer = aprintf("%s%s", url, encfile);
else
/* there is no trailing slash on the URL */
sprintf(urlbuffer, "%s/%s", url, encfile);
urlbuffer = aprintf("%s/%s", url, encfile);
curl_free(encfile);
Curl_safefree(url);
if(!urlbuffer)
return NULL;
url = urlbuffer; /* use our new URL instead! */
}
}

23
src/tool_parsecfg.c
View file

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -275,32 +275,33 @@ static char *my_get_line(FILE *fp)
{
char buf[4096];
char *nl = NULL;
char *retval = NULL;
char *line = NULL;
do {
if(NULL == fgets(buf, sizeof(buf), fp))
break;
if(!retval) {
retval = strdup(buf);
if(!retval)
if(!line) {
line = strdup(buf);
if(!line)
return NULL;
}
else {
char *ptr;
ptr = realloc(retval, strlen(retval) + strlen(buf) + 1);
size_t linelen = strlen(line);
ptr = realloc(line, linelen + strlen(buf) + 1);
if(!ptr) {
Curl_safefree(retval);
Curl_safefree(line);
return NULL;
}
retval = ptr;
strcat(retval, buf);
line = ptr;
strcpy(&line[linelen], buf);
}
nl = strchr(retval, '\n');
nl = strchr(line, '\n');
} while(!nl);
if(nl)
*nl = '\0';
return retval;
return line;
}

8
src/tool_setopt.c
View file

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -199,7 +199,7 @@ static char *c_escape(const char *str)
e += 2;
}
else if(! isprint(c)) {
sprintf(e, "\\%03o", c);
snprintf(e, 4, "\\%03o", c);
e += 4;
}
else
@ -270,7 +270,7 @@ CURLcode tool_setopt_flags(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
sprintf(preamble, "%*s", strlen(preamble), "");
snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.
@ -313,7 +313,7 @@ CURLcode tool_setopt_bitmask(CURL *curl, struct Configurable *config,
if(!rest)
break; /* handled them all */
/* replace with all spaces for continuation line */
sprintf(preamble, "%*s", strlen(preamble), "");
snprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
}
}
/* If any bits have no definition, output an explicit value.