[Pcsclite-cvs-commit] r5850 - /trunk/PCSC/src/debug.c
rousseau at users.alioth.debian.org
rousseau at users.alioth.debian.org
Wed Jul 6 19:59:02 UTC 2011
Author: rousseau
Date: Wed Jul 6 19:59:01 2011
New Revision: 5850
URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=5850
Log:
log_xxd(): use safer snprintf() instead of sprintf()
Event secure_coding: [VERY RISKY]. Using "sprintf" can cause a buffer
overflow when done incorrectly. Because sprintf() assumes an arbitrarily
long string, callers must be careful not to overflow the actual space of
the destination. Use snprintf() instead, or correct precision
specifiers.
Modified:
trunk/PCSC/src/debug.c
Modified: trunk/PCSC/src/debug.c
URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/debug.c?rev=5850&op=diff
==============================================================================
--- trunk/PCSC/src/debug.c (original)
+++ trunk/PCSC/src/debug.c Wed Jul 6 19:59:01 2011
@@ -155,7 +155,8 @@
for (i = 0; (i < len) && (c < debug_buf_end); ++i)
{
- sprintf(c, "%02X ", buffer[i]);
+ /* 2 hex characters, 1 space, 1 NUL : total 4 characters */
+ snprintf(c, 4, "%02X ", buffer[i]);
c += strlen(c);
}
More information about the Pcsclite-cvs-commit
mailing list