[Pcsclite-cvs-commit] r5875 - /trunk/PCSC/src/hotplug_linux.c
rousseau at users.alioth.debian.org
rousseau at users.alioth.debian.org
Tue Jul 19 19:14:40 UTC 2011
Author: rousseau
Date: Tue Jul 19 19:14:39 2011
New Revision: 5875
URL: http://svn.debian.org/wsvn/pcsclite/?sc=1&rev=5875
Log:
Use safer snprintf() instead of sprintf()
coverity: Event secure_coding: [VERY RISKY]. Using "sprintf" can cause a
buffer overflow when done incorrectly. Because sprintf() assumes an
arbitrarily long string, callers must be careful not to overflow the
actual space of the destination. Use snprintf() instead, or correct
precision specifiers.
Modified:
trunk/PCSC/src/hotplug_linux.c
Modified: trunk/PCSC/src/hotplug_linux.c
URL: http://svn.debian.org/wsvn/pcsclite/trunk/PCSC/src/hotplug_linux.c?rev=5875&op=diff
==============================================================================
--- trunk/PCSC/src/hotplug_linux.c (original)
+++ trunk/PCSC/src/hotplug_linux.c Tue Jul 19 19:14:39 2011
@@ -258,7 +258,8 @@
continue;
}
- sprintf(dirpath, "%s/%s", PCSCLITE_USB_PATH, entry->d_name);
+ snprintf(dirpath, sizeof dirpath, "%s/%s",
+ PCSCLITE_USB_PATH, entry->d_name);
dirB = opendir(dirpath);
@@ -280,7 +281,8 @@
/* Get the device number so we can distinguish
multiple readers */
- sprintf(filename, "%s/%s", dirpath, entryB->d_name);
+ snprintf(filename, sizeof filename, "%s/%s",
+ dirpath, entryB->d_name);
sscanf(entryB->d_name, "%d", &deviceNumber);
fd = open(filename, O_RDONLY);
More information about the Pcsclite-cvs-commit
mailing list