aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2015-05-22 16:52:03 +0200
committerDaniel Stenberg <daniel@haxx.se>2015-05-22 16:52:41 +0200
commite582cd16ff7fc5b7ade202a1d5a348513b08ddd3 (patch)
tree30a0c2c26ec0ca062a1998e3998c478855af3541
parent1514977bcde37c59f863a0f40c7d9f66d9e33370 (diff)
security: fix "Unchecked return value" from sscanf()
By (void) prefixing it and adding a comment. Did some minor related cleanups. Coverity CID 1299423.
-rw-r--r--lib/security.c18
1 files changed, 9 insertions, 9 deletions
diff --git a/lib/security.c b/lib/security.c
index 524f9cef4..1bea669d5 100644
--- a/lib/security.c
+++ b/lib/security.c
@@ -359,7 +359,7 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
int */
int decoded_len;
char *buf;
- int ret_code;
+ int ret_code = 0;
size_t decoded_sz = 0;
CURLcode error;
@@ -388,13 +388,13 @@ int Curl_sec_read_msg(struct connectdata *conn, char *buffer,
}
buf[decoded_len] = '\0';
- DEBUGASSERT(decoded_len > 3);
- if(buf[3] == '-')
- ret_code = 0;
- else {
- /* Check for error? */
+ if(decoded_len <= 3)
+ /* suspiciously short */
+ return 0;
+
+ if(buf[3] != '-')
+ /* safe to ignore return code */
(void)sscanf(buf, "%d", &ret_code);
- }
if(buf[decoded_len - 1] == '\n')
buf[decoded_len - 1] = '\0';
@@ -437,8 +437,8 @@ static int sec_set_protection_level(struct connectdata *conn)
pbsz = strstr(conn->data->state.buffer, "PBSZ=");
if(pbsz) {
- /* FIXME: Checks for errors in sscanf? */
- sscanf(pbsz, "PBSZ=%u", &buffer_size);
+ /* ignore return code, use default value if it fails */
+ (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
if(buffer_size < conn->buffer_size)
conn->buffer_size = buffer_size;
}