diff options
author | Daniel Stenberg <daniel@haxx.se> | 2016-10-08 13:39:29 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2016-10-08 15:13:46 +0200 |
commit | 8238ba9c5f10414a88f502bf3f5d5a42d632984c (patch) | |
tree | eeeb5d93d5435b83f678a54bdffd52d0c287c846 | |
parent | 9885c9508ec757f7f658dab11658e4a3e643a420 (diff) |
ftp: fix Curl_ftpsendf()
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.
Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
-rw-r--r-- | lib/ftp.c | 10 | ||||
-rw-r--r-- | lib/ftp.h | 4 | ||||
-rw-r--r-- | lib/krb5.c | 12 | ||||
-rw-r--r-- | lib/security.c | 2 |
4 files changed, 16 insertions, 12 deletions
@@ -4091,8 +4091,7 @@ static CURLcode ftp_do(struct connectdata *conn, bool *done) } -CURLcode Curl_ftpsendf(struct connectdata *conn, - const char *fmt, ...) +CURLcode Curl_ftpsend(struct connectdata *conn, const char *cmd) { ssize_t bytes_written; #define SBUF_SIZE 1024 @@ -4104,10 +4103,9 @@ CURLcode Curl_ftpsendf(struct connectdata *conn, enum protection_level data_sec = conn->data_prot; #endif - va_list ap; - va_start(ap, fmt); - write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap); - va_end(ap); + write_len = strlen(cmd); + if(write_len > (sizeof(s) -3)) + return CURLE_BAD_FUNCTION_ARGUMENT; strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */ write_len +=2; @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,7 +31,7 @@ extern const struct Curl_handler Curl_handler_ftp; extern const struct Curl_handler Curl_handler_ftps; #endif -CURLcode Curl_ftpsendf(struct connectdata *, const char *fmt, ...); +CURLcode Curl_ftpsend(struct connectdata *, const char *cmd); CURLcode Curl_GetFTPResponse(ssize_t *nread, struct connectdata *conn, int *ftpcode); #endif /* CURL_DISABLE_FTP */ diff --git a/lib/krb5.c b/lib/krb5.c index 87ce8ee6c..5d5c00395 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -182,7 +182,7 @@ krb5_auth(void *app_data, struct connectdata *conn) for(;;) { /* this really shouldn't be repeated here, but can't help it */ if(service == srv_host) { - result = Curl_ftpsendf(conn, "AUTH GSSAPI"); + result = Curl_ftpsend(conn, "AUTH GSSAPI"); if(result) return -2; @@ -243,16 +243,22 @@ krb5_auth(void *app_data, struct connectdata *conn) } if(output_buffer.length != 0) { + char *cmd; + result = Curl_base64_encode(data, (char *)output_buffer.value, output_buffer.length, &p, &base64_sz); if(result) { Curl_infof(data, "base64-encoding: %s\n", curl_easy_strerror(result)); - ret = AUTH_CONTINUE; + ret = AUTH_ERROR; break; } - result = Curl_ftpsendf(conn, "ADAT %s", p); + cmd = aprintf("ADAT %s", p); + if(cmd) + result = Curl_ftpsend(conn, cmd); + else + result = CURLE_OUT_OF_MEMORY; free(p); diff --git a/lib/security.c b/lib/security.c index a0bcaeaee..a268d4a62 100644 --- a/lib/security.c +++ b/lib/security.c @@ -122,7 +122,7 @@ static int ftp_send_command(struct connectdata *conn, const char *message, ...) vsnprintf(print_buffer, sizeof(print_buffer), message, args); va_end(args); - if(Curl_ftpsendf(conn, print_buffer)) { + if(Curl_ftpsend(conn, print_buffer)) { ftp_code = -1; } else { |