diff options
author | Daniel Stenberg <daniel@haxx.se> | 2004-06-24 11:54:11 +0000 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2004-06-24 11:54:11 +0000 |
commit | feb2dd283533f842c9b6e4cc2fcc7fd35638d5a0 (patch) | |
tree | f0ecc2bd74917e67e3e9853e04a6ca16c2770eb3 /lib/version.c | |
parent | 5e34f3dc0133333fb398dd4b285a63f58aa441da (diff) |
Replaced all uses of sprintf() with the safer snprintf(). It is just a
precaution to prevent mistakes to lead to buffer overflows.
Diffstat (limited to 'lib/version.c')
-rw-r--r-- | lib/version.c | 78 |
1 files changed, 38 insertions, 40 deletions
diff --git a/lib/version.c b/lib/version.c index 7bd4dbe50..21939d925 100644 --- a/lib/version.c +++ b/lib/version.c @@ -1,8 +1,8 @@ /*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al. @@ -10,7 +10,7 @@ * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms * are also available at http://curl.haxx.se/docs/copyright.html. - * + * * You may opt to use, copy, modify, merge, publish, distribute and/or sell * copies of the Software, and permit persons to whom the Software is * furnished to do so, under the terms of the COPYING file. @@ -29,6 +29,9 @@ #include <curl/curl.h> #include "urldata.h" +#define _MPRINTF_REPLACE /* use the internal *printf() functions */ +#include <curl/mprintf.h> + #ifdef USE_ARES #include <ares_version.h> #endif @@ -38,7 +41,7 @@ #endif #ifdef USE_SSLEAY -static void getssl_version(char *ptr, long *num) +static int getssl_version(char *ptr, size_t left, long *num) { #if (SSLEAY_VERSION_NUMBER >= 0x905000) @@ -60,20 +63,20 @@ static void getssl_version(char *ptr, long *num) sub[0]='\0'; } - sprintf(ptr, " OpenSSL/%lx.%lx.%lx%s", - (ssleay_value>>28)&0xf, - (ssleay_value>>20)&0xff, - (ssleay_value>>12)&0xff, - sub); + return snprintf(ptr, left, " OpenSSL/%lx.%lx.%lx%s", + (ssleay_value>>28)&0xf, + (ssleay_value>>20)&0xff, + (ssleay_value>>12)&0xff, + sub); } #else *num = SSLEAY_VERSION_NUMBER; #if (SSLEAY_VERSION_NUMBER >= 0x900000) - sprintf(ptr, " OpenSSL/%lx.%lx.%lx", - (SSLEAY_VERSION_NUMBER>>28)&0xff, - (SSLEAY_VERSION_NUMBER>>20)&0xff, - (SSLEAY_VERSION_NUMBER>>12)&0xf); + return snprintf(ptr, left, " OpenSSL/%lx.%lx.%lx", + (SSLEAY_VERSION_NUMBER>>28)&0xff, + (SSLEAY_VERSION_NUMBER>>20)&0xff, + (SSLEAY_VERSION_NUMBER>>12)&0xf); #else { char sub[2]; @@ -84,10 +87,10 @@ static void getssl_version(char *ptr, long *num) else sub[0]='\0'; - sprintf(ptr, " SSL/%x.%x.%x%s", - (SSLEAY_VERSION_NUMBER>>12)&0xff, - (SSLEAY_VERSION_NUMBER>>8)&0xf, - (SSLEAY_VERSION_NUMBER>>4)&0xf, sub); + return snprintf(ptr, left, " SSL/%x.%x.%x%s", + (SSLEAY_VERSION_NUMBER>>12)&0xff, + (SSLEAY_VERSION_NUMBER>>8)&0xf, + (SSLEAY_VERSION_NUMBER>>4)&0xf, sub); } #endif #endif @@ -99,42 +102,37 @@ char *curl_version(void) { static char version[200]; char *ptr=version; + int len; + size_t left = sizeof(version); strcpy(ptr, LIBCURL_NAME "/" LIBCURL_VERSION ); ptr=strchr(ptr, '\0'); + left -= strlen(ptr); #ifdef USE_SSLEAY { long num; - getssl_version(ptr, &num); - ptr=strchr(version, '\0'); + len = getssl_version(ptr, left, &num); + left -= len; + ptr += len; } #endif -#ifdef HAVE_KRB4 - sprintf(ptr, " krb4"); - ptr += strlen(ptr); -#endif -#ifdef ENABLE_IPV6 - sprintf(ptr, " ipv6"); - ptr += strlen(ptr); -#endif #ifdef HAVE_LIBZ - sprintf(ptr, " zlib/%s", zlibVersion()); - ptr += strlen(ptr); -#endif -#ifdef HAVE_GSSAPI - sprintf(ptr, " GSS"); - ptr += strlen(ptr); + len = snprintf(ptr, left, " zlib/%s", zlibVersion()); + left -= len; + ptr += len; #endif #ifdef USE_ARES /* this function is only present in c-ares, not in the original ares */ - sprintf(ptr, " c-ares/%s", ares_version(NULL)); - ptr += strlen(ptr); + len = snprintf(ptr, left, " c-ares/%s", ares_version(NULL)); + left -= len; + ptr += len; #endif #ifdef USE_LIBIDN if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) { - sprintf(ptr, " libidn/%s", stringprep_check_version(NULL)); - ptr += strlen(ptr); + len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL)); + left -= len; + ptr += len; } #endif @@ -226,7 +224,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp) #ifdef USE_SSLEAY static char ssl_buffer[80]; long num; - getssl_version(ssl_buffer, &num); + getssl_version(ssl_buffer, sizeof(ssl_buffer), &num); version_info.ssl_version = ssl_buffer; version_info.ssl_version_num = num; |