Replaced all uses of sprintf() with the safer snprintf(). It is just a

precaution to prevent mistakes to lead to buffer overflows.
author: Daniel Stenberg <daniel@haxx.se> 2004-06-24 11:54:11 +0000
committer: Daniel Stenberg <daniel@haxx.se> 2004-06-24 11:54:11 +0000
commit: feb2dd283533f842c9b6e4cc2fcc7fd35638d5a0 (patch)
tree: f0ecc2bd74917e67e3e9853e04a6ca16c2770eb3 /lib/version.c
parent: 5e34f3dc0133333fb398dd4b285a63f58aa441da (diff)
1 files changed, 38 insertions, 40 deletions
diff --git a/lib/version.c b/lib/version.c
index 7bd4dbe50..21939d925 100644
--- a/lib/version.c
+++ b/lib/version.c
@@ -1,8 +1,8 @@
 /***************************************************************************
- *                                  _   _ ____  _     
- *  Project                     ___| | | |  _ \| |    
- *                             / __| | | | |_) | |    
- *                            | (__| |_| |  _ <| |___ 
+ *                                  _   _ ____  _
+ *  Project                     ___| | | |  _ \| |
+ *                             / __| | | | |_) | |
+ *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
  * Copyright (C) 1998 - 2004, Daniel Stenberg, <daniel@haxx.se>, et al.
@@ -10,7 +10,7 @@
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
  * are also available at http://curl.haxx.se/docs/copyright.html.
- * 
+ *
  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  * copies of the Software, and permit persons to whom the Software is
  * furnished to do so, under the terms of the COPYING file.
@@ -29,6 +29,9 @@
 #include <curl/curl.h>
 #include "urldata.h"
 
+#define _MPRINTF_REPLACE /* use the internal *printf() functions */
+#include <curl/mprintf.h>
+
 #ifdef USE_ARES
 #include <ares_version.h>
 #endif
@@ -38,7 +41,7 @@
 #endif
 
 #ifdef USE_SSLEAY
-static void getssl_version(char *ptr, long *num)
+static int getssl_version(char *ptr, size_t left, long *num)
 {
 
 #if (SSLEAY_VERSION_NUMBER >= 0x905000)
@@ -60,20 +63,20 @@ static void getssl_version(char *ptr, long *num)
         sub[0]='\0';
     }
 
-    sprintf(ptr, " OpenSSL/%lx.%lx.%lx%s",
-            (ssleay_value>>28)&0xf,
-            (ssleay_value>>20)&0xff,
-            (ssleay_value>>12)&0xff,
-            sub);
+    return snprintf(ptr, left, " OpenSSL/%lx.%lx.%lx%s",
+                    (ssleay_value>>28)&0xf,
+                    (ssleay_value>>20)&0xff,
+                    (ssleay_value>>12)&0xff,
+                    sub);
   }
 
 #else
   *num = SSLEAY_VERSION_NUMBER;
 #if (SSLEAY_VERSION_NUMBER >= 0x900000)
-  sprintf(ptr, " OpenSSL/%lx.%lx.%lx",
-          (SSLEAY_VERSION_NUMBER>>28)&0xff,
-          (SSLEAY_VERSION_NUMBER>>20)&0xff,
-          (SSLEAY_VERSION_NUMBER>>12)&0xf);
+  return snprintf(ptr, left, " OpenSSL/%lx.%lx.%lx",
+                  (SSLEAY_VERSION_NUMBER>>28)&0xff,
+                  (SSLEAY_VERSION_NUMBER>>20)&0xff,
+                  (SSLEAY_VERSION_NUMBER>>12)&0xf);
 #else
   {
     char sub[2];
@@ -84,10 +87,10 @@ static void getssl_version(char *ptr, long *num)
     else
       sub[0]='\0';
 
-    sprintf(ptr, " SSL/%x.%x.%x%s",
-            (SSLEAY_VERSION_NUMBER>>12)&0xff,
-            (SSLEAY_VERSION_NUMBER>>8)&0xf,
-            (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
+    return snprintf(ptr, left, " SSL/%x.%x.%x%s",
+                    (SSLEAY_VERSION_NUMBER>>12)&0xff,
+                    (SSLEAY_VERSION_NUMBER>>8)&0xf,
+                    (SSLEAY_VERSION_NUMBER>>4)&0xf, sub);
   }
 #endif
 #endif
@@ -99,42 +102,37 @@ char *curl_version(void)
 {
   static char version[200];
   char *ptr=version;
+  int len;
+  size_t left = sizeof(version);
   strcpy(ptr, LIBCURL_NAME "/" LIBCURL_VERSION );
   ptr=strchr(ptr, '\0');
+  left -= strlen(ptr);
 
 #ifdef USE_SSLEAY
   {
     long num;
-    getssl_version(ptr, &num);
-    ptr=strchr(version, '\0');
+    len = getssl_version(ptr, left, &num);
+    left -= len;
+    ptr += len;
   }
 #endif
 
-#ifdef HAVE_KRB4
-  sprintf(ptr, " krb4");
-  ptr += strlen(ptr);
-#endif
-#ifdef ENABLE_IPV6
-  sprintf(ptr, " ipv6");
-  ptr += strlen(ptr);
-#endif
 #ifdef HAVE_LIBZ
-  sprintf(ptr, " zlib/%s", zlibVersion());
-  ptr += strlen(ptr);
-#endif
-#ifdef HAVE_GSSAPI
-  sprintf(ptr, " GSS");
-  ptr += strlen(ptr);
+  len = snprintf(ptr, left, " zlib/%s", zlibVersion());
+  left -= len;
+  ptr += len;
 #endif
 #ifdef USE_ARES
   /* this function is only present in c-ares, not in the original ares */
-  sprintf(ptr, " c-ares/%s", ares_version(NULL));
-  ptr += strlen(ptr);
+  len = snprintf(ptr, left, " c-ares/%s", ares_version(NULL));
+  left -= len;
+  ptr += len;
 #endif
 #ifdef USE_LIBIDN
   if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
-    sprintf(ptr, " libidn/%s", stringprep_check_version(NULL));
-    ptr += strlen(ptr);
+    len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
+    left -= len;
+    ptr += len;
   }
 #endif
 
@@ -226,7 +224,7 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
 #ifdef USE_SSLEAY
   static char ssl_buffer[80];
   long num;
-  getssl_version(ssl_buffer, &num);
+  getssl_version(ssl_buffer, sizeof(ssl_buffer), &num);
 
   version_info.ssl_version = ssl_buffer;
   version_info.ssl_version_num = num;
author	Daniel Stenberg <daniel@haxx.se>	2004-06-24 11:54:11 +0000
committer	Daniel Stenberg <daniel@haxx.se>	2004-06-24 11:54:11 +0000
commit	feb2dd283533f842c9b6e4cc2fcc7fd35638d5a0 (patch)
tree	f0ecc2bd74917e67e3e9853e04a6ca16c2770eb3 /lib/version.c
parent	5e34f3dc0133333fb398dd4b285a63f58aa441da (diff)