checksrc: ban unsafe functions

The list of unsafe functions currently consists of sprintf, vsprintf,
strcat, strncat and gets.

Subsequently, some existing code needed updating to avoid warnings on
this.

1 files changed, 6 insertions, 8 deletions

diff --git a/src/tool_operhlp.c b/src/tool_operhlp.c
index 631488727..d3c1a88a9 100644
--- a/src/tool_operhlp.c
+++ b/src/tool_operhlp.c
@@ -123,22 +123,20 @@ char *add_file_name_to_url(CURL *curl, char *url, const char *filename)
     /* URL encode the file name */
     encfile = curl_easy_escape(curl, filep, 0 /* use strlen */);
     if(encfile) {
-      char *urlbuffer = malloc(strlen(url) + strlen(encfile) + 3);
-      if(!urlbuffer) {
-        curl_free(encfile);
-        Curl_safefree(url);
-        return NULL;
-      }
+      char *urlbuffer;
       if(ptr)
         /* there is a trailing slash on the URL */
-        sprintf(urlbuffer, "%s%s", url, encfile);
+        urlbuffer = aprintf("%s%s", url, encfile);
       else
         /* there is no trailing slash on the URL */
-        sprintf(urlbuffer, "%s/%s", url, encfile);
+        urlbuffer = aprintf("%s/%s", url, encfile);
 
       curl_free(encfile);
       Curl_safefree(url);
 
+      if(!urlbuffer)
+        return NULL;
+
       url = urlbuffer; /* use our new URL instead! */
     }
   }