diff options
| -rw-r--r-- | CHANGES | 7 | ||||
| -rw-r--r-- | RELEASE-NOTES | 2 | ||||
| -rw-r--r-- | src/main.c | 9 |
3 files changed, 13 insertions, 5 deletions
@@ -6,6 +6,13 @@ Changelog +Daniel Stenberg (8 Mar 2009) +- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that + curl didn't use sprintf() in a way that is documented to work in POSIX but + since we use our own printf() code (from libcurl) that shouldn't be a + problem. Nonetheless I modified the code to not rely on such particular + features and to not cause further raised eyebrowse with no good reason. + Daniel Fandrich (5 Mar 2009) - Expanded the security section of the libcurl-tutorial man page to cover more issues for authors to consider when writing robust libcurl-using diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 4398cce85..9c7784e89 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -23,6 +23,6 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - David James, Chris Deidun + Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert Thanks! (and sorry if I forgot to mention someone) diff --git a/src/main.c b/src/main.c index 958c8b514..aabd659fe 100644 --- a/src/main.c +++ b/src/main.c @@ -5286,13 +5286,14 @@ static int create_dir_hierarchy(const char *outfile, FILE *errors) /* since strtok returns a token for the last word even if not ending with DIR_CHAR, we need to prune it */ if (tempdir2 != NULL) { - if (strlen(dirbuildup) > 0) - sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir); + size_t dlen = strlen(dirbuildup); + if (dlen) + sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir); else { if (0 != strncmp(outdup, DIR_CHAR, 1)) - sprintf(dirbuildup,"%s",tempdir); + strcpy(dirbuildup, tempdir); else - sprintf(dirbuildup,"%s%s", DIR_CHAR, tempdir); + sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir); } if (access(dirbuildup, F_OK) == -1) { result = mkdir(dirbuildup,(mode_t)0000750); |