diff options
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/checksrc.pl | 8 | ||||
| -rw-r--r-- | lib/ftp.c | 17 | ||||
| -rw-r--r-- | lib/http_digest.c | 8 | ||||
| -rw-r--r-- | lib/mprintf.c | 117 |
4 files changed, 27 insertions, 123 deletions
diff --git a/lib/checksrc.pl b/lib/checksrc.pl index 9f5058ddb..f561492a7 100755 --- a/lib/checksrc.pl +++ b/lib/checksrc.pl @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -153,6 +153,12 @@ sub scanfile { checkwarn($line, length($1)+1, $file, $l, "missing space after close paren"); } + # scan for use of banned functions + if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) { + checkwarn($line, length($1), $file, $l, + "use of $2 is banned"); + } + # check for open brace first on line but not first column # only alert if previous line ended with a close paren and wasn't a cpp # line @@ -3978,16 +3978,11 @@ static CURLcode wc_statemach(struct connectdata *conn) /* filelist has at least one file, lets get first one */ struct ftp_conn *ftpc = &conn->proto.ftpc; struct curl_fileinfo *finfo = wildcard->filelist->head->ptr; - char *tmp_path = malloc(strlen(conn->data->state.path) + - strlen(finfo->filename) + 1); - if(!tmp_path) { + + char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename); + if(!tmp_path) return CURLE_OUT_OF_MEMORY; - } - tmp_path[0] = 0; - /* make full path to matched file */ - strcat(tmp_path, wildcard->path); - strcat(tmp_path, finfo->filename); /* switch default "state.pathbuffer" and tmp_path, good to see ftp_parse_url_path function to understand this trick */ Curl_safefree(conn->data->state.pathbuffer); @@ -4124,13 +4119,13 @@ CURLcode Curl_ftpsendf(struct connectdata *conn, va_list ap; va_start(ap, fmt); - vsnprintf(s, SBUF_SIZE-3, fmt, ap); + write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap); va_end(ap); - strcat(s, "\r\n"); /* append a trailing CRLF */ + strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */ + write_len +=2; bytes_written=0; - write_len = strlen(s); res = Curl_convert_to_network(conn->data, s, write_len); /* Curl_convert_to_network calls failf if unsuccessful */ diff --git a/lib/http_digest.c b/lib/http_digest.c index f9f20d487..43513966b 100644 --- a/lib/http_digest.c +++ b/lib/http_digest.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -287,6 +287,7 @@ CURLcode Curl_output_digest(struct connectdata *conn, struct timeval now; char **allocuserpwd; + size_t userlen; const char *userp; const char *passwdp; struct auth *authp; @@ -533,10 +534,11 @@ CURLcode Curl_output_digest(struct connectdata *conn, } /* append CRLF + zero (3 bytes) to the userpwd header */ - tmp = realloc(*allocuserpwd, strlen(*allocuserpwd) + 3); + userlen = strlen(*allocuserpwd); + tmp = realloc(*allocuserpwd, userlen + 3); if(!tmp) return CURLE_OUT_OF_MEMORY; - strcat(tmp, "\r\n"); + strcpy(&tmp[userlen], "\r\n"); /* append the data */ *allocuserpwd = tmp; return CURLE_OK; diff --git a/lib/mprintf.c b/lib/mprintf.c index b5b81536a..2ec4a7534 100644 --- a/lib/mprintf.c +++ b/lib/mprintf.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -203,101 +203,6 @@ static int dprintf_IsQualifierNoDollar(char c) } } -#ifdef DPRINTF_DEBUG2 -static void dprintf_Pass1Report(va_stack_t *vto, int max) -{ - int i; - char buffer[256]; - int bit; - int flags; - - for(i=0; i<max; i++) { - char *type; - switch(vto[i].type) { - case FORMAT_UNKNOWN: - type = "unknown"; - break; - case FORMAT_STRING: - type ="string"; - break; - case FORMAT_PTR: - type ="pointer"; - break; - case FORMAT_INT: - type = "int"; - break; - case FORMAT_INTPTR: - type = "intptr"; - break; - case FORMAT_LONG: - type = "long"; - break; - case FORMAT_LONGLONG: - type = "long long"; - break; - case FORMAT_DOUBLE: - type = "double"; - break; - case FORMAT_LONGDOUBLE: - type = "long double"; - break; - } - - - buffer[0]=0; - - for(bit=0; bit<31; bit++) { - flags = vto[i].flags & (1<<bit); - - if(flags & FLAGS_SPACE) - strcat(buffer, "space "); - else if(flags & FLAGS_SHOWSIGN) - strcat(buffer, "plus "); - else if(flags & FLAGS_LEFT) - strcat(buffer, "left "); - else if(flags & FLAGS_ALT) - strcat(buffer, "alt "); - else if(flags & FLAGS_SHORT) - strcat(buffer, "short "); - else if(flags & FLAGS_LONG) - strcat(buffer, "long "); - else if(flags & FLAGS_LONGLONG) - strcat(buffer, "longlong "); - else if(flags & FLAGS_LONGDOUBLE) - strcat(buffer, "longdouble "); - else if(flags & FLAGS_PAD_NIL) - strcat(buffer, "padnil "); - else if(flags & FLAGS_UNSIGNED) - strcat(buffer, "unsigned "); - else if(flags & FLAGS_OCTAL) - strcat(buffer, "octal "); - else if(flags & FLAGS_HEX) - strcat(buffer, "hex "); - else if(flags & FLAGS_UPPER) - strcat(buffer, "upper "); - else if(flags & FLAGS_WIDTH) - strcat(buffer, "width "); - else if(flags & FLAGS_WIDTHPARAM) - strcat(buffer, "widthparam "); - else if(flags & FLAGS_PREC) - strcat(buffer, "precision "); - else if(flags & FLAGS_PRECPARAM) - strcat(buffer, "precparam "); - else if(flags & FLAGS_CHAR) - strcat(buffer, "char "); - else if(flags & FLAGS_FLOATE) - strcat(buffer, "floate "); - else if(flags & FLAGS_FLOATG) - strcat(buffer, "floatg "); - } - printf("REPORT: %d. %s [%s]\n", i, type, buffer); - - } - - -} -#endif - /****************************************************************** * * Pass 1: @@ -537,10 +442,6 @@ static long dprintf_Pass1(const char *format, va_stack_t *vto, char **endpos, } } -#ifdef DPRINTF_DEBUG2 - dprintf_Pass1Report(vto, max_param); -#endif - /* Read the arg list parameters into our data list */ for(i=0; i<max_param; i++) { if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) { @@ -919,7 +820,7 @@ static int dprintf_formatf( case FORMAT_DOUBLE: { char formatbuf[32]="%"; - char *fptr; + char *fptr = &formatbuf[1]; size_t left = sizeof(formatbuf)-strlen(formatbuf); int len; @@ -936,15 +837,15 @@ static int dprintf_formatf( prec = (long)vto[p->precision].data.num.as_signed; if(p->flags & FLAGS_LEFT) - strcat(formatbuf, "-"); + *fptr++ = '-'; if(p->flags & FLAGS_SHOWSIGN) - strcat(formatbuf, "+"); + *fptr++ = '+'; if(p->flags & FLAGS_SPACE) - strcat(formatbuf, " "); + *fptr++ = ' '; if(p->flags & FLAGS_ALT) - strcat(formatbuf, "#"); + *fptr++ = '#'; - fptr=&formatbuf[strlen(formatbuf)]; + *fptr = 0; if(width >= 0) { /* RECURSIVE USAGE */ @@ -969,8 +870,8 @@ static int dprintf_formatf( *fptr = 0; /* and a final zero termination */ - /* NOTE NOTE NOTE!! Not all sprintf() implementations returns number - of output characters */ + /* NOTE NOTE NOTE!! Not all sprintf implementations return number of + output characters */ (sprintf)(work, formatbuf, p->data.dnum); for(fptr=work; *fptr; fptr++) |