Subject: [PATCH] Use safer snprintf rather then sprintf in scp_send()

[PATCH] Use safer snprintf rather then sprintf in scp_send()

From: Steven Dake <sdake_at_redhat.com>
Date: Tue, 6 Mar 2012 00:33:57 -0700

Signed-off-by: Steven Dake <sdake_at_redhat.com>

---
 src/scp.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/scp.c b/src/scp.c
index a40f7e9..5534b02 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -795,8 +795,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
             return NULL;
         }
 
-        sprintf((char *)session->scpSend_command, "scp -%st ",
-                (mtime || atime)?"p":"");
+        snprintf((char *)session->scpSend_command, session->scpSend_command_len,
+            "scp -%st ", (mtime || atime)?"p":"");
 
         cmd_len = strlen((char *)session->scpSend_command);
 
-- 
1.7.7.6
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Received on 2012-03-06