Changelog
+Daniel Stenberg (8 Mar 2009)
+- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
+ curl didn't use sprintf() in a way that is documented to work in POSIX but
+ since we use our own printf() code (from libcurl) that shouldn't be a
+ problem. Nonetheless I modified the code to not rely on such particular
+ features and to not cause further raised eyebrowse with no good reason.
+
Daniel Fandrich (5 Mar 2009)
- Expanded the security section of the libcurl-tutorial man page to cover
more issues for authors to consider when writing robust libcurl-using
This release would not have looked like this without help, code, reports and
advice from friends like these:
- David James, Chris Deidun
+ Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
Thanks! (and sorry if I forgot to mention someone)
/* since strtok returns a token for the last word even
if not ending with DIR_CHAR, we need to prune it */
if (tempdir2 != NULL) {
- if (strlen(dirbuildup) > 0)
- sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir);
+ size_t dlen = strlen(dirbuildup);
+ if (dlen)
+ sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
else {
if (0 != strncmp(outdup, DIR_CHAR, 1))
- sprintf(dirbuildup,"%s",tempdir);
+ strcpy(dirbuildup, tempdir);
else
- sprintf(dirbuildup,"%s%s", DIR_CHAR, tempdir);
+ sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
}
if (access(dirbuildup, F_OK) == -1) {
result = mkdir(dirbuildup,(mode_t)0000750);