From: Seonah Moon <seonah1.moon@samsung.com>
Date: Fri, 17 Jun 2016 02:06:06 +0000 (+0900)
Subject: [WGID 101577] Replace sprintf with snprintf
X-Git-Tag: submit/tizen/20160617.081742^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3086306811b0d8f92d839264f4df089df35dc679;p=platform%2Fcore%2Fapi%2Fhttp.git

[WGID 101577] Replace sprintf with snprintf

Change-Id: Ieedbf043a3f9383644aed154a1527de8a68aabad
Signed-off-by: Seonah Moon <seonah1.moon@samsung.com>
---

diff --git a/include/http.h b/include/http.h
index 2e2a137..d5d1527 100644
--- a/include/http.h
+++ b/include/http.h
@@ -1008,7 +1008,7 @@ int http_transaction_get_http_auth_scheme(http_transaction_h http_transaction, h
  * @since_tizen 3.0
  * @remarks The @a realm should be freed using free().
  * @param[in]  http_transaction  The http transaction handle
- * @param[out] realm  	 The http realm value
+ * @param[out] realm  	 The http authentication realm value
  * @return 0 on success, otherwise negative error value
  * @retval  #HTTP_ERROR_NONE  Successful
  * @retval  #HTTP_ERROR_INVALID_PARAMETER  Invalid parameter
diff --git a/packaging/capi-network-http.spec b/packaging/capi-network-http.spec
index 9c52973..2db5826 100644
--- a/packaging/capi-network-http.spec
+++ b/packaging/capi-network-http.spec
@@ -1,6 +1,6 @@
 Name:		capi-network-http
 Summary:	Http Framework
-Version:	0.0.8
+Version:	0.0.9
 Release:	0
 Group:		System/Network
 License:	Apache-2.0
diff --git a/src/http_transaction.c b/src/http_transaction.c
index 9a0eed0..11689da 100644
--- a/src/http_transaction.c
+++ b/src/http_transaction.c
@@ -271,27 +271,31 @@ int _transaction_submit(gpointer user_data)
 		gchar *user_name = NULL;
 		gchar *password = NULL;
 		gchar *credentials = NULL;
+		int credentials_len = 0;
 
 		http_transaction_get_credentials(transaction, &user_name, &password);
-		credentials = (gchar *)malloc(sizeof(gchar) * (strlen(user_name) + 1 + strlen(password) + 1));
-		sprintf(credentials, "%s:%s", (gchar*)user_name, (gchar*)password);
-		free(user_name);
-		free(password);
+		credentials_len = sizeof(gchar) * (strlen(user_name) + 1 + strlen(password) + 1);
+		credentials = (gchar *)malloc(credentials_len);
+		if (credentials) {
+			snprintf(credentials, credentials_len, "%s:%s", (gchar*)user_name, (gchar*)password);
+			free(user_name);
+			free(password);
 
-		http_transaction_get_http_auth_scheme(transaction, &auth_scheme);
+			http_transaction_get_http_auth_scheme(transaction, &auth_scheme);
 
-		curl_auth_scheme = _get_http_curl_auth_scheme(auth_scheme);
+			curl_auth_scheme = _get_http_curl_auth_scheme(auth_scheme);
 
-		if (transaction->proxy_auth_type) {
+			if (transaction->proxy_auth_type) {
 
-			curl_easy_setopt(transaction->easy_handle, CURLOPT_PROXYAUTH, curl_auth_scheme);
-			curl_easy_setopt(transaction->easy_handle, CURLOPT_PROXYUSERPWD, credentials);
+				curl_easy_setopt(transaction->easy_handle, CURLOPT_PROXYAUTH, curl_auth_scheme);
+				curl_easy_setopt(transaction->easy_handle, CURLOPT_PROXYUSERPWD, credentials);
 
-		} else {
-			curl_easy_setopt(transaction->easy_handle, CURLOPT_HTTPAUTH, curl_auth_scheme);
-			curl_easy_setopt(transaction->easy_handle, CURLOPT_USERPWD, credentials);
+			} else {
+				curl_easy_setopt(transaction->easy_handle, CURLOPT_HTTPAUTH, curl_auth_scheme);
+				curl_easy_setopt(transaction->easy_handle, CURLOPT_USERPWD, credentials);
+			}
+			free(credentials);
 		}
-		free(credentials);
 	}
 	//LCOV_EXCL_STOP