http server: sprintf is considered deprecated

Because it is typically associated with insecure code, use of sprintf is discouraged. Note that our usage was actually quite careful and not insecure, but its mere presence raises concern especially by parties who are unwilling or unable to assess the actual code for correctness. A better choice here would be strlcat, but strlcat is not universally available. (cherry picked from commit d0d48cad89532c56742d85e898f749e587fe32b7)
author: Garrett D'Amore <garrett@damore.org> 2024-11-30 08:53:17 -0500
committer: Garrett D'Amore <garrett@damore.org> 2025-03-16 18:03:11 -0700
commit: ea7f41042e2e3f91f943e9253439429ac72dc50e (patch)
tree: bafc3781e2c69f579258bd8a3218e59a669929b9
parent: d98d3ec1e0c3230a6f9e60616180ac66f5791a5b (diff)
download: nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.tar.gz
nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.tar.bz2
nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c
index 42ff5dd9..9884a96a 100644
--- a/src/supplemental/http/http_server.c
+++ b/src/supplemental/http/http_server.c
@@ -1580,7 +1580,8 @@ http_handle_dir(nni_aio *aio)
 
 	rv = 0;
 	if (nni_file_is_dir(pn)) {
-		sprintf(dst, "%s%s", NNG_PLATFORM_DIR_SEP, "index.html");
+		snprintf(dst, pnsz - strlen(pn), "%s%s", NNG_PLATFORM_DIR_SEP,
+		    "index.html");
 		if (!nni_file_is_file(pn)) {
 			pn[strlen(pn) - 1] = '\0'; // index.html -> index.htm
 			if (!nni_file_is_file(pn)) {
author	Garrett D'Amore <garrett@damore.org>	2024-11-30 08:53:17 -0500
committer	Garrett D'Amore <garrett@damore.org>	2025-03-16 18:03:11 -0700
commit	ea7f41042e2e3f91f943e9253439429ac72dc50e (patch)
tree	bafc3781e2c69f579258bd8a3218e59a669929b9
parent	d98d3ec1e0c3230a6f9e60616180ac66f5791a5b (diff)
download	nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.tar.gz nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.tar.bz2 nng-ea7f41042e2e3f91f943e9253439429ac72dc50e.zip