diff options
| author | Garrett D'Amore <garrett@damore.org> | 2024-11-30 08:53:17 -0500 |
|---|---|---|
| committer | Garrett D'Amore <garrett@damore.org> | 2024-12-01 07:02:49 -0500 |
| commit | d0d48cad89532c56742d85e898f749e587fe32b7 (patch) | |
| tree | b20ce0ce7a01d51c5b6d44c75aaa2e0525c43db6 /src | |
| parent | 87bc256c8ad5f76c54167c02678abc7e4a7e26e6 (diff) | |
| download | nng-d0d48cad89532c56742d85e898f749e587fe32b7.tar.gz nng-d0d48cad89532c56742d85e898f749e587fe32b7.tar.bz2 nng-d0d48cad89532c56742d85e898f749e587fe32b7.zip | |
http server: sprintf is considered deprecated
Because it is typically associated with insecure code, use of sprintf
is discouraged. Note that our usage was actually quite careful and
not insecure, but its mere presence raises concern especially by parties
who are unwilling or unable to assess the actual code for correctness.
A better choice here would be strlcat, but strlcat is not universally
available.
Diffstat (limited to 'src')
| -rw-r--r-- | src/supplemental/http/http_server.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c index aa397f00..49203a1c 100644 --- a/src/supplemental/http/http_server.c +++ b/src/supplemental/http/http_server.c @@ -1571,7 +1571,8 @@ http_handle_dir(nni_aio *aio) rv = 0; if (nni_file_is_dir(pn)) { - sprintf(dst, "%s%s", NNG_PLATFORM_DIR_SEP, "index.html"); + snprintf(dst, pnsz - strlen(pn), "%s%s", NNG_PLATFORM_DIR_SEP, + "index.html"); if (!nni_file_is_file(pn)) { pn[strlen(pn) - 1] = '\0'; // index.html -> index.htm if (!nni_file_is_file(pn)) { |