From d0d48cad89532c56742d85e898f749e587fe32b7 Mon Sep 17 00:00:00 2001 From: Garrett D'Amore Date: Sat, 30 Nov 2024 08:53:17 -0500 Subject: http server: sprintf is considered deprecated Because it is typically associated with insecure code, use of sprintf is discouraged. Note that our usage was actually quite careful and not insecure, but its mere presence raises concern especially by parties who are unwilling or unable to assess the actual code for correctness. A better choice here would be strlcat, but strlcat is not universally available. --- src/supplemental/http/http_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/supplemental/http/http_server.c b/src/supplemental/http/http_server.c index aa397f00..49203a1c 100644 --- a/src/supplemental/http/http_server.c +++ b/src/supplemental/http/http_server.c @@ -1571,7 +1571,8 @@ http_handle_dir(nni_aio *aio) rv = 0; if (nni_file_is_dir(pn)) { - sprintf(dst, "%s%s", NNG_PLATFORM_DIR_SEP, "index.html"); + snprintf(dst, pnsz - strlen(pn), "%s%s", NNG_PLATFORM_DIR_SEP, + "index.html"); if (!nni_file_is_file(pn)) { pn[strlen(pn) - 1] = '\0'; // index.html -> index.htm if (!nni_file_is_file(pn)) { -- cgit v1.2.3-70-g09d2