Skip to content

Commit

Permalink
RFAddReader(): use safer snprintf() instead of sprintf()
Browse files Browse the repository at this point in the history 
coverity: Event secure_coding: [VERY RISKY]. Using "sprintf" can cause a
buffer overflow when done incorrectly. Because sprintf() assumes an
arbitrarily long string, callers must be careful not to overflow the
actual space of the destination. Use snprintf() instead, or correct
precision specifiers.


git-svn-id: svn:https://anonscm.debian.org/svn/pcsclite/trunk/PCSC@5848 0ce88b0d-b2fd-0310-8134-9614164e65ea
  • Loading branch information
@LudovicRousseau
LudovicRousseau committed Jul 6, 2011
1 parent ae6d34a commit 80b85d7
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/readerfactory.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -352,7 +352,7 @@ LONG RFAddReader(const char *readerName, int port, const char *library,
(void)strlcpy(tmpReader,
sReadersContexts[dwContext]->readerState->readerName,
sizeof(sReadersContexts[dwContextB]->readerState->readerName));
sprintf(tmpReader + strlen(tmpReader) - 2, "%02X", j);
snprintf(tmpReader + strlen(tmpReader) - 2, 3, "%02X", j);

sReadersContexts[dwContextB]->library =
sReadersContexts[dwContext]->library;
Expand Down

0 comments on commit 80b85d7

Please sign in to comment.