Ignore:
Timestamp:
Apr 28, 2011, 1:07:43 AM (10 years ago)
Author:
Sam Hocevar
Message:

core: fix a few security issues caused by unchecked string operations,
reported in ticket #25.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • abuse/trunk/src/loader2.cpp

    r527 r545  
    9696  {
    9797    delete fp;
    98     sprintf(fn,"art/%s",filename);
     98    snprintf(fn, sizeof(fn), "art/%s", filename);
    9999    fp=open_file(fn,"rb");
    100100    if (fp->open_failure())
     
    325325      {
    326326    i++;
    327     sprintf(lsf,"addon/%s/%s.lsp",argv[i],argv[i]);
     327    snprintf(lsf, sizeof(lsf), "addon/%s/%s.lsp", argv[i], argv[i]);
    328328      }
    329329    }
     
    342342
    343343
    344   sprintf(prog,"(load \"%s\")\n",lsf);
     344  snprintf(prog, sizeof(prog), "(load \"%s\")\n", lsf);
    345345
    346346  cs=prog;
     
    358358  {
    359359    char nm[10];
    360     sprintf(nm,"l%d",z);
     360    snprintf(nm, sizeof(nm), "l%d", z);
    361361    light_buttons[z]=cache.reg("art/dev.spe",nm,SPEC_IMAGE,0);
    362362  }
     
    488488  char *s;
    489489
    490   sprintf(fn,"%s",name);
     490  snprintf(fn, sizeof(fn), "%s", name);
    491491  bFILE *fp=open_file(fn,"rb");
    492492  if (fp->open_failure())
Note: See TracChangeset for help on using the changeset viewer.