diff options
| author | Jeff Trawick <trawick@apache.org> | 2010-08-20 13:16:24 +0000 |
|---|---|---|
| committer | Jeff Trawick <trawick@apache.org> | 2010-08-20 13:16:24 +0000 |
| commit | 82d1497a6e2f3325dd135d6c0402911f1caf2e2a (patch) | |
| tree | a937a29bff054969efca9a89007a2bcc9e12b5c2 /support/htdigest.c | |
| parent | 6e66831b4ae6801fd5739b9799dec076ea6d16ed (diff) | |
| download | httpd-82d1497a6e2f3325dd135d6c0402911f1caf2e2a.tar.gz | |
Fortify falsely complained that the sprintf() result was unbounded.
We may as well use apr_snprintf() though, as well as comment on the
available space for "::\0" (for people like me).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@987498 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support/htdigest.c')
| -rw-r--r-- | support/htdigest.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/support/htdigest.c b/support/htdigest.c index b92d2eb4e9..6a0e26f123 100644 --- a/support/htdigest.c +++ b/support/htdigest.c @@ -124,7 +124,7 @@ static void add_password(const char *user, const char *realm, apr_file_t *f) char *pw; apr_md5_ctx_t context; unsigned char digest[16]; - char string[3 * MAX_STRING_LEN]; + char string[3 * MAX_STRING_LEN]; /* this includes room for 2 * ':' + '\0' */ char pwin[MAX_STRING_LEN]; char pwv[MAX_STRING_LEN]; unsigned int i; @@ -144,7 +144,7 @@ static void add_password(const char *user, const char *realm, apr_file_t *f) apr_file_printf(f, "%s:%s:", user, realm); /* Do MD5 stuff */ - sprintf(string, "%s:%s:%s", user, realm, pw); + apr_snprintf(string, sizeof(string), "%s:%s:%s", user, realm, pw); apr_md5_init(&context); #if APR_CHARSET_EBCDIC |