replace trivial malloc + sprintf / strcpy calls with xstrfmt

It's a common pattern to do: foo = xmalloc(strlen(one) + strlen(two) + 1 + 1); sprintf(foo, "%s %s", one, two); (or possibly some variant with strcpy()s or a more complicated length computation). We can switch these to use xstrfmt, which is shorter, involves less error-prone manual computation, and removes many sprintf and strcpy calls which make it harder to audit the code for real buffer overflows. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Jeff King <peff@peff.net> 2015-09-24 17:07:03 -0400
committer: Junio C Hamano <gitster@pobox.com> 2015-09-25 10:18:18 -0700
commit: 75faa45ae0230b321bf72027b2274315d7e14e34 (patch)
tree: 3b4aa1b362078ba4db498a087f3330ffe7affbd8 /imap-send.c
parent: b7115a350b5c01ce0ae7a8735e4235d4b2367b5f (diff)
download: git-75faa45ae0230b321bf72027b2274315d7e14e34.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/imap-send.c b/imap-send.c
index 37ac4aa86a..e9faaeaf2a 100644
--- a/imap-send.c
+++ b/imap-send.c
@@ -889,9 +889,8 @@ static char *cram(const char *challenge_64, const char *user, const char *pass)
 	}
 
 	/* response: "<user> <digest in hex>" */
-	resp_len = strlen(user) + 1 + strlen(hex) + 1;
-	response = xmalloc(resp_len);
-	sprintf(response, "%s %s", user, hex);
+	response = xstrfmt("%s %s", user, hex);
+	resp_len = strlen(response) + 1;
 
 	response_64 = xmalloc(ENCODED_SIZE(resp_len) + 1);
 	encoded_len = EVP_EncodeBlock((unsigned char *)response_64,
author	Jeff King <peff@peff.net>	2015-09-24 17:07:03 -0400
committer	Junio C Hamano <gitster@pobox.com>	2015-09-25 10:18:18 -0700
commit	75faa45ae0230b321bf72027b2274315d7e14e34 (patch)
tree	3b4aa1b362078ba4db498a087f3330ffe7affbd8 /imap-send.c
parent	b7115a350b5c01ce0ae7a8735e4235d4b2367b5f (diff)
download	git-75faa45ae0230b321bf72027b2274315d7e14e34.tar.gz