replaced sprintf() with snprintf() to prevent possible buffer overflow

* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)

1 files changed, 5 insertions, 5 deletions

diff --git a/nanoftp.c b/nanoftp.c
index 03d68884..dddec74c 100644
--- a/nanoftp.c
+++ b/nanoftp.c
@@ -780,7 +780,7 @@ xmlNanoFTPSendUser(void *ctx) {
     int res;
 
     if (ctxt->user == NULL)
-	sprintf(buf, "USER anonymous\r\n");
+	snprintf(buf, sizeof(buf), "USER anonymous\r\n");
     else
 	snprintf(buf, sizeof(buf), "USER %s\r\n", ctxt->user);
     buf[sizeof(buf) - 1] = 0;
@@ -835,7 +835,7 @@ xmlNanoFTPQuit(void *ctx) {
     int len;
     int res;
 
-    sprintf(buf, "QUIT\r\n");
+    snprintf(buf, sizeof(buf), "QUIT\r\n");
     len = strlen(buf);
 #ifdef DEBUG_FTP
     xmlGenericError(xmlGenericErrorContext, "%s", buf); /* Just to be consistent, even though we know it can't have a % in it */
@@ -1257,7 +1257,7 @@ xmlNanoFTPGetConnection(void *ctx) {
     dataAddr.sin_family = AF_INET;
 
     if (ctxt->passive) {
-	sprintf(buf, "PASV\r\n");
+	snprintf(buf, sizeof(buf), "PASV\r\n");
         len = strlen(buf);
 #ifdef DEBUG_FTP
 	xmlGenericError(xmlGenericErrorContext, "%s", buf);
@@ -1546,7 +1546,7 @@ xmlNanoFTPList(void *ctx, ftpListCallback callback, void *userData,
 	ctxt->dataFd = xmlNanoFTPGetConnection(ctxt);
 	if (ctxt->dataFd == -1)
 	    return(-1);
-	sprintf(buf, "LIST -L\r\n");
+	snprintf(buf, sizeof(buf), "LIST -L\r\n");
     } else {
 	if (filename[0] != '/') {
 	    if (xmlNanoFTPCwd(ctxt, ctxt->path) < 1)
@@ -1651,7 +1651,7 @@ xmlNanoFTPGetSocket(void *ctx, const char *filename) {
     if (ctxt->dataFd == -1)
 	return(-1);
 
-    sprintf(buf, "TYPE I\r\n");
+    snprintf(buf, sizeof(buf), "TYPE I\r\n");
     len = strlen(buf);
 #ifdef DEBUG_FTP
     xmlGenericError(xmlGenericErrorContext, "%s", buf);