From 2f2d74e9f2629b2c396f21f9b591865fb59d159f Mon Sep 17 00:00:00 2001 From: Robert James Kaes Date: Mon, 15 Jan 2001 17:06:19 +0000 Subject: Fixed a potential security bug in http_err. There was a possibility of a heap overflow exploit. --- src/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/utils.c b/src/utils.c index 63f4dbb..fef9ff0 100644 --- a/src/utils.c +++ b/src/utils.c @@ -1,4 +1,4 @@ -/* $Id: utils.c,v 1.2 2000-09-12 00:01:29 rjkaes Exp $ +/* $Id: utils.c,v 1.3 2001-01-15 17:06:19 rjkaes Exp $ * * Misc. routines which are used by the various functions to handle strings * and memory allocation and pretty much anything else we can think of. Also, @@ -79,7 +79,7 @@ int httperr(struct conn_s *connptr, int err, char *msg) return -1; } - sprintf(connptr->output_message, premsg, err, msg, msg, err, msg, VERSION); + snprintf(connptr->output_message, MAXBUFFSIZE, premsg, err, msg, msg, err, msg, VERSION); return 0; } -- cgit v1.2.3