summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorRobert James Kaes <rjkaes@users.sourceforge.net>2001-01-15 17:06:19 +0000
committerRobert James Kaes <rjkaes@users.sourceforge.net>2001-01-15 17:06:19 +0000
commit2f2d74e9f2629b2c396f21f9b591865fb59d159f (patch)
tree8e2bddbc49701ea67513cc5e6dfabc97c30ffd7f /src
parentcc704ae7a73b21ea2c21b8e58953cdece62f81ac (diff)
downloadtinyproxy-2f2d74e9f2629b2c396f21f9b591865fb59d159f.tar.gz
tinyproxy-2f2d74e9f2629b2c396f21f9b591865fb59d159f.zip
Fixed a potential security bug in http_err. There was a possibility of a
heap overflow exploit.
Diffstat (limited to 'src')
-rw-r--r--src/utils.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/utils.c b/src/utils.c
index 63f4dbb..fef9ff0 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -1,4 +1,4 @@
-/* $Id: utils.c,v 1.2 2000-09-12 00:01:29 rjkaes Exp $
+/* $Id: utils.c,v 1.3 2001-01-15 17:06:19 rjkaes Exp $
*
* Misc. routines which are used by the various functions to handle strings
* and memory allocation and pretty much anything else we can think of. Also,
@@ -79,7 +79,7 @@ int httperr(struct conn_s *connptr, int err, char *msg)
return -1;
}
- sprintf(connptr->output_message, premsg, err, msg, msg, err, msg, VERSION);
+ snprintf(connptr->output_message, MAXBUFFSIZE, premsg, err, msg, msg, err, msg, VERSION);
return 0;
}