eliminate snprintf

The two cases where I introduced snprintf are either already
safe for buffer overflow or can be made so with one extra
statement, allowing sprintf.

Signed-off-by: Andy Green <andy.green@linaro.org>

lib/client.c

@@ -710,8 +710,6 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context,
 	struct libwebsocket_extension *ext1;
 	int ext_count = 0;
 #endif
-	static const char magic_websocket_guid[] =
-					 "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
 
 	/*
 	 * create the random key
@@ -841,12 +839,9 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context,
 
 	/* prepare the expected server accept response */
 
-#ifdef WIN32
-	n = _snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid);
-#else
-	n = snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid);
-#endif
-	buf[sizeof(buf) - 1] = '\0';
+	key_b64[39] = '\0'; /* enforce composed length below buf sizeof */
+	n = sprintf(buf, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", key_b64);
+
 	SHA1((unsigned char *)buf, n, (unsigned char *)hash);
 
 	lws_b64_encode_string(hash, 20,

lib/server-handshake.c

@@ -56,14 +56,11 @@ handshake_0405(struct libwebsocket_context *context, struct libwebsocket *wsi)
 		goto bail;
 	}
 
-	// TODO: Use a truly platform independent snprintf implementation isntead! http://www.ijs.si/software/snprintf/ maybe?
-	#ifdef WIN32
-	n = _snprintf(
-	#else
-	n = snprintf(
-	#endif
-		(char *)context->service_buffer,
-			sizeof(context->service_buffer),
+	/*
+	 * since key length is restricted above (currently 128), cannot
+	 * overflow
+	 */
+	n = sprintf((char *)context->service_buffer,
 				"%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
 				lws_hdr_simple_ptr(wsi, WSI_TOKEN_KEY));