1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

eliminate snprintf

The two cases where I introduced snprintf are either already
safe for buffer overflow or can be made so with one extra
statement, allowing sprintf.

Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
Andy Green 2013-02-12 10:07:22 +08:00
parent 7a506ba5cb
commit cecf5e73cf
2 changed files with 8 additions and 16 deletions

View file

@ -710,8 +710,6 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context,
struct libwebsocket_extension *ext1;
int ext_count = 0;
#endif
static const char magic_websocket_guid[] =
"258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
/*
* create the random key
@ -841,12 +839,9 @@ libwebsockets_generate_client_handshake(struct libwebsocket_context *context,
/* prepare the expected server accept response */
#ifdef WIN32
n = _snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid);
#else
n = snprintf(buf, sizeof(buf), "%s%s", key_b64, magic_websocket_guid);
#endif
buf[sizeof(buf) - 1] = '\0';
key_b64[39] = '\0'; /* enforce composed length below buf sizeof */
n = sprintf(buf, "%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11", key_b64);
SHA1((unsigned char *)buf, n, (unsigned char *)hash);
lws_b64_encode_string(hash, 20,

View file

@ -56,14 +56,11 @@ handshake_0405(struct libwebsocket_context *context, struct libwebsocket *wsi)
goto bail;
}
// TODO: Use a truly platform independent snprintf implementation isntead! http://www.ijs.si/software/snprintf/ maybe?
#ifdef WIN32
n = _snprintf(
#else
n = snprintf(
#endif
(char *)context->service_buffer,
sizeof(context->service_buffer),
/*
* since key length is restricted above (currently 128), cannot
* overflow
*/
n = sprintf((char *)context->service_buffer,
"%s258EAFA5-E914-47DA-95CA-C5AB0DC85B11",
lws_hdr_simple_ptr(wsi, WSI_TOKEN_KEY));