Use safer snprintf rather then sprintf in scp_recv()

While the buffer is indeed allocated to a safe length, better safe then sorry. Signed-off-by: Steven Dake <sdake@redhat.com>
2012-03-06 08:23:51 +01:00 · 2012-03-06 08:23:51 +01:00 · 8e0cddd01f
--- a/src/scp.c
+++ b/src/scp.c
@ -294,8 +294,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
            return NULL;
        }

-        /* sprintf() is fine here since we allocated a large enough buffer */
-        sprintf((char *)session->scpRecv_command, "scp -%sf ", sb?"p":"");
+        snprintf((char *)session->scpRecv_command,
+                 session->scpRecv_command_len, "scp -%sf ", sb?"p":"");

        cmd_len = strlen((char *)session->scpRecv_command);