From 8e0cddd01fc2b6acf52ecdac93f0536e4db6b21b Mon Sep 17 00:00:00 2001
From: Steven Dake <sdake@redhat.com>
Date: Tue, 6 Mar 2012 08:23:51 +0100
Subject: [PATCH] Use safer snprintf rather then sprintf in scp_recv()

While the buffer is indeed allocated to a safe length, better safe then sorry.

Signed-off-by: Steven Dake <sdake@redhat.com>
---
 src/scp.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/scp.c b/src/scp.c
index 649c2a6..c0f77cc 100644
--- a/src/scp.c
+++ b/src/scp.c
@@ -294,8 +294,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb)
             return NULL;
         }
 
-        /* sprintf() is fine here since we allocated a large enough buffer */
-        sprintf((char *)session->scpRecv_command, "scp -%sf ", sb?"p":"");
+        snprintf((char *)session->scpRecv_command,
+                 session->scpRecv_command_len, "scp -%sf ", sb?"p":"");
 
         cmd_len = strlen((char *)session->scpRecv_command);