Project

General

Profile

unsafe_sprintf.patch

shaun, 2009-10-29 21:32

View differences:

mod_geoip.c 2009-10-29 14:21:12.000000000 -0700
348 348
				}
349 349

  
350 350
				char latitude[32];
351
				sprintf(&latitude, "%f", gir->latitude);
351
				snprintf(latitude, 32, "%f", gir->latitude);
352 352
				buffer_copy_string(ds->key, "GEOIP_CITY_LATITUDE");
353 353
				buffer_copy_string(ds->value, latitude);
354 354
				array_insert_unique(con->environment, (data_unset *)ds);
......
361 361
                                }
362 362

  
363 363
                                char long_latitude[32];
364
                                sprintf(&long_latitude, "%f", gir->longitude);
364
                                snprintf(long_latitude, 32, "%f", gir->longitude);
365 365
                                buffer_copy_string(ds->key, "GEOIP_CITY_LONG_LATITUDE");
366 366
                                buffer_copy_string(ds->value, long_latitude);
367 367
                                array_insert_unique(con->environment, (data_unset *)ds);
......
374 374
                                }
375 375

  
376 376
                                char dc[5];
377
                                sprintf(&dc, "%i", gir->dma_code);
377
                                snprintf(dc, 5, "%i", gir->dma_code);
378 378
                                buffer_copy_string(ds->key, "GEOIP_CITY_DMA_CODE");
379 379
                                buffer_copy_string(ds->value, dc);
380 380
                                array_insert_unique(con->environment, (data_unset *)ds);
......
387 387
                                }
388 388

  
389 389
                                char ac[5];
390
                                sprintf(&ac, "%i", gir->area_code);
390
                                snprintf(ac, 5, "%i", gir->area_code);
391 391
                                buffer_copy_string(ds->key, "GEOIP_CITY_AREA_CODE");
392 392
                                buffer_copy_string(ds->value, ac);
393 393
                                array_insert_unique(con->environment, (data_unset *)ds);