CLEANUP: tcpcheck: remove the only occurrence of sprintf() in the code

There's a single sprintf() in the whole code, in the "option smtpchk"
parser in tcpcheck.c. Let's turn it to a safer snprintf().

diff --git a/src/tcpcheck.c b/src/tcpcheck.c
index 085f42768a17389da26f096395ad10efc93d86c4..55fd190cf263f80121a2f65ac9f4f7bd9346db47 100644 (file)
--- a/src/tcpcheck.c
+++ b/src/tcpcheck.c
@@ -4262,9 +4262,10 @@ int proxy_parse_smtpchk_opt(char **args, int cur_arg, struct proxy *curpx, const
        if (*args[cur_arg] && *args[cur_arg+1] &&
            (strcmp(args[cur_arg], "EHLO") == 0 || strcmp(args[cur_arg], "HELO") == 0)) {
                /* <EHLO|HELO> + space (1) + <host> + null byte (1) */
-               cmd = calloc(strlen(args[cur_arg]) + 1 + strlen(args[cur_arg+1]) + 1, sizeof(*cmd));
+               size_t len = strlen(args[cur_arg]) + 1 + strlen(args[cur_arg+1]) + 1;
+               cmd = calloc(len, 1);
                if (cmd)
-                       sprintf(cmd, "%s %s", args[cur_arg], args[cur_arg+1]);
+                       snprintf(cmd, len, "%s %s", args[cur_arg], args[cur_arg+1]);
        }
        else {
                /* this just hits the default for now, but you could potentially expand it to allow for other stuff