From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 24 Feb 2023 07:38:19 +0000 (+0100)
Subject: krb5: avoid sscanf for parsing
X-Git-Tag: curl-8_0_0~152
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5ed7417d2fe4c8ccfd3e691280bfb4287b063167;p=thirdparty%2Fcurl.git

krb5: avoid sscanf for parsing

Closes #10599
---

diff --git a/lib/krb5.c b/lib/krb5.c
index 08ebfa8b6e..5484447688 100644
--- a/lib/krb5.c
+++ b/lib/krb5.c
@@ -721,8 +721,7 @@ int Curl_sec_read_msg(struct Curl_easy *data, struct connectdata *conn,
     return 0;
 
   if(buf[3] != '-')
-    /* safe to ignore return code */
-    (void)sscanf(buf, "%d", &ret_code);
+    ret_code = atoi(buf);
 
   if(buf[decoded_len - 1] == '\n')
     buf[decoded_len - 1] = '\0';
@@ -765,8 +764,9 @@ static int sec_set_protection_level(struct Curl_easy *data)
 
     pbsz = strstr(data->state.buffer, "PBSZ=");
     if(pbsz) {
-      /* ignore return code, use default value if it fails */
-      (void)sscanf(pbsz, "PBSZ=%u", &buffer_size);
+      /* stick to default value if the check fails */
+      if(!strncmp(pbsz, "PBSZ=", 5) && ISDIGIT(pbsz[5]))
+        buffer_size = atoi(&pbsz[5]);
       if(buffer_size < conn->buffer_size)
         conn->buffer_size = buffer_size;
     }