From: Willy Tarreau <w@1wt.eu>
Date: Mon, 14 Apr 2014 13:27:14 +0000 (+0200)
Subject: BUILD/MEDIUM: http: remove calls to sprintf()
X-Git-Tag: v1.5-dev23~52
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e9187f8263ec1aa93379479c0454981746a543a8;p=thirdparty%2Fhaproxy.git

BUILD/MEDIUM: http: remove calls to sprintf()

OpenBSD complains about this use of sprintf() :

src/proto_http.o(.text+0xb0e6): In function `http_process_request':
src/proto_http.c:4127: warning: sprintf() is often misused, please use snprintf()

Here there's no risk as the strings are way shorter than the buffer size
but let's fix it anyway.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index c23fa541f3..1a8a6d92ff 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -4053,7 +4053,7 @@ int http_process_request(struct session *s, struct channel *req, int an_bit)
 					len = s->fe->fwdfor_hdr_len;
 					memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
 				}
-				len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
+				len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
 
 				if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
 					goto return_bad_req;
@@ -4081,7 +4081,7 @@ int http_process_request(struct session *s, struct channel *req, int an_bit)
 				len = s->fe->fwdfor_hdr_len;
 				memcpy(trash.str, s->fe->fwdfor_hdr_name, len);
 			}
-			len += sprintf(trash.str + len, ": %s", pn);
+			len += snprintf(trash.str + len, trash.size - len, ": %s", pn);
 
 			if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
 				goto return_bad_req;
@@ -4124,7 +4124,7 @@ int http_process_request(struct session *s, struct channel *req, int an_bit)
 					len = s->fe->orgto_hdr_len;
 					memcpy(trash.str, s->fe->orgto_hdr_name, len);
 				}
-				len += sprintf(trash.str + len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
+				len += snprintf(trash.str + len, trash.size - len, ": %d.%d.%d.%d", pn[0], pn[1], pn[2], pn[3]);
 
 				if (unlikely(http_header_add_tail2(&txn->req, &txn->hdr_idx, trash.str, len) < 0))
 					goto return_bad_req;