From: Daniel Stenberg Date: Thu, 24 Jun 2021 07:24:37 +0000 (+0200) Subject: examples: length-limit two sscanf() uses of %s X-Git-Tag: curl-7_78_0~93 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=42db4ccee2c2d4da99e08c516a458ec53d268aa4;p=thirdparty%2Fcurl.git examples: length-limit two sscanf() uses of %s Reported-by: Jishan Shaikh Fixes #7293 Closes #7294 --- diff --git a/docs/examples/rtsp.c b/docs/examples/rtsp.c index 2df37cb335..6f27b57ede 100644 --- a/docs/examples/rtsp.c +++ b/docs/examples/rtsp.c @@ -173,7 +173,7 @@ static void get_media_control_attribute(const char *sdp_filename, control[0] = '\0'; if(sdp_fp != NULL) { while(fgets(s, max_len - 2, sdp_fp) != NULL) { - sscanf(s, " a = control: %s", control); + sscanf(s, " a = control: %32s", control); } fclose(sdp_fp); } diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c index b6b77268ea..d55bb1e1af 100644 --- a/docs/examples/synctime.c +++ b/docs/examples/synctime.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -155,7 +155,7 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb, TmpStr1 & 2? */ AutoSyncTime = 0; else { - int RetVal = sscanf((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu", + int RetVal = sscanf((char *)(ptr), "Date: %25s %hu %s %hu %hu:%hu:%hu", TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear, &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond);