use snprintf (actually, "addr" can be supplied from outside, and if "addr"

points to shorter-than-24 buffer we will overrun buffer. bad API)
2003-07-24 04:41:13 +00:00 · 2003-07-24 04:41:13 +00:00 · 0f3017142e
commit 0f3017142e
parent f8d975a54e
1 changed files with 1 additions and 1 deletions
--- a/crypto/dist/openssl/crypto/bio/b_sock.c
+++ b/crypto/dist/openssl/crypto/bio/b_sock.c
@ -691,7 +691,7 @@ int BIO_accept(int sock, char **addr)
 			}
 		*addr=p;
 		}
-	sprintf(*addr,"%d.%d.%d.%d:%d",
+	snprintf(*addr,24,"%d.%d.%d.%d:%d",
 		(unsigned char)(l>>24L)&0xff,
 		(unsigned char)(l>>16L)&0xff,
 		(unsigned char)(l>> 8L)&0xff,