[Toybox] [PATCH] wget: do not append toybox version at runtime
Ariadne Conill
ariadne at dereferenced.org
Sat Jul 4 23:19:31 PDT 2020
The sprintf() call, while technically valid (17 bytes fits in an 18
byte allocation) trips Alpine fortify-headers due to checking for
allocations that could potentially overrun.
The call is pointless anyway -- as we are appending a constant to
another constant, it is better to just let the compiler do so and
calculate the size. This is supported by ISO C89 and later, and
thus any compiler that would be used to compile toybox.
Signed-off-by: Ariadne Conill <ariadne at dereferenced.org>
---
toys/pending/wget.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/toys/pending/wget.c b/toys/pending/wget.c
index 21d44466..75fad3f4 100644
--- a/toys/pending/wget.c
+++ b/toys/pending/wget.c
@@ -135,7 +135,7 @@ void wget_main(void)
FILE *fp;
ssize_t len, body_len;
char *body, *result, *rc, *r_str, *redir_loc = 0;
- char ua[18] = "toybox wget", hostname[1024], port[6], path[1024];
+ char ua[] = "toybox wget/" TOYBOX_VERSION, hostname[1024], port[6], path[1024];
// TODO extract filename to be saved from URL
if (!(toys.optflags & FLAG_O)) help_exit("no filename");
@@ -144,7 +144,6 @@ void wget_main(void)
if(!toys.optargs[0]) help_exit("no URL");
get_info(toys.optargs[0], hostname, port, path);
- sprintf(ua+11, "/%s", TOYBOX_VERSION);
for (;; redirects--) {
sock = conn_svr(hostname, port);
// compose HTTP request
--
2.27.0
More information about the Toybox
mailing list