From 79dfdb3cd71a44ec3cd8e1dab15263837381cbbf Mon Sep 17 00:00:00 2001
From: Magnus Auvinen <magnus.auvinen@gmail.com>
Date: Mon, 11 Feb 2008 21:49:26 +0000
Subject: security audit: first batch of fixes. replaced sprintf, strcpy with
 more secure versions

---
 src/engine/e_console.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/engine/e_console.c')

diff --git a/src/engine/e_console.c b/src/engine/e_console.c
index 2c6a6bc8..db0398b4 100644
--- a/src/engine/e_console.c
+++ b/src/engine/e_console.c
@@ -359,7 +359,7 @@ void console_execute(const char *str)
 			if (console_validate(command, &result))
 			{
 				char buf[256];
-				sprintf(buf, "Invalid arguments... Usage: %s %s", command->name, command->params);
+				str_format(buf, sizeof(buf), "Invalid arguments... Usage: %s %s", command->name, command->params);
 				console_print(buf);
 			}
 			else
@@ -368,7 +368,7 @@ void console_execute(const char *str)
 		else
 		{
 			char buf[256];
-			sprintf(buf, "No such command: %s.", name);
+			str_format(buf, sizeof(buf), "No such command: %s.", name);
 			console_print(buf);
 		}
 	}
@@ -402,7 +402,7 @@ static void int_variable_command(void *result, void *user_data)
 	if (console_result_int(result, 1, &new_val))
 	{
 		char buf[256];
-		sprintf(buf, "Value: %d", data->getter(&config));
+		str_format(buf, sizeof(buf), "Value: %d", data->getter(&config));
 		console_print(buf);
 	}
 	else
@@ -419,7 +419,7 @@ static void str_variable_command(void *result, void *user_data)
 	if (console_result_string(result, 1, &new_val))
 	{
 		char buf[256];
-		sprintf(buf, "Value: %s", data->getter(&config));
+		str_format(buf, sizeof(buf), "Value: %s", data->getter(&config));
 		console_print(buf);
 	}
 	else
-- 
cgit 1.4.1