Possible unsafe sprintf in AdjustWebSocketHost()

NEW
Unassigned

Status

defect
8 years ago
5 years ago

People

(Reporter: Dolske, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [pvs-studio])

From http://www.viva64.com/en/a/0078/,
11th section in http://www.viva64.com/external-pictures/txt/mozilla-test.txt

V541 It is dangerous to print the string 'newhost' into itself.
ssltunnel.cpp 531

bool AdjustWebSocketHost(relayBuffer& buffer, connection_info_t *ci)
{
  ...
  sprintf(newhost, "%s:%d", newhost, PR_ntohs(inet_addr.inet.port));
  ...
}

I think there could be used new buffer.
Blocks: 710966
You need to log in before you can comment on or make changes to this bug.