diff --git a/sched/sched_util_basic.cpp b/sched/sched_util_basic.cpp index 2851f02649..6a9181069f 100644 --- a/sched/sched_util_basic.cpp +++ b/sched/sched_util_basic.cpp @@ -192,7 +192,7 @@ int check_download_file(const char* file_path, const char* dl_hier_path) { return -2; } - sprintf(md5_file_path, "%s.md5", dl_hier_path); + snprintf(md5_file_path, MAXPATHLEN, "%s.md5", dl_hier_path); if (boinc_file_exists(md5_file_path)) { retval = read_file_string(md5_file_path, file_content); if (retval) { @@ -211,7 +211,7 @@ int check_download_file(const char* file_path, const char* dl_hier_path) { if (retval) { return -2; } - int hashes_equal = !strcmp(md5_hash_src, md5_hash_dst); + int hashes_equal = !strncmp(md5_hash_src, md5_hash_dst, MD5_LEN); if (md5_file_exists && hashes_equal) { // the right file with correct .md5 is there return 0; diff --git a/tools/stage_file_native.cpp b/tools/stage_file_native.cpp index b634d22bd4..6b1a514c7b 100644 --- a/tools/stage_file_native.cpp +++ b/tools/stage_file_native.cpp @@ -40,7 +40,7 @@ static int create_md5_file(const char* file_path, const char* md5_file_path, boo return retval; } - sprintf(path, "%s.md5", md5_file_path); + snprintf(path, MAXPATHLEN, "%s.md5", md5_file_path); md5_filep = boinc_fopen(path, "w"); if (!md5_filep) { return ERR_FOPEN; @@ -134,7 +134,7 @@ int stage_file( std::stringstream file_buf; file_buf << file.rdbuf(); - sprintf(gz_path, "%s.gz", dl_hier_path); + snprintf(gz_path, MAXPATHLEN, "%s.gz", dl_hier_path); gzFile gz = gzopen(gz_path, "w"); if (!gz) { fprintf(stderr, "failed to open gz: %s\n", strerror(errno)); @@ -225,13 +225,13 @@ int main(int argc, char** argv) { usage(1); } } - sprintf(path, "%s", argv[argc - 1]); + snprintf(path, MAXPATHLEN, "%s", argv[argc - 1]); if (is_dir(path)) { std::string file_name; DirScanner dir(path); while (dir.scan(file_name)) { - sprintf(file_path, "%s/%s", path, file_name.c_str()); + snprintf(file_path, MAXPATHLEN, "%s/%s", path, file_name.c_str()); if (!is_file(file_path)) { continue; }