checksrc: ban unsafe functions

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2006, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

# define printf curl_mprintf

# define fprintf curl_mfprintf

#ifdef CURLDEBUG

/* When built with CURLDEBUG we define away the sprintf() functions since we

/* When built with CURLDEBUG we define away the sprintf functions since we

   don't want internal code to be using them */

# define sprintf sprintf_was_used

# define vsprintf vsprintf_was_used

#                            | (__| |_| |  _ <| |___

#                             \___|\___/|_| \_\_____|

#

# Copyright (C) 2011, Daniel Stenberg, <daniel@haxx.se>, et al.

# Copyright (C) 2011 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

#

# This software is licensed as described in the file COPYING, which

# you should have received as part of this distribution. The terms

            checkwarn($line, length($1)+1, $file, $l, "missing space after close paren");

        }

        # scan for use of banned functions

        if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|gets)\s*\(/) {

            checkwarn($line, length($1), $file, $l,

                      "use of $2 is banned");

        }

        # check for open brace first on line but not first column

        # only alert if previous line ended with a close paren and wasn't a cpp

        # line

    /* filelist has at least one file, lets get first one */

    struct ftp_conn *ftpc = &conn->proto.ftpc;

    struct curl_fileinfo *finfo = wildcard->filelist->head->ptr;

    char *tmp_path = malloc(strlen(conn->data->state.path) +

                      strlen(finfo->filename) + 1);

    if(!tmp_path) {

    char *tmp_path = aprintf("%s%s", wildcard->path, finfo->filename);

    if(!tmp_path)

      return CURLE_OUT_OF_MEMORY;

    }

    tmp_path[0] = 0;

    /* make full path to matched file */

    strcat(tmp_path, wildcard->path);

    strcat(tmp_path, finfo->filename);

    /* switch default "state.pathbuffer" and tmp_path, good to see

       ftp_parse_url_path function to understand this trick */

    Curl_safefree(conn->data->state.pathbuffer);

  va_list ap;

  va_start(ap, fmt);

  vsnprintf(s, SBUF_SIZE-3, fmt, ap);

  write_len = vsnprintf(s, SBUF_SIZE-3, fmt, ap);

  va_end(ap);

  strcat(s, "\r\n"); /* append a trailing CRLF */

  strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */

  write_len +=2;

  bytes_written=0;

  write_len = strlen(s);

  res = Curl_convert_to_network(conn->data, s, write_len);

  /* Curl_convert_to_network calls failf if unsuccessful */

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

  struct timeval now;

  char **allocuserpwd;

  size_t userlen;

  const char *userp;

  const char *passwdp;

  struct auth *authp;

  }

  /* append CRLF + zero (3 bytes) to the userpwd header */

  tmp = realloc(*allocuserpwd, strlen(*allocuserpwd) + 3);

  userlen = strlen(*allocuserpwd);

  tmp = realloc(*allocuserpwd, userlen + 3);

  if(!tmp)

    return CURLE_OUT_OF_MEMORY;

  strcat(tmp, "\r\n");

  strcpy(&tmp[userlen], "\r\n"); /* append the data */

  *allocuserpwd = tmp;

  return CURLE_OK;

 *                            | (__| |_| |  _ <| |___

 *                             \___|\___/|_| \_\_____|

 *

 * Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.

 * Copyright (C) 1999 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.

 *

 * This software is licensed as described in the file COPYING, which

 * you should have received as part of this distribution. The terms

  }

}

#ifdef DPRINTF_DEBUG2

static void dprintf_Pass1Report(va_stack_t *vto, int max)

{

  int i;

  char buffer[256];

  int bit;

  int flags;

  for(i=0; i<max; i++) {

    char *type;

    switch(vto[i].type) {

    case FORMAT_UNKNOWN:

      type = "unknown";

      break;

    case FORMAT_STRING:

      type ="string";

      break;

    case FORMAT_PTR:

      type ="pointer";

      break;

    case FORMAT_INT:

      type = "int";

      break;

    case FORMAT_INTPTR:

      type = "intptr";

      break;

    case FORMAT_LONG:

      type = "long";

      break;

    case FORMAT_LONGLONG:

      type = "long long";

      break;

    case FORMAT_DOUBLE:

      type = "double";

      break;

    case FORMAT_LONGDOUBLE:

      type = "long double";

      break;

    }

    buffer[0]=0;

    for(bit=0; bit<31; bit++) {

      flags = vto[i].flags & (1<<bit);

      if(flags & FLAGS_SPACE)

        strcat(buffer, "space ");

      else if(flags & FLAGS_SHOWSIGN)

        strcat(buffer, "plus ");

      else if(flags & FLAGS_LEFT)

        strcat(buffer, "left ");

      else if(flags & FLAGS_ALT)

        strcat(buffer, "alt ");

      else if(flags & FLAGS_SHORT)

        strcat(buffer, "short ");

      else if(flags & FLAGS_LONG)

        strcat(buffer, "long ");

      else if(flags & FLAGS_LONGLONG)

        strcat(buffer, "longlong ");

      else if(flags & FLAGS_LONGDOUBLE)

        strcat(buffer, "longdouble ");

      else if(flags & FLAGS_PAD_NIL)

        strcat(buffer, "padnil ");

      else if(flags & FLAGS_UNSIGNED)

        strcat(buffer, "unsigned ");

      else if(flags & FLAGS_OCTAL)

        strcat(buffer, "octal ");

      else if(flags & FLAGS_HEX)

        strcat(buffer, "hex ");

      else if(flags & FLAGS_UPPER)

        strcat(buffer, "upper ");

      else if(flags & FLAGS_WIDTH)

        strcat(buffer, "width ");

      else if(flags & FLAGS_WIDTHPARAM)

        strcat(buffer, "widthparam ");

      else if(flags & FLAGS_PREC)

        strcat(buffer, "precision ");

      else if(flags & FLAGS_PRECPARAM)

        strcat(buffer, "precparam ");

      else if(flags & FLAGS_CHAR)

        strcat(buffer, "char ");

      else if(flags & FLAGS_FLOATE)

        strcat(buffer, "floate ");

      else if(flags & FLAGS_FLOATG)

        strcat(buffer, "floatg ");

    }

    printf("REPORT: %d. %s [%s]\n", i, type, buffer);

  }

}

#endif

/******************************************************************

 *

 * Pass 1:

    }

  }

#ifdef DPRINTF_DEBUG2

  dprintf_Pass1Report(vto, max_param);

#endif

  /* Read the arg list parameters into our data list */

  for(i=0; i<max_param; i++) {

    if((i + 1 < max_param) && (vto[i + 1].type == FORMAT_WIDTH)) {

    case FORMAT_DOUBLE:

      {

        char formatbuf[32]="%";

        char *fptr;

        char *fptr = &formatbuf[1];

        size_t left = sizeof(formatbuf)-strlen(formatbuf);

        int len;

          prec = (long)vto[p->precision].data.num.as_signed;

        if(p->flags & FLAGS_LEFT)

          strcat(formatbuf, "-");

          *fptr++ = '-';

        if(p->flags & FLAGS_SHOWSIGN)

          strcat(formatbuf, "+");

          *fptr++ = '+';

        if(p->flags & FLAGS_SPACE)

          strcat(formatbuf, " ");

          *fptr++ = ' ';

        if(p->flags & FLAGS_ALT)

          strcat(formatbuf, "#");

          *fptr++ = '#';

        fptr=&formatbuf[strlen(formatbuf)];

        *fptr = 0;

        if(width >= 0) {

          /* RECURSIVE USAGE */

        *fptr = 0; /* and a final zero termination */

        /* NOTE NOTE NOTE!! Not all sprintf() implementations returns number

           of output characters */

        /* NOTE NOTE NOTE!! Not all sprintf implementations return number of

           output characters */

        (sprintf)(work, formatbuf, p->data.dnum);

        for(fptr=work; *fptr; fptr++)