projects / mmh / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* Bug #15213, #18635: The use of the insecure m_scratch() and
[mmh] / sbr / m_scratch.c
diff --git a/sbr/m_scratch.c b/sbr/m_scratch.c
index 30601f1..353da56 100644 (file)
--- a/sbr/m_scratch.c
+++ b/sbr/m_scratch.c
@@ -11,7 +11,10 @@
 
 #include <h/mh.h>
 
-
+/***************************************************************************
+ * DO NOT USE THIS FUNCTION!  IT WILL BE REMOVED IN THE FUTURE.
+ * THIS FUNCTION IS INSECURE.  USE THE FUNCTIONS DEFINED IN m_mktemp.c.
+ ***************************************************************************/
 char *
 m_scratch (char *file, char *template)
 {
@@ -33,7 +36,7 @@ m_scratch (char *file, char *template)
     if ((cp = r1bindex (file, '/')) == file)
        strncpy (buffer, tmpfil, sizeof(buffer));
     else
-       snprintf (buffer, sizeof(buffer), "%.*s%s", cp - file, file, tmpfil);
+       snprintf (buffer, sizeof(buffer), "%.*s%s", (int)(cp - file), file, tmpfil);
     unlink (buffer);
 
     return buffer;
meillo's mail handler