? .version
Index: mysql-vm-routines.h
===================================================================
RCS file: /usr/cvsroot/asterisk-addons/mysql-vm-routines.h,v
retrieving revision 1.7.2.1
diff -u -r1.7.2.1 mysql-vm-routines.h
--- mysql-vm-routines.h	17 Jan 2005 22:36:45 -0000	1.7.2.1
+++ mysql-vm-routines.h	6 Feb 2005 22:31:42 -0000
@@ -60,7 +60,7 @@
 
 		/* We should at this point have the context and retval->context else we free retval and return NULL */
 		if (*retval->context) {
-			sprintf(query, "SELECT password,fullname,email,pager,options FROM users WHERE context='%s' AND mailbox='%s'", context, mailbox);
+			snprintf(query, sizeof query-1, "SELECT password,fullname,email,pager,options FROM users WHERE context='%s' AND mailbox='%s'", context, mailbox);
 		} else {
 			free(retval);
 			return(NULL);
@@ -107,11 +107,11 @@
 	char query[400];
 
 	if (*vmu->context) {
-		sprintf(query, "UPDATE users SET password='%s' WHERE context='%s' AND mailbox='%s' AND password='%s'", password, vmu->context, vmu->mailbox, vmu->password);
+		snprintf(query, sizeof query-1, "UPDATE users SET password='%s' WHERE context='%s' AND mailbox='%s' AND password='%s'", password, vmu->context, vmu->mailbox, vmu->password);
 	} else {
 		/* Lets be specific here since we can have for example exten 123 in diffrent contexts.
 		   This has the ability to update/change passwords for all users with mailbox 123. */
-		sprintf(query, "UPDATE users SET password='%s' WHERE mailbox='%s' AND password='%s' AND context='default'", password, vmu->mailbox, vmu->password);
+		snprintf(query, sizeof query-1, "UPDATE users SET password='%s' WHERE mailbox='%s' AND password='%s' AND context='default'", password, vmu->mailbox, vmu->password);
 	}
 	ast_mutex_lock(&mysqllock);
 	mysql_query(dbhandler, query);
@@ -124,11 +124,11 @@
 	char query[320];
 
 	if (context) {
-		sprintf(query, "UPDATE users SET password='%s' WHERE context='%s' AND mailbox='%s'", password, context, mailbox);
+		snprintf(query, sizeof query-1, "UPDATE users SET password='%s' WHERE context='%s' AND mailbox='%s'", password, context, mailbox);
 	} else {
 		/* Lets be specific here since we can have for example exten 123 in diffrent contexts.
 		   This has the ability to reset passwords for all users with mailbox 123. */
-		sprintf(query, "UPDATE users SET password='%s' WHERE mailbox='%s' AND context='default'", password, mailbox);
+		snprintf(query, sizeof query-1, "UPDATE users SET password='%s' WHERE mailbox='%s' AND context='default'", password, mailbox);
 	}
 	ast_mutex_lock(&mysqllock);
 	mysql_query(dbhandler, query);