From: Greg Hudson Date: Mon, 1 Dec 2008 17:09:59 +0000 (+0000) Subject: Convert many uses of sprintf to snprintf or asprintf X-Git-Tag: krb5-1.7-alpha1~191 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=0692bffad6dbd696b2817f59ee7dd2e7e38ceb4b;p=krb5.git Convert many uses of sprintf to snprintf or asprintf ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/forward.c b/src/appl/bsd/forward.c index 53f67e667..a055da290 100644 --- a/src/appl/bsd/forward.c +++ b/src/appl/bsd/forward.c @@ -54,7 +54,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket, ccache) * the rlogind or rshd. Set the environment variable as well. */ - sprintf(ccname, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid()); setenv("KRB5CCNAME", ccname, 1); retval = krb5_cc_resolve(context, ccname, ccache); diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 7d22d5905..755314338 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -205,7 +205,7 @@ kcmd_connect (int *sp, int *addrfamilyp, struct sockaddr_in *sockinp, fprintf(stderr, "can't connect to %s port 0\n", hname); return -1; } - sprintf(rport_buf, "%d", ntohs(rport)); + snprintf(rport_buf, sizeof(rport_buf), "%d", ntohs(rport)); memset(&aihints, 0, sizeof(aihints)); aihints.ai_socktype = SOCK_STREAM; aihints.ai_flags = AI_CANONNAME; @@ -334,7 +334,7 @@ setup_secondary_channel (int s, int *fd2p, int *lportp, int *addrfamilyp, FD_SET(s, &xfds); listen(s2, 1); FD_SET(s2, &rfds); - (void) sprintf(num, "%d", *lportp); + (void) snprintf(num, sizeof(num), "%d", *lportp); slen = strlen(num)+1; if (write(s, num, slen) != slen) { perror("write: setting up stderr"); diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index c791aaac4..24994ef5a 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -146,7 +146,6 @@ int main(argc, argv) char *targ, *host, *src; char *suser, *tuser, *thost; int i; - unsigned int cmdsiz = 30; char buf[RCP_BUFSIZ], cmdbuf[30]; char *cmd = cmdbuf; struct servent *sp; @@ -299,33 +298,25 @@ int main(argc, argv) } #ifdef KERBEROS - if (krb_realm != NULL) - cmdsiz += strlen(krb_realm); - if (krb_cache != NULL) - cmdsiz += strlen(krb_cache); - if (krb_config != NULL) - cmdsiz += strlen(krb_config); - - if ((cmd = (char *)malloc(cmdsiz)) == NULL) { + if (asprintf(&cmd, "%srcp %s%s%s%s%s%s%s%s%s", + encryptflag ? "-x " : "", + + iamrecursive ? " -r" : "", pflag ? " -p" : "", + targetshouldbedirectory ? " -d" : "", + krb_realm != NULL ? " -k " : "", + krb_realm != NULL ? krb_realm : "", + krb_cache != NULL ? " -c " : "", + krb_cache != NULL ? krb_cache : "", + krb_config != NULL ? " -C " : "", + krb_config != NULL ? krb_config : "") < 0) { fprintf(stderr, "rcp: Cannot malloc.\n"); exit(1); } - (void) sprintf(cmd, "%srcp %s%s%s%s%s%s%s%s%s", - encryptflag ? "-x " : "", - - iamrecursive ? " -r" : "", pflag ? " -p" : "", - targetshouldbedirectory ? " -d" : "", - krb_realm != NULL ? " -k " : "", - krb_realm != NULL ? krb_realm : "", - krb_cache != NULL ? " -c " : "", - krb_cache != NULL ? krb_cache : "", - krb_config != NULL ? " -C " : "", - krb_config != NULL ? krb_config : ""); #else /* !KERBEROS */ - (void) sprintf(cmd, "rcp%s%s%s", - iamrecursive ? " -r" : "", pflag ? " -p" : "", - targetshouldbedirectory ? " -d" : ""); + (void) snprintf(cmd, sizeof(cmdbuf), "rcp%s%s%s", + iamrecursive ? " -r" : "", pflag ? " -p" : "", + targetshouldbedirectory ? " -d" : ""); #endif /* KERBEROS */ #ifdef POSIX_SIGNALS @@ -389,22 +380,22 @@ int main(argc, argv) suser = pwd->pw_name; else if (!okname(suser)) continue; - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), #if defined(hpux) || defined(__hpux) - "remsh %s -l %s -n %s %s '%s%s%s:%s'", + "remsh %s -l %s -n %s %s '%s%s%s:%s'", #else - "rsh %s -l %s -n %s %s '%s%s%s:%s'", + "rsh %s -l %s -n %s %s '%s%s%s:%s'", #endif - host, suser, cmd, src, - tuser ? tuser : "", - tuser ? "@" : "", + host, suser, cmd, src, + tuser ? tuser : "", + tuser ? "@" : "", thost, targ); } else - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), #if defined(hpux) || defined(__hpux) - "remsh %s -n %s %s '%s%s%s:%s'", + "remsh %s -n %s %s '%s%s%s:%s'", #else - "rsh %s -n %s %s '%s%s%s:%s'", + "rsh %s -n %s %s '%s%s%s:%s'", #endif argv[i], cmd, src, tuser ? tuser : "", @@ -414,8 +405,8 @@ int main(argc, argv) } else { /* local to remote */ krb5_creds *cred; if (rem == -1) { - (void) sprintf(buf, "%s -t %s", - cmd, targ); + (void) snprintf(buf, sizeof(buf), "%s -t %s", + cmd, targ); host = thost; #ifdef KERBEROS authopts = AP_OPTS_MUTUAL_REQUIRED; @@ -525,10 +516,10 @@ int main(argc, argv) } } if (src == 0) { /* local to local */ - (void) sprintf(buf, "/bin/cp%s%s %s %s", - iamrecursive ? " -r" : "", - pflag ? " -p" : "", - argv[i], argv[argc - 1]); + (void) snprintf(buf, sizeof(buf), "/bin/cp%s%s %s %s", + iamrecursive ? " -r" : "", + pflag ? " -p" : "", + argv[i], argv[argc - 1]); (void) susystem(buf); } else { /* remote to local */ krb5_creds *cred; @@ -547,7 +538,7 @@ int main(argc, argv) host = argv[i]; suser = pwd->pw_name; } - (void) sprintf(buf, "%s -f %s", cmd, src); + (void) snprintf(buf, sizeof(buf), "%s -f %s", cmd, src); #ifdef KERBEROS authopts = AP_OPTS_MUTUAL_REQUIRED; status = kcmd(&sock, &host, @@ -812,16 +803,16 @@ void source(argc, argv) * Make it compatible with possible future * versions expecting microseconds. */ - (void) sprintf(buf, "T%ld 0 %ld 0\n", - stb.st_mtime, stb.st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + stb.st_mtime, stb.st_atime); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { (void) close(f); continue; } } - (void) sprintf(buf, "C%04o %ld %s\n", - (int) stb.st_mode&07777, (long ) stb.st_size, last); + (void) snprintf(buf, sizeof(buf), "C%04o %ld %s\n", + (int) stb.st_mode&07777, (long ) stb.st_size, last); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { (void) close(f); @@ -881,16 +872,16 @@ void rsource(name, statp) else last++; if (pflag) { - (void) sprintf(buf, "T%ld 0 %ld 0\n", - statp->st_mtime, statp->st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + statp->st_mtime, statp->st_atime); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { closedir(d); return; } } - (void) sprintf(buf, "D%04lo %d %s\n", (long) statp->st_mode&07777, 0, - last); + (void) snprintf(buf, sizeof(buf), "D%04lo %d %s\n", + (long) statp->st_mode&07777, 0, last); (void) rcmd_stream_write(rem, buf, strlen(buf), 0); if (response() < 0) { closedir(d); @@ -905,7 +896,7 @@ void rsource(name, statp) error("%s/%s: Name too long.\n", name, dp->d_name); continue; } - (void) sprintf(buf, "%s/%s", name, dp->d_name); + (void) snprintf(buf, sizeof(buf), "%s/%s", name, dp->d_name); bufv[0] = buf; source(1, bufv); } @@ -1092,8 +1083,8 @@ void sink(argc, argv) if (targisdir) { if(strlen(targ) + strlen(cp) + 2 >= sizeof(nambuf)) SCREWUP("target name too long"); - (void) sprintf(nambuf, "%s%s%s", targ, - *targ ? "/" : "", cp); + (void) snprintf(nambuf, sizeof(nambuf), "%s%s%s", targ, + *targ ? "/" : "", cp); } else { if (strlen(targ) + 1 >= sizeof (nambuf)) SCREWUP("target name too long"); @@ -1238,7 +1229,7 @@ error(fmt, va_alist) errs++; *cp++ = 1; - (void) vsprintf(cp, fmt, ap); + (void) vsnprintf(cp, sizeof(buf) - (cp - buf), fmt, ap); va_end(ap); if (iamremote) diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index b3272815f..79d3827b5 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -599,7 +599,8 @@ main(argc, argv) if (ospeed >= 50) /* On some systems, ospeed is the baud rate itself, not a table index. */ - sprintf (term + strlen (term), "%d", ospeed); + snprintf (term + strlen (term), + sizeof(term) - strlen(term), "%d", ospeed); else if (ospeed >= sizeof(speeds)/sizeof(char*)) /* Past end of table, but not high enough to look like a real speed. */ diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index e42da1449..219ff0199 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -858,7 +858,7 @@ void doit(f, fromp) /* * Problems read failed ... */ - sprintf(buferror, "Cannot read slave pty %s ",line); + snprintf(buferror, sizeof(buferror), "Cannot read slave pty %s ",line); fatalperror(p,buferror); } close(syncpipe[0]); @@ -867,7 +867,8 @@ void doit(f, fromp) #if defined(KERBEROS) if (do_encrypt) { if (rcmd_stream_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE), 0) < 0){ - sprintf(buferror, "Cannot encrypt-write network."); + snprintf(buferror, sizeof(buferror), + "Cannot encrypt-write network."); fatal(p,buferror); } } @@ -900,7 +901,8 @@ void doit(f, fromp) /* * Problems write failed ... */ - sprintf(buferror,"Cannot write slave pty %s ",line); + snprintf(buferror, sizeof(buferror), "Cannot write slave pty %s ", + line); fatalperror(f,buferror); } @@ -1179,7 +1181,7 @@ void fatal(f, msg) #endif buf[0] = '\01'; /* error indicator */ - (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg); + (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n", progname, msg); if ((f == netf) && (pid > 0)) (void) rcmd_stream_write(f, buf, strlen(buf), 0); else @@ -1213,7 +1215,7 @@ void fatalperror(f, msg) { char buf[512]; - (void) sprintf(buf, "%s: %s", msg, error_message(errno)); + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, error_message(errno)); fatal(f, buf); } @@ -1288,18 +1290,14 @@ do_krb_login(host_addr, hostname) if (ticket) krb5_free_ticket(bsd_context, ticket); - if (krusername) - msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80); - if (!msg_fail) - fatal(netf, "User is not authorized to login to specified account"); - if (auth_sent) - sprintf(msg_fail, "Access denied because of improper credentials"); + fatal(netf, "Access denied because of improper credentials"); + else if (asprintf(&msg_fail, + "User %s is not authorized to login to account %s", + krusername, lusername) >= 0) + fatal(netf, msg_fail); else - sprintf(msg_fail, "User %s is not authorized to login to account %s", - krusername, lusername); - - fatal(netf, msg_fail); + fatal(netf, "User is not authorized to login to specified account"); /* NOTREACHED */ } diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 2b4c383bf..8570b600e 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -164,6 +164,7 @@ char copyright[] = Key_schedule v4_schedule; #endif #include +#include #ifdef HAVE_PATHS_H #include @@ -940,7 +941,7 @@ void doit(f, fromp) privileges. */ if (port) { /* Place entry into wtmp */ - sprintf(ttyn,"krsh%ld",(long) (getpid() % 9999999)); + snprintf(ttyn,sizeof(ttyn),"krsh%ld",(long) (getpid() % 9999999)); pty_logwtmp(ttyn,locuser,sane_host); } /* We are simply execing a program over rshd : log entry into wtmp, @@ -1422,12 +1423,10 @@ void doit(f, fromp) strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); strncat(shell, pwd->pw_shell, sizeof(shell)-7); strncat(username, pwd->pw_name, sizeof(username)-6); - path = (char *) malloc(strlen(kprogdir) + strlen(path_rest) + 7); - if (path == NULL) { + if (asprintf(&path, "PATH=%s:%s", kprogdir, path_rest) < 0) { perror("malloc"); _exit(1); } - sprintf(path, "PATH=%s:%s", kprogdir, path_rest); envinit[PATHENV] = path; /* If we have KRB5CCNAME set, then copy into the @@ -1436,10 +1435,8 @@ void doit(f, fromp) */ if (getenv("KRB5CCNAME")) { int i; - char *buf2 = (char *)malloc(strlen(getenv("KRB5CCNAME")) - +strlen("KRB5CCNAME=")+1); - if (buf2) { - sprintf(buf2, "KRB5CCNAME=%s",getenv("KRB5CCNAME")); + char *buf2; + if (asprintf(&buf2, "KRB5CCNAME=%s",getenv("KRB5CCNAME")) >= 0) { for (i = 0; envinit[i]; i++); envinit[i] = buf2; @@ -1459,10 +1456,10 @@ void doit(f, fromp) NI_NUMERICHOST | NI_NUMERICSERV); if (aierr) goto skip_localaddr_env; - sprintf(local_addr, "KRB5LOCALADDR=%s", hbuf); + snprintf(local_addr, sizeof(local_addr), "KRB5LOCALADDR=%s", hbuf); envinit[i++] =local_addr; - sprintf(local_port, "KRB5LOCALPORT=%s", sbuf); + snprintf(local_port, sizeof(local_port), "KRB5LOCALPORT=%s", sbuf); envinit[i++] =local_port; skip_localaddr_env: @@ -1471,10 +1468,10 @@ void doit(f, fromp) NI_NUMERICHOST | NI_NUMERICSERV); if (aierr) goto skip_remoteaddr_env; - sprintf(remote_addr, "KRB5REMOTEADDR=%s", hbuf); + snprintf(remote_addr, sizeof(remote_addr), "KRB5REMOTEADDR=%s", hbuf); envinit[i++] =remote_addr; - sprintf(remote_port, "KRB5REMOTEPORT=%s", sbuf); + snprintf(remote_port, sizeof(remote_port), "KRB5REMOTEPORT=%s", sbuf); envinit[i++] =remote_port; skip_remoteaddr_env: @@ -1488,11 +1485,8 @@ void doit(f, fromp) char *buf2; if(getenv(save_env[cnt])) { - buf2 = (char *)malloc(strlen(getenv(save_env[cnt])) - +strlen(save_env[cnt])+2); - if (buf2) { - sprintf(buf2, "%s=%s", save_env[cnt], - getenv(save_env[cnt])); + if (asprintf(&buf2, "%s=%s", save_env[cnt], + getenv(save_env[cnt])) >= 0) { for (i = 0; envinit[i]; i++); envinit[i] = buf2; } @@ -1583,8 +1577,8 @@ error(fmt, va_alist) #endif *cp++ = 1; - (void) sprintf(cp, "%s: ", progname); - (void) vsprintf(buf+strlen(buf), fmt, ap); + (void) snprintf(cp, sizeof(buf) - (cp - buf), "%s: ", progname); + (void) vsnprintf(buf+strlen(buf), sizeof(buf) - strlen(buf), fmt, ap); va_end(ap); (void) write(2, buf, strlen(buf)); syslog(LOG_ERR ,"%s",buf+1); @@ -1617,7 +1611,8 @@ char *makejtmp(uid, gid, jid) register char *endc, *tdp = &tmpdir[strlen(tmpdir)]; register int i; - sprintf(tdp, "%s/jtmp.%06d", JTMPDIR, jid); + snprintf(tdp, sizeof(tmpdir) - (tdp - tmpdir), "%s/jtmp.%06d", + JTMPDIR, jid); endc = &tmpdir[strlen(tmpdir)]; endc[1] = '\0'; @@ -2048,7 +2043,7 @@ void fatal(f, msg) #endif buf[0] = '\01'; /* error indicator */ - (void) sprintf(buf + 1, "%s: %s.\r\n",progname, msg); + (void) snprintf(buf + 1, sizeof(buf) - 1, "%s: %s.\r\n",progname, msg); if ((f == netf) && (pid > 0)) (void) rcmd_stream_write(f, buf, strlen(buf), 0); else diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index a0348c273..419f0e158 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -529,7 +529,8 @@ void k_init (ttyn) /* Set up the credential cache environment variable */ if (!getenv(KRB5_ENV_CCNAME)) { - sprintf(ccfile, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccfile, sizeof(ccfile), "FILE:/tmp/krb5cc_p%ld", + (long) getpid()); setenv(KRB5_ENV_CCNAME, ccfile, 1); krb5_cc_set_default_name(kcontext, ccfile); unlink(ccfile+strlen("FILE:")); @@ -571,7 +572,7 @@ static int k5_get_password (user_pwstring, pwsize) { krb5_error_code code; char prompt[255]; - sprintf(prompt,"Password for %s", username); + snprintf(prompt, sizeof(prompt), "Password for %s", username); /* reduce opportunities to be swapped out */ code = krb5_read_password(kcontext, prompt, 0, user_pwstring, &pwsize); @@ -1800,13 +1801,13 @@ int main(argc, argv) if (hostname) { char buf[BUFSIZ]; #ifdef UT_HOSTSIZE - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), "ROOT LOGIN (krb) %s from %.*s, %s.%s@%s", tty, UT_HOSTSIZE, hostname, kdata->pname, kdata->pinst, kdata->prealm); #else - (void) sprintf(buf, + (void) snprintf(buf, sizeof(buf), "ROOT LOGIN (krb) %s from %s, %s.%s@%s", tty, hostname, kdata->pname, kdata->pinst, @@ -2104,7 +2105,7 @@ void check_mail() { char tbuf[MAXPATHLEN+2]; struct stat st; - (void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name); + (void)snprintf(tbuf, sizeof(tbuf), "%s/%s", MAILDIR, pwd->pw_name); if (stat(tbuf, &st) == 0 && st.st_size != 0) printf("You have %smail.\n", (st.st_mtime > st.st_atime) ? "new " : ""); diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 6baadf891..85357e997 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -388,8 +388,9 @@ int main(argc, argv) case 'P': /* Set port to use. */ port = atoi(*argv); - sprintf(portarg, " -p%d", port); - sprintf(rcpportarg, " -P%d", port); + snprintf(portarg, sizeof(portarg), " -p%d", port); + snprintf(rcpportarg, sizeof(rcpportarg), " -P%d", + port); port = htons(port); goto next_arg; @@ -410,7 +411,8 @@ int main(argc, argv) usage(); strncpy(krb_realm,*argv,REALM_SZ); krb_realm[REALM_SZ-1] = 0; - sprintf(realmarg, " -k %s", krb_realm); + snprintf(realmarg, sizeof(realmarg), " -k %s", + krb_realm); goto next_arg; #endif /* KERBEROS */ /* The rest of these are not for users. */ @@ -539,16 +541,17 @@ notreg: * Make it compatible with possible future * versions expecting microseconds. */ - (void) sprintf(buf, "T%ld 0 %ld 0\n", - stb.st_mtime, stb.st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + stb.st_mtime, stb.st_atime); kstream_write (krem, buf, strlen (buf)); if (response() < 0) { (void) close(f); continue; } } - (void) sprintf(buf, "C%04o %ld %s\n", - (unsigned int) stb.st_mode&07777, (long) stb.st_size, last); + (void) snprintf(buf, sizeof(buf), "C%04o %ld %s\n", + (unsigned int) stb.st_mode&07777, + (long) stb.st_size, last); kstream_write (krem, buf, strlen (buf)); if (response() < 0) { (void) close(f); @@ -606,15 +609,15 @@ void rsource(name, statp) else last++; if (pflag) { - (void) sprintf(buf, "T%ld 0 %ld 0\n", - statp->st_mtime, statp->st_atime); + (void) snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + statp->st_mtime, statp->st_atime); kstream_write (krem, buf, strlen (buf)); if (response() < 0) { closedir(d); return; } } - (void) sprintf(buf, "D%04o %d %s\n", + (void) sprintf(buf, sizeof(buf), "D%04o %d %s\n", (unsigned int) statp->st_mode&07777, 0, last); kstream_write (krem, buf, strlen (buf)); if (response() < 0) { @@ -630,7 +633,7 @@ void rsource(name, statp) error("%s/%s: Name too long.\n", name, dp->d_name); continue; } - (void) sprintf(buf, "%s/%s", name, dp->d_name); + (void) snprintf(buf, sizeof(buf), "%s/%s", name, dp->d_name); bufv[0] = buf; source(1, bufv); } diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 0ee268499..390d6e56f 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -567,20 +567,24 @@ call_server(host, port, oid, service_name, gss_flags, auth_flag, static void parse_oid(char *mechanism, gss_OID * oid) { - char *mechstr = 0, *cp; + char *mechstr = 0; gss_buffer_desc tok; OM_uint32 maj_stat, min_stat; + size_t i, mechlen = strlen(mechanism); if (isdigit((int) mechanism[0])) { - mechstr = malloc(strlen(mechanism) + 5); + mechstr = malloc(mechlen + 5); if (!mechstr) { fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); return; } - sprintf(mechstr, "{ %s }", mechanism); - for (cp = mechstr; *cp; cp++) - if (*cp == '.') - *cp = ' '; + mechstr[0] = '{'; + mechstr[1] = ' '; + for (i = 0; i < mechlen; i++) + mechstr[i + 2] = (mechanism[i] == '.') ? ' ' : mechanism[i]; + mechstr[mechlen + 2] = ' '; + mechstr[mechlen + 3] = ' '; + mechstr[mechlen + 4] = '\0'; tok.value = mechstr; } else tok.value = mechanism; diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index af5732c58..ababc5d59 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -530,7 +530,7 @@ int command(char *fmt, ...) } oldintr = signal(SIGINT, cmdabort); va_start(ap, fmt); - vsprintf(in, fmt, ap); + vsnprintf(in, FTP_BUFSIZ, fmt, ap); va_end(ap); again: if (secure_command(in) == 0) return(0); @@ -2012,7 +2012,8 @@ int do_auth() for (trial = 0; trial < n_gss_trials; trial++) { /* ftp@hostname first, the host@hostname */ /* the V5 GSSAPI binding canonicalizes this for us... */ - sprintf(stbuf, "%s@%s", gss_trials[trial].service_name, hostname); + snprintf(stbuf, sizeof(stbuf), "%s@%s", + gss_trials[trial].service_name, hostname); if (debug) fprintf(stderr, "Trying to authenticate to <%s>\n", stbuf); @@ -2236,7 +2237,7 @@ static void abort_remote(FILE *din) * send IAC in urgent mode instead of DM because 4.3BSD places oob mark * after urgent byte rather than before as is protocol now */ - sprintf(buf, "%c%c%c", IAC, IP, IAC); + snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC); if (send(SOCKETNO(fileno(cout)), buf, 3, MSG_OOB) != 3) PERROR_SOCKET("abort"); putc(DM, cout); diff --git a/src/appl/gssftp/ftp/ruserpass.c b/src/appl/gssftp/ftp/ruserpass.c index 3495dda4e..6e603e459 100644 --- a/src/appl/gssftp/ftp/ruserpass.c +++ b/src/appl/gssftp/ftp/ruserpass.c @@ -136,7 +136,7 @@ ruserpass(host, aname, apass, aacct) hdir = getenv("HOME"); if (hdir == NULL) hdir = "."; - (void) sprintf(buf, "%s/.netrc", hdir); + (void) snprintf(buf, sizeof(buf), "%s/.netrc", hdir); cfile = fopen(buf, "r"); if (cfile == NULL) { if (errno != ENOENT) diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 30fe19a81..7522c50ce 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -773,7 +773,8 @@ user(name) syslog(LOG_ERR, "user: username too long"); name = "[username too long]"; } - sprintf(buf, "GSSAPI user %s is%s authorized as %s", + snprintf(buf, sizeof(buf), + "GSSAPI user %s is%s authorized as %s", (char *) client_name.value, authorized ? "" : " not", name); @@ -797,7 +798,8 @@ user(name) syslog(LOG_ERR, "user: username too long"); name = "[username too long]"; } - sprintf(buf, "Kerberos user %s%s%s@%s is%s authorized as %s", + snprintf(buf, sizeof(buf), + "Kerberos user %s%s%s@%s is%s authorized as %s", kdata.pname, *kdata.pinst ? "." : "", kdata.pinst, kdata.prealm, authorized ? "" : " not", name); @@ -947,7 +949,8 @@ char *name, *passwd; return 0; my_creds.client = me; - sprintf(ccname, "FILE:/tmp/krb5cc_ftpd%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld", + (long) getpid()); if (krb5_cc_resolve(kcontext, ccname, &ccache)) return(0); if (krb5_cc_initialize(kcontext, ccache, me)) @@ -986,7 +989,8 @@ char *name, *passwd; if (krb_get_lrealm(realm, 1) != KSUCCESS) goto nuke_ccache; - sprintf(ccname, "%s_ftpd%ld", TKT_ROOT, (long) getpid()); + snprintf(ccname, sizeof(ccname), "%s_ftpd%ld", TKT_ROOT, + (long) getpid()); krb_set_tkt_string(ccname); if (krb_get_pw_in_tkt(name, "", realm, "krbtgt", realm, 1, passwd)) @@ -1116,7 +1120,7 @@ login(passwd, logincode) (void) initgroups(pw->pw_name, pw->pw_gid); /* open wtmp before chroot */ - (void) sprintf(ttyline, "ftp%ld", (long) getpid()); + (void) snprintf(ttyline, sizeof(ttyline), "ftp%ld", (long) getpid()); pty_logwtmp(ttyline, pw->pw_name, rhost_sane); logged_in = 1; @@ -1168,9 +1172,8 @@ login(passwd, logincode) if (guest) { reply(230, "Guest login ok, access restrictions apply."); #ifdef SETPROCTITLE - sprintf(proctitle, "%s: anonymous/%.*s", rhost_sane, - sizeof(proctitle) - strlen(rhost_sane) - - sizeof(": anonymous/"), passwd); + snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%.*s", + rhost_sane, passwd); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) @@ -1183,7 +1186,8 @@ login(passwd, logincode) reply(230, "User %s logged in.", pw->pw_name); } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: %s", rhost_sane, pw->pw_name); + snprintf(proctitle, sizeof(proctitle), "%s: %s", + rhost_sane, pw->pw_name); setproctitle(proctitle); #endif /* SETPROCTITLE */ if (logging) @@ -1219,7 +1223,7 @@ retrieve(cmd, name) reply(501, "filename too long"); return; } - (void) sprintf(line, cmd, name), name = line; + (void) snprintf(line, sizeof(line), cmd, name), name = line; fin = ftpd_popen(line, "r"), closefunc = ftpd_pclose; st.st_size = -1; #ifndef NOSTBLKSIZE @@ -1401,7 +1405,8 @@ dataconn(name, size, fmode) byte_count = 0; if (size != (off_t) -1) /* cast size to long in case sizeof(off_t) > sizeof(long) */ - (void) sprintf (sizebuf, " (%ld bytes)", (long)size); + (void) snprintf (sizebuf, sizeof(sizebuf), " (%ld bytes)", + (long)size); else sizebuf[0] = '\0'; if (pdata >= 0) { @@ -1665,7 +1670,7 @@ statfilecmd(filename) reply(501, "filename too long"); return; } - (void) sprintf(line, "/bin/ls -lgA %s", filename); + (void) snprintf(line, sizeof(line), "/bin/ls -lgA %s", filename); fin = ftpd_popen(line, "r"); lreply(211, "status of %s:", filename); p = str; @@ -1714,8 +1719,8 @@ statcmd() lreply(211, "%s FTP server status:", hostname); reply(0, " %s", version); - sprintf(str, " Connected to %s", remotehost[0] ? remotehost : ""); - sprintf(&str[strlen(str)], " (%s)", rhost_addra); + snprintf(str, sizeof(str), " Connected to %s (%s)", + remotehost[0] ? remotehost : "", rhost_addra); reply(0, "%s", str); if (auth_type) reply(0, " Authentication type: %s", auth_type); if (logged_in) { @@ -1730,22 +1735,16 @@ statcmd() else reply(0, " Waiting for user name"); reply(0, " Protection level: %s", levelnames[dlevel]); - sprintf(str, " TYPE: %s", typenames[type]); - if (type == TYPE_A || type == TYPE_E) - sprintf(&str[strlen(str)], ", FORM: %s", formnames[form]); + snprintf(str, sizeof(str), " TYPE: %s", typenames[type]); + if (type == TYPE_A || type == TYPE_E) { + snprintf(&str[strlen(str)], sizeof(str) - strlen(str), + ", FORM: %s", formnames[form]); + } if (type == TYPE_L) -#if 1 strncat(str, " 8", sizeof (str) - strlen(str) - 1); -#else -/* this is silly. -- eichin@cygnus.com */ -#if NBBY == 8 - sprintf(&str[strlen(str)], " %d", NBBY); -#else - sprintf(&str[strlen(str)], " %d", bytesize); /* need definition! */ -#endif -#endif - sprintf(&str[strlen(str)], "; STRUcture: %s; transfer MODE: %s", - strunames[stru], modenames[mode]); + snprintf(&str[strlen(str)], sizeof(str) - strlen(str), + "; STRUcture: %s; transfer MODE: %s", + strunames[stru], modenames[mode]); reply(0, "%s", str); if (data != -1) strlcpy(str, " Data connection open", sizeof(str)); @@ -1801,10 +1800,10 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); #else - sprintf(buf, fmt, p0, p1, p2, p3, p4, p5); + snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5); #endif if (auth_type) { @@ -1814,7 +1813,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5) */ char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2]; int length = 0, kerror; - if (n) sprintf(in, "%d%c", n, cont_char); + if (n) snprintf(in, sizeof(in), "%d%c", n, cont_char); else in[0] = '\0'; strncat(in, buf, sizeof (in) - strlen(in) - 1); #ifdef KRB5_KRB4_COMPAT @@ -1919,10 +1918,10 @@ lreply(n, fmt, p0, p1, p2, p3, p4, p5) va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); #else - sprintf(buf, fmt, p0, p1, p2, p3, p4, p5); + snprintf(buf, sizeof(buf), fmt, p0, p1, p2, p3, p4, p5); #endif cont_char = '-'; reply(n, "%s", buf); @@ -2084,7 +2083,7 @@ dolog(sin4) exit(1); } #ifdef SETPROCTITLE - sprintf(proctitle, "%s: connected", rhost_sane); + snprintf(proctitle, sizeof(proctitle), "%s: connected", rhost_sane); setproctitle(proctitle); #endif /* SETPROCTITLE */ @@ -2231,7 +2230,7 @@ gunique(local) cp = new + strlen(new); *cp++ = '.'; for (count = 1; count < 100; count++) { - (void) sprintf(cp, "%d", count); + (void) snprintf(cp, sizeof(new) - (cp - new), "%d", count); if (stat(new, &st) < 0) return(new); } @@ -2414,7 +2413,8 @@ char *adata; localname[sizeof(localname) - 1] = '\0'; for (gservice = gss_services; *gservice; gservice++) { - sprintf(service_name, "%s@%s", *gservice, localname); + snprintf(service_name, sizeof(service_name), + "%s@%s", *gservice, localname); name_buf.value = service_name; name_buf.length = strlen(name_buf.value) + 1; if (debug) @@ -2723,7 +2723,8 @@ send_file_list(whichfiles) ret = -2; /* XXX */ goto data_err; } - sprintf(nbuf, "%s/%s", dirname, dir->d_name); + snprintf(nbuf, sizeof(nbuf), "%s/%s", + dirname, dir->d_name); /* * We have to do a stat to insure it's @@ -2929,7 +2930,8 @@ ftpd_gss_convert_creds(name, creds) if (krb5_parse_name(kcontext, name, &me)) return; - sprintf(ccname, "FILE:/tmp/krb5cc_ftpd%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_ftpd%ld", + (long) getpid()); if (krb5_cc_resolve(kcontext, ccname, &ccache)) return; if (krb5_cc_initialize(kcontext, ccache, me)) @@ -2962,7 +2964,8 @@ ftpd_gss_convert_creds(name, creds) if (krb524_convert_creds_kdc(kcontext, v5creds, &v4creds)) goto cleanup; - sprintf(ccname, "%s_ftpd%ld", TKT_ROOT, (long) getpid()); + snprintf(ccname, sizeof(ccname), "%s_ftpd%ld", + TKT_ROOT, (long) getpid()); krb_set_tkt_string(ccname); if (in_tkt(v4creds.pname, v4creds.pinst) != KSUCCESS) diff --git a/src/appl/libpty/getpty.c b/src/appl/libpty/getpty.c index 995b22770..e5bf2854b 100644 --- a/src/appl/libpty/getpty.c +++ b/src/appl/libpty/getpty.c @@ -105,7 +105,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) return PTY_GETPTY_FSTAT; } ptynum = (int)(stb.st_rdev&0xFF); - sprintf(slavebuf, "/dev/ttyp%x", ptynum); + snprintf(slavebuf, sizeof(slavebuf), "/dev/ttyp%x", ptynum); if (strlen(slavebuf) > slavelength - 1) { close(*fd); *fd = -1; @@ -115,7 +115,7 @@ ptyint_getpty_ext(int *fd, char *slave, int slavelength, int do_grantpt) return 0; } else { for (cp = "pqrstuvwxyzPQRST";*cp; cp++) { - sprintf(slavebuf,"/dev/ptyXX"); + snprintf(slavebuf,sizeof(slavebuf),"/dev/ptyXX"); slavebuf[sizeof("/dev/pty") - 1] = *cp; slavebuf[sizeof("/dev/ptyp") - 1] = '0'; if (stat(slavebuf, &stb) < 0) diff --git a/src/appl/libpty/logwtmp.c b/src/appl/libpty/logwtmp.c index 21a35d3a9..03cfab48f 100644 --- a/src/appl/libpty/logwtmp.c +++ b/src/appl/libpty/logwtmp.c @@ -73,7 +73,7 @@ pty_logwtmp(const char *tty, const char *user, const char *host) cp = tty + len - 2; else cp = tty; - sprintf(utmp_id, "kr%s", cp); + snprintf(utmp_id, sizeof(utmp_id), "kr%s", cp); strncpy(utx.ut_id, utmp_id, sizeof(utx.ut_id)); #ifdef HAVE_SETUTXENT diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 2cb971baf..39710fb2b 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -210,12 +210,15 @@ main(argc, argv) } /* Get client name */ + repbuf[sizeof(repbuf) - 1] = '\0'; retval = krb5_unparse_name(context, ticket->enc_part2->client, &cname); if (retval){ syslog(LOG_ERR, "unparse failed: %s", error_message(retval)); - sprintf(repbuf, "You are \n"); + strncpy(repbuf, "You are \n", sizeof(repbuf) - 1); } else { - sprintf(repbuf, "You are %s\n", cname); + strncpy(repbuf, "You are ", sizeof(repbuf) - 1); + strncat(repbuf, cname, sizeof(repbuf) - 1 - strlen(repbuf)); + strncat(repbuf, "\n", sizeof(repbuf) - 1 - strlen(repbuf)); free(cname); } xmitlen = htons(strlen(repbuf)); diff --git a/src/appl/telnet/libtelnet/auth.c b/src/appl/telnet/libtelnet/auth.c index 28b8ae8d1..84dc5eb5c 100644 --- a/src/appl/telnet/libtelnet/auth.c +++ b/src/appl/telnet/libtelnet/auth.c @@ -658,7 +658,7 @@ auth_gen_printsub(data, cnt, buf, buflen) buf[buflen-2] = '*'; buflen -= 2; for (; cnt > 0; cnt--, data++) { - sprintf((char *)tbuf, " %d", *data); + snprintf((char *)tbuf, sizeof(tbuf), " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) diff --git a/src/appl/telnet/libtelnet/enc_des.c b/src/appl/telnet/libtelnet/enc_des.c index c399d22c7..aa00ae27e 100644 --- a/src/appl/telnet/libtelnet/enc_des.c +++ b/src/appl/telnet/libtelnet/enc_des.c @@ -550,28 +550,28 @@ fb64_printsub(data, cnt, buf, buflen, type) switch(data[2]) { case FB64_IV: - sprintf(lbuf, "%s_IV", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV", type); cp = lbuf; goto common; case FB64_IV_OK: - sprintf(lbuf, "%s_IV_OK", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type); cp = lbuf; goto common; case FB64_IV_BAD: - sprintf(lbuf, "%s_IV_BAD", type); + snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type); cp = lbuf; goto common; default: - sprintf(lbuf, " %d (unknown)", data[2]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]); cp = lbuf; common: for (; (buflen > 0) && (*buf = *cp++); buf++) buflen--; for (i = 3; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) buflen--; } diff --git a/src/appl/telnet/libtelnet/encrypt.c b/src/appl/telnet/libtelnet/encrypt.c index e99f346c4..6317eceb3 100644 --- a/src/appl/telnet/libtelnet/encrypt.c +++ b/src/appl/telnet/libtelnet/encrypt.c @@ -984,7 +984,7 @@ encrypt_gen_printsub(data, cnt, buf, buflen) buf[buflen-2] = '*'; buflen -= 2;; for (; cnt > 0; cnt--, data++) { - sprintf(tbuf, " %d", *data); + snprintf(tbuf, sizeof(tbuf), " %d", *data); for (cp = tbuf; *cp && buflen > 0; --buflen) *buf++ = *cp++; if (buflen <= 0) diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c index 09d558906..98dcb7897 100644 --- a/src/appl/telnet/libtelnet/forward.c +++ b/src/appl/telnet/libtelnet/forward.c @@ -57,7 +57,7 @@ rd_and_store_for_creds(context, auth_context, inbuf, ticket) if ((retval = krb5_rd_cred(context, auth_context, inbuf, &creds, NULL))) return(retval); - sprintf(ccname, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_p%ld", (long) getpid()); setenv("KRB5CCNAME", ccname, 1); if ((retval = krb5_cc_resolve(context, ccname, &ccache))) diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 7e0d7360c..925e9023e 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -674,12 +674,12 @@ kerberos4_printsub(data, cnt, buf, buflen) goto common2; default: - sprintf(lbuf, " %d (unknown)", data[3]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 06c6e9847..40eb184ac 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -465,10 +465,10 @@ kerberos5_is(ap, data, cnt) ticket->server,0)->length] = '\0'; if (strcmp("host", princ)) { if(strlen(princ) < sizeof(errbuf) - 39) { - (void) sprintf(errbuf, "incorrect service name: \"%s\" != \"host\"", + (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: \"%s\" != \"host\"", princ); } else { - (void) sprintf(errbuf, "incorrect service name: principal != \"host\""); + (void) snprintf(errbuf, sizeof(errbuf), "incorrect service name: principal != \"host\""); } goto errout; } @@ -811,12 +811,12 @@ kerberos5_printsub(data, cnt, buf, buflen) #endif /* FORWARD */ default: - sprintf(lbuf, " %d (unknown)", data[3]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } diff --git a/src/appl/telnet/libtelnet/spx.c b/src/appl/telnet/libtelnet/spx.c index b12bd09cf..449ddc4f7 100644 --- a/src/appl/telnet/libtelnet/spx.c +++ b/src/appl/telnet/libtelnet/spx.c @@ -561,12 +561,12 @@ spx_printsub(data, cnt, buf, buflen) goto common2; default: - sprintf(lbuf, " %d (unknown)", data[3]); + snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]); strncpy((char *)buf, lbuf, buflen); common2: BUMP(buf, buflen); for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); + snprintf(lbuf, sizeof(lbuf), " %d", data[i]); strncpy((char *)buf, lbuf, buflen); BUMP(buf, buflen); } diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c index 92418dbed..f82f3e680 100644 --- a/src/appl/telnet/telnet/commands.c +++ b/src/appl/telnet/telnet/commands.c @@ -1747,8 +1747,8 @@ env_find(var) env_init() { extern char **environ; - register char **epp, *cp; - register struct env_lst *ep; + char **epp, *cp; + struct env_lst *ep; for (epp = environ; *epp; epp++) { if ((cp = strchr(*epp, '='))) { @@ -1772,8 +1772,7 @@ env_init() gethostname(hbuf, 256); hbuf[256] = '\0'; - cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1); - sprintf((char *)cp, "%s%s", hbuf, cp2); + asprintf(&cp, "%s%s", hbuf, cp2); free(ep->value); ep->value = (unsigned char *)cp; } diff --git a/src/appl/telnet/telnet/telnet.c b/src/appl/telnet/telnet/telnet.c index 3b8a82d74..be00687e7 100644 --- a/src/appl/telnet/telnet/telnet.c +++ b/src/appl/telnet/telnet/telnet.c @@ -79,6 +79,8 @@ #include #endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ +#include + static int is_unique (char *, char **, char **); @@ -867,8 +869,8 @@ suboption() name = gettermname(); len = strlen(name) + 4 + 2; if (len < NETROOM()) { - sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, - TELQUAL_IS, name, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", + IAC, SB, TELOPT_TTYPE, TELQUAL_IS, name, IAC, SE); ring_supply_data(&netoring, temp, len); printsub('>', &temp[2], len-2); } else { @@ -889,8 +891,8 @@ suboption() TerminalSpeeds(&ispeed, &o_speed); - sprintf((char *)temp, "%c%c%c%c%ld,%ld%c%c", IAC, SB, TELOPT_TSPEED, - TELQUAL_IS, o_speed, ispeed, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%ld,%ld%c%c", IAC, + SB, TELOPT_TSPEED, TELQUAL_IS, o_speed, ispeed, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { @@ -995,8 +997,8 @@ suboption() send_wont(TELOPT_XDISPLOC, 1); break; } - sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, - TELQUAL_IS, dp, IAC, SE); + snprintf((char *)temp, sizeof(temp), "%c%c%c%c%s%c%c", + IAC, SB, TELOPT_XDISPLOC, TELQUAL_IS, dp, IAC, SE); len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ if (len < NETROOM()) { diff --git a/src/appl/telnet/telnet/utilities.c b/src/appl/telnet/telnet/utilities.c index 4b198dabf..4a076e530 100644 --- a/src/appl/telnet/telnet/utilities.c +++ b/src/appl/telnet/telnet/utilities.c @@ -61,6 +61,8 @@ #include #endif +#include + FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; @@ -646,7 +648,7 @@ printsub(direction, pointer, length) } { char tbuf[64]; - sprintf(tbuf, "%s%s%s%s%s", + snprintf(tbuf, sizeof(tbuf), "%s%s%s%s%s", pointer[2]&MODE_EDIT ? "|EDIT" : "", pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", diff --git a/src/appl/telnet/telnetd/slc.c b/src/appl/telnet/telnetd/slc.c index 613674b01..8f32f433a 100644 --- a/src/appl/telnet/telnetd/slc.c +++ b/src/appl/telnet/telnetd/slc.c @@ -154,8 +154,8 @@ start_slc(getit) slcchange = 0; if (getit) init_termbuf(); - (void) sprintf((char *)slcbuf, "%c%c%c%c", - IAC, SB, TELOPT_LINEMODE, LM_SLC); + (void) snprintf((char *)slcbuf, sizeof(slcbuf), "%c%c%c%c", + IAC, SB, TELOPT_LINEMODE, LM_SLC); slcptr = slcbuf + 4; } /* end of start_slc */ @@ -195,8 +195,9 @@ end_slc(bufp) *bufp = &slcbuf[4]; return(slcptr - slcbuf - 4); } else { - (void) sprintf((char *)slcptr, "%c%c", IAC, SE); - slcptr += 2; + *slcptr++ = IAC; + *slcptr++ = SE; + *slcptr = 0; len = slcptr - slcbuf; netwrite(slcbuf, len); netflush(); /* force it out immediately */ diff --git a/src/appl/telnet/telnetd/sys_term.c b/src/appl/telnet/telnetd/sys_term.c index d86bafd8f..5c08c7606 100644 --- a/src/appl/telnet/telnetd/sys_term.c +++ b/src/appl/telnet/telnetd/sys_term.c @@ -1133,7 +1133,8 @@ startslave(host, autologin, autoname) */ if ((i = open(INIT_FIFO, O_WRONLY)) < 0) { char tbuf[128]; - (void) sprintf(tbuf, "Can't open %s\n", INIT_FIFO); + (void) snprintf(tbuf, sizeof(tbuf), "Can't open %s\n", + INIT_FIFO); fatalperror(net, tbuf); } memset((char *)&request, 0, sizeof(request)); @@ -1156,7 +1157,8 @@ startslave(host, autologin, autoname) #endif /* BFTPDAEMON */ if (write(i, (char *)&request, sizeof(request)) < 0) { char tbuf[128]; - (void) sprintf(tbuf, "Can't write to %s\n", INIT_FIFO); + (void) snprintf(tbuf, sizeof(tbuf), "Can't write to %s\n", + INIT_FIFO); fatalperror(net, tbuf); } (void) close(i); @@ -1168,7 +1170,7 @@ startslave(host, autologin, autoname) if (i == 3 || n >= 0 || !gotalarm) break; gotalarm = 0; - sprintf(tbuf, "telnetd: waiting for /etc/init to start login process on %s\r\n", line); + snprintf(tbuf, sizeof(tbuf), "telnetd: waiting for /etc/init to start login process on %s\r\n", line); (void) write(net, tbuf, strlen(tbuf)); } if (n < 0 && gotalarm) @@ -1355,13 +1357,9 @@ start_login(host, autologin, name) write(xpty, name, len); write(xpty, name, len); memset(speed, 0, sizeof(speed)); - strncpy(speed, - (cp = getenv("TERM")) ? cp : "", - sizeof(speed)-1-(10*sizeof(def_rspeed)/4)-1); - /* 1 for /, () for the number, 1 for trailing 0. */ - sprintf(speed + strlen(speed), - "/%d", - (def_rspeed > 0) ? def_rspeed : 9600); + snprintf(speed, sizeof(speed), "%s/%d", + (cp = getenv("TERM")) ? cp : "", + (def_rspeed > 0) ? def_rspeed : 9600); len = strlen(speed)+1; write(xpty, speed, len); diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c index fa596230b..0c90d2713 100644 --- a/src/clients/ksu/authorization.c +++ b/src/clients/ksu/authorization.c @@ -365,15 +365,13 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) }else{ /* must be either full path or just the cmd name */ if (strchr(fcmd, '/')){ - err = (char *) xcalloc((strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME); + asprintf(&err,"Error: bad entry - %s in %s file, must be either full path or just the cmd name\n", fcmd, KRB5_USERS_NAME); *out_err = err; return FALSE; } #ifndef CMD_PATH - err = (char *) xcalloc(2*(strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd); + asprintf(&err,"Error: bad entry - %s in %s file, since %s is just the cmd name, CMD_PATH must be defined \n", fcmd, KRB5_USERS_NAME, fcmd); *out_err = err; return FALSE; #else @@ -386,8 +384,7 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) tc = get_first_token (path_ptr, &lp); if (! tc){ - err = (char *) xcalloc((strlen(fcmd) +200) ,sizeof(char)); - sprintf(err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n", fcmd, KRB5_USERS_NAME); + asprintf(&err,"Error: bad entry - %s in %s file, CMD_PATH contains no paths \n", fcmd, KRB5_USERS_NAME); *out_err = err; return FALSE; } @@ -395,8 +392,7 @@ krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) i=0; do{ if (*tc != '/'){ /* must be full path */ - err = (char *) xcalloc((strlen(tc) +200) ,sizeof(char)); - sprintf(err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME ); + asprintf(&err,"Error: bad path %s in CMD_PATH for %s must start with '/' \n",tc, KRB5_USERS_NAME ); *out_err = err; return FALSE; } @@ -707,17 +703,19 @@ static void auth_cleanup(users_fp, login_fp, princname) void init_auth_names(pw_dir) char *pw_dir; { - if (strlen (k5login_path) + 2 + strlen (KRB5_LOGIN_NAME) >= MAXPATHLEN) { + const char *sep; + int r1, r2; + + sep = ((strlen(pw_dir) == 1) && (*pw_dir == '/')) ? "" : "/"; + r1 = snprintf(k5login_path, sizeof(k5login_path), "%s%s%s", + pw_dir, sep, KRB5_LOGIN_NAME); + r2 = snprintf(k5users_path, sizeof(k5users_path), "%s%s%s", + pw_dir, sep, KRB5_USERS_NAME); + if (SNPRINTF_OVERFLOW(r1, sizeof(k5login_path)) || + SNPRINTF_OVERFLOW(r2, sizeof(k5users_path))) { fprintf (stderr, "home directory name `%s' too long, can't search for .k5login\n", pw_dir); exit (1); } - if ((strlen(pw_dir) == 1) && (*pw_dir == '/')){ - sprintf(k5login_path,"%s%s", pw_dir, KRB5_LOGIN_NAME); - sprintf(k5users_path,"%s%s", pw_dir, KRB5_USERS_NAME); - } else { - sprintf(k5login_path,"%s/%s", pw_dir, KRB5_LOGIN_NAME); - sprintf(k5users_path,"%s/%s", pw_dir, KRB5_USERS_NAME); - } } diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c index f19c16924..8b9917773 100644 --- a/src/clients/ksu/krb_auth_su.c +++ b/src/clients/ksu/krb_auth_su.c @@ -407,7 +407,7 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, krb5_timestamp now; unsigned int pwsize; char password[255], *client_name, prompt[255]; - + int result; *zero_password = FALSE; @@ -442,13 +442,14 @@ krb5_boolean krb5_get_tkt_via_passwd (context, ccache, client, server, } else my_creds.times.renew_till = 0; - if (strlen (client_name) + 80 > sizeof (prompt)) { + result = snprintf(prompt, sizeof(prompt), "Kerberos password for %s: ", + client_name); + if (SNPRINTF_OVERFLOW(result, sizeof(prompt))) { fprintf (stderr, "principal name %s too long for internal buffer space\n", client_name); return FALSE; } - (void) sprintf(prompt,"Kerberos password for %s: ", client_name); pwsize = sizeof(password); diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c index 3329bd78a..0aba56933 100644 --- a/src/clients/ksu/main.c +++ b/src/clients/ksu/main.c @@ -425,9 +425,9 @@ main (argc, argv) cache will be created.*/ do { - sprintf(cc_target_tag, "%s%ld.%d", - KRB5_SECONDARY_CACHE, - (long) target_uid, gen_sym()); + snprintf(cc_target_tag, KRB5_SEC_BUFFSIZE, "%s%ld.%d", + KRB5_SECONDARY_CACHE, + (long) target_uid, gen_sym()); cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1; }while ( !stat ( cc_target_tag_tmp, &st_temp)); @@ -855,15 +855,16 @@ char *sh; static char * ontty() { char *p, *ttyname(); - static char buf[MAXPATHLEN + 4]; + static char buf[MAXPATHLEN + 5]; + int result; buf[0] = 0; if ((p = ttyname(STDERR_FILENO))) { - if (strlen (p) > MAXPATHLEN) { + result = snprintf(buf, sizeof(buf), " on %s", p); + if (SNPRINTF_OVERFLOW(result, sizeof(buf))) { fprintf (stderr, "terminal name %s too long\n", p); exit (1); } - sprintf(buf, " on %s", p); } return (buf); } @@ -875,11 +876,7 @@ static int set_env_var(name, value) { char * env_var_buf; - /* allocate extra two spaces, one for the = and one for the \0 */ - env_var_buf = (char *) xcalloc(2 + strlen(name) + strlen(value), - sizeof(char)); - - sprintf(env_var_buf,"%s=%s",name, value); + asprintf(&env_var_buf,"%s=%s",name, value); return putenv(env_var_buf); } diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 00f26b129..125310f13 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -134,9 +134,9 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", + hours, minutes, seconds); return out; } @@ -794,11 +794,12 @@ void kadmin_cpw(argc, argv) } else if (argc == 1) { unsigned int i = sizeof (newpw) - 1; - sprintf(prompt1, "Enter password for principal \"%.900s\"", - *argv); - sprintf(prompt2, - "Re-enter password for principal \"%.900s\"", - *argv); + snprintf(prompt1, sizeof(prompt1), + "Enter password for principal \"%.900s\"", + *argv); + snprintf(prompt2, sizeof(prompt2), + "Re-enter password for principal \"%.900s\"", + *argv); retval = krb5_read_password(context, prompt1, prompt2, newpw, &i); if (retval) { @@ -1228,11 +1229,12 @@ void kadmin_addprinc(argc, argv) } else if (pass == NULL) { unsigned int sz = sizeof (newpw) - 1; - sprintf(prompt1, "Enter password for principal \"%.900s\"", - canon); - sprintf(prompt2, - "Re-enter password for principal \"%.900s\"", - canon); + snprintf(prompt1, sizeof(prompt1), + "Enter password for principal \"%.900s\"", + canon); + snprintf(prompt2, sizeof(prompt2), + "Re-enter password for principal \"%.900s\"", + canon); retval = krb5_read_password(context, prompt1, prompt2, newpw, &sz); if (retval) { @@ -1513,14 +1515,14 @@ void kadmin_getprinc(argc, argv) if (krb5_enctype_to_string(key_data->key_data_type[0], enctype, sizeof(enctype))) - sprintf(enctype, "", - key_data->key_data_type[0]); + snprintf(enctype, sizeof(enctype), "", + key_data->key_data_type[0]); printf("Key: vno %d, %s, ", key_data->key_data_kvno, enctype); if (key_data->key_data_ver > 1) { if (krb5_salttype_to_string(key_data->key_data_type[1], salttype, sizeof(salttype))) - sprintf(salttype, "", - key_data->key_data_type[1]); + snprintf(salttype, sizeof(salttype), "", + key_data->key_data_type[1]); printf("%s\n", salttype); } else printf("no salt\n"); diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c index c02b40287..894edf364 100644 --- a/src/kadmin/dbutil/kadm5_create.c +++ b/src/kadmin/dbutil/kadm5_create.c @@ -145,8 +145,7 @@ static char *build_name_with_realm(char *name, char *realm) { char *n; - n = (char *) malloc(strlen(name) + strlen(realm) + 2); - sprintf(n, "%s@%s", name, realm); + asprintf(&n, "%s@%s", name, realm); return n; } diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c index a9106debc..4c4408c6e 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c @@ -161,7 +161,8 @@ krb5_error_code ktutil_add(context, list, princ_str, kvno, goto cleanup; } - sprintf(promptstr, "Password for %.1000s", princ_str); + snprintf(promptstr, sizeof(promptstr), "Password for %.1000s", + princ_str); retval = krb5_read_password(context, promptstr, NULL, password.data, &password.length); if (retval) diff --git a/src/kadmin/passwd/xm_kpasswd.c b/src/kadmin/passwd/xm_kpasswd.c index a55b052c3..2f0bdf9c2 100644 --- a/src/kadmin/passwd/xm_kpasswd.c +++ b/src/kadmin/passwd/xm_kpasswd.c @@ -116,7 +116,7 @@ motif_com_err (whoami, code, fmt, args) } if (fmt) { - vsprintf(buf + strlen(buf), fmt, args); + vsnprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), fmt, args); } XtVaSetValues(scroll_text, XmNvalue, buf, NULL); @@ -321,7 +321,7 @@ display_intro_message(fmt_string, arg_string) XmString xmstr; char buf[1024]; - sprintf(buf, fmt_string, arg_string); + snprintf(buf, sizeof(buf), fmt_string, arg_string); xmstr = XmStringCreateLtoR(buf, XmSTRING_DEFAULT_CHARSET); XtVaSetValues(main_lbl, XmNlabelString, xmstr, NULL); diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c index f0b704f1a..50f7b8c52 100644 --- a/src/kadmin/server/ipropd_svc.c +++ b/src/kadmin/server/ipropd_svc.c @@ -601,12 +601,10 @@ kiprop_get_adm_host_srv_name(krb5_context context, if (ret = kadm5_get_master(context, realm, &host)) return (ret); - name = malloc(strlen(KIPROP_SVC_NAME)+ strlen(host) + 2); - if (name == NULL) { + if (asprintf(&name, "%s@%s", KIPROP_SVC_NAME, host) < 0) { free(host); return (ENOMEM); } - (void) sprintf(name, "%s@%s", KIPROP_SVC_NAME, host); free(host); *host_service_name = name; diff --git a/src/kdc/fakeka.c b/src/kdc/fakeka.c index f861d48ed..39916647c 100644 --- a/src/kdc/fakeka.c +++ b/src/kdc/fakeka.c @@ -208,7 +208,7 @@ int e; case KAINTERNALERROR: return "internal error in fakeka, help!"; default: - sprintf(buf, "impossible error code %d, help!", e); + snprintf(buf, sizeof(buf), "impossible error code %d, help!", e); return buf; } /*NOTREACHED*/ diff --git a/src/lib/crypto/vectors.c b/src/lib/crypto/vectors.c index 27b6206c9..64a5071c0 100644 --- a/src/lib/crypto/vectors.c +++ b/src/lib/crypto/vectors.c @@ -129,10 +129,10 @@ test_mit_des_s2k () sd.data = (char *) s; assert (strlen (s) + 4 < sizeof (buf)); - sprintf (buf, "\"%s\"", s); + snprintf (buf, sizeof (buf), "\"%s\"", s); printf ( "salt: %-25s", buf); printhex (strlen(s), s); - sprintf (buf, "\"%s\"", p); + snprintf (buf, sizeof (buf), "\"%s\"", p); printf ("\npassword: %-25s", buf); printhex (strlen(p), p); printf ("\n"); @@ -174,10 +174,10 @@ test_s2k (krb5_enctype enctype) key.contents = key_contents; assert (strlen (s) + 4 < sizeof (buf)); - sprintf (buf, "\"%s\"", s); + snprintf (buf, sizeof(buf), "\"%s\"", s); printf ( "salt:\t%s\n\t", buf); printhex (strlen(s), s); - sprintf (buf, "\"%s\"", p); + snprintf (buf, sizeof(buf), "\"%s\"", p); printf ("\npasswd:\t%s\n\t", buf); printhex (strlen(p), p); printf ("\n"); diff --git a/src/lib/krb5/krb/pkinit_apple_cert_store.c b/src/lib/krb5/krb/pkinit_apple_cert_store.c index be0ea73ab..449f1cc99 100644 --- a/src/lib/krb5/krb/pkinit_apple_cert_store.c +++ b/src/lib/krb5/krb/pkinit_apple_cert_store.c @@ -594,7 +594,7 @@ char *krb5_pkinit_cert_hash_str( } cpOut = outstr; for(dex=0; dextm_min > 59 || utc->tm_sec > 59) { return ASN1_BAD_GMTIME; } - outStr = (char *)malloc(16); - if(outStr == NULL) { + if (asprintf(&outStr, "%04d%02d%02d%02d%02d%02dZ", + utc->tm_year + 1900, utc->tm_mon + 1, + utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec) < 0) { return ENOMEM; } - sprintf(outStr, "%04d%02d%02d%02d%02d%02dZ", - utc->tm_year + 1900, utc->tm_mon + 1, - utc->tm_mday, utc->tm_hour, utc->tm_min, utc->tm_sec); *str = outStr; return 0; } diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 47971d350..7c3945323 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -418,7 +418,7 @@ ser_keytab_test(krb5_context kcontext, int verbose) !(kret = ser_data(verbose, "> Resolved default keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && !(kret = krb5_kt_close(kcontext, keytab))) { - sprintf(ccname, "FILE:temp_kt_%d", (int) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && !(kret = ser_data(verbose, "> Resolved FILE keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && diff --git a/src/lib/krb5/os/t_gifconf.c b/src/lib/krb5/os/t_gifconf.c index 92a49123a..b0d9b7de2 100644 --- a/src/lib/krb5/os/t_gifconf.c +++ b/src/lib/krb5/os/t_gifconf.c @@ -97,7 +97,7 @@ int main (void) { /* Solaris returns "Invalid argument" if the buffer is too small. AIX and Linux return no error indication. */ int e = errno; - sprintf (buffer, "SIOCGIFCONF(%d)", t); + snprintf (buffer, sizeof(buffer), "SIOCGIFCONF(%d)", t); errno = e; perror (buffer); if (e == EINVAL) diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 20e07af66..9cc845a82 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -37,7 +37,7 @@ static const char *stypename (int stype) case SOCK_RAW: return "raw"; default: - sprintf(buf, "?%d", stype); + snprintf(buf, sizeof(buf), "?%d", stype); return buf; } } diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index e66f040a0..662a8c51c 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -139,7 +139,7 @@ main(argc, argv) */ echo_arg = buf; for (i = 0; i < 3; i++) { - sprintf(buf, "testing %d\n", i); + snprintf(buf, sizeof(buf), "testing %d\n", i); echo_resp = rpc_test_echo_1(&echo_arg, clnt); if (echo_resp == NULL) { diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c index d4f0d8c6a..657f7ef93 100644 --- a/src/lib/rpc/unit-test/server.c +++ b/src/lib/rpc/unit-test/server.c @@ -158,8 +158,7 @@ char **rpc_test_echo_1_svc(char **arg, struct svc_req *h) if (res) free(res); - res = (char *) malloc(strlen(*arg) + strlen("Echo: ") + 1); - sprintf(res, "Echo: %s", *arg); + asprintf(&res, "Echo: %s", *arg); return &res; } diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c index d479f1967..b0aee708d 100644 --- a/src/plugins/kdb/db2/libdb2/test/dbtest.c +++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c @@ -163,7 +163,7 @@ main(argc, argv) p = getenv("TMPDIR"); if (p == NULL) p = "/var/tmp"; - (void)sprintf(buf, "%s/__dbtest", p); + (void)snprintf(buf, sizeof(buf), "%s/__dbtest", p); fname = buf; (void)unlink(buf); } else if (!sflag) diff --git a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c index 6a3b432cb..34397ecaa 100644 --- a/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c +++ b/src/plugins/kdb/db2/libdb2/test/hash1.tests/driver2.c @@ -82,7 +82,7 @@ main(argc, argv) #endif info.lorder = 0; if (!(db = dbopen("bigtest", O_RDWR | O_CREAT | O_BINARY, 0644, DB_HASH, &info))) { - sprintf(buf, "dbopen: failed on file bigtest"); + snprintf(buf, sizeof(buf), "dbopen: failed on file bigtest"); perror(buf); exit(1); } @@ -96,10 +96,10 @@ main(argc, argv) content.size = 128 + (rand()&1023); /* printf("%d: Key size %d, data size %d\n", i, key.size, content.size); */ - sprintf(keybuf, "Key #%d", i); - sprintf(contentbuf, "Contents #%d", i); + snprintf(keybuf, sizeof(keybuf), "Key #%d", i); + snprintf(contentbuf, sizeof(contentbuf), "Contents #%d", i); if ((db->put)(db, &key, &content, R_NOOVERWRITE)) { - sprintf(buf, "dbm_store #%d", i); + snprintf(buf, sizeof(buf), "dbm_store #%d", i); perror(buf); } } diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c index 972176cf2..e794e6159 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c @@ -874,8 +874,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", - days, days == 1 ? "day" : "days", - hours, minutes, seconds); + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; } diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c index 83eb16286..b7e553479 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c @@ -1991,7 +1991,7 @@ static char *strdur(duration) minutes = duration / 60; duration %= 60; seconds = duration; - sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "", + snprintf(out, sizeof(out), "%s%d %s %02d:%02d:%02d", neg ? "-" : "", days, days == 1 ? "day" : "days", hours, minutes, seconds); return out; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c index 126013120..9f7caa07e 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c @@ -85,9 +85,11 @@ static int process_host_list(char **host_list, int servicetype) /* Parse for the protocol string and translate to number */ strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN); if (!strcmp(proto_str, "udp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_UDP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_UDP); else if (!strcmp(proto_str, "tcp")) - sprintf (proto_str, "%d", PROTOCOL_NUM_TCP); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_NUM_TCP); else proto_str[0] = '\0'; /* Make the string null if invalid */ @@ -109,27 +111,32 @@ static int process_host_list(char **host_list, int servicetype) and port values if they are absent or not matching */ if (servicetype == LDAP_KDC_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_KDC); if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_KDC); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_KDC); } else if (servicetype == LDAP_ADMIN_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); else if (strcmp(proto_str, "1")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_ADM); /* Print warning message */ printf ("Admin Server supports only TCP protocol, hence setting that\n"); } if (port_str[0] == '\0') - sprintf (port_str, "%d", PORT_DEFAULT_ADM); + snprintf (port_str, sizeof(port_str), "%d", PORT_DEFAULT_ADM); } else if (servicetype == LDAP_PASSWD_SERVICE) { if (proto_str[0] == '\0') - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); else if (strcmp(proto_str, "0")) { - sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD); + snprintf (proto_str, sizeof(proto_str), "%d", + PROTOCOL_DEFAULT_PWD); /* Print warning message */ printf ("Password Server supports only UDP protocol, hence setting that\n"); @@ -1538,7 +1545,6 @@ kdb5_ldap_set_service_password(argc, argv) unsigned int passwd_len = 0; krb5_error_code errcode = -1; int retval = 0, i = 0; - unsigned int len = 0; krb5_boolean print_usage = FALSE; FILE *pfile = NULL; char *str = NULL; @@ -1667,23 +1673,17 @@ kdb5_ldap_set_service_password(argc, argv) memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1); passwd_len = MAX_SERVICE_PASSWD_LEN; - len = strlen(service_object); - /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */ - prompt1 = (char *)malloc(len + 20); - if (prompt1 == NULL) { + if (asprintf(&prompt1, "Password for \"%s\"", service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(prompt1, "Password for \"%s\"", service_object); - /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */ - prompt2 = (char *)malloc(len + 30); - if (prompt2 == NULL) { + if (asprintf(&prompt2, "Re-enter password for \"%s\"", + service_object) < 0) { com_err(me, ENOMEM, "while setting service object password"); free(prompt1); goto cleanup; } - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); free(prompt1); @@ -1718,19 +1718,15 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } /* Password = {HEX}: */ - encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + - 1 + 5 + hex.length + 2); - if (encrypted_passwd.value == NULL) { + if (asprintf(&str, "%s#{HEX}%s\n", service_object, hex.data) < 0) { com_err(me, ENOMEM, "while setting service object password"); memset(passwd, 0, passwd_len); memset(hex.data, 0, hex.length); free(hex.data); goto cleanup; } - encrypted_passwd.value[strlen(service_object) + - 1 + 5 + hex.length + 1] = '\0'; - sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data); - encrypted_passwd.len = strlen((char *)encrypted_passwd.value); + encrypted_passwd.data = (unsigned char *)str; + encrypted_passwd.len = strlen(str); memset(hex.data, 0, hex.length); free(hex.data); } @@ -1806,12 +1802,10 @@ kdb5_ldap_set_service_password(argc, argv) mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w+"); @@ -1832,7 +1826,6 @@ kdb5_ldap_set_service_password(argc, argv) goto cleanup; } } else { - len = strlen(line); if (fprintf(newfile, "%s", line) < 0) { com_err(me, errno, "Failed to write service object password to file"); fclose(newfile); @@ -1998,12 +1991,12 @@ done: /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */ assert (sizeof (prompt1) > (strlen (service_object) + sizeof ("Password for \" \""))); - sprintf(prompt1, "Password for \"%s\"", service_object); + snprintf(prompt1, sizeof(prompt1), "Password for \"%s\"", service_object); /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */ assert (sizeof (prompt2) > (strlen (service_object) + sizeof ("Re-enter Password for \" \""))); - sprintf(prompt2, "Re-enter password for \"%s\"", service_object); + snprintf(prompt2, sizeof(prompt2), "Re-enter password for \"%s\"", service_object); ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len); if (ret != 0) { @@ -2082,13 +2075,11 @@ done: mode_t omask; /* Create a new file with the extension .tmp */ - tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1)); - if (tmp_file == NULL) { + if (asprintf(&tmp_file,"%s.tmp",file_name) < 0) { com_err(me, ENOMEM, "while setting service object password"); fclose(pfile); goto cleanup; } - sprintf(tmp_file,"%s.%s",file_name,"tmp"); omask = umask(077); newfile = fopen(tmp_file, "w"); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c index 06eeee47c..08a87fe8e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.c @@ -393,32 +393,17 @@ krb5_error_code krb5_ldap_open(krb5_context context, goto clean_n_exit; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto clean_n_exit; } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); - free (opt); - free (val); - status = ENOMEM; - goto clean_n_exit; - } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + free(ldap_context->root_certificate_file); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c index 02589b554..c71d9e5fd 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_create.c @@ -198,32 +198,16 @@ krb5_ldap_create (krb5_context context, char *conf_section, char **db_args) goto cleanup; } } else { - void *tmp=NULL; - char *oldstr = NULL; - unsigned int len=0; + char *newstr; - oldstr = strdup(ldap_context->root_certificate_file); - if (oldstr == NULL) { + if (asprintf(&newstr, "%s %s", + ldap_context->root_certificate_file, val) < 0) { free (opt); free (val); status = ENOMEM; goto cleanup; } - - tmp = ldap_context->root_certificate_file; - len = strlen(ldap_context->root_certificate_file) + 2 + strlen(val); - ldap_context->root_certificate_file = realloc(ldap_context->root_certificate_file, - len); - if (ldap_context->root_certificate_file == NULL) { - free (tmp); - free (opt); - free (val); - status = ENOMEM; - goto cleanup; - } - memset(ldap_context->root_certificate_file, 0, len); - sprintf(ldap_context->root_certificate_file,"%s %s", oldstr, val); - free (oldstr); + ldap_context->root_certificate_file = newstr; } #endif } else { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index b864f4b6d..79ca63472 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -1499,7 +1499,7 @@ static inline char * format_d (int val) { char tmpbuf[2+3*sizeof(val)]; - sprintf(tmpbuf, "%d", val); + snprintf(tmpbuf, sizeof(tmpbuf), "%d", val); return strdup(tmpbuf); } @@ -1655,14 +1655,12 @@ krb5_ldap_get_reference_count (krb5_context context, char *dn, char *refattr, goto cleanup; } - filter = (char *) malloc (strlen (refattr) + strlen (ptr) + 2); - if (filter == NULL) { + if (asprintf (&filter, "%s=%s", refattr, ptr) < 0) { + filter = NULL; st = ENOMEM; goto cleanup; } - sprintf (filter, "%s=%s", refattr, ptr); - if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntrees)) != 0) goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c index d0b7aa1dc..4a3d37f87 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c @@ -143,7 +143,7 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) krb5_db_entry entry; krb5_principal principal; char **subtree=NULL, *princ_name=NULL, *realm=NULL, **values=NULL, *filter=NULL; - unsigned int filterlen=0, tree=0, ntree=1, i=0; + unsigned int tree=0, ntree=1, i=0; krb5_error_code st=0, tempst=0; LDAP *ld=NULL; LDAPMessage *result=NULL, *ent=NULL; @@ -174,11 +174,9 @@ krb5_ldap_iterate(context, match_expr, func, func_arg) if (match_expr == NULL) match_expr = default_match_expr; - filterlen = strlen(FILTER) + strlen(match_expr) + 2 + 1; /* 2 for closing brackets */ - filter = malloc (filterlen); + if (asprintf(&filter, FILTER"%s))", match_expr) < 0) + filter = NULL; CHECK_NULL(filter); - memset(filter, 0, filterlen); - sprintf(filter, FILTER"%s))", match_expr); if ((st = krb5_get_subtree_info(ldap_context, &subtree, &ntree)) != 0) goto cleanup; @@ -385,52 +383,17 @@ cleanup: krb5_error_code krb5_ldap_unparse_principal_name(char *user_name) { - char *tmp_princ_name=NULL, *princ_name=NULL, *tmp=NULL; - int l=0; - krb5_error_code st=0; + char *in, *out; - if (strstr(user_name, "\\@")) { - - tmp_princ_name = strdup(user_name); - if (!tmp_princ_name) { - st = ENOMEM; - goto cleanup; - } - tmp = tmp_princ_name; - - princ_name = (char *) malloc (strlen(user_name)); - if (!princ_name) { - st = ENOMEM; - goto cleanup; - } - memset(princ_name, 0, strlen(user_name)); - - l = 0; - while (*tmp_princ_name) { - if ((*tmp_princ_name == '\\') && (*(tmp_princ_name+1) == '@')) { - tmp_princ_name += 1; - } else { - *(princ_name + l) = *tmp_princ_name++; - l++; - } - } - - memset(user_name, 0, strlen(user_name)); - sprintf(user_name, "%s", princ_name); - } - -cleanup: - if (tmp) { - free(tmp); - tmp = NULL; + out = user_name; + for (in = user_name; *in; in++) { + if (*in == '\\' && *(in + 1) == '@') + continue; + *out++ = *in; } + *out = '\0'; - if (princ_name) { - free(princ_name); - princ_name = NULL; - } - - return st; + return 0; } diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 12f0dd360..f9e9dea1d 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -624,7 +624,8 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) if (st == KRB5_KDB_NOENTRY || st == KRB5_KDB_CONSTRAINT_VIOLATION) { int ost = st; st = EINVAL; - sprintf(errbuf, "'%s' not found: ", xargs.containerdn); + snprintf(errbuf, sizeof(errbuf), "'%s' not found: ", + xargs.containerdn); prepend_err_str(context, errbuf, st, ost); } goto cleanup; @@ -641,10 +642,10 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } CHECK_NULL(subtree); - standalone_principal_dn = malloc(strlen("krbprincipalname=") + strlen(user) + strlen(",") + - strlen(subtree) + 1); + if (asprintf(&standalone_principal_dn, "krbprincipalname=%s,%s", + user, subtree) < 0) + standalone_principal_dn = NULL; CHECK_NULL(standalone_principal_dn); - sprintf(standalone_principal_dn, "krbprincipalname=%s,%s", user, subtree); /* * free subtree when you are done using the subtree * set the boolean create_standalone_prinicipal to TRUE @@ -1072,7 +1073,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) /* a load operation must replace an existing entry */ st = ldap_delete_ext_s(ld, standalone_principal_dn, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal delete failed (trying to replace entry): %s", + snprintf(errbuf, sizeof(errbuf), "Principal delete failed (trying to replace entry): %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); @@ -1082,7 +1083,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) } } if (st != LDAP_SUCCESS) { - sprintf(errbuf, "Principal add failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "Principal add failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_ADD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; @@ -1119,7 +1120,7 @@ krb5_ldap_put_principal(context, entries, nentries, db_args) st = ldap_modify_ext_s(ld, principal_dn, mods, NULL, NULL); if (st != LDAP_SUCCESS) { - sprintf(errbuf, "User modification failed: %s", ldap_err2string(st)); + snprintf(errbuf, sizeof(errbuf), "User modification failed: %s", ldap_err2string(st)); st = translate_ldap_error (st, OP_MOD); krb5_set_error_message(context, st, "%s", errbuf); goto cleanup; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index fd410e2b1..d41ffa329 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -288,7 +288,7 @@ krb5_ldap_delete_realm (context, lrealm) assert (sizeof (filter) >= sizeof ("(krbprincipalname=)") + strlen (realm) + 2 /* "*@" */ + 1); - sprintf (filter, "(krbprincipalname=*@%s)", realm); + snprintf (filter, sizeof(filter), "(krbprincipalname=*@%s)", realm); free (realm); /* LDAP_SEARCH(NULL, LDAP_SCOPE_SUBTREE, filter, attr); */ @@ -643,8 +643,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldkdcservers[i]; ++i) if ((st=deleteAttribute(ld, oldkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error removing 'krbRealmReferences' from %s: ", - oldkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from %s: ", + oldkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -654,8 +654,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newkdcservers[i]; ++i) if ((st=updateAttribute(ld, newkdcservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - newkdcservers[i]); + snprintf (errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newkdcservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -680,8 +680,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldadminservers[i]; ++i) if ((st=deleteAttribute(ld, oldadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -691,8 +691,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newadminservers[i]; ++i) if ((st=updateAttribute(ld, newadminservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newadminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newadminservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -716,8 +716,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; oldpasswdservers[i]; ++i) if ((st=deleteAttribute(ld, oldpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error removing 'krbRealmReferences' from " - "%s: ", oldpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error removing 'krbRealmReferences' from " + "%s: ", oldpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -727,8 +727,8 @@ krb5_ldap_modify_realm(context, rparams, mask) for (i=0; newpasswdservers[i]; ++i) if ((st=updateAttribute(ld, newpasswdservers[i], "krbRealmReferences", rparams->realmdn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - newpasswdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + newpasswdservers[i]); prepend_err_str (context, errbuf, st, st); goto cleanup; } @@ -995,9 +995,10 @@ krb5_ldap_create_realm(context, rparams, mask) realm_name = rparams->realm_name; - dn = malloc(strlen("cn=") + strlen(realm_name) + strlen(ldap_context->krbcontainer->DN) + 2); + if (asprintf(&dn, "cn=%s,%s", realm_name, + ldap_context->krbcontainer->DN) < 0) + dn = NULL; CHECK_NULL(dn); - sprintf(dn, "cn=%s,%s", realm_name, ldap_context->krbcontainer->DN); strval[0] = realm_name; strval[1] = NULL; @@ -1136,8 +1137,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_KDCSERVERS) for (i=0; rparams->kdcservers[i]; ++i) if ((st=updateAttribute(ld, rparams->kdcservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->kdcservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->kdcservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1147,8 +1148,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_ADMINSERVERS) for (i=0; rparams->adminservers[i]; ++i) if ((st=updateAttribute(ld, rparams->adminservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->adminservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->adminservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1158,8 +1159,8 @@ krb5_ldap_create_realm(context, rparams, mask) if (mask & LDAP_REALM_PASSWDSERVERS) for (i=0; rparams->passwdservers[i]; ++i) if ((st=updateAttribute(ld, rparams->passwdservers[i], "krbRealmReferences", dn)) != 0) { - sprintf(errbuf, "Error adding 'krbRealmReferences' to %s: ", - rparams->passwdservers[i]); + snprintf(errbuf, sizeof(errbuf), "Error adding 'krbRealmReferences' to %s: ", + rparams->passwdservers[i]); prepend_err_str (context, errbuf, st, st); /* delete Realm, status ignored intentionally */ ldap_delete_ext_s(ld, dn, NULL, NULL); @@ -1242,12 +1243,11 @@ krb5_ldap_read_realm_params(context, lrealm, rlparamp, mask) krbcontDN = ldap_context->krbcontainer->DN; - rlparams->realmdn = (char *) malloc(strlen("cn=") + strlen(lrealm) + strlen(krbcontDN) + 2); - if (rlparams->realmdn == NULL) { + if (asprintf(&rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN) < 0) { + rlparams->realmdn = NULL; st = ENOMEM; goto cleanup; } - sprintf(rlparams->realmdn, "cn=%s,%s", lrealm, krbcontDN); /* populate the realm name in the structure */ rlparams->realm_name = strdup(lrealm); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c index aed6de8c4..23bb3dbeb 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_rights.c @@ -322,12 +322,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt for (i=0; strcmp(security_container[i][0], "") != 0; i++) { - seccontacls[0] = (char *)malloc(strlen(security_container[i][0]) + - strlen(serviceobjdn) + - strlen(security_container[i][1]) + 1); - - sprintf(seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, - security_container[i][1]); + asprintf(&seccontacls[0], "%s%s%s", security_container[i][0], serviceobjdn, + security_container[i][1]); seccontclass.mod_values = seccontacls; seccontarr[0] = &seccontclass; @@ -351,10 +347,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt krbcontclass.mod_type = "ACL"; for (i=0; strcmp(kerberos_container[i][0], "") != 0; i++) { - krbcontacls[0] = (char *)malloc(strlen(kerberos_container[i][0]) + strlen(serviceobjdn) - + strlen(kerberos_container[i][1]) + 1); - sprintf(krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, - kerberos_container[i][1]); + asprintf(&krbcontacls[0], "%s%s%s", kerberos_container[i][0], serviceobjdn, + kerberos_container[i][1]); krbcontclass.mod_values = krbcontacls; krbcontarr[0] = &krbcontclass; @@ -373,20 +367,15 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } /* Construct the realm dn from realm name */ - realmdn = (char *)malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op = LDAP_MOD_ADD; realmclass.mod_type = "ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *)malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -405,11 +394,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -428,11 +414,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "")!=0; i++) { - realmacls[0] = (char *) malloc(strlen(pwdrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values = realmacls; realmarr[0] = &realmclass; @@ -462,11 +445,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) + - strlen(serviceobjdn) + - strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -488,11 +468,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -514,11 +491,8 @@ krb5_ldap_add_service_rights(context, servicetype, serviceobjdn, realmname, subt } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *)malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values = subtreeacls; subtreearr[0] = &subtreeclass; @@ -632,21 +606,15 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s /* Set the rights for the realm */ if (mask & LDAP_REALM_RIGHTS) { - /* Construct the realm dn from realm name */ - realmdn = (char *) malloc(strlen("cn=") + strlen(realmname) + - strlen(ldap_context->krbcontainer->DN) + 2); - sprintf(realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); + asprintf(&realmdn,"cn=%s,%s", realmname, ldap_context->krbcontainer->DN); realmclass.mod_op=LDAP_MOD_DELETE; realmclass.mod_type="ACL"; if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(kdcrights_realmcontainer[i][0]) - + strlen(serviceobjdn) + - strlen(kdcrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, - kdcrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", kdcrights_realmcontainer[i][0], serviceobjdn, + kdcrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -665,11 +633,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0] = (char *) malloc(strlen(adminrights_realmcontainer[i][0]) + - strlen(serviceobjdn) + - strlen(adminrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, - adminrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", adminrights_realmcontainer[i][0], serviceobjdn, + adminrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -688,11 +653,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_realmcontainer[i][0], "") != 0; i++) { - realmacls[0]=(char *)malloc(strlen(pwdrights_realmcontainer[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_realmcontainer[i][1]) + 1); - sprintf(realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, - pwdrights_realmcontainer[i][1]); + asprintf(&realmacls[0], "%s%s%s", pwdrights_realmcontainer[i][0], serviceobjdn, + pwdrights_realmcontainer[i][1]); realmclass.mod_values= realmacls; realmarr[0]=&realmclass; @@ -723,11 +685,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s if (servicetype == LDAP_KDC_SERVICE) { for (i=0; strcmp(kdcrights_subtree[i][0], "")!=0; i++) { - subtreeacls[0] = (char *) malloc(strlen(kdcrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(kdcrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, - kdcrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", kdcrights_subtree[i][0], serviceobjdn, + kdcrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -748,11 +707,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_ADMIN_SERVICE) { for (i=0; strcmp(adminrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(adminrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(adminrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, - adminrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", adminrights_subtree[i][0], serviceobjdn, + adminrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; @@ -773,11 +729,8 @@ krb5_ldap_delete_service_rights(context, servicetype, serviceobjdn, realmname, s } } else if (servicetype == LDAP_PASSWD_SERVICE) { for (i=0; strcmp(pwdrights_subtree[i][0], "") != 0; i++) { - subtreeacls[0] = (char *) malloc(strlen(pwdrights_subtree[i][0]) - + strlen(serviceobjdn) - + strlen(pwdrights_subtree[i][1]) + 1); - sprintf(subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, - pwdrights_subtree[i][1]); + asprintf(&subtreeacls[0], "%s%s%s", pwdrights_subtree[i][0], serviceobjdn, + pwdrights_subtree[i][1]); subtreeclass.mod_values= subtreeacls; subtreearr[0]=&subtreeclass; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index f3cf219ca..3c2fbacca 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -198,7 +198,7 @@ tohex(in, ret) ret->data[ret->length] = 0; for (i = 0; i < in.length; i++) - sprintf(ret->data + 2 * i, "%02x", in.data[i] & 0xff); + snprintf(ret->data + 2 * i, 3, "%02x", in.data[i] & 0xff); cleanup: diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c index 3bd5e9049..11f78efb1 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_services.c @@ -148,8 +148,9 @@ krb5_ldap_create_service(context, service, mask) for (i=0; service->krbrealmreferences[i]; ++i) { if ((st=updateAttribute(ld, service->krbrealmreferences[i], realmattr, service->servicedn)) != 0) { - sprintf (errbuf, "Error adding 'krbRealmReferences' to %s: ", - service->krbrealmreferences[i]); + snprintf (errbuf, sizeof(errbuf), + "Error adding 'krbRealmReferences' to %s: ", + service->krbrealmreferences[i]); prepend_err_str (context, errbuf, st, st); /* delete service object, status ignored intentionally */ ldap_delete_ext_s(ld, service->servicedn, NULL, NULL); diff --git a/src/plugins/locate/python/py-locate.c b/src/plugins/locate/python/py-locate.c index 4e9961265..36ddaedad 100644 --- a/src/plugins/locate/python/py-locate.c +++ b/src/plugins/locate/python/py-locate.c @@ -261,7 +261,7 @@ lookup (void *blob, enum locate_service_type svc, const char *realm, if (PyString_Check (field)) { portstr = PyString_AsString (field); } else if (PyInt_Check (field)) { - sprintf(portbuf, "%ld", PyInt_AsLong (field)); + snprintf(portbuf, sizeof(portbuf), "%ld", PyInt_AsLong (field)); portstr = portbuf; } else { krb5_set_error_message(blob, -1, diff --git a/src/plugins/preauth/cksum_body/cksum_body_main.c b/src/plugins/preauth/cksum_body/cksum_body_main.c index 66b1620b4..523951351 100644 --- a/src/plugins/preauth/cksum_body/cksum_body_main.c +++ b/src/plugins/preauth/cksum_body/cksum_body_main.c @@ -535,8 +535,9 @@ server_verify(krb5_context kcontext, my_authz_data[0]->ad_type = 1; my_authz_data[0]->length = AD_ALLOC_SIZE; memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header)); - sprintf(my_authz_data[0]->contents + sizeof(ad_header), - "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); + snprintf(my_authz_data[0]->contents + sizeof(ad_header), + AD_ALLOC_SIZE - sizeof(ad_header), + "cksum authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); *authz_data = my_authz_data; #ifdef DEBUG fprintf(stderr, "Returning %d bytes of authorization data\n", diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 2c1ec38a7..15bbbb85c 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -5613,6 +5613,6 @@ pkinit_pkcs11_code_to_text(int err) break; if (pkcs11_errstrings[i].text != NULL) return (pkcs11_errstrings[i].text); - sprintf(uc, "unknown code 0x%x", err); + snprintf(uc, sizeof(uc), "unknown code 0x%x", err); return (uc); } diff --git a/src/plugins/preauth/wpse/wpse_main.c b/src/plugins/preauth/wpse/wpse_main.c index 22dfd1322..655f2b949 100644 --- a/src/plugins/preauth/wpse/wpse_main.c +++ b/src/plugins/preauth/wpse/wpse_main.c @@ -333,8 +333,9 @@ server_verify(krb5_context kcontext, my_authz_data[0]->ad_type = 1; my_authz_data[0]->length = AD_ALLOC_SIZE; memcpy(my_authz_data[0]->contents, ad_header, sizeof(ad_header)); - sprintf(my_authz_data[0]->contents + sizeof(ad_header), - "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); + snprintf(my_authz_data[0]->contents + sizeof(ad_header), + AD_ALLOC_SIZE - sizeof(ad_header), + "wpse authorization data: %d bytes worth!\n", AD_ALLOC_SIZE); *authz_data = my_authz_data; #ifdef DEBUG fprintf(stderr, "Returning %d bytes of authorization data\n", diff --git a/src/slave/kprop.c b/src/slave/kprop.c index a2542363e..5f68f29e8 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -241,7 +241,7 @@ void get_tickets(context) * Initialize cache file which we're going to be using */ (void) mktemp(tkstring); - sprintf(buf, "FILE:%s", tkstring); + snprintf(buf, sizeof(buf), "FILE:%s", tkstring); retval = krb5_cc_resolve(context, buf, &ccache); if (retval) { @@ -337,7 +337,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz) hp = gethostbyname(host); if (hp == NULL) { - (void) sprintf(Errmsg, "%s: unknown host", host); + (void) snprintf(Errmsg, ErrmsgSz, "%s: unknown host", host); *fd = -1; return(0); } @@ -355,13 +355,13 @@ open_connection(host, fd, Errmsg, ErrmsgSz) s = socket(AF_INET, SOCK_STREAM, 0); if (s < 0) { - (void) sprintf(Errmsg, "in call to socket"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to socket"); return(errno); } if (connect(s, (struct sockaddr *)&my_sin, sizeof my_sin) < 0) { retval = errno; close(s); - (void) sprintf(Errmsg, "in call to connect"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to connect"); return(retval); } *fd = s; @@ -379,7 +379,7 @@ open_connection(host, fd, Errmsg, ErrmsgSz) if (getsockname(s, (struct sockaddr *)&my_sin, &socket_length) < 0) { retval = errno; close(s); - (void) sprintf(Errmsg, "in call to getsockname"); + (void) snprintf(Errmsg, ErrmsgSz, "in call to getsockname"); return(retval); } sender_addr.addrtype = ADDRTYPE_INET; @@ -597,7 +597,7 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, retval = krb5_mk_priv(context, auth_context, &inbuf, &outbuf, NULL); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while encoding database block starting at %d", sent_size); com_err(progname, retval, buf); diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c index bee5db0b1..2de921255 100644 --- a/src/slave/kpropd.c +++ b/src/slave/kpropd.c @@ -1432,7 +1432,7 @@ recv_database(context, fd, database_fd, confmsg) while (received_size < database_size) { retval = krb5_read_message(context, (void *) &fd, &inbuf); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while reading database block starting at offset %d", received_size); com_err(progname, retval, buf); @@ -1444,7 +1444,7 @@ recv_database(context, fd, database_fd, confmsg) retval = krb5_rd_priv(context, auth_context, &inbuf, &outbuf, NULL); if (retval) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while decoding database block starting at offset %d", received_size); com_err(progname, retval, buf); @@ -1456,12 +1456,12 @@ recv_database(context, fd, database_fd, confmsg) krb5_free_data_contents(context, &inbuf); krb5_free_data_contents(context, &outbuf); if (n < 0) { - sprintf(buf, + snprintf(buf, sizeof(buf), "while writing database block starting at offset %d", received_size); send_error(context, fd, errno, buf); } else if (n != outbuf.length) { - sprintf(buf, + snprintf(buf, sizeof(buf), "incomplete write while writing database block starting at \noffset %d (%d written, %d expected)", received_size, n, outbuf.length); send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); @@ -1472,7 +1472,7 @@ recv_database(context, fd, database_fd, confmsg) * OK, we've seen the entire file. Did we get too many bytes? */ if (received_size > database_size) { - sprintf(buf, + snprintf(buf, sizeof(buf), "Received %d bytes, expected %d bytes for database file", received_size, database_size); send_error(context, fd, KRB5KRB_ERR_GENERIC, buf); @@ -1521,8 +1521,8 @@ send_error(context, fd, err_code, err_text) if (error.error > 127) { error.error = KRB_ERR_GENERIC; if (err_text) { - sprintf(buf, "%s %s", error_message(err_code), - err_text); + snprintf(buf, sizeof(buf), "%s %s", + error_message(err_code), err_text); text = buf; } } @@ -1674,12 +1674,10 @@ kadm5_get_kiprop_host_srv_name(krb5_context context, host = params.admin_server; /* XXX */ - name = malloc(strlen(KADM5_KIPROP_HOST_SERVICE) + strlen(host) + 2); - if (name == NULL) { + if (asprintf(&name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host) < 0) { free(host); return (ENOMEM); } - sprintf(name, "%s/%s", KADM5_KIPROP_HOST_SERVICE, host); *host_service_name = name; return (KADM5_OK); diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index 3abef65db..12f4587b8 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -96,6 +96,7 @@ main(argc, argv) int num_to_create; char principal_string[BUFSIZ]; char *suffix = 0; + size_t suffix_size; int depth; krb5_init_context(&test_context); @@ -121,6 +122,8 @@ main(argc, argv) strncpy(principal_string, optarg, sizeof(principal_string) - 1); principal_string[sizeof(principal_string) - 1] = '\0'; suffix = principal_string + strlen(principal_string); + suffix_size = sizeof(principal_string) - + (suffix - principal_string); break; case 'n': /* how many to create */ num_to_create = atoi(optarg); @@ -175,14 +178,15 @@ main(argc, argv) /* build the new principal name */ /* we can't pick random names because we need to generate all the names again given a prefix and count to test the db lib and kdb */ - (void) sprintf(suffix, "%d", n); - (void) sprintf(tmp, "%s-DEPTH-1", principal_string); + (void) snprintf(suffix, suffix_size, "%d", n); + (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string); tmp[sizeof(tmp) - 1] = '\0'; str_newprinc = tmp; add_princ(test_context, str_newprinc); for (i = 2; i <= depth; i++) { - (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); + (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d", + principal_string, i); tmp2[sizeof(tmp2) - 1] = '\0'; strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp)); str_newprinc = tmp; @@ -215,7 +219,7 @@ add_princ(context, str_newprinc) char princ_name[4096]; memset((char *)&newentry, 0, sizeof(newentry)); - sprintf(princ_name, "%s@%s", str_newprinc, cur_realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", str_newprinc, cur_realm); if ((retval = krb5_parse_name(context, princ_name, &newprinc))) { com_err(progname, retval, "while parsing '%s'", princ_name); return; @@ -375,12 +379,10 @@ char *dbname; } /* Pathname is passed to db2 via 'args' parameter. */ args[1] = NULL; - args[0] = malloc(sizeof("dbname=") + strlen(dbname)); - if (args[0] == NULL) { + if (asprintf(&args[0], "dbname=%s", dbname) < 0) { com_err(pname, errno, "while setting up db parameters"); return 1; } - sprintf(args[0], "dbname=%s", dbname); if ((retval = krb5_db_open(test_context, args, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); diff --git a/src/tests/gss-threads/gss-client.c b/src/tests/gss-threads/gss-client.c index 25c9d63ee..08bac92ca 100644 --- a/src/tests/gss-threads/gss-client.c +++ b/src/tests/gss-threads/gss-client.c @@ -66,6 +66,7 @@ #include "gss-misc.h" #include "port-sockets.h" #include "fake-addrinfo.h" +#include "k5-platform.h" static int verbose = 1; @@ -606,12 +607,10 @@ static void parse_oid(char *mechanism, gss_OID *oid) OM_uint32 maj_stat, min_stat; if (isdigit((int) mechanism[0])) { - mechstr = malloc(strlen(mechanism)+5); - if (!mechstr) { + if (asprintf(&mechstr, "{ %s }", mechanism) < 0) { fprintf(stderr, "Couldn't allocate mechanism scratch!\n"); return; } - sprintf(mechstr, "{ %s }", mechanism); for (cp = mechstr; *cp; cp++) if (*cp == '.') *cp = ' '; diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c index 5fd8d1c51..b1f5c179d 100644 --- a/src/tests/hammer/kdc5_hammer.c +++ b/src/tests/hammer/kdc5_hammer.c @@ -217,12 +217,12 @@ main(argc, argv) again given a prefix and count to test the db lib and kdb */ ctmp[0] = '\0'; for (i = 1; i <= depth; i++) { - (void) sprintf(ctmp2, "%s%s%d-DEPTH-%d", (i != 1) ? "/" : "", - prefix, n, i); + (void) snprintf(ctmp2, sizeof(ctmp2), "%s%s%d-DEPTH-%d", + (i != 1) ? "/" : "", prefix, n, i); ctmp2[sizeof(ctmp2) - 1] = '\0'; strncat(ctmp, ctmp2, sizeof(ctmp) - 1 - strlen(ctmp)); ctmp[sizeof(ctmp) - 1] = '\0'; - sprintf(client, "%s@%s", ctmp, cur_realm); + snprintf(client, sizeof(client), "%s@%s", ctmp, cur_realm); if (get_tgt (test_context, client, &client_princ, ccache)) { errors++; @@ -233,12 +233,12 @@ main(argc, argv) stmp[0] = '\0'; for (j = 1; j <= depth; j++) { - (void) sprintf(stmp2, "%s%s%d-DEPTH-%d", (j != 1) ? "/" : "", - prefix, n, j); + (void) snprintf(stmp2, sizeof(stmp2), "%s%s%d-DEPTH-%d", + (j != 1) ? "/" : "", prefix, n, j); stmp2[sizeof (stmp2) - 1] = '\0'; strncat(stmp, stmp2, sizeof(stmp) - 1 - strlen(stmp)); stmp[sizeof(stmp) - 1] = '\0'; - sprintf(server, "%s@%s", stmp, cur_realm); + snprintf(server, sizeof(server), "%s@%s", stmp, cur_realm); if (verify_cs_pair(test_context, client, client_princ, stmp, cur_realm, n, i, j, ccache)) errors++; @@ -343,9 +343,7 @@ int verify_cs_pair(context, p_client_str, p_client, service, hostname, memset((char *)&creds, 0, sizeof(creds)); /* Do client side */ - sname = (char *) malloc(strlen(service)+strlen(hostname)+2); - if (sname) { - sprintf(sname, "%s@%s", service, hostname); + if (asprintf(&sname, "%s@%s", service, hostname) >= 0) { retval = krb5_parse_name(context, sname, &creds.server); free(sname); } diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c index 42e4dd62a..dff8df1dd 100644 --- a/src/tests/resolve/addrinfo-test.c +++ b/src/tests/resolve/addrinfo-test.c @@ -71,7 +71,7 @@ static const char *protoname (int p) { X(COMP); #endif - sprintf(buf, " %-2d", p); + snprintf(buf, sizeof(buf), " %-2d", p); return buf; } @@ -84,7 +84,7 @@ static const char *socktypename (int t) { case SOCK_RDM: return "RDM"; case SOCK_SEQPACKET: return "SEQPACKET"; } - sprintf(buf, " %-2d", t); + snprintf(buf, sizeof(buf), " %-2d", t); return buf; } @@ -125,7 +125,7 @@ static const char *familyname (int f) { static char buf[30]; switch (f) { default: - sprintf(buf, "AF %d", f); + snprintf(buf, sizeof(buf), "AF %d", f); return buf; case AF_INET: return "AF_INET"; #ifdef AF_INET6 diff --git a/src/tests/shlib/t_loader.c b/src/tests/shlib/t_loader.c index cdc255055..6b2b1b7a5 100644 --- a/src/tests/shlib/t_loader.c +++ b/src/tests/shlib/t_loader.c @@ -109,7 +109,7 @@ static void do_close_1(void *libhandle, int line) { if (verbose) { char pbuf[3*sizeof(libhandle)+4]; - sprintf(pbuf, "%p", libhandle); + snprintf(pbuf, sizeof(pbuf), "%p", libhandle); printf("from line %d: do_close(%s)...%*s", line, pbuf, HORIZ-1-strlen(pbuf), ""); } diff --git a/src/tests/threads/t_rcache.c b/src/tests/threads/t_rcache.c index 5d817defb..06f4d3b19 100644 --- a/src/tests/threads/t_rcache.c +++ b/src/tests/threads/t_rcache.c @@ -58,12 +58,14 @@ static void try_one (struct tinfo *t) char buf[100], buf2[100]; krb5_rcache my_rcache; - sprintf(buf, "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU", buf); + snprintf(buf, sizeof(buf), "host/all-in-one.mit.edu/%p@ATHENA.MIT.EDU", + buf); r.server = buf; r.client = (t->my_cusec & 7) + "abcdefgh@ATHENA.MIT.EDU"; if (t->now != t->my_ctime) { if (t->my_ctime != 0) { - sprintf(buf2, "%3d: %ld %5d\n", t->idx, t->my_ctime, t->my_cusec); + snprintf(buf2, sizeof(buf2), "%3d: %ld %5d\n", t->idx, + t->my_ctime, t->my_cusec); printf("%s", buf2); } t->my_ctime = t->now; diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c index b6d7b2332..92a375b55 100644 --- a/src/tests/verify/kdb5_verify.c +++ b/src/tests/verify/kdb5_verify.c @@ -97,6 +97,7 @@ main(argc, argv) int num_to_check; char principal_string[BUFSIZ]; char *suffix = 0; + size_t suffix_size; int depth, errors; krb5_init_context(&context); @@ -122,6 +123,8 @@ main(argc, argv) strncpy(principal_string, optarg, sizeof(principal_string) - 1); principal_string[sizeof(principal_string) - 1] = '\0'; suffix = principal_string + strlen(principal_string); + suffix_size = sizeof(principal_string) - + (suffix - principal_string); break; case 'n': /* how many to check */ num_to_check = atoi(optarg); @@ -182,13 +185,14 @@ main(argc, argv) /* build the new principal name */ /* we can't pick random names because we need to generate all the names again given a prefix and count to test the db lib and kdb */ - (void) sprintf(suffix, "%d", n); - (void) sprintf(tmp, "%s-DEPTH-1", principal_string); + (void) snprintf(suffix, suffix_size, "%d", n); + (void) snprintf(tmp, sizeof(tmp), "%s-DEPTH-1", principal_string); str_princ = tmp; if (check_princ(context, str_princ)) errors++; for (i = 2; i <= depth; i++) { - (void) sprintf(tmp2, "/%s-DEPTH-%d", principal_string, i); + (void) snprintf(tmp2, sizeof(tmp2), "/%s-DEPTH-%d", + principal_string, i); tmp2[sizeof(tmp2) - 1] = '\0'; strncat(tmp, tmp2, sizeof(tmp) - 1 - strlen(tmp)); str_princ = tmp; @@ -234,7 +238,7 @@ check_princ(context, str_princ) /* char *str_mod_name; */ char princ_name[4096]; - sprintf(princ_name, "%s@%s", str_princ, cur_realm); + snprintf(princ_name, sizeof(princ_name), "%s@%s", str_princ, cur_realm); fprintf(stderr, "\t%s ...\n", princ_name); @@ -405,12 +409,10 @@ set_dbname_help(context, pname, dbname) } /* Pathname is passed to db2 via 'args' parameter. */ args[1] = NULL; - args[0] = malloc(sizeof("dbname=") + strlen(dbname)); - if (args[0] == NULL) { + if (asprintf(&args[0], "dbname=%s", dbname) < 0) { com_err(pname, errno, "while setting up db parameters"); return 1; } - sprintf(args[0], "dbname=%s", dbname); if ((retval = krb5_db_open(context, args, KRB5_KDB_OPEN_RO))) { com_err(pname, retval, "while initializing database"); diff --git a/src/util/et/t_com_err.c b/src/util/et/t_com_err.c index 2cba3cfdc..5c4a4609b 100644 --- a/src/util/et/t_com_err.c +++ b/src/util/et/t_com_err.c @@ -15,14 +15,14 @@ try_one (errcode_t code, int known, int table, int msgno) const char *msg = error_message (code); char buffy[1024]; - sprintf (buffy, "error table %d message %d", table, msgno); + snprintf (buffy, sizeof(buffy), "error table %d message %d", table, msgno); if (0 == strcmp (buffy, msg)) { if (!known) { known_err++; } return; } - sprintf (buffy, "Unknown code et%d %d", table, msgno); + snprintf (buffy, sizeof(buffy), "Unknown code et%d %d", table, msgno); if (!strcmp (buffy, msg)) { if (known) known_err++; diff --git a/src/util/ss/utils.c b/src/util/ss/utils.c index 7f4e9214a..d24033333 100644 --- a/src/util/ss/utils.c +++ b/src/util/ss/utils.c @@ -70,9 +70,8 @@ gensym(name) { char *symbol; - symbol = malloc((strlen(name)+6) * sizeof(char)); gensym_n++; - sprintf(symbol, "%s%05ld", name, gensym_n); + asprintf(&symbol, "%s%05ld", name, gensym_n); return(symbol); } diff --git a/src/util/support/fake-addrinfo.c b/src/util/support/fake-addrinfo.c index 8ebf19564..4b628bb67 100644 --- a/src/util/support/fake-addrinfo.c +++ b/src/util/support/fake-addrinfo.c @@ -102,7 +102,7 @@ #include "k5-thread.h" #include "supp-int.h" -#include /* for sprintf */ +#include #include #define IMPLEMENT_FAKE_GETADDRINFO @@ -354,7 +354,7 @@ system_getnameinfo (const struct sockaddr *sa, socklen_t salen, #if (!defined (HAVE_GETADDRINFO) || defined (WRAP_GETADDRINFO)) && defined(DEBUG_ADDRINFO) /* Some debug routines. */ -static const char *protoname (int p, char *buf) { +static const char *protoname (int p, char *buf, size_t bufsize) { #define X(N) if (p == IPPROTO_ ## N) return #N X(TCP); @@ -373,11 +373,11 @@ static const char *protoname (int p, char *buf) { X(IGMP); #endif - sprintf(buf, " %-2d", p); + snprintf(buf, bufsize, " %-2d", p); return buf; } -static const char *socktypename (int t, char *buf) { +static const char *socktypename (int t, char *buf, size_t bufsize) { switch (t) { case SOCK_DGRAM: return "DGRAM"; case SOCK_STREAM: return "STREAM"; @@ -385,14 +385,14 @@ static const char *socktypename (int t, char *buf) { case SOCK_RDM: return "RDM"; case SOCK_SEQPACKET: return "SEQPACKET"; } - sprintf(buf, " %-2d", t); + snprintf(buf, bufsize, " %-2d", t); return buf; } -static const char *familyname (int f, char *buf) { +static const char *familyname (int f, char *buf, size_t bufsize) { switch (f) { default: - sprintf(buf, "AF %d", f); + snprintf(buf, bufsize, "AF %d", f); return buf; case AF_INET: return "AF_INET"; case AF_INET6: return "AF_INET6"; @@ -422,11 +422,14 @@ static void debug_dump_getaddrinfo_args (const char *name, const char *serv, if (sep[0] == 0) fprintf(stderr, "no-flags"); if (hint->ai_family) - fprintf(stderr, " %s", familyname(hint->ai_family, buf)); + fprintf(stderr, " %s", familyname(hint->ai_family, buf, + sizeof(buf))); if (hint->ai_socktype) - fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf)); + fprintf(stderr, " SOCK_%s", socktypename(hint->ai_socktype, buf, + sizeof(buf))); if (hint->ai_protocol) - fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf)); + fprintf(stderr, " IPPROTO_%s", protoname(hint->ai_protocol, buf, + sizeof(buf))); } else fprintf(stderr, "(null)"); fprintf(stderr, " }):\n"); @@ -444,11 +447,13 @@ static void debug_dump_addrinfos (const struct addrinfo *ai) fprintf(stderr, "addrinfos returned:\n"); while (ai) { fprintf(stderr, "%p...", ai); - fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf)); - fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf)); + fprintf(stderr, " socktype=%s", socktypename(ai->ai_socktype, buf, + sizeof(buf))); + fprintf(stderr, " ai_family=%s", familyname(ai->ai_family, buf, + sizeof(buf))); if (ai->ai_family != ai->ai_addr->sa_family) fprintf(stderr, " sa_family=%s", - familyname(ai->ai_addr->sa_family, buf)); + familyname(ai->ai_addr->sa_family, buf, sizeof(buf))); fprintf(stderr, "\n"); ai = ai->ai_next; count++; @@ -960,7 +965,8 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, char tmpbuf[20]; numeric_host: uc = (const unsigned char *) &sinp->sin_addr; - sprintf(tmpbuf, "%d.%d.%d.%d", uc[0], uc[1], uc[2], uc[3]); + snprintf(tmpbuf, sizeof(tmpbuf), "%d.%d.%d.%d", + uc[0], uc[1], uc[2], uc[3]); strncpy(host, tmpbuf, hlen); #else char *p; @@ -996,7 +1002,7 @@ fake_getnameinfo (const struct sockaddr *sa, socklen_t len, port = ntohs (sinp->sin_port); if (port < 0 || port > 65535) return EAI_FAIL; - sprintf (numbuf, "%d", port); + snprintf (numbuf, sizeof(numbuf), "%d", port); strncpy (service, numbuf, slen); } else { int serr; diff --git a/src/util/support/init-addrinfo.c b/src/util/support/init-addrinfo.c index 4c94dc743..186950fb8 100644 --- a/src/util/support/init-addrinfo.c +++ b/src/util/support/init-addrinfo.c @@ -50,7 +50,7 @@ #include "k5-platform.h" #include "k5-thread.h" -#include /* for sprintf */ +#include #include #define IMPLEMENT_FAKE_GETADDRINFO