From: Ken Raeburn Date: Thu, 12 Jul 2007 23:34:21 +0000 (+0000) Subject: Avoid unchecked sprintf in some KDC-side programs X-Git-Tag: krb5-1.7-alpha1~1007 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=26ac11d6e59847a0ad1c30019f85abec23220a5d;p=krb5.git Avoid unchecked sprintf in some KDC-side programs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19705 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index ed5110048..06e3cdb61 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -153,7 +153,7 @@ check_min_life(void *server_handle, krb5_principal principal, } else { if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') *ptr = '\0'; - sprintf(msg_ret, errstr, time_string); + snprintf(msg_ret, msg_len, errstr, time_string); } } diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index a3ce42189..be5580db5 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -467,7 +467,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "%s: Cannot bind socket.\n", whoami); fprintf(stderr, "bind: %s\n", e_txt); errno = oerrno; - sprintf(portbuf, "%d", ntohs(addr.sin_port)); + snprintf(portbuf, sizeof(portbuf), "%d", ntohs(addr.sin_port)); krb5_klog_syslog(LOG_ERR, "cannot bind simple chpw socket: %s", e_txt); if(oerrno == EADDRINUSE) { @@ -924,14 +924,12 @@ char *build_princ_name(char *name, char *realm) { char *fullname; - fullname = (char *) malloc(strlen(name) + 1 + - (realm ? strlen(realm) + 1 : 0)); - if (fullname == NULL) - return NULL; - if (realm) - sprintf(fullname, "%s@%s", name, realm); - else - strcpy(fullname, name); + if (realm) { + if (asprintf(&fullname, "%s@%s", name, realm) < 0) + fullname = NULL; + } else + fullname = strdup(name); + return fullname; } diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index e974beb7b..3d1d47955 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -80,8 +80,8 @@ process_chpw_request(context, server_handle, realm, s, keytab, sockin, if (vno != 1) { ret = KRB5KDC_ERR_BAD_PVNO; numresult = KRB5_KPASSWD_BAD_VERSION; - sprintf(strresult, - "Request contained unknown protocol version number %d", vno); + snprintf(strresult, sizeof(strresult), + "Request contained unknown protocol version number %d", vno); goto chpwfail; } diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index 2a28f4fa6..82154d6cd 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -1523,9 +1523,9 @@ ktypes2str(char *s, size_t len, int nktypes, krb5_enctype *ktype) return; } - sprintf(s, "%d etypes {", nktypes); + snprintf(s, len, "%d etypes {", nktypes); for (i = 0; i < nktypes; i++) { - sprintf(stmp, "%s%ld", i ? " " : "", (long)ktype[i]); + snprintf(stmp, sizeof(stmp), "%s%ld", i ? " " : "", (long)ktype[i]); if (strlen(s) + strlen(stmp) + sizeof("}") > len) break; strcat(s, stmp); @@ -1560,18 +1560,19 @@ rep_etypes2str(char *s, size_t len, krb5_kdc_rep *rep) return; } - sprintf(s, "etypes {rep=%ld", (long)rep->enc_part.enctype); + snprintf(s, len, "etypes {rep=%ld", (long)rep->enc_part.enctype); if (rep->ticket != NULL) { - sprintf(stmp, " tkt=%ld", (long)rep->ticket->enc_part.enctype); + snprintf(stmp, sizeof(stmp), + " tkt=%ld", (long)rep->ticket->enc_part.enctype); strcat(s, stmp); } if (rep->ticket != NULL && rep->ticket->enc_part2 != NULL && rep->ticket->enc_part2->session != NULL) { - sprintf(stmp, " ses=%ld", - (long)rep->ticket->enc_part2->session->enctype); + snprintf(stmp, sizeof(stmp), " ses=%ld", + (long)rep->ticket->enc_part2->session->enctype); strcat(s, stmp); } strcat(s, "}"); diff --git a/src/kdc/kerberos_v4.c b/src/kdc/kerberos_v4.c index d8daa7924..e31826f5e 100644 --- a/src/kdc/kerberos_v4.c +++ b/src/kdc/kerberos_v4.c @@ -293,7 +293,9 @@ static char * v4_klog( int type, const char *format, ...) case L_TKT_REQ: case L_APPL_REQ: strcpy(log_text, "PROCESS_V4:"); - vsprintf(log_text+strlen(log_text), format, pvar); + vsnprintf(log_text+strlen(log_text), + sizeof(log_text) - strlen(log_text), + format, pvar); krb5_klog_syslog(logpri, "%s", log_text); default: /* ignore the other types... */ @@ -327,7 +329,7 @@ hang(void) pause(); */ } else { char buf[256]; - sprintf(buf, + snprintf(buf, sizeof(buf), "Kerberos will wait %d seconds before dying so as not to loop init", (int) pause_int); klog(L_KRB_PERR, buf); @@ -564,7 +566,7 @@ kerb_get_principal(char *name, char *inst, /* could have wild cards */ toggle ^= 1; date = &principal->mod_date, text = principal->mod_date_txt) { tp = localtime( (time_t *) date); - sprintf( text, "%4d-%02d-%02d", + snprintf(text, sizeof(principal->mod_date_txt), "%4d-%02d-%02d", tp->tm_year > 1900 ? tp->tm_year : tp->tm_year + 1900, tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ } diff --git a/src/kdc/main.c b/src/kdc/main.c index e6538d3c3..5540c18a3 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -504,17 +504,13 @@ initialize_realms(krb5_context kcontext, int argc, char **argv) break; case 'd': /* pathname for db */ /* now db_name is not a seperate argument. It has to be passed as part of the db_args */ - if( db_name == NULL ) - { - db_name = malloc(sizeof("dbname=") + strlen(optarg)); - if( db_name == NULL ) - { - fprintf(stderr,"%s: KDC cannot initialize. Not enough memory\n", - argv[0] ); - exit(1); + if( db_name == NULL ) { + if (asprintf(&db_name, "dbname=%s", optarg) < 0) { + fprintf(stderr, + "%s: KDC cannot initialize. Not enough memory\n", + argv[0]); + exit(1); } - - sprintf( db_name, "dbname=%s", optarg); } db_args_size++; diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c index d438171cb..bce659751 100644 --- a/src/plugins/kdb/db2/kdb_db2.c +++ b/src/plugins/kdb/db2/kdb_db2.c @@ -337,9 +337,11 @@ krb5_db2_db_init(krb5_context context) if ((retval = krb5_db2_db_get_age(context, NULL, &db_ctx->db_lf_time))) goto err_out; - sprintf(policy_db_name, db_ctx->tempdb ? "%s~.kadm5" : "%s.kadm5", - db_ctx->db_name); - sprintf(policy_lock_name, "%s.lock", policy_db_name); + snprintf(policy_db_name, sizeof(policy_db_name), + db_ctx->tempdb ? "%s~.kadm5" : "%s.kadm5", + db_ctx->db_name); + snprintf(policy_lock_name, sizeof(policy_lock_name), + "%s.lock", policy_db_name); if ((retval = osa_adb_init_db(&db_ctx->policy_db, policy_db_name, policy_lock_name, OSA_ADB_POLICY_DB_MAGIC))) @@ -720,8 +722,9 @@ krb5_db2_db_create(krb5_context context, char *db_name, krb5_int32 flags) free_dbsuffix(okname); } - sprintf(policy_db_name, "%s.kadm5", db_name2); - sprintf(policy_lock_name, "%s.lock", policy_db_name); + snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", db_name2); + snprintf(policy_lock_name, sizeof(policy_lock_name), + "%s.lock", policy_db_name); retval = osa_adb_create_db(policy_db_name, policy_lock_name, OSA_ADB_POLICY_DB_MAGIC); @@ -851,8 +854,9 @@ krb5_db2_db_destroy(krb5_context context, char *dbname) if (retval1 || retval2) return (retval1 ? retval1 : retval2); - sprintf(policy_db_name, "%s.kadm5", dbname); - sprintf(policy_lock_name, "%s.lock", policy_db_name); + snprintf(policy_db_name, sizeof(policy_db_name), "%s.kadm5", dbname); + snprintf(policy_lock_name, sizeof(policy_lock_name), + "%s.lock", policy_db_name); retval1 = osa_adb_destroy_db(policy_db_name, policy_lock_name, OSA_ADB_POLICY_DB_MAGIC); @@ -1694,8 +1698,9 @@ krb5_db2_db_rename(context, from, to) now. */ char policy[2048], new_policy[2048]; assert (strlen(db_ctx->db_name) < 2000); - sprintf(policy, "%s.kadm5", db_ctx->db_name); - sprintf(new_policy, "%s~.kadm5", db_ctx->db_name); + snprintf(policy, sizeof(policy), "%s.kadm5", db_ctx->db_name); + snprintf(new_policy, sizeof(new_policy), + "%s~.kadm5", db_ctx->db_name); if (0 != rename(new_policy, policy)) { retval = errno; goto errout; diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c index dbdaff9e0..a18eef2cf 100644 --- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c +++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c @@ -414,7 +414,8 @@ tmp() if (envtmp && ((strlen(envtmp)+sizeof(fn)+1) > sizeof(path))) return(-1); - (void)sprintf(path, "%s%s", (envtmp ? envtmp : "/tmp"), fn); + (void)snprintf(path, sizeof(path), + "%s%s", (envtmp ? envtmp : "/tmp"), fn); #ifdef SIG_BLOCK (void)sigfillset(&set);