From: Ken Raeburn <raeburn@mit.edu>
Date: Thu, 12 Jul 2007 23:35:24 +0000 (+0000)
Subject: Use [v]snprintf or asprintf instead of unchecked sprintf and separate allocation... 
X-Git-Tag: krb5-1.7-alpha1~1003
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c67c8d9e788049afcfd76709116172ac26b3c02d;p=krb5.git

Use [v]snprintf or asprintf instead of unchecked sprintf and separate allocation size calculations

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19709 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c
index 71b1b8da4..3cb7b3f97 100644
--- a/src/appl/bsd/v4rcp.c
+++ b/src/appl/bsd/v4rcp.c
@@ -812,8 +812,9 @@ void sink(argc, argv)
 			SCREWUP("size not delimited");
 		if (targisdir) {
 			if (strlen(targ) + strlen(cp) + 1 < sizeof(nambuf)) {
-				(void) sprintf(nambuf, "%s%s%s", targ,
-				    *targ ? "/" : "", cp);
+			    (void) snprintf(nambuf, sizeof(nambuf),
+					    "%s%s%s", targ,
+					    *targ ? "/" : "", cp);
 			} else {
 				SCREWUP("target directory name too long");
 			}
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
index 725075d37..4115b6671 100644
--- a/src/appl/telnet/telnetd/telnetd.c
+++ b/src/appl/telnet/telnetd/telnetd.c
@@ -201,15 +201,18 @@ get_default_IM()
 	static char banner[1024];
 	
 	if (uname(&name) < 0)
-		sprintf(banner, "\r\nError getting hostname: %s\r\n",
-		    strerror(errno));
+	    snprintf(banner, sizeof(banner),
+		     "\r\nError getting hostname: %s\r\n",
+		     strerror(errno));
         else {
 #if defined(_AIX)
-		sprintf(banner, "\r\n    %%h (%s release %s.%s) (%%t)\r\n\r\n",
-		    name.sysname, name.version, name.release);
+	    snprintf(banner, sizeof(banner),
+		     "\r\n    %%h (%s release %s.%s) (%%t)\r\n\r\n",
+		     name.sysname, name.version, name.release);
 #else
-		sprintf(banner, "\r\n    %%h (%s release %s %s) (%%t)\r\n\r\n",
-		    name.sysname, name.release, name.version);
+	    snprintf(banner, sizeof(banner),
+		     "\r\n    %%h (%s release %s %s) (%%t)\r\n\r\n",
+		     name.sysname, name.release, name.version);
 #endif
 	}
 	return banner;
@@ -966,10 +969,10 @@ static void doit(who)
 	if (secflag) {
 		char slave_dev[16];
 /*xxx This code needs to be fixed to work without ptynum; I don't understand why they don't currently use line, so I don't really know how to fix.*/
-		sprintf(tty_dev, "/dev/pty/%03d", ptynum);
+		snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
 		if (setdevs(tty_dev, &dv) < 0)
 		 	fatal(net, "cannot set pty security");
-		sprintf(slave_dev, "/dev/ttyp%03d", ptynum);
+		snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
 		if (setdevs(slave_dev, &dv) < 0)
 		 	fatal(net, "cannot set tty security");
 	}
diff --git a/src/appl/telnet/telnetd/utility.c b/src/appl/telnet/telnetd/utility.c
index a091d0894..4a4c1308e 100644
--- a/src/appl/telnet/telnetd/utility.c
+++ b/src/appl/telnet/telnetd/utility.c
@@ -516,7 +516,7 @@ fatal(f, msg)
 {
 	char buf[BUFSIZ];
 
-	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
+	(void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
 #ifdef	ENCRYPTION
 	if (encrypt_output) {
 		/*
@@ -539,7 +539,7 @@ fatalperror(f, msg)
 {
 	char buf[BUFSIZ], *strerror();
 
-	(void) sprintf(buf, "%s: %s\r\n", msg, strerror(errno));
+	(void) snprintf(buf, sizeof(buf), "%s: %s\r\n", msg, strerror(errno));
 	fatal(f, buf);
 }
 
diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c
index 8037d8536..46d7431a8 100644
--- a/src/clients/kinit/kinit.c
+++ b/src/clients/kinit/kinit.c
@@ -717,9 +717,10 @@ k4_begin(opts, k4)
 	krb_get_lrealm(k4->realm, 1);
 
     if (k4->inst[0])
-	sprintf(k4->name, "%s.%s@%s", k4->aname, k4->inst, k4->realm);
+	snprintf(k4->name, sizeof(k4->name), "%s.%s@%s",
+		 k4->aname, k4->inst, k4->realm);
     else
-	sprintf(k4->name, "%s@%s", k4->aname, k4->realm);
+	snprintf(k4->name, sizeof(k4->name), "%s@%s", k4->aname, k4->realm);
     opts->principal_name = k4->name;
 
  skip:
@@ -982,7 +983,8 @@ k4_kinit(opts, k4, ctx)
 	    krb5_error_code code;
 	    char prompt[1024];
 
-	    sprintf(prompt, "Password for %s", opts->principal_name);
+	    snprintf(prompt, sizeof(prompt),
+		     "Password for %s", opts->principal_name);
 	    stash_password[0] = 0;
 	    /*
 	      Note: krb5_read_password does not actually look at the
@@ -1038,13 +1040,12 @@ static char*
 getvprogname(v, progname)
     char *v, *progname;
 {
-    unsigned int len = strlen(progname) + 2 + strlen(v) + 2;
-    char *ret = malloc(len);
-    if (ret)
-	sprintf(ret, "%s(v%s)", progname, v);
+    char *ret;
+
+    if (asprintf(&ret, "%s(v%s)", progname, v) < 0)
+	return progname;
     else
-	ret = progname;
-    return ret;
+	return ret;
 }
 
 #ifdef HAVE_KRB524
diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 6cf7ce16a..f1a251c66 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -486,7 +486,7 @@ etype_string(enctype)
     
     if ((retval = krb5_enctype_to_string(enctype, buf, sizeof(buf)))) {
 	/* XXX if there's an error != EINVAL, I should probably report it */
-	sprintf(buf, "etype %d", enctype);
+	snprintf(buf, sizeof(buf), "etype %d", enctype);
     }
 
     return buf;
diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c
index 297b7994e..89fbe66b1 100644
--- a/src/kadmin/cli/keytab.c
+++ b/src/kadmin/cli/keytab.c
@@ -99,15 +99,11 @@ static int process_keytab(krb5_context my_context, char **keytab_str,
 		    return 1;
 	       }
 	  } else {
-	       char *tmp = *keytab_str;
-
-	       *keytab_str = (char *)
-		    malloc(strlen("WRFILE:")+strlen(tmp)+1);
-	       if (*keytab_str == NULL) {
-		    com_err(whoami, ENOMEM, "while creating keytab name");
-		    return 1;
+	       if (asprintf(keytab_str, "WRFILE:%s", *keytab_str) < 0) {
+		   *keytab_str = NULL;
+		   com_err(whoami, ENOMEM, "while creating keytab name");
+		   return 1;
 	       }
-	       sprintf(*keytab_str, "WRFILE:%s", tmp);
 	  }
 	  
 	  code = krb5_kt_resolve(my_context, *keytab_str, keytab);
@@ -488,7 +484,7 @@ static char *etype_string(enctype)
     krb5_error_code ret;
 
     if ((ret = krb5_enctype_to_string(enctype, buf, sizeof(buf))))
-	sprintf(buf, "etype %d", enctype);
+	snprintf(buf, sizeof(buf), "etype %d", enctype);
 
     return buf;
 }
diff --git a/src/slave/kpropd.c b/src/slave/kpropd.c
index 77c270391..4436ed2ab 100644
--- a/src/slave/kpropd.c
+++ b/src/slave/kpropd.c
@@ -394,7 +394,7 @@ kpropd_com_err_proc(whoami, code, fmt, args)
 
 	error_buf[0] = '\0';
 	if (fmt)
-		vsprintf(error_buf, fmt, args);
+	    vsnprintf(error_buf, sizeof(error_buf), fmt, args);
 	syslog(LOG_ERR, "%s%s%s%s%s", whoami ? whoami : "", whoami ? ": " : "",
 	       code ? error_message(code) : "", code ? " " : "", error_buf);
 }