d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ipfilter userland: Replace sprintf with range checking version (snprintf)

Browse Source 
MFC after:	1 week
This commit is contained in:
Cy Schubert 2021-12-13 14:54:38 -08:00
parent 9a563c5e48
commit a6fb9bbea7
19 changed files with 127 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/ipfilter/iplang/iplang_y.y
View File

@ -1595,7 +1595,7 @@ void *ptr;
if (state == IL_IPO_RR || state == IL_IPO_SATID) {
if (param)
sprintf(numbuf, "%d", *(int *)param);
snprintf(numbuf, sizeof(numbuf), "%d", *(int *)param);
else
strcpy(numbuf, "0");
arg = numbuf;

20
contrib/ipfilter/ipsend/dlcommon.c
View File

@ -497,7 +497,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
*/
(void) signal(SIGALRM, sigalrm);
if (alarm(MAXWAIT) < 0) {
(void) sprintf(errmsg, "%s: alarm", caller);
(void) snprintf(errmsg, sizeof(errmsg), "%s: alarm", caller);
syserr(errmsg);
}
@ -506,7 +506,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
*/
*flagsp = 0;
if ((rc = getmsg(fd, ctlp, datap, flagsp)) < 0) {
(void) sprintf(errmsg, "%s: getmsg", caller);
(void) snprintf(errmsg, sizeof(errmsg), "%s: getmsg", caller);
syserr(errmsg);
}
@ -514,7 +514,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
* Stop timer.
*/
if (alarm(0) < 0) {
(void) sprintf(errmsg, "%s: alarm", caller);
(void) snprintf(errmsg, sizeof(errmsg), "%s: alarm", caller);
syserr(errmsg);
}
@ -1188,7 +1188,7 @@ dlprim(prim)
CASERET(DL_RESET_RES);
CASERET(DL_RESET_CON);
default:
(void) sprintf(primbuf, "unknown primitive 0x%x", prim);
(void) snprintf(primbuf, sizeof(primbuf), "unknown primitive 0x%x", prim);
return (primbuf);
}
}
@ -1223,7 +1223,7 @@ dlstate(state)
CASERET(DL_DISCON13_PENDING);
CASERET(DL_SUBS_BIND_PND);
default:
(void) sprintf(statebuf, "unknown state 0x%x", state);
(void) snprintf(statebuf, sizeof(statebuf), "unknown state 0x%x", state);
return (statebuf);
}
}
@ -1265,7 +1265,7 @@ dlerrno(errno)
CASERET(DL_PENDING);
default:
(void) sprintf(errnobuf, "unknown dlpi errno 0x%x", errno);
(void) snprintf(errnobuf, sizeof(errnobuf), "unknown dlpi errno 0x%x", errno);
return (errnobuf);
}
}
@ -1281,7 +1281,7 @@ dlpromisclevel(level)
CASERET(DL_PROMISC_SAP);
CASERET(DL_PROMISC_MULTI);
default:
(void) sprintf(levelbuf, "unknown promisc level 0x%x", level);
(void) snprintf(levelbuf, sizeof(levelbuf), "unknown promisc level 0x%x", level);
return (levelbuf);
}
}
@ -1297,7 +1297,7 @@ dlservicemode(servicemode)
CASERET(DL_CLDLS);
CASERET(DL_CODLS|DL_CLDLS);
default:
(void) sprintf(servicemodebuf,
(void) snprintf(servicemodebuf, sizeof(servicemodebuf),
"unknown provider service mode 0x%x", servicemode);
return (servicemodebuf);
}
@ -1313,7 +1313,7 @@ dlstyle(style)
CASERET(DL_STYLE1);
CASERET(DL_STYLE2);
default:
(void) sprintf(stylebuf, "unknown provider style 0x%x", style);
(void) snprintf(stylebuf, sizeof(stylebuf), "unknown provider style 0x%x", style);
return (stylebuf);
}
}
@ -1334,7 +1334,7 @@ dlmactype(media)
CASERET(DL_CHAR);
CASERET(DL_CTCA);
default:
(void) sprintf(mediabuf, "unknown media type 0x%x", media);
(void) snprintf(mediabuf, sizeof(mediabuf), "unknown media type 0x%x", media);
return (mediabuf);
}
}

2
contrib/ipfilter/ipsend/sbpf.c
View File

@ -74,7 +74,7 @@ int initdevice(device, tout)
for (i = 0; i < 16; i++)
{
(void) sprintf(bpfname, "/dev/bpf%d", i);
(void) snprintf(bpfname, sizeof(bpfname), "/dev/bpf%d", i);
if ((fd = open(bpfname, O_RDWR)) >= 0)
break;
}

2
contrib/ipfilter/lib/getnattype.c
View File

@ -61,7 +61,7 @@ getnattype(nat)
which = "ENC-MAP";
break;
default :
sprintf(unknownbuf, "unknown(%04x)",
snprintf(unknownbuf, sizeof(unknownbuf), "unknown(%04x)",
nat->nat_redir & 0xffffffff);
which = unknownbuf;
break;

4
contrib/ipfilter/lib/getsumd.c
View File

@ -16,8 +16,8 @@ char *getsumd(sum)
static char sumdbuf[17];
if (sum & NAT_HW_CKSUM)
sprintf(sumdbuf, "hw(%#0x)", sum & 0xffff);
snprintf(sumdbuf, sizeof(sumdbuf), "hw(%#0x)", sum & 0xffff);
else
sprintf(sumdbuf, "%#0x", sum);
snprintf(sumdbuf, sizeof(sumdbuf), "%#0x", sum);
return sumdbuf;
}

6
contrib/ipfilter/lib/interror.c
View File

@ -557,9 +557,9 @@ ipf_geterror(fd, func)
ie = find_error(errnum);
if (ie != NULL)
return ie->iee_text;
sprintf(text, "unknown error %d", errnum);
snprintf(text, sizeof(text), "unknown error %d", errnum);
} else {
sprintf(text, "retrieving error number failed (%d)", errno);
snprintf(text, sizeof(text), "retrieving error number failed (%d)", errno);
}
return text;
}
@ -577,6 +577,6 @@ ipf_strerror(errnum)
if (ie != NULL)
return ie->iee_text;
sprintf(text, "unknown error %d", errnum);
snprintf(text, sizeof(text), "unknown error %d", errnum);
return text;
}

2
contrib/ipfilter/lib/load_dstlistnode.c
View File

@ -61,7 +61,7 @@ load_dstlistnode(role, name, node, iocfunc)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
(void) sprintf(msg, "%s lookup node", what);
(void) snprintf(msg, sizeof(msg), "%s lookup node", what);
return ipf_perror_fd(pool_fd(), iocfunc, msg);
}
}

2
contrib/ipfilter/lib/load_hashnode.c
View File

@ -60,7 +60,7 @@ load_hashnode(unit, name, node, ttl, iocfunc)
if (!(opts & OPT_DONOTHING)) {
char msg[80];
sprintf(msg, "%s node from lookup hash table", what);
snprintf(msg, sizeof(msg), "%s node from lookup hash table", what);
return ipf_perror_fd(pool_fd(), iocfunc, msg);
}
return 0;

2
contrib/ipfilter/lib/load_poolnode.c
View File

@ -59,7 +59,7 @@ load_poolnode(role, name, node, ttl, iocfunc)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%s pool node(%s/", what,
snprintf(msg, sizeof(msg), "%s pool node(%s/", what,
inet_ntoa(pn.ipn_addr.adf_addr.in4));
strcat(msg, inet_ntoa(pn.ipn_mask.adf_addr.in4));
return ipf_perror_fd(pool_fd(), iocfunc, msg);

2
contrib/ipfilter/lib/parseipfexpr.c
View File

@ -97,7 +97,7 @@ parseipfexpr(line, errorptr)
if (e->ipoe_word == NULL) {
error = malloc(32);
if (error != NULL) {
sprintf(error, "keyword (%.10s) not found",
snprintf(error, sizeof(error), "keyword (%.10s) not found",
ops);
}
goto parseerror;

2
contrib/ipfilter/lib/portname.c
View File

@ -38,6 +38,6 @@ portname(int pr, int port)
}
}
(void) sprintf(buf, "%d", port);
(void) snprintf(buf, sizeof(buf), "%d", port);
return (buf);
}

8
contrib/ipfilter/tools/ipf_y.y
View File

@ -2448,7 +2448,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(zero rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(zero rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@ -2468,7 +2468,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(delete rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(delete rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@ -2478,7 +2478,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(add/insert rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(add/insert rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@ -2572,7 +2572,7 @@ int value;
strncpy(buffer, varname, 60);
buffer[59] = '\0';
strcat(buffer, "=");
sprintf(buffer, "%u", value);
snprintf(buffer, sizeof(buffer), "%u", value);
ipf_dotuning(ipffd, buffer, ioctl);
}

48
contrib/ipfilter/tools/ipfstat.c
View File

@ -1531,7 +1531,7 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
attron(A_BOLD);
winy = 0;
move(winy,0);
sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
snprintf(str1, sizeof(str1), "%s - %s - state top", hostnm, IPL_VERSION);
for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
printw(" ");
printw("%s", str1);
@ -1549,50 +1549,50 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
* while the programming is running :-)
*/
if (sport >= 0)
sprintf(str1, "%s,%d", getip(ver, &saddr), sport);
snprintf(str1, sizeof(str1), "%s,%d", getip(ver, &saddr), sport);
else
sprintf(str1, "%s", getip(ver, &saddr));
snprintf(str1, sizeof(str1), "%s", getip(ver, &saddr));
if (dport >= 0)
sprintf(str2, "%s,%d", getip(ver, &daddr), dport);
snprintf(str2, sizeof(str2), "%s,%d", getip(ver, &daddr), dport);
else
sprintf(str2, "%s", getip(ver, &daddr));
snprintf(str2, sizeof(str2), "%s", getip(ver, &daddr));
if (protocol < 0)
strcpy(str3, "any");
else if ((proto = getprotobynumber(protocol)) != NULL)
sprintf(str3, "%s", proto->p_name);
snprintf(str3, sizeof(str3), "%s", proto->p_name);
else
sprintf(str3, "%d", protocol);
snprintf(str3, sizeof(str3), "%d", protocol);
switch (sorting)
{
case STSORT_PR:
sprintf(str4, "proto");
snprintf(str4, sizeof(str4), "proto");
break;
case STSORT_PKTS:
sprintf(str4, "# pkts");
snprintf(str4, sizeof(str4), "# pkts");
break;
case STSORT_BYTES:
sprintf(str4, "# bytes");
snprintf(str4, sizeof(str4), "# bytes");
break;
case STSORT_TTL:
sprintf(str4, "ttl");
snprintf(str4, sizeof(str4), "ttl");
break;
case STSORT_SRCIP:
sprintf(str4, "src ip");
snprintf(str4, sizeof(str4), "src ip");
break;
case STSORT_SRCPT:
sprintf(str4, "src port");
snprintf(str4, sizeof(str4), "src port");
break;
case STSORT_DSTIP:
sprintf(str4, "dest ip");
snprintf(str4, sizeof(str4), "dest ip");
break;
case STSORT_DSTPT:
sprintf(str4, "dest port");
snprintf(str4, sizeof(str4), "dest port");
break;
default:
sprintf(str4, "unknown");
snprintf(str4, sizeof(str4), "unknown");
break;
}
@ -1639,16 +1639,16 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
/* print src/dest and port */
if ((tp->st_p == IPPROTO_TCP) ||
(tp->st_p == IPPROTO_UDP)) {
sprintf(str1, "%s,%hu",
snprintf(str1, sizeof(str1), "%s,%hu",
getip(tp->st_v, &tp->st_src),
ntohs(tp->st_sport));
sprintf(str2, "%s,%hu",
snprintf(str2, sizeof(str2), "%s,%hu",
getip(tp->st_v, &tp->st_dst),
ntohs(tp->st_dport));
} else {
sprintf(str1, "%s", getip(tp->st_v,
snprintf(str1, sizeof(str1), "%s", getip(tp->st_v,
&tp->st_src));
sprintf(str2, "%s", getip(tp->st_v,
snprintf(str2, sizeof(str2), "%s", getip(tp->st_v,
&tp->st_dst));
}
winy++;
@ -1656,7 +1656,7 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
printw("%-*s %-*s", srclen + 6, str1, dstlen + 6, str2);
/* print state */
sprintf(str1, "%X/%X", tp->st_state[0],
snprintf(str1, sizeof(str1), "%X/%X", tp->st_state[0],
tp->st_state[1]);
printw(" %3s", str1);
@ -1666,7 +1666,7 @@ static void topipstates(saddr, daddr, sport, dport, protocol, ver,
strncpy(str1, proto->p_name, 4);
str1[4] = '\0';
} else {
sprintf(str1, "%d", tp->st_p);
snprintf(str1, sizeof(str1), "%d", tp->st_p);
}
/* just print icmp for IPv6-ICMP */
if (tp->st_p == IPPROTO_ICMPV6)
@ -2015,9 +2015,9 @@ static char *ttl_to_string(ttl)
seconds = ttl % 60;
if (hours > 0)
sprintf(ttlbuf, "%2d:%02d:%02d", hours, minutes, seconds);
snprintf(ttlbuf, sizeof(ttlbuf), "%2d:%02d:%02d", hours, minutes, seconds);
else
sprintf(ttlbuf, "%2d:%02d", minutes, seconds);
snprintf(ttlbuf, sizeof(ttlbuf), "%2d:%02d", minutes, seconds);
return ttlbuf;
}

2
contrib/ipfilter/tools/ipfsyncd.c
View File

@ -385,7 +385,7 @@ buildsocket(nicname, sinp)
(char *)&mreq, sizeof(mreq)) == -1) {
char buffer[80];
sprintf(buffer, "%s,", inet_ntoa(sinp->sin_addr));
snprintf(buffer, sizeof(buffer), "%s,", inet_ntoa(sinp->sin_addr));
strcat(buffer, inet_ntoa(reqip->sin_addr));
syslog(LOG_ERR,

124
contrib/ipfilter/tools/ipmon.c
View File

@ -447,7 +447,7 @@ static char *getlocalproto(p)
p &= 0xff;
s = protocols ? protocols[p] : NULL;
if (s == NULL) {
sprintf(pnum, "%u", p);
snprintf(pnum, sizeof(pnum), "%u", p);
s = pnum;
}
return s;
@ -483,7 +483,7 @@ char *portlocalname(res, proto, port)
port = ntohs(port);
port &= 0xffff;
sprintf(pname, "%u", port);
snprintf(pname, sizeof(pname), "%u", port);
if (!res || (ipmonopts & IPMON_PORTNUM))
return pname;
s = NULL;
@ -512,9 +512,9 @@ static char *icmpname(type, code)
s = it->it_name;
if (s == NULL)
sprintf(name, "icmptype(%d)/", type);
snprintf(name, sizeof(name), "icmptype(%d)/", type);
else
sprintf(name, "%s/", s);
snprintf(name, sizeof(name), "%s/", s);
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
@ -522,8 +522,10 @@ static char *icmpname(type, code)
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
else
sprintf(name + strlen(name), "%d", code);
else {
int strlen_name = strlen(name);
snprintf(name + strlen_name, sizeof(name) - strlen_name, "%d", code);
}
return name;
}
@ -543,9 +545,9 @@ static char *icmpname6(type, code)
s = it->it_name;
if (s == NULL)
sprintf(name, "icmpv6type(%d)/", type);
snprintf(name, sizeof(name), "icmpv6type(%d)/", type);
else
sprintf(name, "%s/", s);
snprintf(name, sizeof(name), "%s/", s);
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
@ -553,8 +555,10 @@ static char *icmpname6(type, code)
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
else
sprintf(name + strlen(name), "%d", code);
else {
int strlen_name = strlen(name);
snprintf(name + strlen_name, sizeof(name) - strlen_name, "%d", code);
}
return name;
}
@ -680,7 +684,7 @@ static void print_natlog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
sprintf(t, ".%-.6ld @%hd ", (long)ipl->ipl_usec, nl->nl_rule + 1);
snprintf(t, sizeof(t), ".%-.6ld @%hd ", (long)ipl->ipl_usec, nl->nl_rule + 1);
t += strlen(t);
switch (nl->nl_action)
@ -710,7 +714,7 @@ static void print_natlog(conf, buf, blen)
break;
default :
sprintf(t, "NAT:Action(%d)", nl->nl_action);
snprintf(t, sizeof(t), "NAT:Action(%d)", nl->nl_action);
break;
}
t += strlen(t);
@ -763,7 +767,7 @@ static void print_natlog(conf, buf, blen)
break;
default :
sprintf(t, "-Type(%d) ", nl->nl_type);
snprintf(t, sizeof(t), "-Type(%d) ", nl->nl_type);
break;
}
t += strlen(t);
@ -773,25 +777,25 @@ static void print_natlog(conf, buf, blen)
family = vtof(nl->nl_v[0]);
if (simple == 1) {
sprintf(t, "%s,%s <- -> ", hostname(family, nl->nl_osrcip.i6),
snprintf(t, sizeof(t), "%s,%s <- -> ", hostname(family, nl->nl_osrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_osrcport));
t += strlen(t);
sprintf(t, "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
snprintf(t, sizeof(t), "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_nsrcport));
t += strlen(t);
sprintf(t, "[%s,%s] ", hostname(family, nl->nl_odstip.i6),
snprintf(t, sizeof(t), "[%s,%s] ", hostname(family, nl->nl_odstip.i6),
portlocalname(res, proto, (u_int)nl->nl_odstport));
} else {
sprintf(t, "%s,%s ", hostname(family, nl->nl_osrcip.i6),
snprintf(t, sizeof(t), "%s,%s ", hostname(family, nl->nl_osrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_osrcport));
t += strlen(t);
sprintf(t, "%s,%s <- -> ", hostname(family, nl->nl_odstip.i6),
snprintf(t, sizeof(t), "%s,%s <- -> ", hostname(family, nl->nl_odstip.i6),
portlocalname(res, proto, (u_int)nl->nl_odstport));
t += strlen(t);
sprintf(t, "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
snprintf(t, sizeof(t), "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_nsrcport));
t += strlen(t);
sprintf(t, "%s,%s ", hostname(family, nl->nl_ndstip.i6),
snprintf(t, sizeof(t), "%s,%s ", hostname(family, nl->nl_ndstip.i6),
portlocalname(res, proto, (u_int)nl->nl_ndstport));
}
t += strlen(t);
@ -802,13 +806,13 @@ static void print_natlog(conf, buf, blen)
if (nl->nl_action == NL_EXPIRE || nl->nl_action == NL_FLUSH) {
#ifdef USE_QUAD_T
# ifdef PRId64
sprintf(t, " Pkts %" PRId64 "/%" PRId64 " Bytes %" PRId64 "/%"
snprintf(t, sizeof(t), " Pkts %" PRId64 "/%" PRId64 " Bytes %" PRId64 "/%"
PRId64,
# else
sprintf(t, " Pkts %qd/%qd Bytes %qd/%qd",
snprintf(t, sizeof(t), " Pkts %qd/%qd Bytes %qd/%qd",
# endif
#else
sprintf(t, " Pkts %ld/%ld Bytes %ld/%ld",
snprintf(t, sizeof(t), " Pkts %ld/%ld Bytes %ld/%ld",
#endif
nl->nl_pkts[0], nl->nl_pkts[1],
nl->nl_bytes[0], nl->nl_bytes[1]);
@ -865,7 +869,7 @@ static void print_statelog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
snprintf(t, sizeof(t), ".%-.6ld ", (long)ipl->ipl_usec);
t += strlen(t);
family = vtof(sl->isl_v);
@ -910,7 +914,7 @@ static void print_statelog(conf, buf, blen)
break;
default :
sprintf(t, "Type: %d ", sl->isl_type);
snprintf(t, sizeof(t), "Type: %d ", sl->isl_type);
break;
}
t += strlen(t);
@ -918,38 +922,38 @@ static void print_statelog(conf, buf, blen)
proto = getlocalproto(sl->isl_p);
if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) {
sprintf(t, "%s,%s -> ",
snprintf(t, sizeof(t), "%s,%s -> ",
hostname(family, (u_32_t *)&sl->isl_src),
portlocalname(res, proto, (u_int)sl->isl_sport));
t += strlen(t);
sprintf(t, "%s,%s PR %s",
snprintf(t, sizeof(t), "%s,%s PR %s",
hostname(family, (u_32_t *)&sl->isl_dst),
portlocalname(res, proto, (u_int)sl->isl_dport), proto);
} else if (sl->isl_p == IPPROTO_ICMP) {
sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
t += strlen(t);
sprintf(t, "%s PR icmp %d",
snprintf(t, sizeof(t), "%s PR icmp %d",
hostname(family, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
} else if (sl->isl_p == IPPROTO_ICMPV6) {
sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
t += strlen(t);
sprintf(t, "%s PR icmpv6 %d",
snprintf(t, sizeof(t), "%s PR icmpv6 %d",
hostname(family, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
} else {
sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
t += strlen(t);
sprintf(t, "%s PR %s",
snprintf(t, sizeof(t), "%s PR %s",
hostname(family, (u_32_t *)&sl->isl_dst), proto);
}
t += strlen(t);
if (sl->isl_tag != FR_NOLOGTAG) {
sprintf(t, " tag %u", sl->isl_tag);
snprintf(t, sizeof(t), " tag %u", sl->isl_tag);
t += strlen(t);
}
if (sl->isl_type != ISL_NEW) {
sprintf(t,
snprintf(t, sizeof(t),
#ifdef USE_QUAD_T
#ifdef PRId64
" Forward: Pkts in %" PRId64 " Bytes in %" PRId64
@ -1095,10 +1099,10 @@ static void print_ipflog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
snprintf(t, sizeof(t), ".%-.6ld ", (long)ipl->ipl_usec);
t += strlen(t);
if (ipl->ipl_count > 1) {
sprintf(t, "%dx ", ipl->ipl_count);
snprintf(t, sizeof(t), "%dx ", ipl->ipl_count);
t += strlen(t);
}
{
@ -1106,11 +1110,11 @@ static void print_ipflog(conf, buf, blen)
strncpy(ifname, ipf->fl_ifname, sizeof(ipf->fl_ifname));
ifname[sizeof(ipf->fl_ifname)] = '\0';
sprintf(t, "%s", ifname);
snprintf(t, sizeof(t), "%s", ifname);
t += strlen(t);
# if SOLARIS
if (ISALPHA(*(t - 1))) {
sprintf(t, "%d", ipf->fl_unit);
snprintf(t, sizeof(t), "%d", ipf->fl_unit);
t += strlen(t);
}
# endif
@ -1120,12 +1124,12 @@ static void print_ipflog(conf, buf, blen)
else if (ipf->fl_group[0] == '\0')
(void) strcpy(t, " @0:");
else
sprintf(t, " @%s:", ipf->fl_group);
snprintf(t, sizeof(t), " @%s:", ipf->fl_group);
t += strlen(t);
if (ipf->fl_rule == 0xffffffff)
strcat(t, "-1 ");
else
sprintf(t, "%u ", ipf->fl_rule + 1);
snprintf(t, sizeof(t), "%u ", ipf->fl_rule + 1);
t += strlen(t);
lvl = LOG_NOTICE;
@ -1212,10 +1216,10 @@ static void print_ipflog(conf, buf, blen)
if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) {
tp = (tcphdr_t *)((char *)ip + hl);
if (!(ipf->fl_lflags & FI_SHORT)) {
sprintf(t, "%s,%s -> ", hostname(f, s),
snprintf(t, sizeof(t), "%s,%s -> ", hostname(f, s),
portlocalname(res, proto, (u_int)tp->th_sport));
t += strlen(t);
sprintf(t, "%s,%s PR %s len %hu %hu",
snprintf(t, sizeof(t), "%s,%s PR %s len %hu %hu",
hostname(f, d),
portlocalname(res, proto, (u_int)tp->th_dport),
proto, hl, plen);
@ -1228,7 +1232,7 @@ static void print_ipflog(conf, buf, blen)
if (tp->th_flags & tcpfl[i].value)
*t++ = tcpfl[i].flag;
if (ipmonopts & IPMON_VERBOSE) {
sprintf(t, " %lu %lu %hu",
snprintf(t, sizeof(t), " %lu %lu %hu",
(u_long)(ntohl(tp->th_seq)),
(u_long)(ntohl(tp->th_ack)),
ntohs(tp->th_win));
@ -1237,7 +1241,7 @@ static void print_ipflog(conf, buf, blen)
}
*t = '\0';
} else {
sprintf(t, "%s -> ", hostname(f, s));
snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
sprintf(t, "%s PR %s len %hu %hu",
hostname(f, d), proto, hl, plen);
@ -1245,17 +1249,17 @@ static void print_ipflog(conf, buf, blen)
#if defined(AF_INET6) && defined(IPPROTO_ICMPV6)
} else if ((p == IPPROTO_ICMPV6) && !off && (f == AF_INET6)) {
ic = (struct icmp *)((char *)ip + hl);
sprintf(t, "%s -> ", hostname(f, s));
snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s",
snprintf(t, sizeof(t), "%s PR icmpv6 len %hu %hu icmpv6 %s",
hostname(f, d), hl, plen,
icmpname6(ic->icmp_type, ic->icmp_code));
#endif
} else if ((p == IPPROTO_ICMP) && !off && (f == AF_INET)) {
ic = (struct icmp *)((char *)ip + hl);
sprintf(t, "%s -> ", hostname(f, s));
snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
sprintf(t, "%s PR icmp len %hu %hu icmp %s",
snprintf(t, sizeof(t), "%s PR icmp len %hu %hu icmp %s",
hostname(f, d), hl, plen,
icmpname(ic->icmp_type, ic->icmp_code));
if (ic->icmp_type == ICMP_UNREACH ||
@ -1279,12 +1283,12 @@ static void print_ipflog(conf, buf, blen)
(ipc->ip_p == IPPROTO_UDP))) {
tp = (tcphdr_t *)((char *)ipc + hl);
t += strlen(t);
sprintf(t, " for %s,%s -",
snprintf(t, sizeof(t), " for %s,%s -",
HOSTNAMEV4(ipc->ip_src),
portlocalname(res, proto,
(u_int)tp->th_sport));
t += strlen(t);
sprintf(t, " %s,%s PR %s len %hu %hu",
snprintf(t, sizeof(t), " %s,%s PR %s len %hu %hu",
HOSTNAMEV4(ipc->ip_dst),
portlocalname(res, proto,
(u_int)tp->th_dport),
@ -1294,25 +1298,25 @@ static void print_ipflog(conf, buf, blen)
icmp = (icmphdr_t *)((char *)ipc + hl);
t += strlen(t);
sprintf(t, " for %s -",
snprintf(t, sizeof(t), " for %s -",
HOSTNAMEV4(ipc->ip_src));
t += strlen(t);
sprintf(t,
snprintf(t, sizeof(t),
" %s PR icmp len %hu %hu icmp %d/%d",
HOSTNAMEV4(ipc->ip_dst),
IP_HL(ipc) << 2, i,
icmp->icmp_type, icmp->icmp_code);
} else {
t += strlen(t);
sprintf(t, " for %s -",
snprintf(t, sizeof(t), " for %s -",
HOSTNAMEV4(ipc->ip_src));
t += strlen(t);
sprintf(t, " %s PR %s len %hu (%hu)",
snprintf(t, sizeof(t), " %s PR %s len %hu (%hu)",
HOSTNAMEV4(ipc->ip_dst), proto,
IP_HL(ipc) << 2, i);
t += strlen(t);
if (ipoff & IP_OFFMASK) {
sprintf(t, "(frag %d:%hu@%hu%s%s)",
snprintf(t, sizeof(t), "(frag %d:%hu@%hu%s%s)",
ntohs(ipc->ip_id),
i - (IP_HL(ipc) << 2),
(ipoff & IP_OFFMASK) << 3,
@ -1323,13 +1327,13 @@ static void print_ipflog(conf, buf, blen)
}
} else {
sprintf(t, "%s -> ", hostname(f, s));
snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
sprintf(t, "%s PR %s len %hu (%hu)",
snprintf(t, sizeof(t), "%s PR %s len %hu (%hu)",
hostname(f, d), proto, hl, plen);
t += strlen(t);
if (off & IP_OFFMASK)
sprintf(t, " (frag %d:%hu@%hu%s%s)",
snprintf(t, sizeof(t), " (frag %d:%hu@%hu%s%s)",
ntohs(ip->ip_id),
plen - hl, (off & IP_OFFMASK) << 3,
ipoff & IP_MF ? "+" : "",
@ -1354,7 +1358,7 @@ static void print_ipflog(conf, buf, blen)
strcpy(t, " OUT");
t += strlen(t);
if (ipf->fl_logtag != 0) {
sprintf(t, " log-tag %d", ipf->fl_logtag);
snprintf(t, sizeof(t), " log-tag %d", ipf->fl_logtag);
t += strlen(t);
}
if (ipf->fl_nattag.ipt_num[0] != 0) {

2
contrib/ipfilter/tools/ipmon_y.y
View File

@ -368,7 +368,7 @@ build_action(olist, todo)
if (o->o_str != NULL)
strncpy(a->ac_group, o->o_str, FR_GROUPLEN);
else
sprintf(a->ac_group, "%d", o->o_num);
snprintf(a->ac_group, FR_GROUPLEN, "%d", o->o_num);
break;
case IPM_LOGTAG :
a->ac_logtag = o->o_num;

11
contrib/ipfilter/tools/ipnat_y.y
View File

@ -1507,7 +1507,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(zero nat rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(zero nat rule)",
ipn->in_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@ -1527,7 +1527,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(delete nat rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(delete nat rule)",
ipn->in_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@ -1537,10 +1537,11 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(add/insert nat rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(add/insert nat rule)",
ipn->in_flineno);
if (errno == EEXIST) {
sprintf(msg + strlen(msg), "(line %d)",
int strlen_msg = strlen(msg);
snprintf(msg + strlen_msg, sizeof(msg) -strlen_msg, "(line %d)",
ipn->in_flineno);
}
return ipf_perror_fd(fd, ioctlfunc, msg);
@ -1717,7 +1718,7 @@ proxy_loadconfig(fd, ioctlfunc, proxy, proto, conf, list)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
sprintf(msg, "%d:ioctl(add/remove proxy rule)",
snprintf(msg, sizeof(msg), "%d:ioctl(add/remove proxy rule)",
yylineNum);
ipf_perror_fd(fd, ioctlfunc, msg);
return;

6
contrib/ipfilter/tools/ippool_y.y
View File

@ -218,7 +218,7 @@ ipfgroup:
{ $$ = $3; }
;
number: IPT_NUM '=' YY_NUMBER { sprintf(poolname, "%u", $3);
number: IPT_NUM '=' YY_NUMBER { snprintf(poolname, sizeof(poolname), "%u", $3);
$$ = poolname;
}
| IPT_NAME '=' YY_STR { strncpy(poolname, $3,
@ -237,7 +237,7 @@ setgroup:
free($3);
}
| IPT_GROUP '=' YY_NUMBER { char tmp[FR_GROUPLEN+1];
sprintf(tmp, "%u", $3);
snprintf(tmp, sizeof(tmp), "%u", $3);
$$ = strdup(tmp);
}
;
@ -516,7 +516,7 @@ poolline:
name: IPT_NAME YY_STR { $$ = $2; }
| IPT_NUM YY_NUMBER { char name[80];
sprintf(name, "%d", $2);
snprintf(name, sizeof(name), "%d", $2);
$$ = strdup(name);
}
;

2
contrib/ipfilter/tools/lexer.c
View File

@ -447,7 +447,7 @@ int yylex()
oc = c;
if (prior == YY_NUMBER && c == ':') {
sprintf(s, "%d", priornum);
snprintf(s, sizeof(s), "%d", priornum);
s += strlen(s);
}