Format string paranoia. This should avoid potential buffer overflows from

user input (in its ever-broadening definition).

Obtained from:	NetBSD
This commit is contained in:
Will Andrews 2000-11-30 13:56:19 +00:00
parent acd1c3499e
commit 313c36f04b
3 changed files with 29 additions and 13 deletions

View File

@ -186,7 +186,7 @@ Arch_ParseArchive (linePtr, nodeLst, ctxt)
GNode *gn; /* New node */
char *libName; /* Library-part of specification */
char *memName; /* Member-part of specification */
char nameBuf[MAKE_BSIZE]; /* temporary place for node name */
char *nameBuf; /* temporary place for node name */
char saveChar; /* Ending delimiter of member-name */
Boolean subLibName; /* TRUE if libName should have/had
* variable substitution performed on it */
@ -299,6 +299,7 @@ Arch_ParseArchive (linePtr, nodeLst, ctxt)
char *buf;
char *sacrifice;
char *oldMemName = memName;
size_t sz;
memName = Var_Subst(NULL, memName, ctxt, TRUE);
@ -307,9 +308,11 @@ Arch_ParseArchive (linePtr, nodeLst, ctxt)
* variables and multi-word variable values.... The results
* are just placed at the end of the nodeLst we're returning.
*/
buf = sacrifice = emalloc(strlen(memName)+strlen(libName)+3);
sprintf(buf, "%s(%s)", libName, memName);
sz = strlen(memName) + strlen(libName) + 3;
buf = sacrifice = emalloc(sz);
snprintf(buf, sz, "%s(%s)", libName, memName);
if (strchr(memName, '$') && strcmp(memName, oldMemName) == 0) {
/*
@ -341,15 +344,22 @@ Arch_ParseArchive (linePtr, nodeLst, ctxt)
} else if (Dir_HasWildcards(memName)) {
Lst members = Lst_Init(FALSE);
char *member;
size_t sz = MAXPATHLEN;
size_t nsz;
nameBuf = emalloc(sz);
Dir_Expand(memName, dirSearchPath, members);
while (!Lst_IsEmpty(members)) {
member = (char *)Lst_DeQueue(members);
nsz = strlen(libName) + strlen(member) + 3;
if (sz > nsz)
nameBuf = erealloc(nameBuf, sz = nsz * 2);
sprintf(nameBuf, "%s(%s)", libName, member);
snprintf(nameBuf, sz, "%s(%s)", libName, member);
free(member);
gn = Targ_FindNode (nameBuf, TARG_CREATE);
if (gn == NILGNODE) {
free(nameBuf);
return (FAILURE);
} else {
/*
@ -364,9 +374,13 @@ Arch_ParseArchive (linePtr, nodeLst, ctxt)
}
}
Lst_Destroy(members, NOFREE);
free(nameBuf);
} else {
sprintf(nameBuf, "%s(%s)", libName, memName);
size_t sz = strlen(libName) + strlen(memName) + 3;
nameBuf = emalloc(sz);
snprintf(nameBuf, sz, "%s(%s)", libName, memName);
gn = Targ_FindNode (nameBuf, TARG_CREATE);
free(nameBuf);
if (gn == NILGNODE) {
return (FAILURE);
} else {
@ -927,7 +941,7 @@ Arch_Touch (gn)
&arh, "r+");
efree(p1);
efree(p2);
sprintf(arh.ar_date, "%-12ld", (long) now);
snprintf(arh.ar_date, sizeof(arh.ar_date), "%-12ld", (long) now);
if (arch != NULL) {
(void)fwrite ((char *)&arh, sizeof (struct ar_hdr), 1, arch);
@ -960,7 +974,7 @@ Arch_TouchLib (gn)
struct utimbuf times; /* Times for utime() call */
arch = ArchFindMember (gn->path, RANLIBMAG, &arh, "r+");
sprintf(arh.ar_date, "%-12ld", (long) now);
snprintf(arh.ar_date, sizeof(arh.ar_date), "%-12ld", (long) now);
if (arch != NULL) {
(void)fwrite ((char *)&arh, sizeof (struct ar_hdr), 1, arch);
@ -1096,9 +1110,11 @@ Arch_FindLib (gn, path)
Lst path; /* Search path */
{
char *libName; /* file name for archive */
size_t sz;
libName = (char *)emalloc (strlen (gn->name) + 6 - 2);
sprintf(libName, "lib%s.a", &gn->name[2]);
libName = (char *)emalloc(sz);
sz = strlen(gn->name) + 4;
snprintf(libName, sz, "lib%s.a", &gn->name[2]);
gn->path = Dir_FindFile (libName, path);

View File

@ -928,7 +928,7 @@ ReadMakefile(p, q)
} else {
/* if we've chdir'd, rebuild the path name */
if (curdir != objdir && *fname != '/') {
(void)sprintf(path, "%s/%s", curdir, fname);
(void)snprintf(path, MAXPATHLEN, "%s/%s", curdir, fname);
if ((stream = fopen(path, "r")) != NULL) {
fname = path;
goto found;

View File

@ -217,13 +217,13 @@ getwd(pathname)
/* open the parent directory */
if (stat(nextpathptr, &st_dotdot) == -1) {
(void) sprintf(pathname,
snprintf(pathname, sizeof(pathname),
"getwd: Cannot stat directory \"%s\" (%s)",
nextpathptr, strerror(errno));
return (NULL);
}
if ((dp = opendir(nextpathptr)) == NULL) {
(void) sprintf(pathname,
snprintf(pathname, sizeof(pathname),
"getwd: Cannot open directory \"%s\" (%s)",
nextpathptr, strerror(errno));
return (NULL);
@ -246,7 +246,7 @@ getwd(pathname)
continue;
(void) strcpy(cur_name_add, d->d_name);
if (lstat(nextpathptr, &st_next) == -1) {
(void) sprintf(pathname, "getwd: Cannot stat \"%s\" (%s)",
snprintf(pathname, sizeof(pathname), "getwd: Cannot stat \"%s\" (%s)",
d->d_name, strerror(errno));
(void) closedir(dp);
return (NULL);