From 66386ba348fa42c496fb5dcf426c963234159f8b Mon Sep 17 00:00:00 2001 From: kris Date: Mon, 9 Oct 2000 09:07:45 +0000 Subject: [PATCH] String buffer overflow cleanup. Reviewed by: green, alex --- usr.sbin/i4b/isdnd/controller.c | 2 +- usr.sbin/i4b/isdnd/curses.c | 24 +++++++++++------------ usr.sbin/i4b/isdnd/exec.c | 6 +++--- usr.sbin/i4b/isdnd/log.c | 2 +- usr.sbin/i4b/isdnd/main.c | 6 +++--- usr.sbin/i4b/isdnd/monitor.c | 2 +- usr.sbin/i4b/isdnd/pcause.c | 2 +- usr.sbin/i4b/isdnd/rates.c | 34 ++++++++++++++++----------------- 8 files changed, 39 insertions(+), 39 deletions(-) diff --git a/usr.sbin/i4b/isdnd/controller.c b/usr.sbin/i4b/isdnd/controller.c index c3e76843df42..0880a7c2cd0a 100644 --- a/usr.sbin/i4b/isdnd/controller.c +++ b/usr.sbin/i4b/isdnd/controller.c @@ -242,7 +242,7 @@ init_active_controller(void) { DBGL(DL_RCCF, (log(LL_DBG, "init_active_controller, tina-dd %d: executing [%s %d]", unit, tinainitprog, unit))); - sprintf(cmdbuf, "%s %d", tinainitprog, unit); + snprintf(cmdbuf, sizeof(cmdbuf), "%s %d", tinainitprog, unit); if((ret = system(cmdbuf)) != 0) { diff --git a/usr.sbin/i4b/isdnd/curses.c b/usr.sbin/i4b/isdnd/curses.c index 6e01c08d7e57..0c50be2df2af 100644 --- a/usr.sbin/i4b/isdnd/curses.c +++ b/usr.sbin/i4b/isdnd/curses.c @@ -86,9 +86,9 @@ init_screen(void) scrollok(lower_w, 1); - sprintf(buffer, "----- isdn controller channel state ------------- isdnd %02d.%02d.%d [pid %d] -", VERSION, REL, STEP, (int)getpid()); + snprintf(buffer, sizeof(buffer), "----- isdn controller channel state ------------- isdnd %02d.%02d.%d [pid %d] -", VERSION, REL, STEP, (int)getpid()); - while(strlen(buffer) < COLS) + while(strlen(buffer) < COLS && strlen(buffer) < sizeof(buffer) - 1) strcat(buffer, "-"); move(0, 0); @@ -100,8 +100,8 @@ init_screen(void) /* 01234567890123456789012345678901234567890123456789012345678901234567890123456789 */ addstr("c tei b remote iface dir outbytes obps inbytes ibps units"); - sprintf(buffer, "----- isdn userland interface state ------------------------------------------"); - while(strlen(buffer) < COLS) + snprintf(buffer, sizeof(buffer), "----- isdn userland interface state ------------------------------------------"); + while(strlen(buffer) < COLS && strlen(buffer) < sizeof(buffer) - 1) strcat(buffer, "-"); move(uheight+2, 0); @@ -109,8 +109,8 @@ init_screen(void) addstr(buffer); standend(); - sprintf(buffer, "----- isdnd logfile display --------------------------------------------------"); - while(strlen(buffer) < COLS) + snprintf(buffer, sizeof(buffer), "----- isdnd logfile display --------------------------------------------------"); + while(strlen(buffer) < COLS && strlen(buffer) < sizeof(buffer) - 1) strcat(buffer, "-"); move(uheight+4, 0); @@ -344,16 +344,16 @@ display_connect(cfg_entry_t *cep) if(aliasing) { if(cep->direction == DIR_IN) - sprintf(buffer, "%s", get_alias(cep->real_phone_incoming)); + snprintf(buffer, sizeof(buffer), "%s", get_alias(cep->real_phone_incoming)); else - sprintf(buffer, "%s", get_alias(cep->remote_phone_dialout)); + snprintf(buffer, sizeof(buffer), "%s", get_alias(cep->remote_phone_dialout)); } else { if(cep->direction == DIR_IN) - sprintf(buffer, "%s/%s", cep->name, cep->real_phone_incoming); + snprintf(buffer, sizeof(buffer), "%s/%s", cep->name, cep->real_phone_incoming); else - sprintf(buffer, "%s/%s", cep->name, cep->remote_phone_dialout); + snprintf(buffer, sizeof(buffer), "%s/%s", cep->name, cep->remote_phone_dialout); } buffer[H_IFN - H_TELN - 1] = '\0'; @@ -566,7 +566,7 @@ display_chans(void) if((ret_channel_state(i, CHAN_B1)) == CHAN_RUN) { - sprintf(buffer, "%d - Controller %d channel %s", ncols, i, "B1"); + snprintf(buffer, sizeof(buffer), "%d - Controller %d channel %s", ncols, i, "B1"); mvwaddstr(chan_w, nlines, 2, buffer); cc[ncols - 1].cntl = i; cc[ncols - 1].chn = CHAN_B1; @@ -575,7 +575,7 @@ display_chans(void) } if((ret_channel_state(i, CHAN_B2)) == CHAN_RUN) { - sprintf(buffer, "%d - Controller %d channel %s", ncols, i, "B2"); + snprintf(buffer, sizeof(buffer), "%d - Controller %d channel %s", ncols, i, "B2"); mvwaddstr(chan_w, nlines, 2, buffer); cc[ncols - 1].cntl = i; cc[ncols - 1].chn = CHAN_B2; diff --git a/usr.sbin/i4b/isdnd/exec.c b/usr.sbin/i4b/isdnd/exec.c index c180aadfd30f..ecde73a8d294 100644 --- a/usr.sbin/i4b/isdnd/exec.c +++ b/usr.sbin/i4b/isdnd/exec.c @@ -112,7 +112,7 @@ exec_prog(char *prog, char **arglist) pid_t pid; int a; - sprintf(path, "%s/%s", ETCPATH, prog); + snprintf(path, sizeof(path), "%s/%s", ETCPATH, prog); arglist[0] = path; @@ -159,7 +159,7 @@ exec_connect_prog(cfg_entry_t *cep, const char *prog, int link_down) /* the obvious things */ device = bdrivername(cep->usrdevicename); - sprintf(devicename, "%s%d", device, cep->usrdeviceunit); + snprintf(devicename, sizeof(devicename), "%s%d", device, cep->usrdeviceunit); *av++ = (char*)prog; *av++ = "-d"; *av++ = devicename; @@ -201,7 +201,7 @@ exec_answer(cfg_entry_t *cep) device = bdrivername(cep->usrdevicename); - sprintf(devicename, "/dev/i4b%s%d", device, cep->usrdeviceunit); + snprintf(devicename, sizeof(devicename), "/dev/i4b%s%d", device, cep->usrdeviceunit); argv[0] = cep->answerprog; argv[1] = "-D"; diff --git a/usr.sbin/i4b/isdnd/log.c b/usr.sbin/i4b/isdnd/log.c index ddab579bc3ae..01fa70e16227 100644 --- a/usr.sbin/i4b/isdnd/log.c +++ b/usr.sbin/i4b/isdnd/log.c @@ -104,7 +104,7 @@ init_log(void) char *p; char buf[64]; - sprintf(buf, "%s%d", REGPROG_DEF, i); + snprintf(buf, sizeof(buf), "%s%d", REGPROG_DEF, i); rarr[i].re_flg = 0; diff --git a/usr.sbin/i4b/isdnd/main.c b/usr.sbin/i4b/isdnd/main.c index ca4f78803801..fb519df0df56 100644 --- a/usr.sbin/i4b/isdnd/main.c +++ b/usr.sbin/i4b/isdnd/main.c @@ -479,7 +479,7 @@ error_exit(int exitval, const char *fmt, ...) signal(SIGCHLD, SIG_IGN); /* remove handler */ - sprintf(sbuffer, "%s%s%s%s%s%s%s%s", + snprintf(sbuffer, sizeof(sbuffer), "%s%s%s%s%s%s%s%s", "cat << ENDOFDATA | ", mailer, " -s \"i4b isdnd: fatal error, terminating\" ", @@ -773,7 +773,7 @@ reopenfiles(int dummy) { char filename[MAXPATHLEN]; - sprintf(filename, "%s%s", acctfile, rotatesuffix); + snprintf(filename, sizeof(filename), "%s%s", acctfile, rotatesuffix); if((rename(acctfile, filename)) != 0) { @@ -800,7 +800,7 @@ reopenfiles(int dummy) { char filename[MAXPATHLEN]; - sprintf(filename, "%s%s", logfile, rotatesuffix); + snprintf(filename, sizeof(filename), "%s%s", logfile, rotatesuffix); if((rename(logfile, filename)) != 0) { diff --git a/usr.sbin/i4b/isdnd/monitor.c b/usr.sbin/i4b/isdnd/monitor.c index dd6d2cd036d8..876d22b17e46 100644 --- a/usr.sbin/i4b/isdnd/monitor.c +++ b/usr.sbin/i4b/isdnd/monitor.c @@ -664,7 +664,7 @@ monitor_handle_connect(int sockfd, int is_local) char nbuf[64]; p = &cfg_entry_tab[i]; /* get ptr to enry */ - sprintf(nbuf, "%s%d ", bdrivername(p->usrdevicename), p->usrdeviceunit); + snprintf(nbuf, sizeof(nbuf), "%s%d ", bdrivername(p->usrdevicename), p->usrdeviceunit); I4B_PREP_CMD(ictrl, I4B_MON_IDEV_CODE); /*XXX*/ I4B_PUT_2B(ictrl, I4B_MON_IDEV_STATE, 1); diff --git a/usr.sbin/i4b/isdnd/pcause.c b/usr.sbin/i4b/isdnd/pcause.c index d31c56e8abff..a91e66eb0787 100644 --- a/usr.sbin/i4b/isdnd/pcause.c +++ b/usr.sbin/i4b/isdnd/pcause.c @@ -45,7 +45,7 @@ print_i4b_cause(cause_t code) { static char error_message[128]; - sprintf(error_message, "%d: ", GET_CAUSE_VAL(code)); + snprintf(error_message, sizeof(error_message), "%d: ", GET_CAUSE_VAL(code)); switch(GET_CAUSE_TYPE(code)) { diff --git a/usr.sbin/i4b/isdnd/rates.c b/usr.sbin/i4b/isdnd/rates.c index 27653734f959..127d630c15a4 100644 --- a/usr.sbin/i4b/isdnd/rates.c +++ b/usr.sbin/i4b/isdnd/rates.c @@ -91,7 +91,7 @@ int main( int argc, char **argv ) int readrates(char *filename) { - char buffer[1024]; + char buffer[MAXPATHLEN]; register char *bp; struct rates *rt, *ort; int rateindx; @@ -108,7 +108,7 @@ readrates(char *filename) if((fp = fopen(filename, "r")) == NULL) { - sprintf(error, "error open %s: %s", filename, sys_errlist[errno]); + snprintf(error, sizeof(error), "error open %s: %s", filename, sys_errlist[errno]); rate_error = error; return(WARNING); } @@ -140,12 +140,12 @@ readrates(char *filename) } else { - sprintf(error, "rates: invalid rate type %c%c%c in line %d", *bp, *(bp+1), *(bp+2), line); + snprintf(error, sizeof(error), "rates: invalid rate type %c%c%c in line %d", *bp, *(bp+1), *(bp+2), line); goto rate_error; } if (rateindx >= NRATES) { - sprintf(error, "rates: invalid rate index %d in line %d", rateindx, line); + snprintf(error, sizeof(error), "rates: invalid rate index %d in line %d", rateindx, line); goto rate_error; } @@ -159,7 +159,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: invalid day digit %c in line %d", *bp, line); + snprintf(error, sizeof(error), "rates: invalid day digit %c in line %d", *bp, line); goto rate_error; } @@ -168,7 +168,7 @@ readrates(char *filename) rt = (struct rates *)malloc(sizeof (struct rates)); if (rt == NULL) { - sprintf(error, "rates: cannot malloc space for rate structure"); + snprintf(error, sizeof(error), "rates: cannot malloc space for rate structure"); goto rate_error; } rt->next = NULL; @@ -202,7 +202,7 @@ readrates(char *filename) rt = (struct rates *)malloc(sizeof (struct rates)); if (rt == NULL) { - sprintf(error, "rates: cannot malloc space2 for rate structure"); + snprintf(error, sizeof(error), "rates: cannot malloc space2 for rate structure"); goto rate_error; } ort->next = rt; @@ -218,7 +218,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: start_hr error in line %d", line); + snprintf(error, sizeof(error), "rates: start_hr error in line %d", line); goto rate_error; } @@ -230,7 +230,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: no '.' after start_hr in line %d", line); + snprintf(error, sizeof(error), "rates: no '.' after start_hr in line %d", line); goto rate_error; } @@ -243,7 +243,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: start_min error in line %d", line); + snprintf(error, sizeof(error), "rates: start_min error in line %d", line); goto rate_error; } @@ -257,7 +257,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: no '-' after start_min in line %d", line); + snprintf(error, sizeof(error), "rates: no '-' after start_min in line %d", line); goto rate_error; } @@ -270,7 +270,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: end_hr error in line %d", line); + snprintf(error, sizeof(error), "rates: end_hr error in line %d", line); goto rate_error; } @@ -282,7 +282,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: no '.' after end_hr in line %d", line); + snprintf(error, sizeof(error), "rates: no '.' after end_hr in line %d", line); goto rate_error; } @@ -295,7 +295,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: end_min error in line %d", line); + snprintf(error, sizeof(error), "rates: end_min error in line %d", line); goto rate_error; } @@ -306,7 +306,7 @@ readrates(char *filename) if( rt->end_time <= rt->start_time ) { - sprintf(error, "rates: end_time must be greater then start_time %d", line); + snprintf(error, sizeof(error), "rates: end_time must be greater then start_time %d", line); goto rate_error; } @@ -318,7 +318,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: no ':' after end_min in line %d", line); + snprintf(error, sizeof(error), "rates: no ':' after end_min in line %d", line); goto rate_error; } @@ -332,7 +332,7 @@ readrates(char *filename) } else { - sprintf(error, "rates: first rate digit error in line %d", line); + snprintf(error, sizeof(error), "rates: first rate digit error in line %d", line); goto rate_error; }