Date: Mon, 21 Feb 2000 15:31:36 -0800 (PST) From: Kris Kennaway <kris@FreeBSD.org> To: audit@freebsd.org Subject: hylafax patch (fwd) Message-ID: <Pine.BSF.4.21.0002211531150.33234-200000@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Does someone have the time to look this over?
Kris
----
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simpson
---------- Forwarded message ----------
Date: Mon, 21 Feb 2000 15:30:19 +0100
From: Alexander Langer <alex@big.endian.de>
To: kris@freebsd.org
Subject: hylafax patch
Hello!
These should *really* fix it.
I replaced almost all sprintf and the problematic strcpy/strcat ones.
Could you review it and maybe add?
Note: I did not send it to the hylafax-authors. Maybe you want to do this
later on.
Alex
--
I need a new ~/.sig.
[-- Attachment #2 --]
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxalter/faxalter.c++ ./faxalter/faxalter.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxalter/faxalter.c++ Sat Feb 14 11:48:38 1998
+++ ./faxalter/faxalter.c++ Sun Feb 20 22:19:27 2000
@@ -185,7 +185,7 @@
va_list ap;
va_start(ap, fmt0);
char fmt[1024];
- sprintf(fmt, "%s %s\n", groups ? "JGPARM" : "JPARM", fmt0);
+ snprintf(fmt, 1024, "%s %s\n", groups ? "JGPARM" : "JPARM", fmt0);
script.append(fxStr::vformat(fmt, ap));
va_end(ap);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ClassModem.c++ ./faxd/ClassModem.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ClassModem.c++ Sat Feb 14 11:49:16 1998
+++ ./faxd/ClassModem.c++ Sun Feb 20 22:19:27 2000
@@ -169,7 +169,7 @@
{
protoTrace("DIAL %s", number);
char buf[256];
- sprintf(buf, (const char*) conf.dialCmd, number);
+ snprintf(buf, 256, (const char*) conf.dialCmd, number);
emsg = "";
CallStatus cs = (atCmd(buf, AT_NOTHING) ? dialResponse(emsg) : FAILURE);
if (cs != OK && emsg == "")
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxMachineLog.c++ ./faxd/FaxMachineLog.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxMachineLog.c++ Sat Feb 14 11:49:21 1998
+++ ./faxd/FaxMachineLog.c++ Sun Feb 20 22:19:27 2000
@@ -77,7 +77,7 @@
timeval tv;
(void) gettimeofday(&tv, 0);
strftime(buf, sizeof (buf), "%h %d %T", localtime((time_t*) &tv.tv_sec));
- sprintf(buf+strlen(buf), ".%02u: [%5d]: ", tv.tv_usec / 10000, pid);
+ snprintf(buf+strlen(buf), 16*1024 - strlen(buf)".%02u: [%5d]: ", tv.tv_usec / 10000, pid);
/*
* Copy format string into a local buffer so
* that we can substitute for %m, a la syslog.
@@ -96,6 +96,6 @@
fmt.put(fp[0]);
}
fmt.put('\n'); fmt.put('\0');
- vsprintf(buf+strlen(buf), (const char*) fmt, ap);
+ vsnprintf(buf+strlen(buf), 16*1024 - strlen(buf), (const char*) fmt, ap);
(void) Sys::write(fd, buf, strlen(buf));
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxRecv.c++ ./faxd/FaxRecv.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxRecv.c++ Sat Feb 14 11:49:23 1998
+++ ./faxd/FaxRecv.c++ Sun Feb 20 22:19:27 2000
@@ -139,7 +139,7 @@
* number file to reflect the allocation.
*/
(void) flock(ftmp, LOCK_EX|LOCK_NB);
- sprintf(line, "%u", seqnum);
+ snprintf(line, 16, "%u", seqnum);
(void) lseek(fseqf, 0, SEEK_SET);
if (Sys::write(fseqf, line, strlen(line)) != strlen(line) ||
ftruncate(fseqf,strlen(line))) {
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxRequest.c++ ./faxd/FaxRequest.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/FaxRequest.c++ Sat Feb 14 11:49:24 1998
+++ ./faxd/FaxRequest.c++ Sun Feb 20 22:19:27 2000
@@ -679,7 +679,7 @@
FaxRequest::error(const char* fmt0 ...)
{
char fmt[128];
- sprintf(fmt, "%s: line %u: %s", (const char*) qfile, (u_int) lineno, fmt0);
+ snprintf(fmt, 128, "%s: line %u: %s", (const char*) qfile, (u_int) lineno, fmt0);
va_list ap;
va_start(ap, fmt0);
vlogError(fmt, ap);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/Job.c++ ./faxd/Job.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/Job.c++ Sat Feb 14 11:49:32 1998
+++ ./faxd/Job.c++ Sun Feb 20 22:19:27 2000
@@ -171,7 +171,7 @@
#define N(a) (sizeof (a) / sizeof (a[0]))
if ((u_int) status >= N(names)) {
static char s[30];
- sprintf(s, "status_%u", (u_int) status);
+ snprintf(s, 30, "status_%u", (u_int) status);
return (s);
} else
return (names[status]);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ModemServer.c++ ./faxd/ModemServer.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ModemServer.c++ Sat Feb 14 11:49:34 1998
+++ ./faxd/ModemServer.c++ Sun Feb 20 22:19:27 2000
@@ -604,7 +604,7 @@
} while (ftmp < 0 && errno == EEXIST && --ntry >= 0);
umask(omask);
if (ftmp >= 0) {
- sprintf(line, "%u", seqnum);
+ snprintf(line, 1024, "%u", seqnum);
(void) lseek(fseqf, 0, SEEK_SET);
if (Sys::write(fseqf, line, strlen(line)) != strlen(line) ||
ftruncate(fseqf,strlen(line)))
@@ -806,7 +806,7 @@
va_list ap;
va_start(ap, fmt0);
char fmt[256];
- sprintf(fmt, "MODEM %s", fmt0);
+ snprintf(fmt, 256, "MODEM %s", fmt0);
vtraceStatus(FAXTRACE_MODEMOPS, fmt, ap);
va_end(ap);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ServerConfig.c++ ./faxd/ServerConfig.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/ServerConfig.c++ Sat Feb 14 11:49:36 1998
+++ ./faxd/ServerConfig.c++ Sun Feb 20 22:19:27 2000
@@ -373,9 +373,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogError(fmt, ap);
}
@@ -384,9 +384,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogWarning(fmt, ap);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/UUCPLock.c++ ./faxd/UUCPLock.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/UUCPLock.c++ Mon Feb 21 15:19:44 2000
+++ ./faxd/UUCPLock.c++ Mon Feb 21 14:56:29 2000
@@ -313,7 +313,7 @@
AsciiUUCPLock::setPID(pid_t pid)
{
// XXX should this be %d or %ld? depends on pid_t
- sprintf((char*) data, "%*d\n", UUCP_PIDDIGITS, pid);
+ snprintf((char*) data, UUCP_PIDDIGITS+2, "%*d\n", UUCP_PIDDIGITS, pid);
}
fxBool
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/faxApp.c++ ./faxd/faxApp.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/faxApp.c++ Sat Feb 14 11:49:39 1998
+++ ./faxd/faxApp.c++ Sun Feb 20 22:19:27 2000
@@ -231,7 +231,7 @@
logError("fcntl: %m");
}
char msg[4096];
- vsprintf(msg, fmt, ap);
+ vsnprintf(msg, 4096, fmt, ap);
u_int len = strlen(msg)+1;
if (Sys::write(faxqfifo, msg, len) != len) {
if (errno == EBADF || errno == EPIPE) // reader expired
@@ -263,7 +263,7 @@
faxApp::sendModemStatus(const char* devid, const char* fmt0 ...)
{
char fmt[2*1024];
- sprintf(fmt, "+%s:%s", devid, fmt0);
+ snprintf(fmt, 2*1024, "+%s:%s", devid, fmt0);
va_list ap;
va_start(ap, fmt0);
fxBool ok = vsendQueuer(fmt, ap);
@@ -278,7 +278,7 @@
faxApp::sendJobStatus(const char* jobid, const char* fmt0 ...)
{
char fmt[2*1024];
- sprintf(fmt, "*%s:%s", jobid, fmt0);
+ snprintf(fmt, 2*1024, "*%s:%s", jobid, fmt0);
va_list ap;
va_start(ap, fmt0);
fxBool ok = vsendQueuer(fmt, ap);
@@ -293,7 +293,7 @@
faxApp::sendRecvStatus(const char* devid, const char* fmt0 ...)
{
char fmt[2*1024];
- sprintf(fmt, "@%s:%s", devid, fmt0);
+ snprintf(fmt, 2*1024, "@%s:%s", devid, fmt0);
va_list ap;
va_start(ap, fmt0);
fxBool ok = vsendQueuer(fmt, ap);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/faxQueueApp.c++ ./faxd/faxQueueApp.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/faxQueueApp.c++ Sat Feb 14 11:49:42 1998
+++ ./faxd/faxQueueApp.c++ Sun Feb 20 22:19:27 2000
@@ -971,10 +971,10 @@
* -m <maxpages> max pages to generate
* -1|-2 1d or 2d encoding
*/
- char rbuf[20]; sprintf(rbuf, "%u", params.verticalRes());
- char wbuf[20]; sprintf(wbuf, "%u", params.pageWidth());
- char lbuf[20]; sprintf(lbuf, "%d", params.pageLength());
- char mbuf[20]; sprintf(mbuf, "%u", dci.getMaxSendPages());
+ char rbuf[20]; snprintf(rbuf, 20, "%u", params.verticalRes());
+ char wbuf[20]; snprintf(wbuf, 20, "%u", params.pageWidth());
+ char lbuf[20]; snprintf(lbuf, 20, "%d", params.pageLength());
+ char mbuf[20]; snprintf(mbuf, 20, "%u", dci.getMaxSendPages());
const char* argv[30];
int ac = 0;
switch (req.op) {
@@ -2726,9 +2726,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogError(fmt, ap);
}
@@ -2737,9 +2737,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogWarning(fmt, ap);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/trigtest.c++ ./faxd/trigtest.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/faxd/trigtest.c++ Sat Feb 14 11:49:47 1998
+++ ./faxd/trigtest.c++ Mon Feb 21 14:57:20 2000
@@ -296,7 +296,7 @@
int fd, n;
char msg[256];
- sprintf(fifoName, "client/%u", getpid());
+ snprintf(fifoName, 80, "client/%u", getpid());
if (Sys::mkfifo(fifoName, 0666) < 0 && errno != EEXIST) {
perror("mkfifo");
exit(-1);
@@ -309,7 +309,7 @@
unlink(fifoName);
exit(-1);
}
- sprintf(msg, "T%s:N%s", fifoName, trigger);
+ snprintf(msg, 256, "T%s:N%s", fifoName, trigger);
send(msg, strlen(msg)+1);
for (;;) {
FD_ZERO(&rd);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/HylaFAXServer.c++ ./hfaxd/HylaFAXServer.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/HylaFAXServer.c++ Sat Feb 14 11:50:02 1998
+++ ./hfaxd/HylaFAXServer.c++ Sun Feb 20 22:19:27 2000
@@ -161,9 +161,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogError(fmt, ap);
}
@@ -172,9 +172,9 @@
{
char fmt[128];
if (module != NULL)
- sprintf(fmt, "%s: Warning, %s.", module, fmt0);
+ snprintf(fmt, 128, "%s: Warning, %s.", module, fmt0);
else
- sprintf(fmt, "Warning, %s.", fmt0);
+ snprintf(fmt, 128, "Warning, %s.", fmt0);
vlogWarning(fmt, ap);
}
@@ -530,7 +530,7 @@
filename, line);
seqnum = 1;
}
- sprintf(line, "%u", NEXTSEQNUM(seqnum+count));
+ snprintf(line, 1024, "%u", NEXTSEQNUM(seqnum+count));
lseek(fd, 0, SEEK_SET);
if (Sys::write(fd, line, strlen(line)) != strlen(line) ||
ftruncate(fd,strlen(line))) {
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/Jobs.c++ ./hfaxd/Jobs.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/Jobs.c++ Sat Feb 14 11:50:05 1998
+++ ./hfaxd/Jobs.c++ Sun Feb 20 22:19:27 2000
@@ -1646,7 +1646,7 @@
fprintf(fd, fspec, (const char*) job.company);
break;
case 'D':
- sprintf(tmpbuf, "%2u:%-2u", job.totdials, job.maxdials);
+ snprintf(tmpbuf, 20, "%2u:%-2u", job.totdials, job.maxdials);
fprintf(fd, fspec, tmpbuf);
break;
case 'E':
@@ -1683,7 +1683,7 @@
fprintf(fd, fspec, "N "[job.useccover]);
break;
case 'P':
- sprintf(tmpbuf, "%2u:%-2u", job.npages, job.totpages);
+ snprintf(tmpbuf, 20, "%2u:%-2u", job.npages, job.totpages);
fprintf(fd, fspec, tmpbuf);
break;
case 'Q':
@@ -1696,11 +1696,11 @@
fprintf(fd, fspec, (const char*) job.sender);
break;
case 'T':
- sprintf(tmpbuf, "%2u:%-2u", job.tottries, job.maxtries);
+ snprintf(tmpbuf, 20, "%2u:%-2u", job.tottries, job.maxtries);
fprintf(fd, fspec, tmpbuf);
break;
case 'U':
- sprintf(tmpbuf, "%.1f", job.chopthreshold);
+ snprintf(tmpbuf, 20, "%.1f", job.chopthreshold);
fprintf(fd, fspec, tmpbuf);
break;
case 'V':
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/OldProtocol.c++ ./hfaxd/OldProtocol.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/OldProtocol.c++ Mon Feb 21 15:19:44 2000
+++ ./hfaxd/OldProtocol.c++ Sun Feb 20 22:19:28 2000
@@ -352,8 +352,8 @@
OldProtocolServer::vsendClient(const char* tag, const char* fmt, va_list ap)
{
char buf[2048];
- sprintf(buf, "%s:", tag);
- vsprintf(strchr(buf,'\0'), fmt, ap);
+ snprintf(buf, 2048, "%s:", tag);
+ vsnprintf(strchr(buf,'\0'), 2048 - (strchr(buf, '\0') - buf), fmt, ap);
fprintf(stdout, "%s\n", buf);
if (TRACE(PROTOCOL))
logDebug("%s", buf);
@@ -472,19 +472,19 @@
buf[0] = '\0';
if (pwd->pw_gecos) {
if (pwd->pw_gecos[0] == '&') {
- strcpy(buf, pwd->pw_name);
- strcat(buf, pwd->pw_gecos+1);
+ strlcpy(buf, pwd->pw_name, 1024);
+ strlcat(buf, pwd->pw_gecos+1, 1024 - strlen(buf));
if (islower(buf[0]))
buf[0] = toupper(buf[0]);
} else
- strcpy(buf, pwd->pw_gecos);
+ strlcpy(buf, pwd->pw_gecos, 1024);
if ((cp = strchr(buf,',')) != 0)
*cp = '\0';
/* see FaxClient::setupUserIdentity; strip SysV junk */
if ((cp = strchr(buf,'(')) != 0)
*cp = '\0';
} else
- strcpy(buf, pwd->pw_name);
+ strlcpy(buf, pwd->pw_name, 1024);
if (TRACE(PROTOCOL)) {
if (*buf)
logDebug("%s user: \"%s\"", pwd->pw_name, buf);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/Status.c++ ./hfaxd/Status.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/hfaxd/Status.c++ Sat Feb 14 11:50:09 1998
+++ ./hfaxd/Status.c++ Sun Feb 20 22:19:28 2000
@@ -262,14 +262,14 @@
if (config.maxRecvPages == (u_int) -1)
strcpy(tmpbuf, "INF");
else
- sprintf(tmpbuf, "%u", config.maxRecvPages);
+ snprintf(tmpbuf, 20, "%u", config.maxRecvPages);
fprintf(fd, fspec, config.maxRecvPages);
break;
case 's':
fprintf(fd, fspec, (const char*) config.status);
break;
case 't':
- sprintf(tmpbuf, "%05x:%05x",
+ snprintf(tmpbuf, 20, "%05x:%05x",
config.tracingLevel&0xfffff,
config.logTracingLevel&0xfffff);
fprintf(fd, fspec, tmpbuf);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/man/config.4f ./man/config.4f
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/man/config.4f Sat Feb 14 11:50:46 1998
+++ ./man/config.4f Sun Feb 20 22:19:28 2000
@@ -1446,7 +1446,7 @@
The command to place a phone call.
The string is assumed to be suitable for use
as a parameter to the
-.IR sprintf (3S)
+.IR snprintf (3S)
function; so the ``%'' character should be escaped as ``%%''.
The dial command must include a single ``%s'' where the number
that is to be dialed is to be substituted.
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/port/syslog.c ./port/syslog.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/port/syslog.c Sat Feb 14 11:50:42 1998
+++ ./port/syslog.c Mon Feb 21 15:09:07 2000
@@ -88,7 +88,7 @@
register int cnt;
register char *p;
time_t now, time();
- int fd, saved_errno;
+ int fd, saved_errno, n;
char tbuf[2048], fmt_cpy[1024], *stdp, *ctime();
/* check for invalid bits or no priority set */
@@ -104,21 +104,21 @@
/* build the message */
(void)time(&now);
- (void)sprintf(tbuf, "<%d>%.15s ", pri, ctime(&now) + 4);
- for (p = tbuf; *p; ++p);
+ (void)snprintf(tbuf, 2048, "<%d>%.15s ", pri, ctime(&now) + 4);
+ for (p = tbuf, n=0; *p; ++p, n++);
if (LogStat & LOG_PERROR)
stdp = p;
if (LogTag) {
(void)strcpy(p, LogTag);
- for (; *p; ++p);
+ for (; *p; ++p, n++);
}
if (LogStat & LOG_PID) {
- (void)sprintf(p, "[%d]", getpid());
- for (; *p; ++p);
+ (void)snprintf(p, 2048 - n, "[%d]", getpid());
+ for (; *p; ++p, n++);
}
if (LogTag) {
- *p++ = ':';
- *p++ = ' ';
+ *p++ = ':'; n++;
+ *p++ = ' '; n++;
}
/* substitute error message for %m */
@@ -137,7 +137,7 @@
*t1 = '\0';
}
- (void)vsprintf(p, fmt_cpy, ap);
+ (void)vsnprintf(p, 2048 - n, fmt_cpy, ap);
cnt = strlen(tbuf);
@@ -170,7 +170,7 @@
* is the one from the syslogd failure.
*/
if ((fd = open(_PATH_CONSOLE, O_WRONLY, 0)) >= 0) {
- (void)strcat(tbuf, "\r\n");
+ (void)strlcat(tbuf, "\r\n", 2048);
cnt += 2;
p = index(tbuf, '>') + 1;
(void)write(fd, p, cnt - (p - tbuf));
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/port/vsyslog.c ./port/vsyslog.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/port/vsyslog.c Sat Feb 14 11:50:42 1998
+++ ./port/vsyslog.c Sun Feb 20 22:19:28 2000
@@ -49,6 +49,6 @@
*cp++ = c;
*cp = '\0';
}
- (void) vsprintf(tbuf, fmt_cpy, ap);
+ (void) vsnprintf(tbuf, 2048, fmt_cpy, ap);
(void) syslog(pri, "%s", tbuf);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/regex/engine.c ./regex/engine.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/regex/engine.c Sat Feb 14 11:48:19 1998
+++ ./regex/engine.c Sun Feb 20 22:19:28 2000
@@ -1065,9 +1065,9 @@
static char pbuf[10];
if (isprint(ch) || ch == ' ')
- sprintf(pbuf, "%c", ch);
+ snprintf(pbuf, 10, "%c", ch);
else
- sprintf(pbuf, "\\%o", ch);
+ snprintf(pbuf, 10, "\\%o", ch);
return(pbuf);
}
#endif
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/regex/regerror.c ./regex/regerror.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/regex/regerror.c Sat Feb 14 11:48:21 1998
+++ ./regex/regerror.c Mon Feb 21 15:03:31 2000
@@ -57,7 +57,7 @@
#endif
/* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int maxn);
#ifdef __cplusplus
}
@@ -126,7 +126,7 @@
char convbuf[50];
if (errcode == REG_ATOI)
- s = regatoi(preg, convbuf);
+ s = regatoi(preg, convbuf, 50);
else {
for (r = rerrs; r->code != 0; r++)
if (r->code == target)
@@ -134,9 +134,9 @@
if (errcode®_ITOA) {
if (r->code != 0)
- (void) strcpy(convbuf, r->name);
+ (void) strlcpy(convbuf, r->name, 50);
else
- sprintf(convbuf, "REG_0x%x", target);
+ snprintf(convbuf, 50, "REG_0x%x", target);
assert(strlen(convbuf) < sizeof(convbuf));
s = convbuf;
} else
@@ -161,9 +161,10 @@
== static char *regatoi(const regex_t *preg, char *localbuf);
*/
static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, maxn)
const regex_t *preg;
char *localbuf;
+int maxn;
{
register struct rerr *r;
@@ -173,6 +174,6 @@
if (r->code == 0)
return("0");
- sprintf(localbuf, "%d", r->code);
+ snprintf(localbuf, maxn, "%d", r->code);
return(localbuf);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/sgi2fax/imgtofax.c ./sgi2fax/imgtofax.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/sgi2fax/imgtofax.c Sat Feb 14 11:50:22 1998
+++ ./sgi2fax/imgtofax.c Sun Feb 20 22:19:28 2000
@@ -214,7 +214,7 @@
TIFFSetField(tif, TIFFTAG_PAGENUMBER, pn, npages);
TIFFSetField(tif, TIFFTAG_CLEANFAXDATA, CLEANFAXDATA_CLEAN);
{ char buf[1024];
- sprintf(buf, "Ditherered B&W version of %s", input);
+ snprintf(buf, 1024, "Ditherered B&W version of %s", input);
TIFFSetField(tif, TIFFTAG_IMAGEDESCRIPTION, buf);
}
TIFFSetField(tif, TIFFTAG_SOFTWARE, "sgi2fax");
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Class2Params.c++ ./util/Class2Params.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Class2Params.c++ Sat Feb 14 11:47:12 1998
+++ ./util/Class2Params.c++ Mon Feb 21 15:07:12 2000
@@ -59,14 +59,15 @@
}
static char*
-addParam(char* cp, u_int v)
+addParam(char* cp, u_int v, int *maxn)
{
if (v != (u_int)-1) {
- sprintf(cp, ",%u", v);
- while (*cp != '\0') cp++;
+ snprintf(cp, *maxn, ",%u", v);
+ while (*cp != '\0') { cp++; (*maxn)++; }
} else {
*cp++ = ',';
*cp = '\0';
+ (*maxn)++;
}
return (cp);
}
@@ -76,18 +77,19 @@
{
char buf[1024];
char* cp = buf;
+ int n = 1024;
if (vr != (u_int) -1) {
- sprintf(cp, "%u", vr);
- while (*cp != '\0') cp++;
+ snprintf(cp, n, "%u", vr);
+ while (*cp != '\0') { cp++; n-- };
}
- cp = addParam(cp, br);
- cp = addParam(cp, wd);
- cp = addParam(cp, ln);
- cp = addParam(cp, df);
- cp = addParam(cp, ec);
- cp = addParam(cp, bf);
- cp = addParam(cp, st);
+ cp = addParam(cp, br, &n);
+ cp = addParam(cp, wd, &n);
+ cp = addParam(cp, ln, &n);
+ cp = addParam(cp, df, &n);
+ cp = addParam(cp, ec, &n);
+ cp = addParam(cp, bf, &n);
+ cp = addParam(cp, st, &n);
return fxStr(buf);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/FaxClient.c++ ./util/FaxClient.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/FaxClient.c++ Sat Feb 14 11:47:16 1998
+++ ./util/FaxClient.c++ Sun Feb 20 22:19:28 2000
@@ -622,7 +622,7 @@
traceServer("-> ADMIN XXXX");
else {
char buf[128];
- sprintf(buf, "-> %s", fmt);
+ snprintf(buf, 128, "-> %s", fmt);
vtraceServer(buf, ap);
}
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/PageSize.c++ ./util/PageSize.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/PageSize.c++ Sat Feb 14 11:47:21 1998
+++ ./util/PageSize.c++ Sun Feb 20 22:19:28 2000
@@ -72,7 +72,7 @@
PageSizeInfo::readPageInfoFile()
{
char file[1024];
- sprintf(file, "%s/%s", FAX_LIBDATA, FAX_PAGESIZES);
+ snprintf(file, 1024, "%s/%s", FAX_LIBDATA, FAX_PAGESIZES);
PageInfoArray* info = new PageInfoArray;
FILE* fp = fopen(file, "r");
u_int lineno = 0;
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/SNPPClient.c++ ./util/SNPPClient.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/SNPPClient.c++ Sat Feb 14 11:47:25 1998
+++ ./util/SNPPClient.c++ Sun Feb 20 22:19:28 2000
@@ -638,7 +638,7 @@
traceServer("-> LOGI XXXX");
else {
char buf[128];
- sprintf(buf, "-> %s", fmt);
+ snprintf(buf, 128, "-> %s", fmt);
vtraceServer(buf, ap);
}
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/StackBuffer.c++ ./util/StackBuffer.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/StackBuffer.c++ Sat Feb 14 11:47:26 1998
+++ ./util/StackBuffer.c++ Sun Feb 20 22:19:28 2000
@@ -105,7 +105,7 @@
fxStackBuffer::vput(const char* fmt, va_list ap)
{
char buf[8*1024];
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, 8*1024, fmt, ap);
put(buf);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Str.c++ ./util/Str.c++
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Str.c++ Sat Feb 14 11:47:27 1998
+++ ./util/Str.c++ Sun Feb 20 22:19:28 2000
@@ -91,7 +91,7 @@
{
char buffer[NUMBUFSIZE];
if (!format) format = "%d";
- sprintf(buffer,format,a);
+ snprintf(buffer, NUMBUFSIZE, format,a);
slength = strlen(buffer) + 1;
data = (char*) malloc(slength);
memcpy(data,buffer,slength);
@@ -101,7 +101,7 @@
{
char buffer[NUMBUFSIZE];
if (!format) format = "%ld";
- sprintf(buffer,format,a);
+ snprintf(buffer, NUMBUFSIZE, format,a);
slength = strlen(buffer) + 1;
data = (char*) malloc(slength);
memcpy(data,buffer,slength);
@@ -111,7 +111,7 @@
{
char buffer[NUMBUFSIZE];
if (!format) format = "%g";
- sprintf(buffer,format,a);
+ snprintf(buffer, NUMBUFSIZE, format,a);
slength = strlen(buffer) + 1;
fxAssert(slength>1, "Str::Str(float): bogus conversion");
data = (char*) malloc(slength);
@@ -122,7 +122,7 @@
{
char buffer[NUMBUFSIZE];
if (!format) format = "%lg";
- sprintf(buffer,format,a);
+ snprintf(buffer, NUMBUFSIZE, format,a);
slength = strlen(buffer) + 1;
fxAssert(slength>1, "Str::Str(double): bogus conversion");
data = (char*) malloc(slength); // XXX assume slength>1
@@ -141,7 +141,7 @@
char buf[4096];
va_list ap;
va_start(ap, fmt);
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, 4096, fmt, ap);
va_end(ap);
return fxStr(buf);
}
@@ -150,7 +150,7 @@
fxStr::vformat(const char* fmt, va_list ap)
{
char buf[4096];
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, 4096, fmt, ap);
return fxStr(buf);
}
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Str.h ./util/Str.h
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/Str.h Sat Feb 14 11:47:50 1998
+++ ./util/Str.h Sun Feb 20 22:19:28 2000
@@ -93,8 +93,8 @@
fxStr(const fxTempStr&);
~fxStr();
- static fxStr format(const char* fmt ...); // sprintf sort of
- static fxStr vformat(const char* fmt, va_list ap); // vsprintf sort of
+ static fxStr format(const char* fmt ...); // snprintf sort of
+ static fxStr vformat(const char* fmt, va_list ap); // vsnprintf sort of
static fxStr null; // null string for general use
/////////////////////////////////////////////////////
u_long hash() const;
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxconfig.c ./util/faxconfig.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxconfig.c Mon Feb 21 15:19:44 2000
+++ ./util/faxconfig.c Sun Feb 20 22:19:28 2000
@@ -83,7 +83,7 @@
if (devid[0] == FAX_FIFO[0])
strcpy(fifoname, devid);
else
- sprintf(fifoname, "%s.%.*s", FAX_FIFO,
+ snprintf(fifoname, 80, "%s.%.*s", FAX_FIFO,
sizeof (fifoname) - sizeof (FAX_FIFO), devid);
} else
strcpy(fifoname, FAX_FIFO);
@@ -111,10 +111,10 @@
quote = 1;
cmd = malloc(strlen(argv[optind])+strlen(argv[optind+1])+10);
if (quote)
- sprintf(cmd, "C%s%s:\"%s\"",
+ snprintf(cmd, strlen(argv[optind])+strlen(argv[optind+1]+10, "C%s%s:\"%s\"",
isQueuer ? ":" : "", argv[optind], argv[optind+1]);
else
- sprintf(cmd, "C%s%s:%s",
+ snprintf(cmd, strlen(argv[optind]+strlen(argv[optind+1]+10)"C%s%s:%s",
isQueuer ? ":" : "", argv[optind], argv[optind+1]);
if (write(fifo, cmd, strlen(cmd)) != strlen(cmd))
fatal("%s: FIFO write failed for command (%s)",
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxmodem.c ./util/faxmodem.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxmodem.c Mon Feb 21 15:19:44 2000
+++ ./util/faxmodem.c Sun Feb 20 22:19:28 2000
@@ -243,9 +243,9 @@
if (optind != argc-1)
fatal("Missing modem device.\nusage: %s %s modem", argv[0], usage);
if (strncmp(argv[optind], _PATH_DEV, strlen(_PATH_DEV)) == 0)
- strcpy(devname, argv[optind]+strlen(_PATH_DEV));
+ strlcpy(devname, argv[optind]+strlen(_PATH_DEV), 80);
else
- strcpy(devname, argv[optind]);
+ strlcpy(devname, argv[optind], 80);
for (cp = devname; cp = strchr(cp, '/'); *cp++ = '_')
;
if (chdir(spooldir) < 0)
@@ -254,9 +254,9 @@
if (fifo < 0)
fatal("%s: open: %s", FAX_FIFO, strerror(errno));
if (priority != -1)
- sprintf(cmd, "+%s:R%c%08x:%x", devname, canpoll, caps, priority);
+ snprintf(cmd, 80, "+%s:R%c%08x:%x", devname, canpoll, caps, priority);
else
- sprintf(cmd, "+%s:R%c%08x", devname, canpoll, caps);
+ snprintf(cmd, 80, "+%s:R%c%08x", devname, canpoll, caps);
if (write(fifo, cmd, strlen(cmd)) != strlen(cmd))
fatal("%s: FIFO write failed for command (%s)",
argv[0], strerror(errno));
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxmsg.c ./util/faxmsg.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxmsg.c Mon Feb 21 15:19:44 2000
+++ ./util/faxmsg.c Sun Feb 20 22:19:28 2000
@@ -108,12 +108,12 @@
}
if (optind == argc-1) {
if (argv[optind][0] == FAX_FIFO[0])
- strcpy(fifoname, argv[optind]);
+ strlcpy(fifoname, argv[optind], 256);
else
- sprintf(fifoname, "%s.%.*s", FAX_FIFO,
+ snprintf(fifoname, 256, "%s.%.*s", FAX_FIFO,
sizeof (fifoname) - sizeof (FAX_FIFO), argv[optind]);
} else if (!modemRequired) {
- strcpy(fifoname, FAX_FIFO);
+ strlcpy(fifoname, FAX_FIFO, 256);
} else
fatal("usage: %s %s", argv[0], usage);
for (cp = fifoname; cp = strchr(cp, '/'); *cp++ = '_')
@@ -123,7 +123,7 @@
fifo = open(fifoname, O_WRONLY|O_NDELAY);
if (fifo < 0)
fatal("%s: open: %s", fifoname, strerror(errno));
- sprintf(cmd, cmdfmt, arg);
+ snprintf(cmd, 80, cmdfmt, arg);
if (write(fifo, cmd, strlen(cmd)) != strlen(cmd))
fatal("FIFO write failed for command (%s)", strerror(errno));
(void) close(fifo);
diff -ru /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxstate.c ./util/faxstate.c
--- /tmp/old/hylafax/work/hylafax-v4.0pl2/util/faxstate.c Mon Feb 21 15:19:44 2000
+++ ./util/faxstate.c Sun Feb 20 22:19:28 2000
@@ -113,7 +113,7 @@
}
if (optind != argc-1)
fatal("Bad option `%c'; usage: %s %s modem", c, argv[0], usage);
- strcpy(devid, argv[optind]);
+ strlcpy(devid, argv[optind], 256);
for (cp = devid; cp = strchr(cp, '/'); *cp++ = '_')
;
if (chdir(spooldir) < 0)
@@ -126,16 +126,16 @@
fifo = open(FAX_FIFO, O_WRONLY|O_NDELAY);
if (fifo < 0)
fatal("%s: open: %s", FAX_FIFO, strerror(errno));
- sprintf(cmd, "+%s:%s", devid, arg);
+ snprintf(cmd, 80, "+%s:%s", devid, arg);
if (write(fifo, cmd, strlen(cmd)) != strlen(cmd))
fatal("FIFO write failed for command (%s)", strerror(errno));
} else {
- sprintf(fifoname, "%s.%.*s", FAX_FIFO,
+ snprintf(fifoname, 256, "%s.%.*s", FAX_FIFO,
sizeof (fifoname) - sizeof (FAX_FIFO), devid);
fifo = open(fifoname, O_WRONLY|O_NDELAY);
if (fifo < 0)
fatal("%s: open: %s", fifoname, strerror(errno));
- sprintf(cmd, "S%s", arg);
+ snprintf(cmd, 80, "S%s", arg);
if (write(fifo, cmd, strlen(cmd)) != strlen(cmd))
fatal("FIFO write failed for command (%s)", strerror(errno));
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0002211531150.33234-200000>