Date: Mon, 4 Dec 2000 20:10:58 -0500 From: Will Andrews <will@physics.purdue.edu> To: audit@FreeBSD.org Subject: usr.bin audit patch Message-ID: <20001204201058.W570@puck.firepipe.net>
next in thread | raw e-mail | index | archive | help
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Hi guys,
This is a bit of auditing I did on usr.bin (about half of it anyway).
There's probably a lot of false positives here. Sorry for being a lame
auditer. Feel free to enlighten me. :-)
--
wca
--9jxsPFA5p3P2qPhR
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="usrbin.diff"
Index: apply/apply.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/apply/apply.c,v
retrieving revision 1.10
diff -u -r1.10 apply.c
--- apply/apply.c 2000/10/16 08:11:48 1.10
+++ apply/apply.c 2000/12/05 01:00:48
@@ -124,9 +124,9 @@
nargs = 1;
p = cmd;
- p += sprintf(cmd, "exec %s", argv[0]);
+ p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]);
for (i = 1; i <= nargs; i++)
- p += sprintf(p, " %c%d", magic, i);
+ p += snprintf(p, sizeof(p), " %c%d", magic, i);
/*
* If nargs set to the special value 0, eat a single
@@ -135,7 +135,7 @@
if (nargs == 0)
nargs = 1;
} else {
- (void)sprintf(cmd, "exec %s", argv[0]);
+ (void)snprintf(cmd, sizeof(cmd), "exec %s", argv[0]);
nargs = n;
}
@@ -165,7 +165,8 @@
/* Expand command argv references. */
for (p = cmd, q = c; *p != '\0'; ++p)
if (p[0] == magic && isdigit(p[1]) && p[1] != '0')
- q += sprintf(q, "%s", argv[(++p)[0] - '0']);
+ q += snprintf(q, sizeof(q), "%s",
+ argv[(++p)[0] - '0']);
else
*q++ = *p;
Index: ar/misc.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/ar/misc.c,v
retrieving revision 1.6
diff -u -r1.6 misc.c
--- ar/misc.c 1998/12/06 07:36:44 1.6
+++ ar/misc.c 2000/12/05 01:00:48
@@ -70,9 +70,9 @@
}
if (envtmp)
- (void)sprintf(path, "%s/%s", envtmp, _NAME_ARTMP);
+ snprintf(path, sizeof(path), "%s/%s", envtmp, _NAME_ARTMP);
else
- strcpy(path, _PATH_ARTMP);
+ strncpy(path, _PATH_ARTMP, sizeof(path));
sigfillset(&set);
(void)sigprocmask(SIG_BLOCK, &set, &oset);
Index: chat/chat.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/chat/chat.c,v
retrieving revision 1.15
diff -u -r1.15 chat.c
--- chat/chat.c 1999/11/25 07:28:54 1.15
+++ chat/chat.c 2000/12/05 01:00:48
@@ -951,11 +951,11 @@
c &= 0x7F;
if (c < 32)
- sprintf(string, "%s^%c", meta, (int)c + '@');
+ snprintf(string, sizeof(string), "%s^%c", meta, (int)c + '@');
else if (c == 127)
- sprintf(string, "%s^?", meta);
+ snprintf(string, sizeof(string), "%s^?", meta);
else
- sprintf(string, "%s%c", meta, c);
+ snprintf(string, sizeof(string), "%s%c", meta, c);
return (string);
}
Index: chkey/chkey.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/chkey/chkey.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 chkey.c
--- chkey/chkey.c 1997/05/28 15:54:04 1.1.1.1
+++ chkey/chkey.c 2000/12/05 01:00:48
@@ -247,7 +247,7 @@
{
char pkent[1024];
- (void)sprintf(pkent,"%s:%s", public, secret);
+ (void)snprintf(pkent, sizeof(pkent), "%s:%s", public, secret);
#ifdef YP
return (yp_update(domain, PKMAP, YPOP_STORE,
name, strlen(name), pkent, strlen(pkent)));
@@ -268,7 +268,7 @@
static struct passwd pw;
char *p;
- (void)sprintf(uidstr, "%d", uid);
+ snprintf(uidstr, sizeof(uidstr), "%d", uid);
if (yp_match(domain, "passwd.byuid", uidstr, strlen(uidstr),
&val, &vallen) != 0) {
return (NULL);
Index: chpass/edit.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/chpass/edit.c,v
retrieving revision 1.18
diff -u -r1.18 edit.c
--- chpass/edit.c 2000/09/06 18:16:46 1.18
+++ chpass/edit.c 2000/12/05 01:00:48
@@ -247,9 +247,9 @@
strlen(list[E_OTHER].save) + 5;
if (!(p = malloc(len)))
err(1, NULL);
- (void)sprintf(pw->pw_gecos = p, "%s,%s,%s,%s,%s", list[E_NAME].save,
- list[E_LOCATE].save, list[E_BPHONE].save, list[E_HPHONE].save,
- list[E_OTHER].save);
+ (void)snprintf(pw->pw_gecos = p, sizeof(p), "%s,%s,%s,%s,%s",
+ list[E_NAME].save, list[E_LOCATE].save, list[E_BPHONE].save,
+ list[E_HPHONE].save, list[E_OTHER].save);
while ((len = strlen(pw->pw_gecos)) && pw->pw_gecos[len - 1] == ',')
pw->pw_gecos[len - 1] = '\0';
Index: doscmd/ParseBuffer.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/ParseBuffer.c,v
retrieving revision 1.2
diff -u -r1.2 ParseBuffer.c
--- doscmd/ParseBuffer.c 1999/08/28 01:00:03 1.2
+++ doscmd/ParseBuffer.c 2000/12/05 01:00:48
@@ -58,7 +58,7 @@
_buf = malloc(buflen);
}
buf = _buf;
- strcpy(buf, obuf);
+ strncpy(buf, obuf, sizeof(buf));
a = av;
e = &av[mac];
Index: doscmd/debug.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/debug.c,v
retrieving revision 1.3
diff -u -r1.3 debug.c
--- doscmd/debug.c 1999/09/29 20:09:17 1.3
+++ doscmd/debug.c 2000/12/05 01:00:48
@@ -112,7 +112,7 @@
va_start (args, fmt);
vfprintf (debugf, fmt, args);
- vsprintf (buf, fmt, args);
+ vsnprintf (buf, sizeof(buf), fmt, args);
va_end (args);
tty_move(23, 0);
Index: doscmd/doscmd.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/doscmd.c,v
retrieving revision 1.14
diff -u -r1.14 doscmd.c
--- doscmd/doscmd.c 2000/06/23 08:57:17 1.14
+++ doscmd/doscmd.c 2000/12/05 01:00:48
@@ -707,7 +707,7 @@
fd = open_name(fullname, ext);
- strcpy(cmdname, name);
+ strncpy(cmdname, name, sizeof(cmdname));
if (*ext)
strcat(cmdname, ext);
return (fd);
Index: doscmd/exe.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/exe.c,v
retrieving revision 1.2
diff -u -r1.2 exe.c
--- doscmd/exe.c 1999/08/28 01:00:15 1.2
+++ doscmd/exe.c 2000/12/05 01:00:48
@@ -84,13 +84,13 @@
if (total + len >= 32 * 1024)
break;
total += len + 1;
- strcpy (p, env[i]);
+ strncpy (p, env[i], sizeof(p));
p += strlen (p) + 1;
}
*p++ = 0;
*(short *)p = strlen(cmdname);
p += 2;
- strcpy (p, cmdname);
+ strncpy (p, cmdname, sizeof(p));
while(*p) {
if (*p == '/')
*p = '\\';
Index: doscmd/i386-pinsn.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/i386-pinsn.c,v
retrieving revision 1.1
diff -u -r1.1 i386-pinsn.c
--- doscmd/i386-pinsn.c 1997/08/09 01:42:43 1.1
+++ doscmd/i386-pinsn.c 2000/12/05 01:00:48
@@ -957,7 +957,7 @@
{
/* fwait not followed by floating point instruction */
oappend ("fwait");
- strcpy (outbuf, obuf);
+ strncpy (outbuf, obuf, sizeof(outbuf));
return (1);
}
@@ -1053,7 +1053,7 @@
oappend (",");
oappend (third);
}
- strcpy (outbuf, obuf);
+ strncpy (outbuf, obuf, sizeof(outbuf));
return (codep - inbuf);
}
@@ -1332,7 +1332,7 @@
/* ARGSUSED */
OP_STi (ignore)
{
- sprintf (scratchbuf, "%%st(%d)", rm);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%st(%d)", rm);
oappend (scratchbuf);
}
@@ -1373,7 +1373,7 @@
oappend (s)
char *s;
{
- strcpy (obufp, s);
+ strncpy (obufp, s, sizeof(obufp));
obufp += strlen (s);
*obufp = 0;
}
@@ -1499,7 +1499,7 @@
if (mod != 0 || (aflag && rm == 5 || (havesib && base == 5))
|| (!aflag && rm == 6)) {
- sprintf (scratchbuf, "0x%x", disp);
+ snprintf (scratchbuf, sizeof(scratchbuf), "0x%x", disp);
oappend (scratchbuf);
}
@@ -1509,10 +1509,10 @@
oappend (aflag ? names32[base] : names16_pairs[base]);
if (havesib) {
if (index != 4) {
- sprintf (scratchbuf, ",%s", names32[index]);
+ snprintf (scratchbuf, sizeof(scratchbuf), ",%s", names32[index]);
oappend (scratchbuf);
}
- sprintf (scratchbuf, ",%d", 1 << scale);
+ snprintf (scratchbuf, sizeof(scratchbuf), ",%d", 1 << scale);
oappend (scratchbuf);
}
oappend (")");
@@ -1619,7 +1619,7 @@
oappend ("<internal disassembler error>");
return;
}
- sprintf (scratchbuf, "$0x%x", op);
+ snprintf (scratchbuf, sizeof(scratchbuf), "$0x%x", op);
oappend (scratchbuf);
}
@@ -1645,7 +1645,7 @@
oappend ("<internal disassembler error>");
return;
}
- sprintf (scratchbuf, "$0x%x", op);
+ snprintf (scratchbuf, sizeof(scratchbuf), "$0x%x", op);
oappend (scratchbuf);
}
@@ -1679,7 +1679,7 @@
append_pc(unsigned long pc)
{
- sprintf(scratchbuf, "%04x:%04x", pc >> 16, pc & 0xffff);
+ snprintf(scratchbuf, sizeof(scratchbuf), "%04x:%04x", pc >> 16, pc & 0xffff);
}
/* ARGSUSED */
@@ -1709,7 +1709,7 @@
offset = get16 ();
seg = get16 ();
}
- sprintf (scratchbuf, "%04x:%04x", seg, offset);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%04x:%04x", seg, offset);
oappend (scratchbuf);
break;
case v_mode:
@@ -1737,7 +1737,7 @@
else
off = get16 ();
- sprintf (scratchbuf, "0x%x", off);
+ snprintf (scratchbuf, sizeof(scratchbuf), "0x%x", off);
oappend (scratchbuf);
}
@@ -1767,7 +1767,7 @@
OP_C (dummy)
{
codep++; /* skip mod/rm */
- sprintf (scratchbuf, "%%cr%d", reg);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%cr%d", reg);
oappend (scratchbuf);
}
@@ -1775,7 +1775,7 @@
OP_D (dummy)
{
codep++; /* skip mod/rm */
- sprintf (scratchbuf, "%%db%d", reg);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%db%d", reg);
oappend (scratchbuf);
}
@@ -1783,7 +1783,7 @@
OP_T (dummy)
{
codep++; /* skip mod/rm */
- sprintf (scratchbuf, "%%tr%d", reg);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%tr%d", reg);
oappend (scratchbuf);
}
Index: doscmd/int17.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/doscmd/int17.c,v
retrieving revision 1.4
diff -u -r1.4 int17.c
--- doscmd/int17.c 1999/08/28 01:00:17 1.4
+++ doscmd/int17.c 2000/12/05 01:00:48
@@ -138,7 +138,7 @@
return;
}
} else {
- sprintf(printer_name, "/dev/lpt%d", printer);
+ snprintf(printer_name, sizeof(printer_name), "/dev/lpt%d", printer);
debug(D_PRINTER, "Opening device %s\n", printer_name);
if ((fd = open(printer_name, O_WRONLY)) < 0) {
perror(printer_name);
Index: ee/ee.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/ee/ee.c,v
retrieving revision 1.19
diff -u -r1.19 ee.c
--- ee/ee.c 2000/08/21 10:21:28 1.19
+++ ee/ee.c 2000/12/05 01:00:49
@@ -931,7 +931,7 @@
string = "^?";
else if (!eightbit)
{
- sprintf(string2, "<%d>", (character < 0) ? (character + 256) : character);
+ snprintf(string2, sizeof(string2), "<%d>", (character < 0) ? (character + 256) : character);
string = string2;
}
else
@@ -1585,7 +1585,7 @@
{
char buffer[256];
- sprintf(buffer, ">!%s", print_command);
+ snprintf(buffer, sizeof(buffer), ">!%s", print_command);
wmove(com_win, 0, 0);
wclrtoeol(com_win);
wprintw(com_win, printer_msg_str, print_command);
@@ -4133,7 +4133,7 @@
if (stat(file_name, &buf) != -1)
{
- sprintf(buffer, "%s.old", file_name);
+ snprintf(buffer, sizeof(buffer), "%s.old", file_name);
unlink(buffer);
link(file_name, buffer);
unlink(file_name);
@@ -4278,10 +4278,10 @@
return;
}
pid = getpid();
- sprintf(name, "/tmp/ee.%d", pid);
+ snprintf(name, sizeof(name), "/tmp/ee.%d", pid);
if (write_file(name))
{
- sprintf(string, "ispell %s", name);
+ snprintf(string, sizeof(string), "ispell %s", name);
sh_command(string);
delete_text();
tmp_file = name;
@@ -4590,21 +4590,29 @@
do
{
- sprintf(modes_menu[1].item_string, "%s %s", mode_strings[1],
+ snprintf(modes_menu[1].item_string,
+ sizeof(modes_menu[1].item_string), "%s %s", mode_strings[1],
(expand_tabs ? ON : OFF));
- sprintf(modes_menu[2].item_string, "%s %s", mode_strings[2],
+ snprintf(modes_menu[2].item_string,
+ sizeof(modes_menu[2].item_string), "%s %s", mode_strings[2],
(case_sen ? ON : OFF));
- sprintf(modes_menu[3].item_string, "%s %s", mode_strings[3],
+ snprintf(modes_menu[3].item_string,
+ sizeof(modes_menu[3].item_string), "%s %s", mode_strings[3],
(observ_margins ? ON : OFF));
- sprintf(modes_menu[4].item_string, "%s %s", mode_strings[4],
+ snprintf(modes_menu[4].item_string,
+ sizeof(modes_menu[4].item_string), "%s %s", mode_strings[4],
(auto_format ? ON : OFF));
- sprintf(modes_menu[5].item_string, "%s %s", mode_strings[5],
+ snprintf(modes_menu[5].item_string,
+ sizeof(modes_menu[5].item_string), "%s %s", mode_strings[5],
(eightbit ? ON : OFF));
- sprintf(modes_menu[6].item_string, "%s %s", mode_strings[6],
+ snprintf(modes_menu[6].item_string,
+ sizeof(modes_menu[6].item_string), "%s %s", mode_strings[6],
(info_window ? ON : OFF));
- sprintf(modes_menu[7].item_string, "%s %s", mode_strings[7],
+ snprintf(modes_menu[7].item_string,
+ sizeof(modes_menu[7].item_string), "%s %s", mode_strings[7],
(emacs_keys_mode ? ON : OFF));
- sprintf(modes_menu[8].item_string, "%s %d", mode_strings[8],
+ snprintf(modes_menu[8].item_string,
+ sizeof(modes_menu[8].item_string), "%s %d", mode_strings[8],
right_margin);
ret_value = menu_op(modes_menu);
@@ -4719,7 +4727,7 @@
return(name);
}
buffer = malloc(strlen(user->pw_dir) + strlen(slash) + 1);
- strcpy(buffer, user->pw_dir);
+ strncpy(buffer, user->pw_dir, sizeof(buffer));
strcat(buffer, slash);
}
else
Index: ee/new_curse.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/ee/new_curse.c,v
retrieving revision 1.4
diff -u -r1.4 new_curse.c
--- ee/new_curse.c 1999/09/06 07:33:51 1.4
+++ ee/new_curse.c 2000/12/05 01:00:49
@@ -794,7 +794,8 @@
{
Data_Line_len = 23 + strlen(TERM_PATH) + strlen(TERMINAL_TYPE);
Term_File_name = malloc(Data_Line_len);
- sprintf(Term_File_name, "%s/%c/%s", TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
+ snprintf(Term_File_name, sizeof(Term_File_name), "%s/%c/%s",
+ TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
Fildes = open(Term_File_name, O_RDONLY);
}
if (Fildes == -1)
@@ -802,7 +803,8 @@
TERM_PATH = "/usr/lib/terminfo";
Data_Line_len = 23 + strlen(TERM_PATH) + strlen(TERMINAL_TYPE);
Term_File_name = malloc(Data_Line_len);
- sprintf(Term_File_name, "%s/%c/%s", TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
+ snprintf(Term_File_name, sizeof(Term_File_name), "%s/%c/%s",
+ TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
Fildes = open(Term_File_name, O_RDONLY);
}
if (Fildes == -1)
@@ -810,7 +812,8 @@
TERM_PATH = "/usr/share/lib/terminfo";
Data_Line_len = 23 + strlen(TERM_PATH) + strlen(TERMINAL_TYPE);
Term_File_name = malloc(Data_Line_len);
- sprintf(Term_File_name, "%s/%c/%s", TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
+ snprintf(Term_File_name, sizeof(Term_File_name), "%s/%c/%s",
+ TERM_PATH, *TERMINAL_TYPE, TERMINAL_TYPE);
Fildes = open(Term_File_name, O_RDONLY);
}
if (Fildes == -1)
@@ -1095,7 +1098,7 @@
Spoint->element = (struct KEYS *) malloc(sizeof(struct KEYS));
Spoint->element->length = strlen(String_table[key_def]);
Spoint->element->string = malloc(Spoint->element->length + 1);
- strcpy(Spoint->element->string, String_table[key_def]);
+ strncpy(Spoint->element->string, String_table[key_def], sizeof(Spoint->element->string));
Spoint->element->value = Key_vals[Counter];
Klen = strlen(Spoint->element->string);
if (Klen > Max_Key_len)
@@ -1223,7 +1226,7 @@
char *Ftemp;
Ftemp = Name = malloc(strlen(TERMINAL_TYPE + 1) + 1);
- strcpy(Name, TERMINAL_TYPE);
+ strncpy(Name, TERMINAL_TYPE, sizeof(Name));
while (*Ftemp != (char)NULL)
Ftemp++;
*Ftemp++ = '|';
Index: hexdump/conv.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/hexdump/conv.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 conv.c
--- hexdump/conv.c 1994/05/27 12:31:41 1.1.1.1
+++ hexdump/conv.c 2000/12/05 01:00:49
@@ -86,7 +86,8 @@
*pr->cchar = 'c';
(void)printf(pr->fmt, *p);
} else {
- (void)sprintf(str = buf, "%03o", (int)*p);
+ str = buf;
+ snprintf(str, sizeof(str), "%03o", (int)*p);
strpr: *pr->cchar = 's';
(void)printf(pr->fmt, str);
}
Index: indent/args.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/indent/args.c,v
retrieving revision 1.3
diff -u -r1.3 args.c
--- indent/args.c 1999/08/28 01:02:10 1.3
+++ indent/args.c 2000/12/05 01:00:49
@@ -162,7 +162,7 @@
char fname[BUFSIZ];
static char prof[] = ".indent.pro";
- sprintf(fname, "%s/%s", getenv("HOME"), prof);
+ snprintf(fname, sizeof(fname), "%s/%s", getenv("HOME"), prof);
if ((f = fopen(option_source = fname, "r")) != NULL) {
scan_profile(f);
(void) fclose(f);
Index: indent/indent.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/indent/indent.c,v
retrieving revision 1.6
diff -u -r1.6 indent.c
--- indent/indent.c 2000/07/10 09:09:52 1.6
+++ indent/indent.c 2000/12/05 01:00:49
@@ -497,7 +497,7 @@
if (ps.in_decl && !ps.block_init)
if (troff && !ps.dumped_decl_indent && !is_procname && ps.last_token == decl) {
ps.dumped_decl_indent = 1;
- sprintf(e_code, "\n.Du %dp+\200p \"%s\"\n", dec_ind * 7, token);
+ snprintf(e_code, sizeof(e_code), "\n.Du %dp+\200p \"%s\"\n", dec_ind * 7, token);
e_code += strlen(e_code);
}
else {
@@ -567,7 +567,7 @@
*e_code++ = ' ';
if (troff && !ps.dumped_decl_indent && ps.in_decl && !is_procname) {
- sprintf(e_code, "\n.Du %dp+\200p \"%s\"\n", dec_ind * 7, token);
+ snprintf(e_code, sizeof(e_code), "\n.Du %dp+\200p \"%s\"\n", dec_ind * 7, token);
ps.dumped_decl_indent = 1;
e_code += strlen(e_code);
}
@@ -909,7 +909,7 @@
if (is_procname == 0 || !procnames_start_line) {
if (!ps.block_init)
if (troff && !ps.dumped_decl_indent) {
- sprintf(e_code, "\n.De %dp+\200p\n", dec_ind * 7);
+ snprintf(e_code, sizeof(e_code), "\n.De %dp+\200p\n", dec_ind * 7);
ps.dumped_decl_indent = 1;
e_code += strlen(e_code);
}
@@ -1155,7 +1155,7 @@
p--;
if (*p == '/')
p++;
- sprintf(bakfile, "%s.BAK", p);
+ snprintf(bakfile, sizeof(bakfile), "%s.BAK", p);
/* copy in_name to backup file */
bakchn = creat(bakfile, 0600);
Index: jot/jot.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/jot/jot.c,v
retrieving revision 1.14
diff -u -r1.14 jot.c
--- jot/jot.c 2000/07/10 05:57:29 1.14
+++ jot/jot.c 2000/12/05 01:00:49
@@ -140,11 +140,11 @@
boring = 1;
case 'w':
if ((*av)[2])
- strcpy(format, *av + 2);
+ strncpy(format, *av + 2, sizeof(format));
else if (!--ac)
errx(1, "need context word after -w or -b");
else
- strcpy(format, *++av);
+ strncpy(format, *++av, sizeof(format));
break;
case 's':
if ((*av)[2])
@@ -385,9 +385,9 @@
if (*p == '%' && *(p+1) != '%') /* leave %% alone */
break;
if (!*p && !chardata)
- sprintf(p, "%%.%df", prec);
+ snprintf(p, sizeof(p), "%%.%df", prec);
else if (!*p && chardata) {
- strcpy(p, "%c");
+ strncpy(p, "%c", sizeof(p));
intdata = 1;
} else if (!*(p+1))
strcat(format, "%"); /* cannot end in single '%' */
Index: lam/lam.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/lam/lam.c,v
retrieving revision 1.4
diff -u -r1.4 lam.c
--- lam/lam.c 2000/07/10 09:14:15 1.4
+++ lam/lam.c 2000/12/05 01:00:49
@@ -155,7 +155,7 @@
fmtp += strlen(fmtp) + 1;
if (fmtp > fmtbuf + BUFSIZ)
errx(1, "no more format space");
- sprintf(fmtp, "%%%ss", p);
+ snprintf(fmtp, sizeof(fmtp), "%%%ss", p);
ip->format = fmtp;
}
else
@@ -181,7 +181,7 @@
while (*p)
*lp++ = *p++;
if (ip->pad) {
- sprintf(lp, ip->format, "");
+ snprintf(lp, sizeof(lp), ip->format, "");
lp += strlen(lp);
}
return (lp);
@@ -213,7 +213,7 @@
p = ip->sepstring;
while (*p)
*lp++ = *p++;
- sprintf(lp, ip->format, s);
+ snprintf(lp, sizeof(lp), ip->format, s);
lp += strlen(lp);
return (lp);
}
Index: limits/limits.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/limits/limits.c,v
retrieving revision 1.8
diff -u -r1.8 limits.c
--- limits/limits.c 2000/03/26 14:37:47 1.8
+++ limits/limits.c 2000/12/05 01:00:49
@@ -320,11 +320,11 @@
rlim_t val;
/* current value overridden by resourcename or resourcename-cur */
- sprintf(str, "%s-cur", resources[rcswhich].cap);
+ snprintf(str, sizeof(str), "%s-cur", resources[rcswhich].cap);
val = resources[rcswhich].func(lc, resources[rcswhich].cap, limits[rcswhich].rlim_cur, limits[rcswhich].rlim_cur);
limits[rcswhich].rlim_cur = resources[rcswhich].func(lc, str, val, val);
/* maximum value overridden by resourcename or resourcename-max */
- sprintf(str, "%s-max", resources[rcswhich].cap);
+ snprintf(str, sizeof(str), "%s-max", resources[rcswhich].cap);
val = resources[rcswhich].func(lc, resources[rcswhich].cap, limits[rcswhich].rlim_max, limits[rcswhich].rlim_max);
limits[rcswhich].rlim_max = resources[rcswhich].func(lc, str, val, val);
}
@@ -466,9 +466,9 @@
char numbr[64];
if (limit == RLIM_INFINITY)
- strcpy(numbr, inf);
+ strncpy(numbr, inf, sizeof(numbr));
else
- sprintf(numbr, "%qd", (quad_t)((limit + divisor/2) / divisor));
+ snprintf(numbr, sizeof(numbr), "%qd", (quad_t)((limit + divisor/2) / divisor));
printf(pfx, which, numbr);
printf(sfx, which);
@@ -614,18 +614,18 @@
FILE * fp;
struct stat st;
char procdir[MAXPATHLEN], buf[128];
- int l = sprintf(procdir, "/proc/%ld/", (long)ppid);
+ int l = snprintf(procdir, sizeof(procdir), "/proc/%ld/", (long)ppid);
char * shell = getenv("SHELL");
if (shell != NULL && stat(shell, &st) != -1) {
struct stat st1;
- strcpy(procdir+l, "file");
+ strncpy(procdir+l, "file", sizeof(procdir+l));
/* $SHELL is actual shell? */
if (stat(procdir, &st1) != -1 && memcmp(&st, &st1, sizeof st) == 0)
return getshellbyname(shell);
}
- strcpy(procdir+l, "status");
+ strncpy(procdir+l, "status", sizeof(procdir+l));
if (stat(procdir, &st) == 0 && (fp = fopen(procdir, "r")) != NULL) {
char * p = fgets(buf, sizeof buf, fp)==NULL ? NULL : strtok(buf, " \t");
fclose(fp);
Index: mail/cmd1.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/mail/cmd1.c,v
retrieving revision 1.3
diff -u -r1.3 cmd1.c
--- mail/cmd1.c 1998/07/06 21:01:17 1.3
+++ mail/cmd1.c 2000/12/05 01:00:49
@@ -194,7 +194,7 @@
if (mp->m_flag & MBOX)
dispc = 'M';
parse(headline, &hl, pbuf);
- sprintf(wcount, "%3ld/%-5ld", mp->m_lines, mp->m_size);
+ snprintf(wcount, sizeof(wcount), "%3ld/%-5ld", mp->m_lines, mp->m_size);
subjlen = screenwidth - 50 - strlen(wcount);
name = value("show-rcpt") != NOSTR ?
skin(hfield("to", mp)) : nameof(mp, 0);
Index: mail/fio.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/mail/fio.c,v
retrieving revision 1.3
diff -u -r1.3 fio.c
--- mail/fio.c 2000/10/24 13:54:31 1.3
+++ mail/fio.c 2000/12/05 01:00:49
@@ -69,7 +69,7 @@
char linebuf[LINESIZE];
/* Get temporary file. */
- (void)sprintf(linebuf, "%s/mail.XXXXXX", tmpdir);
+ snprintf(linebuf, sizeof(linebuf), "%s/mail.XXXXXX", tmpdir);
if ((c = mkstemp(linebuf)) == -1 ||
(mestmp = Fdopen(c, "r+")) == NULL) {
errx(1, "can't open %s", linebuf);
@@ -341,12 +341,12 @@
/* fall through */
}
if (name[0] == '+' && getfold(cmdbuf) >= 0) {
- sprintf(xname, "%s/%s", cmdbuf, name + 1);
+ snprintf(xname, sizeof(xname), "%s/%s", cmdbuf, name + 1);
name = savestr(xname);
}
/* catch the most common shell meta character */
if (name[0] == '~' && (name[1] == '/' || name[1] == '\0')) {
- sprintf(xname, "%s%s", homedir, name + 1);
+ snprintf(xname, sizeof(xname),"%s%s", homedir, name + 1);
name = savestr(xname);
}
if (!anyof(name, "~{[*?$`'\"\\"))
@@ -355,7 +355,7 @@
perror("pipe");
return name;
}
- sprintf(cmdbuf, "echo %s", name);
+ snprintf(cmdbuf, sizeof(cmdbuf), "echo %s", name);
if ((shell = value("SHELL")) == NOSTR)
shell = _PATH_CSHELL;
pid = start_command(shell, 0, -1, pivec[1], "-c", cmdbuf, NOSTR);
@@ -406,9 +406,9 @@
if ((folder = value("folder")) == NOSTR)
return (-1);
if (*folder == '/')
- strcpy(name, folder);
+ strncpy(name, folder, sizeof(name));
else
- sprintf(name, "%s/%s", homedir, folder);
+ snprintf(name, sizeof(name), "%s/%s", homedir, folder);
return (0);
}
@@ -425,7 +425,7 @@
else if (*cp != '/') {
char buf[PATHSIZE];
- (void) sprintf(buf, "~/%s", cp);
+ snprintf(buf, sizeof(buf), "~/%s", cp);
cp = expand(buf);
}
return cp;
Index: mail/lex.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/mail/lex.c,v
retrieving revision 1.8
diff -u -r1.8 lex.c
--- mail/lex.c 2000/11/27 07:32:29 1.8
+++ mail/lex.c 2000/12/05 01:00:49
@@ -128,9 +128,9 @@
}
shudclob = 1;
edit = isedit;
- strcpy(prevfile, mailname);
+ strncpy(prevfile, mailname, sizeof(prevfile));
if (name != mailname)
- strcpy(mailname, name);
+ strncpy(mailname, name, sizeof(mailname));
mailsize = fsize(ibuf);
if ((otf = fopen(tempMesg, "w")) == NULL) {
perror(tempMesg);
@@ -616,7 +616,7 @@
if (getfold(fname) >= 0) {
strcat(fname, "/");
if (strncmp(fname, mailname, strlen(fname)) == 0) {
- sprintf(zname, "+%s", mailname + strlen(fname));
+ snprintf(zname, sizeof(zname), "+%s", mailname + strlen(fname));
ename = zname;
}
}
Index: mail/v7.local.c
===================================================================
RCS file: /cvs/FreeBSD/src/usr.bin/mail/v7.local.c,v
retrieving revision 1.2
diff -u -r1.2 v7.local.c
--- mail/v7.local.c 1996/10/06 01:55:32 1.2
+++ mail/v7.local.c 2000/12/05 01:00:49
@@ -58,9 +58,9 @@
char *tmp = getenv("MAIL");
if (tmp == NULL)
- (void)sprintf(buf, "%s/%s", _PATH_MAILDIR, user);
+ snprintf(buf, sizeof(buf), "%s/%s", _PATH_MAILDIR, user);
else
- (void)strcpy(buf, tmp);
+ strncpy(buf, tmp, sizeof(buf));
}
/*
--9jxsPFA5p3P2qPhR--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001204201058.W570>