replace sprintf all over the place

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1635 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-05-02 14:29:33 +00:00
parent 1495f52771
commit dd02a92a8b
55 changed files with 831 additions and 471 deletions
--- a/lib/auth/afskauthlib/verify.c
+++ b/lib/auth/afskauthlib/verify.c
@@ -64,7 +64,9 @@ afs_verify(char *name,

  if (krb_get_lrealm (lrealm, 1) != KFAILURE &&
      (pwd = k_getpwnam (name)) != NULL) {
-    sprintf (tkt_string, "%s%d_%d", TKT_ROOT, (int)pwd->pw_uid, (int)getpid());
+    snprintf (tkt_string, sizeof(tkt_string),
+	      "%s%d_%d", TKT_ROOT,
+	      (unsigned)pwd->pw_uid, (unsigned)getpid());
    krb_set_tkt_string (tkt_string);
    ret = krb_verify_user (name, "", lrealm, password, 1, NULL);
    if (ret == KSUCCESS) {
--- a/lib/auth/pam/pam.c
+++ b/lib/auth/pam/pam.c
@@ -105,7 +105,7 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)

    pmsg = &msg;
    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    sprintf(prompt, "%s's Password: ", user);
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
    msg.msg = prompt;

    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
@@ -116,8 +116,9 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
    {
 	char tkt[1024];
 	struct passwd *pw = getpwnam(user);
+
 	if(pw){
-	    sprintf(tkt, "%s%d", TKT_ROOT, pw->pw_uid);
+	    snprintf(tkt, sizeof(tkt), "%s%d", TKT_ROOT, pw->pw_uid);
 	    ret = doit(pamh, user, "", resp->resp, tkt);
 	    if(ret == PAM_SUCCESS)
 		chown(tkt, pw->pw_uid, pw->pw_gid);
@@ -155,7 +156,7 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
    }
    pmsg = &msg;
    msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    sprintf(prompt, "%s's Password: ", krb_unparse_name(&pr));
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
    msg.msg = prompt;

    ret = conv->conv(1, (const struct pam_message**)&pmsg, 
@@ -165,7 +166,8 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
    
    {
 	char tkt[1024];
-	sprintf(tkt, "%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
+
+	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
 	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
 	if(ret == PAM_SUCCESS)
 	    chown(tkt, pw->pw_uid, pw->pw_gid);
--- a/lib/auth/sia/sia.c
+++ b/lib/auth/sia/sia.c
@@ -198,8 +198,9 @@ siad_ses_authent(sia_collect_func_t *collect,

 	if(getpwnam_r(entity->name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
 	    return SIADFAIL;
-	sprintf((char*)entity->mech[pkgind], "%s%d_%d", 
-		TKT_ROOT, pwd->pw_uid, getpid());
+	snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
+		 "%s%d_%d", 
+		 TKT_ROOT, pwd->pw_uid, getpid());
 	krb_set_tkt_string((char*)entity->mech[pkgind]);
 	
 	krb_get_lrealm(realm, 1);
@@ -235,7 +236,7 @@ siad_ses_launch(sia_collect_func_t *collect,
    char buf[MaxPathLen];
    static char env[64];
    chown((char*)entity->mech[pkgind],entity->pwd->pw_uid, entity->pwd->pw_gid);
-    sprintf(env, "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
+    snprintf(env, sizeof(env), "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
    putenv(env);
    if (k_hasafs()) {
 	char cell[64];
@@ -294,18 +295,13 @@ siad_ses_suauthent(sia_collect_func_t *collect,
 	if(collect == NULL)
 	    return SIADFAIL;
 	setup_password(entity, &prompt);
-	prompt.prompt = malloc(strlen(toname) + strlen(toinst) + 
-			       strlen(realm) + sizeof("'s Password: ") + 2);
-	if(prompt.prompt == NULL)
+	asprintf (&prompt.prompt,
+		  "%s%s%s@%s's Password: ",
+		  toname, toinst[0] ? "." : "",
+		  toinst[0] ? toinst, "",
+		  realm);
+	if (prompt.prompt == NULL)
 	    return SIADFAIL;
-	strcpy(prompt.prompt, toname);
-	if(toinst[0]){
-	    strcat(prompt.prompt, ".");
-	    strcat(prompt.prompt, toinst);
-	}
-	strcat(prompt.prompt, "@");
-	strcat(prompt.prompt, realm);
-	strcat(prompt.prompt, "'s Password: ");
 	ret = (*collect)(0, SIAONELINER, (unsigned char*)"", 1, &prompt);
 	free(prompt.prompt);
 	if(ret != SIACOLSUCCESS)
@@ -319,8 +315,9 @@ siad_ses_suauthent(sia_collect_func_t *collect,
 	if(krb_kuserok(toname, toinst, realm, entity->name))
 	    return SIADFAIL;
 	
-	sprintf((char*)entity->mech[pkgind], "/tmp/tkt_%s_to_%s_%d", 
-		pwd->pw_name, topwd->pw_name, getpid());
+	snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
+		 "/tmp/tkt_%s_to_%s_%d", 
+		 pwd->pw_name, topwd->pw_name, getpid());
 	krb_set_tkt_string((char*)entity->mech[pkgind]);
 	ret = krb_verify_user(toname, toinst, realm, entity->password, 1, NULL);
 	if(ret){
--- a/lib/kafs/afssys.c
+++ b/lib/kafs/afssys.c
@@ -73,7 +73,7 @@ aix_setup(void)
    if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
 	strcpy(path, p);
    else
-	sprintf(path, "%s/afslib.so", LIBDIR);
+	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
 	
    ptr = dlopen(path, 0);
    if(ptr){
--- a/lib/kafs/kafs_locl.h
+++ b/lib/kafs/kafs_locl.h
@@ -83,6 +83,7 @@
 #ifdef HAVE_RESOLV_H
 #include <resolv.h>
 #endif
+#include <roken.h>

 #include <krb.h>
 #include <kafs.h>
--- a/lib/otp/otp.h
+++ b/lib/otp/otp.h
@@ -80,10 +80,10 @@ typedef struct {
 } OtpContext;

 OtpAlgorithm *otp_find_alg (char *name);
-void otp_print_stddict (OtpKey key, char *str);
-void otp_print_hex (OtpKey key, char *str);
-void otp_print_stddict_extended (OtpKey key, char *str);
-void otp_print_hex_extended (OtpKey key, char *str);
+void otp_print_stddict (OtpKey key, char *str, size_t sz);
+void otp_print_hex (OtpKey key, char *str, size_t sz);
+void otp_print_stddict_extended (OtpKey key, char *str, size_t sz);
+void otp_print_hex_extended (OtpKey key, char *str, size_t sz);
 unsigned otp_checksum (OtpKey key);
 int otp_parse_hex (OtpKey key, char *);
 int otp_parse_stddict (OtpKey key, char *);
--- a/lib/otp/otp_challenge.c
+++ b/lib/otp/otp_challenge.c
@@ -65,7 +65,9 @@ otp_challenge (OtpContext *ctx, char *user, char *str, size_t len)
  otp_db_close (dbm);
  if (ret)
    return ret;
-  sprintf (str, "[ otp-%s %u %s ]", ctx->alg->name, ctx->n-1, ctx->seed);
+  snprintf (str, len,
+	    "[ otp-%s %u %s ]",
+	    ctx->alg->name, ctx->n-1, ctx->seed);
  ctx->challengep = 1;
  return 0;
 }
--- a/lib/otp/otp_parse.c
+++ b/lib/otp/otp_parse.c
@@ -2183,7 +2183,7 @@ parse_words(unsigned wn[],
  return 0;
 }

-static
+static int
 otp_parse_internal (OtpKey key, char *str, OtpAlgorithm *alg,
 		    int (*convert)(char *, void *))
 {
--- a/lib/otp/otp_print.c
+++ b/lib/otp/otp_print.c
@@ -303,18 +303,6 @@ static char *std_dict[] =
 "YARD",  "YARN",  "YAWL", "YAWN",  "YEAH",  "YEAR",  "YELL",  "YOGA",
 "YOKE"                         };

-static char *
-add_word (char *s, unsigned n)
-{
-  char *w;
-
-  w = std_dict[n];
-  strcpy (s, w);
-  s += strlen(w);
-  *s++ = ' ';
-  return s;
-}
-
 unsigned
 otp_checksum (OtpKey key)
 {
@@ -331,38 +319,42 @@ otp_checksum (OtpKey key)
 }

 void
-otp_print_stddict (OtpKey key, char *str)
+otp_print_stddict (OtpKey key, char *str, size_t sz)
 {
  unsigned sum;

  sum = otp_checksum (key);
-  str = add_word (str, (key[0] << 3) | (key[1] >> 5));
-  str = add_word (str, ((key[1] & 0x1F) << 6) | (key[2] >> 2));
-  str = add_word (str, ((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7));
-  str = add_word (str, ((key[4] & 0x7F) << 4) | (key[5] >> 4));
-  str = add_word (str, ((key[5] & 0x0F) << 7) | (key[6] >> 1));
-  str = add_word (str, ((key[6] & 0x01) << 10) | (key[7] << 2) | sum);
-  *--str = '\0';
+  snprintf (str, sz,
+	    "%s %s %s %s %s %s",
+	    std_dict[(key[0] << 3) | (key[1] >> 5)],
+	    std_dict[((key[1] & 0x1F) << 6) | (key[2] >> 2)],
+	    std_dict[((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7)],
+	    std_dict[((key[4] & 0x7F) << 4) | (key[5] >> 4)],
+	    std_dict[((key[5] & 0x0F) << 7) | (key[6] >> 1)],
+	    std_dict[((key[6] & 0x01) << 10) | (key[7] << 2) | sum]);
 }

 void
-otp_print_hex (OtpKey key, char *str)
+otp_print_hex (OtpKey key, char *str, size_t sz)
 {
-  sprintf (str, "%02x%02x%02x%02x%02x%02x%02x%02x",
-	   key[0], key[1], key[2], key[3], 
-	   key[4], key[5], key[6], key[7]);
+  snprintf (str, sz,
+	    "%02x%02x%02x%02x%02x%02x%02x%02x",
+	    key[0], key[1], key[2], key[3], 
+	    key[4], key[5], key[6], key[7]);
 }

 void
-otp_print_hex_extended (OtpKey key, char *str)
+otp_print_hex_extended (OtpKey key, char *str, size_t sz)
 {
-  strcpy (str, OTP_HEXPREFIX);
-  otp_print_hex (key, str + strlen(OTP_HEXPREFIX));
+  strncpy (str, OTP_HEXPREFIX, sz);
+  str[sz-1] = '\0';
+  otp_print_hex (key, str + strlen(OTP_HEXPREFIX), sz - strlen(OTP_HEXPREFIX));
 }

 void
-otp_print_stddict_extended (OtpKey key, char *str)
+otp_print_stddict_extended (OtpKey key, char *str, size_t sz)
 {
-  strcpy (str, OTP_WORDPREFIX);
-  otp_print_stddict (key, str + strlen(OTP_WORDPREFIX));
+  strncpy (str, OTP_WORDPREFIX, sz);
+  str[sz-1] = '\0';
+  otp_print_stddict (key, str + strlen(OTP_WORDPREFIX), sz - strlen(OTP_WORDPREFIX));
 }
--- a/lib/otp/otptest.c
+++ b/lib/otp/otptest.c
@@ -46,13 +46,14 @@ RCSID("$Id$");
 #include <otp.h>

 static int
-test_one(OtpKey key1, char *name, char *val, void (*print)(OtpKey,char*),
+test_one(OtpKey key1, char *name, char *val,
+	 void (*print)(OtpKey,char*, size_t),
 	 OtpAlgorithm *alg)
 {
  char buf[256];
  OtpKey key2;

-  (*print)(key1, buf);
+  (*print)(key1, buf, sizeof(buf));
  printf ("%s: %s, ", name, buf);
  if (strcmp (buf, val) != 0) {
    printf ("failed(*%s* != *%s*)\n", buf, val);
--- a/lib/roken/Makefile.in
+++ b/lib/roken/Makefile.in
@@ -38,7 +38,7 @@ SOURCES = \
 	herror.c hstrerror.c inaddr2str.c inet_aton.c \
 	initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \
 	memmove.c mini_inetd.c putenv.c rcmd.c setegid.c setenv.c \
-	seteuid.c signal.c strcasecmp.c strchr.c strdup.c \
+	seteuid.c signal.c snprintf.c strcasecmp.c strchr.c strdup.c \
 	strerror.c strftime.c strlwr.c strnlen.c strrchr.c \
 	strupr.c tm2time.c unsetenv.c verify.c verr.c \
 	verrx.c vsyslog.c vwarn.c vwarnx.c warn.c warnx.c \
--- a/lib/roken/err.h
+++ b/lib/roken/err.h
@@ -49,7 +49,7 @@

 extern const char *__progname;

-#ifndef __GNUC__
+#if !defined(__GNUC__) && !defined(__attribute__)
 #define __attribute__(x)
 #endif

--- a/lib/roken/err.hin
+++ b/lib/roken/err.hin
@@ -49,7 +49,7 @@

 extern const char *__progname;

-#ifndef __GNUC__
+#if !defined(__GNUC__) && !defined(__attribute__)
 #define __attribute__(x)
 #endif

--- a/lib/roken/mini_inetd.c
+++ b/lib/roken/mini_inetd.c
@@ -94,6 +94,6 @@ mini_inetd (int port)
     close(s);
     dup2(s2, STDIN_FILENO);
     dup2(s2, STDOUT_FILENO);
-     /*     dup2(s2, STDERR_FILENO); */
+     dup2(s2, STDERR_FILENO);
     close(s2);
 }
--- a/lib/roken/resolve.c
+++ b/lib/roken/resolve.c
@@ -97,6 +97,7 @@ dns_free_data(struct dns_reply *r)
 	rr = rr->next;
 	free(tmp);
    }
+    free (r);
 }

 static struct dns_reply*
--- a/lib/roken/setenv.c
+++ b/lib/roken/setenv.c
@@ -60,12 +60,10 @@ setenv(const char *var, const char *val, int rewrite)
    if (!rewrite && getenv(var) != 0)
 	return 0;
  
-    if ((t = malloc(strlen(var) + strlen(val) + 2)) == 0)
+    asprintf (&t, "%s=%s", var, val);
+    if (t == NULL)
 	return -1;

-    strcpy(t, var);
-    strcat(t, "=");
-    strcat(t, val);
    if (putenv(t) == 0)
 	return 0;
    else
--- a/lib/roken/strerror.c
+++ b/lib/roken/strerror.c
@@ -54,7 +54,7 @@ strerror(int eno)
    static char emsg[1024];

    if(eno < 0 || eno >= sys_nerr)
-	sprintf(emsg, "Error %d occurred.", eno);
+	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
    else
 	strcpy(emsg, sys_errlist[eno]);