replace sprintf all over the place

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1635 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/ftp/ftp/ftp.c

@@ -208,11 +208,11 @@ login(char *host)
 	    char prompt[128];
 	    if(myname && 
 	       (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
-		sprintf(defaultpass, "%s@%s", myname, mydomain);
+		snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain);
-		sprintf(prompt, "Password (%s): ", defaultpass);
+		snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass);
 	    }else{
 		strcpy(defaultpass, "");
-		sprintf(prompt, "Password: ");
+		snprintf(prompt, sizeof(prompt), "Password: ");
 	    }
 	    pass = defaultpass;
 	    des_read_pw_string (tmp, sizeof(tmp), prompt, 0);
@@ -1140,15 +1140,11 @@ abort:
 int
 initconn(void)
 {
-    char *p, *a;
     int result, len, tmpno = 0;
     int on = 1;
     int a0, a1, a2, a3, p0, p1;
 
     if (passivemode) {
-	u_int32_t tmpaddr;
-	u_int16_t tmpport;
-
 	data = socket(AF_INET, SOCK_STREAM, 0);
 	if (data < 0) {
 	    perror("ftp: socket");
@@ -1644,7 +1640,7 @@ abort_remote(FILE *din)
      * send IAC in urgent mode instead of DM because 4.3BSD places oob mark
      * after urgent byte rather than before as is protocol now
      */
-    sprintf(buf, "%c%c%c", IAC, IP, IAC);
+    snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC);
     if (send(fileno(cout), buf, 3, MSG_OOB) != 3)
 	warn("abort");
     fprintf(cout,"%cABOR\r\n", DM);

appl/ftp/ftp/kauth.c

@@ -101,7 +101,7 @@ void kauth(int argc, char **argv)
     for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
     *p = 0;
     
-    sprintf(buf, "Password for %s:", name);
+    snprintf(buf, sizeof(buf), "Password for %s:", name);
     if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
         *passwd = '\0';
     des_string_to_key (passwd, &key);

appl/ftp/ftp/krb4.c

@@ -510,12 +510,14 @@ int krb4_write_enc(FILE *F, char *fmt, va_list ap)
     char *p;
     char buf[1024];
     char enc[1024];
-    vsprintf(buf, fmt, ap);
+
+    vsnprintf(buf, sizeof(buf), fmt, ap);
     len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key, 
 		      &myctladdr, &hisctladdr);
     base64_encode(enc, len, &p);
 
     fprintf(F, "ENC %s", p);
+    free (p);
     return 0;
 }
 

appl/ftp/ftp/ruserpass.c

@@ -79,7 +79,7 @@ ruserpass(char *host, char **aname, char **apass, char **aacct)
 	hdir = getenv("HOME");
 	if (hdir == NULL)
 		hdir = ".";
-	sprintf(buf, "%s/.netrc", hdir);
+	snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
 	cfile = fopen(buf, "r");
 	if (cfile == NULL) {
 		if (errno != ENOENT)
@@ -127,8 +127,7 @@ next:
 		case LOGIN:
 			if (token())
 				if (*aname == 0) { 
-					*aname = malloc((unsigned) strlen(tokval) + 1);
+					*aname = strdup(tokval);
-					strcpy(*aname, tokval);
 				} else {
 					if (strcmp(*aname, tokval))
 						goto next;
@@ -143,8 +142,7 @@ next:
 				goto bad;
 			}
 			if (token() && *apass == 0) {
-				*apass = malloc((unsigned) strlen(tokval) + 1);
+				*apass = strdup(tokval);
-				strcpy(*apass, tokval);
 			}
 			break;
 		case ACCOUNT:
@@ -155,8 +153,7 @@ next:
 				goto bad;
 			}
 			if (token() && *aacct == 0) {
-				*aacct = malloc((unsigned) strlen(tokval) + 1);
+				*aacct = strdup(tokval);
-				strcpy(*aacct, tokval);
 			}
 			break;
 		case MACDEF:

appl/ftp/ftpd/ftpcmd.y

@@ -1288,11 +1288,10 @@ copy(char *s)
 {
 	char *p;
 
-	p = malloc((unsigned) strlen(s) + 1);
+	p = strdup(s);
 	if (p == NULL)
 		fatal("Ran out of memory.");
-	strcpy(p, s);
+	return p;
-	return (p);
 }
 
 static void
@@ -1327,11 +1326,11 @@ help(struct tab *ctab, char *s)
 			columns = 1;
 		lines = (NCMDS + columns - 1) / columns;
 		for (i = 0; i < lines; i++) {
-		    sprintf(buf, "   ");
+		    strcpy (buf, "   ");
 		    for (j = 0; j < columns; j++) {
 			c = ctab + j * lines + i;
-			sprintf(buf + strlen(buf), "%s%c", c->name,
+			snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf),
-				c->implemented ? ' ' : '*');
+				  "%s%c", c->name, c->implemented ? ' ' : '*');
 			if (c + lines >= &ctab[NCMDS])
 			    break;
 			w = strlen(c->name) + 1;

appl/ftp/ftpd/ftpd.c

@@ -301,7 +301,8 @@ main(int argc, char **argv)
 
 	/* detach from any tickets and tokens */
 
-	sprintf(tkfile, "/tmp/ftp_%u", (unsigned int)getpid());
+	snprintf(tkfile, sizeof(tkfile),
+		 "/tmp/ftp_%u", (unsigned)getpid());
 	krb_set_tkt_string(tkfile);
 	if(k_hasafs())
 	    k_setpag();
@@ -412,7 +413,7 @@ main(int argc, char **argv)
 	debug = 0;
 
 	/* set this here so it can be put in wtmp */
-	sprintf(ttyline, "ftp%u", (unsigned)getpid());
+	snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
 
 
 	/*	freopen(_PATH_DEVNULL, "w", stderr); */
@@ -493,15 +494,14 @@ lostconn(int signo)
 static char *
 sgetsave(char *s)
 {
-	char *new = malloc((unsigned) strlen(s) + 1);
+	char *new = strdup(s);
 
 	if (new == NULL) {
 		perror_reply(421, "Local resource failure: malloc");
 		dologout(1);
 		/* NOTREACHED */
 	}
-	strcpy(new, s);
+	return new;
-	return (new);
 }
 
 /*
@@ -785,10 +785,10 @@ int do_login(int code, char *passwd)
 	if (guest) {
 		reply(code, "Guest login ok, access restrictions apply.");
 #ifdef HAVE_SETPROCTITLE
-		sprintf(proctitle, "%s: anonymous/%.*s", remotehost,
+		snprintf (proctitle, sizeof(proctitle),
-		    sizeof(proctitle) - sizeof(remotehost) -
+			  "%s: anonymous/%s",
-		    sizeof(": anonymous/"), passwd);
+			  remotehost,
-		setproctitle(proctitle);
+			  passwd);
 #endif /* HAVE_SETPROCTITLE */
 		if (logging)
 			syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
@@ -798,7 +798,7 @@ int do_login(int code, char *passwd)
 	} else {
 		reply(code, "User %s logged in.", pw->pw_name);
 #ifdef HAVE_SETPROCTITLE
-		sprintf(proctitle, "%s: %s", remotehost, pw->pw_name);
+		snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
 		setproctitle(proctitle);
 #endif /* HAVE_SETPROCTITLE */
 		if (logging)
@@ -943,15 +943,9 @@ retrieve(char *cmd, char *name)
 			char *tail = name + strlen(name) - strlen(p->ext);
 			
 			if(strcmp(tail, p->ext) == 0){
-			    strncpy(line, p->cmd, sizeof(line));
+			    snprintf (line, sizeof(line),
-			    line[sizeof(line) - 1] = '\0';
+				      "%s%s",
-			    strncat(line, name, sizeof(line)-strlen(line));
+				      p->cmd, name);
-			    line[sizeof(line) - 1] = '\0';
-			    line[strlen(line) - strlen(p->ext)] = 0; 
-#if 0
-			    sprintf(line, p->cmd, name);
-			    /* XXX */
-#endif
 			    break;
 			}
 		    }
@@ -966,7 +960,8 @@ retrieve(char *cmd, char *name)
 		    }
 		}
 	} else {
-		sprintf(line, cmd, name), name = line;
+		snprintf(line, sizeof(line), cmd, name);
+		name = line;
 		fin = ftpd_popen(line, "r", 1, 0);
 		closefunc = ftpd_pclose;
 		st.st_size = -1;
@@ -1183,7 +1178,7 @@ dataconn(char *name, off_t size, char *mode)
 	file_size = size;
 	byte_count = 0;
 	if (size != (off_t) -1)
-		sprintf(sizebuf, " (%ld bytes)", size);
+		snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size);
 	else
 		strcpy(sizebuf, "");
 	if (pdata >= 0) {
@@ -1448,7 +1443,7 @@ statfilecmd(char *filename)
 	int c;
 	char line[LINE_MAX];
 
-	sprintf(line, "/bin/ls -la %s", filename);
+	snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
 	fin = ftpd_popen(line, "r", 1, 0);
 	lreply(211, "status of %s:", filename);
 	while ((c = getc(fin)) != EOF) {
@@ -1544,12 +1539,12 @@ int_reply(int n, char *c, const char *fmt, va_list ap)
   char *p;
   p=buf;
   if(n){
-      sprintf(p, "%d%s", n, c);
+      snprintf(p, sizeof(buf), "%d%s", n, c);
       p+=strlen(p);
   }
-  vsprintf(p, fmt, ap);
+  vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
   p+=strlen(p);
-  sprintf(p, "\r\n");
+  snprintf(p, sizeof(buf) - strlen(p), "\r\n");
   p+=strlen(p);
   auth_printf("%s", buf);
   fflush(stdout);
@@ -1719,7 +1714,7 @@ dolog(struct sockaddr_in *sin)
 {
 	inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
 #ifdef HAVE_SETPROCTITLE
-	sprintf(proctitle, "%s: connected", remotehost);
+	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
 	setproctitle(proctitle);
 #endif /* HAVE_SETPROCTITLE */
 
@@ -1867,11 +1862,8 @@ gunique(char *local)
 	}
 	if (cp)
 		*cp = '/';
-	strcpy(new, local);
-	cp = new + strlen(new);
-	*cp++ = '.';
 	for (count = 1; count < 100; count++) {
-		sprintf(cp, "%d", count);
+		snprintf (new, sizeof(new), "%s.%d", local, count);
 		if (stat(new, &st) < 0)
 			return (new);
 	}
@@ -1958,7 +1950,7 @@ send_file_list(char *whichf)
 	  goto out;
 	transflag++;
       }
-      sprintf(buf, "%s%s\n", dirname,
+      snprintf(buf, sizeof(buf), "%s%s\n", dirname,
 	      type == TYPE_A ? "\r" : "");
       auth_write(fileno(dout), buf, strlen(buf));
       byte_count += strlen(dirname) + 1;
@@ -1977,7 +1969,7 @@ send_file_list(char *whichf)
       if (!strcmp(dir->d_name, ".."))
 	continue;
 
-      sprintf(nbuf, "%s/%s", dirname, dir->d_name);
+      snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
 
       /*
        * We have to do a stat to insure it's
@@ -1992,11 +1984,11 @@ send_file_list(char *whichf)
 	  transflag++;
 	}
 	if(strncmp(nbuf, "./", 2) == 0)
-	  sprintf(buf, "%s%s\n", nbuf +2,
+	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
-		  type == TYPE_A ? "\r" : "");
+		   type == TYPE_A ? "\r" : "");
 	else
-	  sprintf(buf, "%s%s\n", nbuf,
+	  snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
-		  type == TYPE_A ? "\r" : "");
+		   type == TYPE_A ? "\r" : "");
 	auth_write(fileno(dout), buf, strlen(buf));
 	byte_count += strlen(nbuf) + 1;
       }
@@ -2031,7 +2023,11 @@ find(char *pattern)
 {
     char line[1024];
     FILE *f;
-    sprintf(line, "/bin/locate -d %s %s", ftp_rooted("/etc/locatedb"), pattern);
+
+    snprintf(line, sizeof(line),
+	     "/bin/locate -d %s %s",
+	     ftp_rooted("/etc/locatedb"),
+	     pattern);
     f = ftpd_popen(line, "r", 1, 1);
     if(f == NULL){
 	perror_reply(550, "/bin/locate");

appl/ftp/ftpd/krb4.c

@@ -175,8 +175,8 @@ int krb4_mic(char *msg)
 	return -1;
     }
     
-    tmp = strdup(msg);
+    tmp = malloc(strlen(msg) + 1);
-    sprintf(tmp, "%.*s", (int)m_data.app_length, m_data.app_data);
+    snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
     if(!strstr(tmp, "\r\n"))
 	strcat(tmp, "\r\n");
     new_ftp_command(tmp);
@@ -217,7 +217,7 @@ int krb4_enc(char *msg)
     }
     
     tmp = strdup(msg);
-    sprintf(tmp, "%.*s", (int)m_data.app_length, m_data.app_data);
+    snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
     if(!strstr(tmp, "\r\n"))
 	strcat(tmp, "\r\n");
     new_ftp_command(tmp);

appl/ftp/ftpd/popen.c

@@ -86,10 +86,11 @@ ftp_rooted(const char *path)
     static char home[MaxPathLen] = "";
     static char newpath[MaxPathLen];
     struct passwd *pwd;
+
     if(!home[0])
 	if((pwd = k_getpwnam("ftp")))
 	    strcpy(home, pwd->pw_dir);
-    sprintf(newpath, "%s/%s", home, path);
+    snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
     if(access(newpath, X_OK))
 	strcpy(newpath, path);
     return newpath;

appl/kx/common.c

@@ -159,7 +159,8 @@ get_xsockets (int *unix_socket, int *tcp_socket)
 	     err (1, "socket AF_UNIX");
 	 memset (&unixaddr, 0, sizeof(unixaddr));
 	 unixaddr.sun_family = AF_UNIX;
-	 sprintf (unixaddr.sun_path, X_UNIX_PATH "%u", dpy);
+	 snprintf (unixaddr.sun_path, sizeof(unixaddr.sun_path),
+		   X_UNIX_PATH "%u", dpy);
 	 if(bind(unixfd,
 		 (struct sockaddr *)&unixaddr,
 		 sizeof(unixaddr)) < 0) {
@@ -225,7 +226,8 @@ connect_local_xsocket (unsigned dnr)
      if (fd < 0)
 	 err (1, "socket AF_UNIX");
      addr.sun_family = AF_UNIX;
-     sprintf (addr.sun_path, "/tmp/.X11-unix/X%u", dnr);
+     snprintf (addr.sun_path, sizeof(addr.sun_path),
+	       X_UNIX_PATH "%u", dnr);
      if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
 	 err (1, "connect");
      return fd;
@@ -249,7 +251,7 @@ create_and_write_cookie (char *xauthfile,
      auth.family = FamilyLocal;
      auth.address = hostname;
      auth.address_length = strlen(auth.address);
-     sprintf (tmp, "%d", display_num);
+     snprintf (tmp, sizeof(tmp), "%d", display_num);
      auth.number_length = strlen(tmp);
      auth.number = tmp;
      auth.name = COOKIE_TYPE;

appl/kx/kx.c

@@ -418,9 +418,9 @@ doit_active (char *host, char *user,
 	return 1;
     display_num = tmp;
     if (tcpp)
-	sprintf (display, "localhost:%u", display_num);
+	snprintf (display, display_size, "localhost:%u", display_num);
     else
-	sprintf (display, ":%u", display_num);
+	snprintf (display, display_size, ":%u", display_num);
     strncpy(xauthfile, tempnam("/tmp", NULL), xauthfile_size);
     if (create_and_write_cookie (xauthfile, cookie, cookie_len))
 	return 1;

appl/kx/kxd.c

@@ -338,9 +338,9 @@ doit(int sock, int tcpp)
 	       return 1;
 	  display_num = tmp;
 	  if (tcpp)
-	       sprintf (display, "localhost:%u", display_num);
+	       snprintf (display, display_size, "localhost:%u", display_num);
 	  else
-	       sprintf (display, ":%u", display_num);
+	       snprintf (display, display_size, ":%u", display_num);
 	  strncpy(xauthfile, tempnam("/tmp", NULL), xauthfile_size);
 	  if(create_and_write_cookie (xauthfile, cookie, cookie_len))
 	       return 1;

appl/login/utmpx_login.c

@@ -65,7 +65,7 @@ utmpx_login(char *line, char *user, char *host)
         struct utmpx newut;
 	memset(&newut, 0, sizeof(newut));
 	newut.ut_pid = mypid;
-	sprintf(newut.ut_id, "lo%04x", mypid);
+	snprintf(newut.ut_id, sizeof(newut.ut_id), "lo%04x", (unsigned)mypid);
         utmpx_update(&newut, line, user, host);
 	ret = 0;
     }

appl/otp/otp.c

@@ -94,10 +94,11 @@ renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
   strncpy (newctx.seed, argv[1], sizeof(newctx.seed));
   newctx.seed[sizeof(newctx.seed) - 1] = '\0';
   strlwr(newctx.seed);
-  sprintf (prompt, "[ otp-%s %u %s ]",
+  snprintf (prompt, sizeof(prompt),
-	   newctx.alg->name,
+	    "[ otp-%s %u %s ]",
-	   newctx.n, 
+	    newctx.alg->name,
-	   newctx.seed);
+	    newctx.n, 
+	    newctx.seed);
   if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 &&
       otp_parse (newctx.key, pw, alg) == 0) {
     ctx = &newctx;
@@ -132,7 +133,7 @@ verify_user_otp(char *username)
     return 1; 
   }
 
-  sprintf (prompt, "%s's %s Password: ", username, ss);
+  snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
   des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0);
   return otp_verify_user (&ctx, passwd);
 }

appl/otp/otpprint.c

@@ -54,7 +54,7 @@ print (int argc,
        char **argv,
        int count,
        OtpAlgorithm *alg,
-       void (*print_fn)(OtpKey, char *))
+       void (*print_fn)(OtpKey, char *, size_t))
 {
   char pw[64];
   OtpKey key;
@@ -74,7 +74,7 @@ print (int argc,
 
     alg->next (key);
     if (i >= n - count) {
-      (*print_fn)(key, s);
+      (*print_fn)(key, s, sizeof(s));
       printf ("%d: %s\n", i + 1, s);
     }
   }
@@ -88,7 +88,7 @@ main (int argc, char **argv)
   int count = 10;
   int hexp = 0;
   int extendedp = 0;
-  void (*fn)(OtpKey, char *);
+  void (*fn)(OtpKey, char *, size_t);
   OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
 
   set_progname (argv[0]);

appl/popper/pop_dropcopy.c

@@ -26,7 +26,7 @@ pop_dropcopy(POP *p, struct passwd *pwp)
     int                     nchar;                  /*  Bytes written/read */
 
     /*  Create a temporary maildrop into which to copy the updated maildrop */
-    sprintf(p->temp_drop,POP_DROP,p->user);
+    snprintf(p->temp_drop, sizeof(p->temp_drop), POP_DROP,p->user);
 
 #ifdef DEBUG
     if(p->debug)

appl/popper/pop_msg.c

@@ -24,10 +24,8 @@ pop_msg(POP *p, int stat, char *format, ...)
     mp = message;
 
     /*  Format the POP status code at the beginning of the message */
-    if (stat == POP_SUCCESS)
+    snprintf (mp, sizeof(message), "%s ",
-        sprintf (mp,"%s ",POP_OK);
+	      (stat == POP_SUCCESS) ? POP_OK : POP_ERR);
-    else
-        sprintf (mp,"%s ",POP_ERR);
 
     /*  Point past the POP status indicator in the message message */
     mp += strlen(mp);

appl/popper/pop_pass.c

@@ -49,7 +49,8 @@ pop_pass (POP *p)
 			      "Password supplied for \"%s\" is incorrect.",
 			      p->user));
 
-	 sprintf (tkt, TKT_ROOT "_popper.%d", (int)getpid());
+	 snprintf (tkt, sizeof(tkt),
+		   TKT_ROOT "_popper.%u", (unsigned)getpid());
 	 krb_set_tkt_string (tkt);
 	 if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
 	     ;
@@ -78,7 +79,7 @@ pop_pass (POP *p)
     }
 
     /*  Build the name of the user's maildrop */
-    sprintf(p->drop_name, "%s/%s", POP_MAILDIR, p->user);
+    snprintf(p->drop_name, sizeof(p->drop_name), "%s/%s", POP_MAILDIR, p->user);
 
     /*  Make a temporary copy of the user's maildrop */
     /*    and set the group and user id */

appl/popper/pop_xover.c

@@ -15,7 +15,7 @@ pop_xover (POP *p)
     /*  Loop through the message information list.  Skip deleted messages */
     for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
         if (!mp->del_flag) 
-            fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%lu\r\n",
+            fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%u\r\n",
 		    mp->number,
 		    mp->subject,
 		    mp->from,

appl/telnet/libtelnet/auth.c

@@ -642,7 +642,7 @@ auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
     buf[buflen-2] = '*';
     buflen -= 2;
     for (; cnt > 0; cnt--, data++) {
-	sprintf((char *)tbuf, " %d", *data);
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
 	for (cp = tbuf; *cp && buflen > 0; --buflen)
 	    *buf++ = *cp++;
 	if (buflen <= 0)

appl/telnet/libtelnet/enc_des.c

@@ -464,28 +464,28 @@ void fb64_printsub(unsigned char *data, int cnt,
 
 	switch(data[2]) {
 	case FB64_IV:
-		sprintf(lbuf, "%s_IV", type);
+		snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
 		cp = lbuf;
 		goto common;
 
 	case FB64_IV_OK:
-		sprintf(lbuf, "%s_IV_OK", type);
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
 		cp = lbuf;
 		goto common;
 
 	case FB64_IV_BAD:
-		sprintf(lbuf, "%s_IV_BAD", type);
+		snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
 		cp = lbuf;
 		goto common;
 
 	default:
-		sprintf(lbuf, " %d (unknown)", data[2]);
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
 		cp = lbuf;
 	common:
 		for (; (buflen > 0) && (*buf = *cp++); buf++)
 			buflen--;
 		for (i = 3; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 			for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
 				buflen--;
 		}

appl/telnet/libtelnet/encrypt.c

@@ -953,7 +953,7 @@ void encrypt_gen_printsub(unsigned char *data, int cnt,
     buf[buflen-2] = '*';
     buflen -= 2;;
     for (; cnt > 0; cnt--, data++) {
-	sprintf(tbuf, " %d", *data);
+	snprintf(tbuf, sizeof(tbuf), " %d", *data);
 	for (cp = tbuf; *cp && buflen > 0; --buflen)
 	    *buf++ = *cp++;
 	if (buflen <= 0)

appl/telnet/libtelnet/forward.c

@@ -418,7 +418,7 @@ rd_and_store_for_creds(inbuf, ticket, lusername)
 	return -1;
     }
 
-    sprintf(ccname, "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
+    snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
 
     if (retval = krb5_cc_resolve(ccname, &ccache)) {
 	return(retval);

appl/telnet/libtelnet/kerberos.c

@@ -74,6 +74,7 @@ RCSID("$Id$");
 #include <pwd.h>
 #include <stdlib.h>
 #include <string.h>
+#include <roken.h>
 
 #include "encrypt.h"
 #include "auth.h"
@@ -304,27 +305,27 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
 	if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
 	    char ts[MaxPathLen];
 	    struct passwd *pw = getpwnam(UserNameRequested);
+
 	    if(pw){
-		sprintf(ts, "%s%d", TKT_ROOT, pw->pw_uid);
+		snprintf(ts, sizeof(ts), "%s%u", TKT_ROOT, pw->pw_uid);
 		setenv("KRBTKFILE", ts, 1);
 	    }
 	    Data(ap, KRB_ACCEPT, NULL, 0);
 	} else {
-	    char *msg = malloc(ANAME_SZ + 1 + INST_SZ +
+	    char *msg;
-			       REALM_SZ +
+
-			       strlen(UserNameRequested) + 80);
+	    asprintf (&msg, "user `%s' is not authorized to "
-	    
+		      "login as `%s'", 
+		      krb_unparse_name_long(adat.pname, 
+					    adat.pinst, 
+					    adat.prealm), 
+		      UserNameRequested);
 	    if (msg == NULL)
 		Data(ap, KRB_REJECT, NULL, 0);
-	    sprintf (msg, "user `%s' is not authorized to "
+	    else {
-		     "login as `%s'", 
+		Data(ap, KRB_REJECT, (void *)msg, -1);
-		     krb_unparse_name_long(adat.pname, 
+		free(msg);
-					   adat.pinst, 
+	    }
-					   adat.prealm), 
-		     UserNameRequested);
-	    
-	    Data(ap, KRB_REJECT, (void *)msg, -1);
-	    free(msg);
 	}
 	auth_finished(ap, AUTH_USER);
 	break;
@@ -367,7 +368,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
 	{
 	    des_key_schedule ks;
 	    unsigned char netcred[sizeof(CREDENTIALS)];
-	    char *msg;
 	    CREDENTIALS cred;
 	    int ret;
 	    if(cnt > sizeof(cred))
@@ -538,12 +538,12 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 	goto common2;
 
     default:
-	sprintf(lbuf, " %d (unknown)", data[3]);
+	snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
 	strncpy((char *)buf, lbuf, buflen);
     common2:
 	BUMP(buf, buflen);
 	for (i = 4; i < cnt; i++) {
-	    sprintf(lbuf, " %d", data[i]);
+	    snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 	    strncpy((char *)buf, lbuf, buflen);
 	    BUMP(buf, buflen);
 	}
@@ -589,7 +589,6 @@ kerberos4_cksum(unsigned char *d, int n)
 static int
 pack_cred(CREDENTIALS *cred, unsigned char *buf)
 {
-    int l;
     unsigned char *p = buf;
     
     p += krb_put_nir(cred->service, cred->instance, cred->realm, p);

appl/telnet/libtelnet/kerberos5.c

@@ -512,12 +512,12 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
 #endif	/* FORWARD */
 
     default:
-	sprintf(lbuf, " %d (unknown)", data[3]);
+	snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
 	strncpy((char *)buf, lbuf, buflen);
     common2:
 	BUMP(buf, buflen);
 	for (i = 4; i < cnt; i++) {
-	    sprintf(lbuf, " %d", data[i]);
+	    snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 	    strncpy((char *)buf, lbuf, buflen);
 	    BUMP(buf, buflen);
 	}

appl/telnet/libtelnet/krb4encpwd.c

@@ -255,7 +255,7 @@ krb4encpwd_is(ap, data, cnt)
 		  int i;
 
 		  time(&now);
-		  sprintf(challenge, "%x", now);
+		  snprintf(challenge, sizeof(challenge), "%x", now);
 		  Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
 		}
 		break;
@@ -389,12 +389,12 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
 		goto common2;
 
 	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
 		strncpy((char *)buf, lbuf, buflen);
 	common2:
 		BUMP(buf, buflen);
 		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 			strncpy((char *)buf, lbuf, buflen);
 			BUMP(buf, buflen);
 		}

appl/telnet/libtelnet/rsaencpwd.c

@@ -258,7 +258,7 @@ rsaencpwd_is(ap, data, cnt)
 
 		  time(&now);
 		  if ((now % 2) == 0) {
-		    sprintf(challenge, "%x", now);
+		    snprintf(challenge, sizeof(challenge), "%x", now);
 		    challenge_len = strlen(challenge);
 		  } else {
 		    strcpy(challenge, "randchal");
@@ -440,12 +440,12 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
 		goto common2;
 
 	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
 		strncpy((char *)buf, lbuf, buflen);
 	common2:
 		BUMP(buf, buflen);
 		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 			strncpy((char *)buf, lbuf, buflen);
 			BUMP(buf, buflen);
 		}

appl/telnet/libtelnet/spx.c

@@ -556,12 +556,12 @@ spx_printsub(data, cnt, buf, buflen)
 		goto common2;
 
 	default:
-		sprintf(lbuf, " %d (unknown)", data[3]);
+		snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
 		strncpy((char *)buf, lbuf, buflen);
 	common2:
 		BUMP(buf, buflen);
 		for (i = 4; i < cnt; i++) {
-			sprintf(lbuf, " %d", data[i]);
+			snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
 			strncpy((char *)buf, lbuf, buflen);
 			BUMP(buf, buflen);
 		}

appl/telnet/telnet/commands.c

@@ -1658,9 +1658,8 @@ env_init()
 			hbuf[256] = '\0';
 		}
 
-		cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
+		asprintf (&cp, "%s%s", hbuf, cp2);
-		sprintf((char *)cp, "%s%s", hbuf, cp2);
+		free (ep->value);
-		free(ep->value);
 		ep->value = (unsigned char *)cp;
 	}
 	/*

appl/telnet/telnet/telnet.c

@@ -735,8 +735,9 @@ suboption()
 	    name = gettermname();
 	    len = strlen(name) + 4 + 2;
 	    if (len < NETROOM()) {
-		sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+		snprintf((char *)temp, sizeof(temp),
-				TELQUAL_IS, name, IAC, SE);
+			 "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
+			 TELQUAL_IS, name, IAC, SE);
 		ring_supply_data(&netoring, temp, len);
 		printsub('>', &temp[2], len-2);
 	    } else {
@@ -757,8 +758,9 @@ suboption()
 
 	    TerminalSpeeds(&ispeed, &ospeed);
 
-	    sprintf((char *)temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
+	    snprintf((char *)temp, sizeof(temp),
-		    TELQUAL_IS, ospeed, ispeed, IAC, SE);
+		     "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
+		     TELQUAL_IS, ospeed, ispeed, IAC, SE);
 	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
 
 	    if (len < NETROOM()) {
@@ -862,8 +864,9 @@ suboption()
 		send_wont(TELOPT_XDISPLOC, 1);
 		break;
 	    }
-	    sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+	    snprintf((char *)temp, sizeof(temp),
-		    TELQUAL_IS, dp, IAC, SE);
+		     "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
+		     TELQUAL_IS, dp, IAC, SE);
 	    len = strlen((char *)temp+4) + 4;	/* temp[3] is 0 ... */
 
 	    if (len < NETROOM()) {

appl/telnet/telnet/utilities.c

@@ -625,12 +625,13 @@ printsub(char direction, unsigned char *pointer, int length)
 		}
 		{
 		    char tbuf[64];
-		    sprintf(tbuf, "%s%s%s%s%s",
+		    snprintf(tbuf, sizeof(tbuf),
-			pointer[2]&MODE_EDIT ? "|EDIT" : "",
+			     "%s%s%s%s%s",
-			pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
+			     pointer[2]&MODE_EDIT ? "|EDIT" : "",
-			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+			     pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
-			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			     pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
-			pointer[2]&MODE_ACK ? "|ACK" : "");
+			     pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+			     pointer[2]&MODE_ACK ? "|ACK" : "");
 		    fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0");
 		}
 		if (pointer[2]&~(MODE_MASK))

appl/telnet/telnetd/slc.c

@@ -159,8 +159,9 @@ start_slc(getit)
 	slcchange = 0;
 	if (getit)
 		init_termbuf();
-	sprintf((char *)slcbuf, "%c%c%c%c",
+	snprintf((char *)slcbuf, sizeof(slcbuf),
-					IAC, SB, TELOPT_LINEMODE, LM_SLC);
+		 "%c%c%c%c",
+		 IAC, SB, TELOPT_LINEMODE, LM_SLC);
 	slcptr = slcbuf + 4;
 
 }  /* end of start_slc */
@@ -200,7 +201,8 @@ end_slc(bufp)
 			*bufp = &slcbuf[4];
 			return(slcptr - slcbuf - 4);
 		} else {
-			sprintf((char *)slcptr, "%c%c", IAC, SE);
+			snprintf((char *)slcptr, sizeof(slcbuf) - (slcptr - slcbuf),
+				 "%c%c", IAC, SE);
 			slcptr += 2;
 			len = slcptr - slcbuf;
 			writenet(slcbuf, len);

appl/telnet/telnetd/state.c

@@ -436,7 +436,8 @@ send_do(int option, int init)
 			set_his_want_state_will(option);
 		do_dont_resp[option]++;
 	}
-	sprintf(nfrontp, (char *)doopt, option);
+	snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+		 (char *)doopt, option);
 	nfrontp += sizeof (dont) - 2;
 
 	DIAG(TD_OPTIONS, printoption("td: send do", option));
@@ -655,7 +656,8 @@ send_dont(int option, int init)
 		set_his_want_state_wont(option);
 		do_dont_resp[option]++;
 	}
-	sprintf(nfrontp, (char *)dont, option);
+	snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+		 (char *)dont, option);
 	nfrontp += sizeof (doopt) - 2;
 
 	DIAG(TD_OPTIONS, printoption("td: send dont", option));
@@ -802,7 +804,8 @@ send_will(int option, int init)
 		set_my_want_state_will(option);
 		will_wont_resp[option]++;
 	}
-	sprintf(nfrontp, (char *)will, option);
+	snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+		 (char *)will, option);
 	nfrontp += sizeof (doopt) - 2;
 
 	DIAG(TD_OPTIONS, printoption("td: send will", option));
@@ -959,7 +962,8 @@ send_wont(int option, int init)
 		set_my_want_state_wont(option);
 		will_wont_resp[option]++;
 	}
-	sprintf(nfrontp, (char *)wont, option);
+	snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+		 (char *)wont, option);
 	nfrontp += sizeof (wont) - 2;
 
 	DIAG(TD_OPTIONS, printoption("td: send wont", option));
@@ -1355,7 +1359,9 @@ suboption(void)
 	    env_ovar_wrong:
 			env_ovar = OLD_ENV_VALUE;
 			env_ovalue = OLD_ENV_VAR;
-			DIAG(TD_OPTIONS, {sprintf(nfrontp,
+			DIAG(TD_OPTIONS, {snprintf(nfrontp,
+						   BUFSIZ -
+						   (nfrontp - netobuf),
 				"ENVIRON VALUE and VAR are reversed!\r\n");
 				nfrontp += strlen(nfrontp);});
 

appl/telnet/telnetd/sys_term.c

@@ -357,7 +357,7 @@ char *line_nodev;
 char *line_notty;
 
 #ifdef	CRAY
-char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
 #endif	/* CRAY */
 
 #ifndef HAVE_PTSNAME
@@ -392,9 +392,9 @@ set_utid(void)
     /* Derive utmp ID from pty slave number */
     if(isdigit(line_notty[0]) && sscanf(line_notty, "%d", &ptynum) == 1)
 	
-	sprintf(utid, "tn%02x", ptynum & 0xff);
+	snprintf(utid, sizeof(utid), "tn%02x", ptynum & 0xff);
     else
-	sprintf(utid, "tn%s", line_notty);
+	snprintf(utid, sizeof(utid), "tn%s", line_notty);
 }
 #else
 void
@@ -459,11 +459,11 @@ int getpty(int *ptynum)
 #ifndef CRAY
 
 #ifndef	__hpux
-	sprintf(line, "/dev/ptyXX");
+	snprintf(line, sizeof(Xline), "/dev/ptyXX");
 	p1 = &line[8];
 	p2 = &line[9];
 #else
-	sprintf(line, "/dev/ptym/ptyXX");
+	snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
 	p1 = &line[13];
 	p2 = &line[14];
 #endif
@@ -511,11 +511,11 @@ int getpty(int *ptynum)
 	struct stat sb;
 
 	for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
-		sprintf(myline, "/dev/pty/%03d", *ptynum);
+		snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
 		p = open(myline, 2);
 		if (p < 0)
 			continue;
-		sprintf(line, "/dev/ttyp%03d", *ptynum);
+		snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
 		/*
 		 * Here are some shenanigans to make sure that there
 		 * are no listeners lurking on the line.
@@ -1514,8 +1514,9 @@ void start_login(char *host, int autologin, char *name)
 			len = strlen(name)+1;
 			write(xpty, name, len);
 			write(xpty, name, len);
-			sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
+			snprintf(speed, sizeof(speed),
-				(def_rspeed > 0) ? def_rspeed : 9600);
+				 "%s/%d", (cp = getenv("TERM")) ? cp : "",
+				 (def_rspeed > 0) ? def_rspeed : 9600);
 			len = strlen(speed)+1;
 			write(xpty, speed, len);
 

appl/telnet/telnetd/telnetd.c

@@ -750,10 +750,10 @@ void doit(struct sockaddr_in *who)
 	if (secflag) {
 		char slave_dev[16];
 
-		sprintf(tty_dev, "/dev/pty/%03d", ptynum);
+		snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
 		if (setdevs(tty_dev, &dv) < 0)
 		 	fatal(net, "cannot set pty security");
-		sprintf(slave_dev, "/dev/ttyp%03d", ptynum);
+		snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
 		if (setdevs(slave_dev, &dv) < 0)
 		 	fatal(net, "cannot set tty security");
 	}
@@ -936,7 +936,8 @@ telnet(f, p)
 	 */
 	if (his_want_state_is_will(TELOPT_ECHO)) {
 		DIAG(TD_OPTIONS,
-			{sprintf(nfrontp, "td: simulating recv\r\n");
+			{snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+				  "td: simulating recv\r\n");
 			 nfrontp += strlen(nfrontp);});
 		willoption(TELOPT_ECHO);
 	}
@@ -1051,7 +1052,8 @@ telnet(f, p)
 #endif	/* LINEMODE */
 
 	DIAG(TD_REPORT,
-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
+		{snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+			  "td: Entering processing loop\r\n");
 		 nfrontp += strlen(nfrontp);});
 
 
@@ -1171,7 +1173,8 @@ telnet(f, p)
 			netip = netibuf;
 		    }
 		    DIAG((TD_REPORT | TD_NETDATA),
-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
+			    {snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
+				     "td: netread %d chars\r\n", ncc);
 			     nfrontp += strlen(nfrontp);});
 		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
 		}
@@ -1235,12 +1238,14 @@ telnet(f, p)
 					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
 					if (newflow != flowmode) {
 						flowmode = newflow;
-						sprintf(nfrontp,
+						snprintf(nfrontp,
-							"%c%c%c%c%c%c",
+							 BUFSIZ -
-							IAC, SB, TELOPT_LFLOW,
+							 (nfrontp - netobuf),
-							flowmode ? LFLOW_ON
+							 "%c%c%c%c%c%c",
+							 IAC, SB, TELOPT_LFLOW,
+							 flowmode ? LFLOW_ON
 								 : LFLOW_OFF,
-							IAC, SE);
+							 IAC, SE);
 						nfrontp += 6;
 						DIAG(TD_OPTIONS, printsub('>',
 						    (unsigned char *)nfrontp-4,

appl/telnet/telnetd/telnetd.h

@@ -37,6 +37,7 @@
 #include "defs.h"
 #include "ext.h"
 #include <protos.h>
+#include <roken.h>
 
 #ifdef	DIAGNOSTICS
 #define	DIAG(a,b)	if (diagnostic & (a)) b

appl/telnet/telnetd/termstat.c

@@ -276,9 +276,11 @@ localstat()
 # endif	/* KLUDGELINEMODE */
 			send_do(TELOPT_LINEMODE, 1);
 			/* send along edit modes */
-			sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+			snprintf(nfrontp,
-				TELOPT_LINEMODE, LM_MODE, useeditmode,
+				 BUFSIZ - (nfrontp - netobuf),
-				IAC, SE);
+				 "%c%c%c%c%c%c%c", IAC, SB,
+				 TELOPT_LINEMODE, LM_MODE, useeditmode,
+				 IAC, SE);
 			nfrontp += 7;
 			editmode = useeditmode;
 # ifdef	KLUDGELINEMODE
@@ -305,7 +307,9 @@ localstat()
 			/*
 			 * Send along appropriate edit mode mask.
 			 */
-			sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
+			snprintf(nfrontp,
+				BUFSIZ - (nfrontp - netobuf),
+				"%c%c%c%c%c%c%c", IAC, SB,
 				TELOPT_LINEMODE, LM_MODE, useeditmode,
 				IAC, SE);
 			nfrontp += 7;
@@ -352,19 +356,23 @@ flowstat()
 	if (his_state_is_will(TELOPT_LFLOW)) {
 		if (tty_flowmode() != flowmode) {
 			flowmode = tty_flowmode();
-			sprintf(nfrontp, "%c%c%c%c%c%c",
+			snprintf(nfrontp,
-					IAC, SB, TELOPT_LFLOW,
+				 BUFSIZ - (nfrontp - netobuf),
-					flowmode ? LFLOW_ON : LFLOW_OFF,
+				 "%c%c%c%c%c%c",
-					IAC, SE);
+				 IAC, SB, TELOPT_LFLOW,
+				 flowmode ? LFLOW_ON : LFLOW_OFF,
+				 IAC, SE);
 			nfrontp += 6;
 		}
 		if (tty_restartany() != restartany) {
 			restartany = tty_restartany();
-			sprintf(nfrontp, "%c%c%c%c%c%c",
+			snprintf(nfrontp,
-					IAC, SB, TELOPT_LFLOW,
+				 BUFSIZ - (nfrontp - netobuf),
-					restartany ? LFLOW_RESTART_ANY
+				 "%c%c%c%c%c%c",
+				 IAC, SB, TELOPT_LFLOW,
+				 restartany ? LFLOW_RESTART_ANY
 						   : LFLOW_RESTART_XON,
-					IAC, SE);
+				 IAC, SE);
 			nfrontp += 6;
 		}
 	}
@@ -438,9 +446,11 @@ clientstat(code, parm1, parm2)
 					useeditmode |= MODE_SOFT_TAB;
 				if (tty_islitecho())
 					useeditmode |= MODE_LIT_ECHO;
-				sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+				snprintf(nfrontp,
-					SB, TELOPT_LINEMODE, LM_MODE,
+					 BUFSIZ - (nfrontp - netobuf),
-							useeditmode, IAC, SE);
+					 "%c%c%c%c%c%c%c", IAC,
+					 SB, TELOPT_LINEMODE, LM_MODE,
+					 useeditmode, IAC, SE);
 				nfrontp += 7;
 				editmode = useeditmode;
 			}
@@ -497,10 +507,12 @@ clientstat(code, parm1, parm2)
 			set_termbuf();
 
  			if (!ack) {
- 				sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
+ 				snprintf(nfrontp,
-					SB, TELOPT_LINEMODE, LM_MODE,
+					 BUFSIZ - (nfrontp - netobuf),
- 					useeditmode|MODE_ACK,
+					 "%c%c%c%c%c%c%c", IAC,
- 					IAC, SE);
+					 SB, TELOPT_LINEMODE, LM_MODE,
+					 useeditmode|MODE_ACK,
+					 IAC, SE);
  				nfrontp += 7;
  			}
 

appl/xnlock/xnlock.c

@@ -32,7 +32,8 @@ RCSID("$Id$");
 #include <krb.h>
 #include <kafs.h>
 
-#include "roken.h"
+#include <roken.h>
+#include <err.h>
 
 static char name[ANAME_SZ];
 static char inst[INST_SZ];
@@ -65,7 +66,7 @@ static unsigned short	Width, Height;
 static Widget		widget;
 static GC		gc;
 static XtIntervalId	timeout_id;
-static char	       *ProgName, *words;
+static char	       *words;
 static int		x, y;
 static Pixel		Black, White;
 static XFontStruct    *font;
@@ -151,7 +152,7 @@ get_words(void)
     if(appres.text_prog){
 	pp = popen(appres.text_prog, "r");
 	if(!pp){
-	    perror(appres.text_prog);
+	    warn ("popen %s", appres.text_prog);
 	    return appres.text;
 	}
 	fread(buf, BUFSIZ, 1, pp);
@@ -161,7 +162,7 @@ get_words(void)
     if(appres.file){
 	pp = fopen(appres.file, "r");
 	if(!pp){
-	    perror(appres.file);
+	    warn ("fopen %s", appres.file);
 	    return appres.text;
 	}
 	fread(buf, BUFSIZ, 1, pp);
@@ -172,11 +173,10 @@ get_words(void)
     return appres.text;
 }
 
-static
+static void
-void
 usage(void)
 {
-    fprintf(stderr, "usage: %s [options] [message]\n", ProgName);
+    fprintf(stderr, "usage: %s [options] [message]\n", __progname);
     fprintf(stderr, "-fg color     foreground color\n");
     fprintf(stderr, "-bg color     background color\n");
     fprintf(stderr, "-rv           reverse foreground/background colors\n");
@@ -193,36 +193,43 @@ usage(void)
 static void
 init_words (int argc, char **argv)
 {
-    char buf[BUFSIZ];
     int i = 0;
 
-    while(argv[i]){
+    while(argv[i]) {
-	if(strcmp(argv[i], "-p") == 0){
+	if(strcmp(argv[i], "-p") == 0) {
 	    i++;
-	    if(argv[i]){
+	    if(argv[i]) {
 		appres.text_prog = argv[i];
 		i++;
-	    }else{
+	    } else {
-		fprintf(stderr, "-p requires an argument\n");
+		warnx ("-p requires an argument");
 		usage();
 	    }
-	}else if(strcmp(argv[i], "-f") == 0){
+	} else if(strcmp(argv[i], "-f") == 0) {
 	    i++;
-	    if(argv[i]){
+	    if(argv[i]) {
 		appres.file = argv[i];
 		i++;
-	    }else{
+	    } else {
-		sprintf(buf, "%s/.msgfile", getenv("HOME"));
+		asprintf (&appres.file,
-		appres.file = strdup(buf);
+			  "%s/.msgfile", getenv("HOME"));
+		if (appres.file == NULL)
+		    errx (1, "cannot allocate memory for message");
 	    }
-	}else{
+	} else {
-	    strcpy(buf, "");
+	    appres.text = strdup("");
-	    while(argv[i]){
+	    if (appres.text == NULL)
-		strcat(buf, argv[i]);
+		errx (1, "cannot allocate memory for message");
-		strcat(buf, " ");
+	    while (argv[i]) {
-		i++;
+		int n = strlen (argv[i]);
+		char *tmp = realloc(appres.text,
+				    strlen(appres.text) + n + 2);
+		if (tmp == NULL)
+		    errx (1, "cannot allocate memory for message");
+		strcat (appres.text, argv[i]);
+		strcat (appres.text, " ");
+		++i;
 	    }
-	    appres.text = strdup(buf);
 	}
     }
 }
@@ -251,7 +258,7 @@ zrefresh(void)
 {
   switch (fork()) {
   case -1:
-      fprintf(stderr, "Warning %s: Failed to fork zrefresh\n", ProgName);
+      warn ("zrefresh: fork");
       return -1;
   case 0:
       /* Child */
@@ -431,10 +438,11 @@ post_prompt_box(Window window)
     time_y = prompt_y = Height / 2;
     box_y = prompt_y - 3 * font_height(font);
 
-    if (inst[0] == 0)
+    snprintf (s, sizeof(s), "User: %s%s%s@%s", name,
-	sprintf (s, "User: %s@%s", name, realm);
+	      inst[0] ? "." : "",
-    else
+	      inst ? inst : "",
-	sprintf (s, "User: %s.%s@%s", name, inst, realm);
+	      realm);
+
     /* erase current guy -- text message may still exist */
     XSetForeground(dpy, gc, Black);
     XFillRectangle(dpy, window, gc, x, y, 64, 64);
@@ -511,11 +519,13 @@ countdown(XtPointer _t, XtIntervalId *_d)
     }
     seconds = time(0) - locked_at;
     if (seconds >= 3600)
-      sprintf(buf, "Locked for %d:%02d:%02d    ",
+      snprintf(buf, sizeof(buf),
-                   (int)seconds/3600, (int)seconds/60%60, (int)seconds%60);
+	       "Locked for %d:%02d:%02d    ",
+	       (int)seconds/3600, (int)seconds/60%60, (int)seconds%60);
     else
-      sprintf(buf, "Locked for %2d:%02d    ",
+      snprintf(buf, sizeof(buf),
-		     (int)seconds/60, (int)seconds%60);
+	       "Locked for %2d:%02d    ",
+	       (int)seconds/60, (int)seconds%60);
       
     XDrawImageString(dpy, XtWindow(widget), gc,
 	time_x, time_y, buf, strlen(buf));
@@ -562,10 +572,9 @@ verify(char *password)
 	return 0;
     }
 
-    if(ret != INTK_BADPW){
+    if(ret != INTK_BADPW)
-	fprintf(stderr, "%s: Warning: %s\n", ProgName, 
+	warnx ("warning: %s",
-		(ret < 0) ? strerror(ret) : krb_get_err_text(ret));
+	       (ret < 0) ? strerror(ret) : krb_get_err_text(ret));
-    }
     
     /*
      * Try copy of users password.
@@ -852,6 +861,8 @@ main (int argc, char **argv)
     Widget override;
     XGCValues gcvalues;
 
+    set_progname (argv[0]);
+
     /*
      * Must be setuid root to read /etc/shadow, copy encrypted
      * passwords here and then switch to sane uid.
@@ -859,17 +870,11 @@ main (int argc, char **argv)
     {
       struct passwd *pw;
       if (!(pw = k_getpwuid(0)))
-	{
+	errx (1, "can't get root's passwd!");
-	  fprintf(stderr, "%s: can't get root's passwd!\n", ProgName);
-	  exit(1);
-	}
       strcpy(root_cpass, pw->pw_passwd);
 
       if (!(pw = k_getpwuid(getuid())))
-	{
+	errx (1, "Can't get your password entry!");
-	  fprintf(stderr, "%s: Can't get your password entry!\n", ProgName);
-	  exit(1);
-	} 
       strcpy(user_cpass, pw->pw_passwd);
       setuid(getuid());
       /* Now we're no longer running setuid root. */
@@ -881,11 +886,6 @@ main (int argc, char **argv)
 
     locked_at = time(0);
 
-    if ((ProgName = strrchr(*argv, '/')) != 0)
-	ProgName++;
-    else
-	ProgName = *argv;
-
     krb_get_default_principal(name, inst, realm);
     
 
@@ -904,10 +904,7 @@ main (int argc, char **argv)
     dpy = XtDisplay(override);
     
     if (dpy == 0)
-      {
+      errx (1, "Error: Can't open display");
-	fprintf(stderr, "Error: Can't open display:\n");
-	exit(1);
-      }
 
     Width = DisplayWidth(dpy, DefaultScreen(dpy)) + 2;
     Height = DisplayHeight(dpy, DefaultScreen(dpy)) + 2;

lib/auth/afskauthlib/verify.c

@@ -64,7 +64,9 @@ afs_verify(char *name,
 
   if (krb_get_lrealm (lrealm, 1) != KFAILURE &&
       (pwd = k_getpwnam (name)) != NULL) {
-    sprintf (tkt_string, "%s%d_%d", TKT_ROOT, (int)pwd->pw_uid, (int)getpid());
+    snprintf (tkt_string, sizeof(tkt_string),
+	      "%s%d_%d", TKT_ROOT,
+	      (unsigned)pwd->pw_uid, (unsigned)getpid());
     krb_set_tkt_string (tkt_string);
     ret = krb_verify_user (name, "", lrealm, password, 1, NULL);
     if (ret == KSUCCESS) {

lib/auth/pam/pam.c

@@ -105,7 +105,7 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
 
     pmsg = &msg;
     msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    sprintf(prompt, "%s's Password: ", user);
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
     msg.msg = prompt;
 
     ret = conv->conv(1, (const struct pam_message**)&pmsg, 
@@ -116,8 +116,9 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
     {
 	char tkt[1024];
 	struct passwd *pw = getpwnam(user);
+
 	if(pw){
-	    sprintf(tkt, "%s%d", TKT_ROOT, pw->pw_uid);
+	    snprintf(tkt, sizeof(tkt), "%s%d", TKT_ROOT, pw->pw_uid);
 	    ret = doit(pamh, user, "", resp->resp, tkt);
 	    if(ret == PAM_SUCCESS)
 		chown(tkt, pw->pw_uid, pw->pw_gid);
@@ -155,7 +156,7 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
     }
     pmsg = &msg;
     msg.msg_style = PAM_PROMPT_ECHO_OFF;
-    sprintf(prompt, "%s's Password: ", krb_unparse_name(&pr));
+    snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
     msg.msg = prompt;
 
     ret = conv->conv(1, (const struct pam_message**)&pmsg, 
@@ -165,7 +166,8 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
     
     {
 	char tkt[1024];
-	sprintf(tkt, "%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
+
+	snprintf(tkt, sizeof(tkt),"%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
 	ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
 	if(ret == PAM_SUCCESS)
 	    chown(tkt, pw->pw_uid, pw->pw_gid);

lib/auth/sia/sia.c

@@ -198,8 +198,9 @@ siad_ses_authent(sia_collect_func_t *collect,
 
 	if(getpwnam_r(entity->name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
 	    return SIADFAIL;
-	sprintf((char*)entity->mech[pkgind], "%s%d_%d", 
+	snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
-		TKT_ROOT, pwd->pw_uid, getpid());
+		 "%s%d_%d", 
+		 TKT_ROOT, pwd->pw_uid, getpid());
 	krb_set_tkt_string((char*)entity->mech[pkgind]);
 	
 	krb_get_lrealm(realm, 1);
@@ -235,7 +236,7 @@ siad_ses_launch(sia_collect_func_t *collect,
     char buf[MaxPathLen];
     static char env[64];
     chown((char*)entity->mech[pkgind],entity->pwd->pw_uid, entity->pwd->pw_gid);
-    sprintf(env, "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
+    snprintf(env, sizeof(env), "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
     putenv(env);
     if (k_hasafs()) {
 	char cell[64];
@@ -294,18 +295,13 @@ siad_ses_suauthent(sia_collect_func_t *collect,
 	if(collect == NULL)
 	    return SIADFAIL;
 	setup_password(entity, &prompt);
-	prompt.prompt = malloc(strlen(toname) + strlen(toinst) + 
+	asprintf (&prompt.prompt,
-			       strlen(realm) + sizeof("'s Password: ") + 2);
+		  "%s%s%s@%s's Password: ",
-	if(prompt.prompt == NULL)
+		  toname, toinst[0] ? "." : "",
+		  toinst[0] ? toinst, "",
+		  realm);
+	if (prompt.prompt == NULL)
 	    return SIADFAIL;
-	strcpy(prompt.prompt, toname);
-	if(toinst[0]){
-	    strcat(prompt.prompt, ".");
-	    strcat(prompt.prompt, toinst);
-	}
-	strcat(prompt.prompt, "@");
-	strcat(prompt.prompt, realm);
-	strcat(prompt.prompt, "'s Password: ");
 	ret = (*collect)(0, SIAONELINER, (unsigned char*)"", 1, &prompt);
 	free(prompt.prompt);
 	if(ret != SIACOLSUCCESS)
@@ -319,8 +315,9 @@ siad_ses_suauthent(sia_collect_func_t *collect,
 	if(krb_kuserok(toname, toinst, realm, entity->name))
 	    return SIADFAIL;
 	
-	sprintf((char*)entity->mech[pkgind], "/tmp/tkt_%s_to_%s_%d", 
+	snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
-		pwd->pw_name, topwd->pw_name, getpid());
+		 "/tmp/tkt_%s_to_%s_%d", 
+		 pwd->pw_name, topwd->pw_name, getpid());
 	krb_set_tkt_string((char*)entity->mech[pkgind]);
 	ret = krb_verify_user(toname, toinst, realm, entity->password, 1, NULL);
 	if(ret){

lib/kafs/afssys.c

@@ -73,7 +73,7 @@ aix_setup(void)
     if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
 	strcpy(path, p);
     else
-	sprintf(path, "%s/afslib.so", LIBDIR);
+	snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
 	
     ptr = dlopen(path, 0);
     if(ptr){

lib/kafs/kafs_locl.h

@@ -83,6 +83,7 @@
 #ifdef HAVE_RESOLV_H
 #include <resolv.h>
 #endif
+#include <roken.h>
 
 #include <krb.h>
 #include <kafs.h>

lib/otp/otp.h

@@ -80,10 +80,10 @@ typedef struct {
 } OtpContext;
 
 OtpAlgorithm *otp_find_alg (char *name);
-void otp_print_stddict (OtpKey key, char *str);
+void otp_print_stddict (OtpKey key, char *str, size_t sz);
-void otp_print_hex (OtpKey key, char *str);
+void otp_print_hex (OtpKey key, char *str, size_t sz);
-void otp_print_stddict_extended (OtpKey key, char *str);
+void otp_print_stddict_extended (OtpKey key, char *str, size_t sz);
-void otp_print_hex_extended (OtpKey key, char *str);
+void otp_print_hex_extended (OtpKey key, char *str, size_t sz);
 unsigned otp_checksum (OtpKey key);
 int otp_parse_hex (OtpKey key, char *);
 int otp_parse_stddict (OtpKey key, char *);

lib/otp/otp_challenge.c

@@ -65,7 +65,9 @@ otp_challenge (OtpContext *ctx, char *user, char *str, size_t len)
   otp_db_close (dbm);
   if (ret)
     return ret;
-  sprintf (str, "[ otp-%s %u %s ]", ctx->alg->name, ctx->n-1, ctx->seed);
+  snprintf (str, len,
+	    "[ otp-%s %u %s ]",
+	    ctx->alg->name, ctx->n-1, ctx->seed);
   ctx->challengep = 1;
   return 0;
 }

lib/otp/otp_parse.c

@@ -2183,7 +2183,7 @@ parse_words(unsigned wn[],
   return 0;
 }
 
-static
+static int
 otp_parse_internal (OtpKey key, char *str, OtpAlgorithm *alg,
 		    int (*convert)(char *, void *))
 {

lib/otp/otp_print.c

@@ -303,18 +303,6 @@ static char *std_dict[] =
 "YARD",  "YARN",  "YAWL", "YAWN",  "YEAH",  "YEAR",  "YELL",  "YOGA",
 "YOKE"                         };
 
-static char *
-add_word (char *s, unsigned n)
-{
-  char *w;
-
-  w = std_dict[n];
-  strcpy (s, w);
-  s += strlen(w);
-  *s++ = ' ';
-  return s;
-}
-
 unsigned
 otp_checksum (OtpKey key)
 {
@@ -331,38 +319,42 @@ otp_checksum (OtpKey key)
 }
 
 void
-otp_print_stddict (OtpKey key, char *str)
+otp_print_stddict (OtpKey key, char *str, size_t sz)
 {
   unsigned sum;
 
   sum = otp_checksum (key);
-  str = add_word (str, (key[0] << 3) | (key[1] >> 5));
+  snprintf (str, sz,
-  str = add_word (str, ((key[1] & 0x1F) << 6) | (key[2] >> 2));
+	    "%s %s %s %s %s %s",
-  str = add_word (str, ((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7));
+	    std_dict[(key[0] << 3) | (key[1] >> 5)],
-  str = add_word (str, ((key[4] & 0x7F) << 4) | (key[5] >> 4));
+	    std_dict[((key[1] & 0x1F) << 6) | (key[2] >> 2)],
-  str = add_word (str, ((key[5] & 0x0F) << 7) | (key[6] >> 1));
+	    std_dict[((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7)],
-  str = add_word (str, ((key[6] & 0x01) << 10) | (key[7] << 2) | sum);
+	    std_dict[((key[4] & 0x7F) << 4) | (key[5] >> 4)],
-  *--str = '\0';
+	    std_dict[((key[5] & 0x0F) << 7) | (key[6] >> 1)],
+	    std_dict[((key[6] & 0x01) << 10) | (key[7] << 2) | sum]);
 }
 
 void
-otp_print_hex (OtpKey key, char *str)
+otp_print_hex (OtpKey key, char *str, size_t sz)
 {
-  sprintf (str, "%02x%02x%02x%02x%02x%02x%02x%02x",
+  snprintf (str, sz,
-	   key[0], key[1], key[2], key[3], 
+	    "%02x%02x%02x%02x%02x%02x%02x%02x",
-	   key[4], key[5], key[6], key[7]);
+	    key[0], key[1], key[2], key[3], 
+	    key[4], key[5], key[6], key[7]);
 }
 
 void
-otp_print_hex_extended (OtpKey key, char *str)
+otp_print_hex_extended (OtpKey key, char *str, size_t sz)
 {
-  strcpy (str, OTP_HEXPREFIX);
+  strncpy (str, OTP_HEXPREFIX, sz);
-  otp_print_hex (key, str + strlen(OTP_HEXPREFIX));
+  str[sz-1] = '\0';
+  otp_print_hex (key, str + strlen(OTP_HEXPREFIX), sz - strlen(OTP_HEXPREFIX));
 }
 
 void
-otp_print_stddict_extended (OtpKey key, char *str)
+otp_print_stddict_extended (OtpKey key, char *str, size_t sz)
 {
-  strcpy (str, OTP_WORDPREFIX);
+  strncpy (str, OTP_WORDPREFIX, sz);
-  otp_print_stddict (key, str + strlen(OTP_WORDPREFIX));
+  str[sz-1] = '\0';
+  otp_print_stddict (key, str + strlen(OTP_WORDPREFIX), sz - strlen(OTP_WORDPREFIX));
 }

lib/otp/otptest.c

@@ -46,13 +46,14 @@ RCSID("$Id$");
 #include <otp.h>
 
 static int
-test_one(OtpKey key1, char *name, char *val, void (*print)(OtpKey,char*),
+test_one(OtpKey key1, char *name, char *val,
+	 void (*print)(OtpKey,char*, size_t),
 	 OtpAlgorithm *alg)
 {
   char buf[256];
   OtpKey key2;
 
-  (*print)(key1, buf);
+  (*print)(key1, buf, sizeof(buf));
   printf ("%s: %s, ", name, buf);
   if (strcmp (buf, val) != 0) {
     printf ("failed(*%s* != *%s*)\n", buf, val);

lib/roken/Makefile.in

@@ -38,7 +38,7 @@ SOURCES = \
 	herror.c hstrerror.c inaddr2str.c inet_aton.c \
 	initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \
 	memmove.c mini_inetd.c putenv.c rcmd.c setegid.c setenv.c \
-	seteuid.c signal.c strcasecmp.c strchr.c strdup.c \
+	seteuid.c signal.c snprintf.c strcasecmp.c strchr.c strdup.c \
 	strerror.c strftime.c strlwr.c strnlen.c strrchr.c \
 	strupr.c tm2time.c unsetenv.c verify.c verr.c \
 	verrx.c vsyslog.c vwarn.c vwarnx.c warn.c warnx.c \

lib/roken/err.h

@@ -49,7 +49,7 @@
 
 extern const char *__progname;
 
-#ifndef __GNUC__
+#if !defined(__GNUC__) && !defined(__attribute__)
 #define __attribute__(x)
 #endif
 

lib/roken/err.hin

@@ -49,7 +49,7 @@
 
 extern const char *__progname;
 
-#ifndef __GNUC__
+#if !defined(__GNUC__) && !defined(__attribute__)
 #define __attribute__(x)
 #endif
 

lib/roken/mini_inetd.c

@@ -94,6 +94,6 @@ mini_inetd (int port)
      close(s);
      dup2(s2, STDIN_FILENO);
      dup2(s2, STDOUT_FILENO);
-     /*     dup2(s2, STDERR_FILENO); */
+     dup2(s2, STDERR_FILENO);
      close(s2);
 }

lib/roken/resolve.c

@@ -97,6 +97,7 @@ dns_free_data(struct dns_reply *r)
 	rr = rr->next;
 	free(tmp);
     }
+    free (r);
 }
 
 static struct dns_reply*

lib/roken/setenv.c

@@ -60,12 +60,10 @@ setenv(const char *var, const char *val, int rewrite)
     if (!rewrite && getenv(var) != 0)
 	return 0;
   
-    if ((t = malloc(strlen(var) + strlen(val) + 2)) == 0)
+    asprintf (&t, "%s=%s", var, val);
+    if (t == NULL)
 	return -1;
 
-    strcpy(t, var);
-    strcat(t, "=");
-    strcat(t, val);
     if (putenv(t) == 0)
 	return 0;
     else

lib/roken/strerror.c

@@ -54,7 +54,7 @@ strerror(int eno)
     static char emsg[1024];
 
     if(eno < 0 || eno >= sys_nerr)
-	sprintf(emsg, "Error %d occurred.", eno);
+	snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
     else
 	strcpy(emsg, sys_errlist[eno]);