oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

replace sprintf all over the place

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1635 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Assar Westerlund
1997-05-02 14:29:33 +00:00
parent 1495f52771
commit dd02a92a8b
55 changed files with 831 additions and 471 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
appl/ftp/ftp/ftp.c
View File

@@ -208,11 +208,11 @@ login(char *host)
char prompt[128];
if(myname &&
(!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
sprintf(defaultpass, "%s@%s", myname, mydomain);
sprintf(prompt, "Password (%s): ", defaultpass);
snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain);
snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass);
}else{
strcpy(defaultpass, "");
sprintf(prompt, "Password: ");
snprintf(prompt, sizeof(prompt), "Password: ");
}
pass = defaultpass;
des_read_pw_string (tmp, sizeof(tmp), prompt, 0);
@@ -1140,15 +1140,11 @@ abort:
int
initconn(void)
{
char *p, *a;
int result, len, tmpno = 0;
int on = 1;
int a0, a1, a2, a3, p0, p1;
if (passivemode) {
u_int32_t tmpaddr;
u_int16_t tmpport;
data = socket(AF_INET, SOCK_STREAM, 0);
if (data < 0) {
perror("ftp: socket");
@@ -1644,7 +1640,7 @@ abort_remote(FILE *din)
* send IAC in urgent mode instead of DM because 4.3BSD places oob mark
* after urgent byte rather than before as is protocol now
*/
sprintf(buf, "%c%c%c", IAC, IP, IAC);
snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC);
if (send(fileno(cout), buf, 3, MSG_OOB) != 3)
warn("abort");
fprintf(cout,"%cABOR\r\n", DM);

2
appl/ftp/ftp/kauth.c
View File

@@ -101,7 +101,7 @@ void kauth(int argc, char **argv)
for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
*p = 0;
sprintf(buf, "Password for %s:", name);
snprintf(buf, sizeof(buf), "Password for %s:", name);
if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
*passwd = '\0';
des_string_to_key (passwd, &key);

4
appl/ftp/ftp/krb4.c
View File

@@ -510,12 +510,14 @@ int krb4_write_enc(FILE *F, char *fmt, va_list ap)
char *p;
char buf[1024];
char enc[1024];
vsprintf(buf, fmt, ap);
vsnprintf(buf, sizeof(buf), fmt, ap);
len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key,
&myctladdr, &hisctladdr);
base64_encode(enc, len, &p);
fprintf(F, "ENC %s", p);
free (p);
return 0;
}

11
appl/ftp/ftp/ruserpass.c
View File

@@ -79,7 +79,7 @@ ruserpass(char *host, char **aname, char **apass, char **aacct)
hdir = getenv("HOME");
if (hdir == NULL)
hdir = ".";
sprintf(buf, "%s/.netrc", hdir);
snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
cfile = fopen(buf, "r");
if (cfile == NULL) {
if (errno != ENOENT)
@@ -127,8 +127,7 @@ next:
case LOGIN:
if (token())
if (*aname == 0) {
*aname = malloc((unsigned) strlen(tokval) + 1);
strcpy(*aname, tokval);
*aname = strdup(tokval);
} else {
if (strcmp(*aname, tokval))
goto next;
@@ -143,8 +142,7 @@ next:
goto bad;
}
if (token() && *apass == 0) {
*apass = malloc((unsigned) strlen(tokval) + 1);
strcpy(*apass, tokval);
*apass = strdup(tokval);
}
break;
case ACCOUNT:
@@ -155,8 +153,7 @@ next:
goto bad;
}
if (token() && *aacct == 0) {
*aacct = malloc((unsigned) strlen(tokval) + 1);
strcpy(*aacct, tokval);
*aacct = strdup(tokval);
}
break;
case MACDEF:

11
appl/ftp/ftpd/ftpcmd.y
View File

@@ -1288,11 +1288,10 @@ copy(char *s)
{
char *p;
p = malloc((unsigned) strlen(s) + 1);
p = strdup(s);
if (p == NULL)
fatal("Ran out of memory.");
strcpy(p, s);
return (p);
return p;
}
static void
@@ -1327,11 +1326,11 @@ help(struct tab *ctab, char *s)
columns = 1;
lines = (NCMDS + columns - 1) / columns;
for (i = 0; i < lines; i++) {
sprintf(buf, " ");
strcpy (buf, " ");
for (j = 0; j < columns; j++) {
c = ctab + j * lines + i;
sprintf(buf + strlen(buf), "%s%c", c->name,
c->implemented ? ' ' : '*');
snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf),
"%s%c", c->name, c->implemented ? ' ' : '*');
if (c + lines >= &ctab[NCMDS])
break;
w = strlen(c->name) + 1;

66
appl/ftp/ftpd/ftpd.c
View File

@@ -301,7 +301,8 @@ main(int argc, char **argv)
/* detach from any tickets and tokens */
sprintf(tkfile, "/tmp/ftp_%u", (unsigned int)getpid());
snprintf(tkfile, sizeof(tkfile),
"/tmp/ftp_%u", (unsigned)getpid());
krb_set_tkt_string(tkfile);
if(k_hasafs())
k_setpag();
@@ -412,7 +413,7 @@ main(int argc, char **argv)
debug = 0;
/* set this here so it can be put in wtmp */
sprintf(ttyline, "ftp%u", (unsigned)getpid());
snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid());
/* freopen(_PATH_DEVNULL, "w", stderr); */
@@ -493,15 +494,14 @@ lostconn(int signo)
static char *
sgetsave(char *s)
{
char *new = malloc((unsigned) strlen(s) + 1);
char *new = strdup(s);
if (new == NULL) {
perror_reply(421, "Local resource failure: malloc");
dologout(1);
/* NOTREACHED */
}
strcpy(new, s);
return (new);
return new;
}
/*
@@ -785,10 +785,10 @@ int do_login(int code, char *passwd)
if (guest) {
reply(code, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
sprintf(proctitle, "%s: anonymous/%.*s", remotehost,
sizeof(proctitle) - sizeof(remotehost) -
sizeof(": anonymous/"), passwd);
setproctitle(proctitle);
snprintf (proctitle, sizeof(proctitle),
"%s: anonymous/%s",
remotehost,
passwd);
#endif /* HAVE_SETPROCTITLE */
if (logging)
syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s",
@@ -798,7 +798,7 @@ int do_login(int code, char *passwd)
} else {
reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
sprintf(proctitle, "%s: %s", remotehost, pw->pw_name);
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging)
@@ -943,15 +943,9 @@ retrieve(char *cmd, char *name)
char *tail = name + strlen(name) - strlen(p->ext);
if(strcmp(tail, p->ext) == 0){
strncpy(line, p->cmd, sizeof(line));
line[sizeof(line) - 1] = '\0';
strncat(line, name, sizeof(line)-strlen(line));
line[sizeof(line) - 1] = '\0';
line[strlen(line) - strlen(p->ext)] = 0;
#if 0
sprintf(line, p->cmd, name);
/* XXX */
#endif
snprintf (line, sizeof(line),
"%s%s",
p->cmd, name);
break;
}
}
@@ -966,7 +960,8 @@ retrieve(char *cmd, char *name)
}
}
} else {
sprintf(line, cmd, name), name = line;
snprintf(line, sizeof(line), cmd, name);
name = line;
fin = ftpd_popen(line, "r", 1, 0);
closefunc = ftpd_pclose;
st.st_size = -1;
@@ -1183,7 +1178,7 @@ dataconn(char *name, off_t size, char *mode)
file_size = size;
byte_count = 0;
if (size != (off_t) -1)
sprintf(sizebuf, " (%ld bytes)", size);
snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size);
else
strcpy(sizebuf, "");
if (pdata >= 0) {
@@ -1448,7 +1443,7 @@ statfilecmd(char *filename)
int c;
char line[LINE_MAX];
sprintf(line, "/bin/ls -la %s", filename);
snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
fin = ftpd_popen(line, "r", 1, 0);
lreply(211, "status of %s:", filename);
while ((c = getc(fin)) != EOF) {
@@ -1544,12 +1539,12 @@ int_reply(int n, char *c, const char *fmt, va_list ap)
char *p;
p=buf;
if(n){
sprintf(p, "%d%s", n, c);
snprintf(p, sizeof(buf), "%d%s", n, c);
p+=strlen(p);
}
vsprintf(p, fmt, ap);
vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap);
p+=strlen(p);
sprintf(p, "\r\n");
snprintf(p, sizeof(buf) - strlen(p), "\r\n");
p+=strlen(p);
auth_printf("%s", buf);
fflush(stdout);
@@ -1719,7 +1714,7 @@ dolog(struct sockaddr_in *sin)
{
inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
#ifdef HAVE_SETPROCTITLE
sprintf(proctitle, "%s: connected", remotehost);
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle(proctitle);
#endif /* HAVE_SETPROCTITLE */
@@ -1867,11 +1862,8 @@ gunique(char *local)
}
if (cp)
*cp = '/';
strcpy(new, local);
cp = new + strlen(new);
*cp++ = '.';
for (count = 1; count < 100; count++) {
sprintf(cp, "%d", count);
snprintf (new, sizeof(new), "%s.%d", local, count);
if (stat(new, &st) < 0)
return (new);
}
@@ -1958,7 +1950,7 @@ send_file_list(char *whichf)
goto out;
transflag++;
}
sprintf(buf, "%s%s\n", dirname,
snprintf(buf, sizeof(buf), "%s%s\n", dirname,
type == TYPE_A ? "\r" : "");
auth_write(fileno(dout), buf, strlen(buf));
byte_count += strlen(dirname) + 1;
@@ -1977,7 +1969,7 @@ send_file_list(char *whichf)
if (!strcmp(dir->d_name, ".."))
continue;
sprintf(nbuf, "%s/%s", dirname, dir->d_name);
snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name);
/*
* We have to do a stat to insure it's
@@ -1992,10 +1984,10 @@ send_file_list(char *whichf)
transflag++;
}
if(strncmp(nbuf, "./", 2) == 0)
sprintf(buf, "%s%s\n", nbuf +2,
snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2,
type == TYPE_A ? "\r" : "");
else
sprintf(buf, "%s%s\n", nbuf,
snprintf(buf, sizeof(buf), "%s%s\n", nbuf,
type == TYPE_A ? "\r" : "");
auth_write(fileno(dout), buf, strlen(buf));
byte_count += strlen(nbuf) + 1;
@@ -2031,7 +2023,11 @@ find(char *pattern)
{
char line[1024];
FILE *f;
sprintf(line, "/bin/locate -d %s %s", ftp_rooted("/etc/locatedb"), pattern);
snprintf(line, sizeof(line),
"/bin/locate -d %s %s",
ftp_rooted("/etc/locatedb"),
pattern);
f = ftpd_popen(line, "r", 1, 1);
if(f == NULL){
perror_reply(550, "/bin/locate");

6
appl/ftp/ftpd/krb4.c
View File

@@ -175,8 +175,8 @@ int krb4_mic(char *msg)
return -1;
}
tmp = strdup(msg);
sprintf(tmp, "%.*s", (int)m_data.app_length, m_data.app_data);
tmp = malloc(strlen(msg) + 1);
snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
if(!strstr(tmp, "\r\n"))
strcat(tmp, "\r\n");
new_ftp_command(tmp);
@@ -217,7 +217,7 @@ int krb4_enc(char *msg)
}
tmp = strdup(msg);
sprintf(tmp, "%.*s", (int)m_data.app_length, m_data.app_data);
snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
if(!strstr(tmp, "\r\n"))
strcat(tmp, "\r\n");
new_ftp_command(tmp);

3
appl/ftp/ftpd/popen.c
View File

@@ -86,10 +86,11 @@ ftp_rooted(const char *path)
static char home[MaxPathLen] = "";
static char newpath[MaxPathLen];
struct passwd *pwd;
if(!home[0])
if((pwd = k_getpwnam("ftp")))
strcpy(home, pwd->pw_dir);
sprintf(newpath, "%s/%s", home, path);
snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
if(access(newpath, X_OK))
strcpy(newpath, path);
return newpath;

8
appl/kx/common.c
View File

@@ -159,7 +159,8 @@ get_xsockets (int *unix_socket, int *tcp_socket)
err (1, "socket AF_UNIX");
memset (&unixaddr, 0, sizeof(unixaddr));
unixaddr.sun_family = AF_UNIX;
sprintf (unixaddr.sun_path, X_UNIX_PATH "%u", dpy);
snprintf (unixaddr.sun_path, sizeof(unixaddr.sun_path),
X_UNIX_PATH "%u", dpy);
if(bind(unixfd,
(struct sockaddr *)&unixaddr,
sizeof(unixaddr)) < 0) {
@@ -225,7 +226,8 @@ connect_local_xsocket (unsigned dnr)
if (fd < 0)
err (1, "socket AF_UNIX");
addr.sun_family = AF_UNIX;
sprintf (addr.sun_path, "/tmp/.X11-unix/X%u", dnr);
snprintf (addr.sun_path, sizeof(addr.sun_path),
X_UNIX_PATH "%u", dnr);
if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
err (1, "connect");
return fd;
@@ -249,7 +251,7 @@ create_and_write_cookie (char *xauthfile,
auth.family = FamilyLocal;
auth.address = hostname;
auth.address_length = strlen(auth.address);
sprintf (tmp, "%d", display_num);
snprintf (tmp, sizeof(tmp), "%d", display_num);
auth.number_length = strlen(tmp);
auth.number = tmp;
auth.name = COOKIE_TYPE;

4
appl/kx/kx.c
View File

@@ -418,9 +418,9 @@ doit_active (char *host, char *user,
return 1;
display_num = tmp;
if (tcpp)
sprintf (display, "localhost:%u", display_num);
snprintf (display, display_size, "localhost:%u", display_num);
else
sprintf (display, ":%u", display_num);
snprintf (display, display_size, ":%u", display_num);
strncpy(xauthfile, tempnam("/tmp", NULL), xauthfile_size);
if (create_and_write_cookie (xauthfile, cookie, cookie_len))
return 1;

4
appl/kx/kxd.c
View File

@@ -338,9 +338,9 @@ doit(int sock, int tcpp)
return 1;
display_num = tmp;
if (tcpp)
sprintf (display, "localhost:%u", display_num);
snprintf (display, display_size, "localhost:%u", display_num);
else
sprintf (display, ":%u", display_num);
snprintf (display, display_size, ":%u", display_num);
strncpy(xauthfile, tempnam("/tmp", NULL), xauthfile_size);
if(create_and_write_cookie (xauthfile, cookie, cookie_len))
return 1;

2
appl/login/utmpx_login.c
View File

@@ -65,7 +65,7 @@ utmpx_login(char *line, char *user, char *host)
struct utmpx newut;
memset(&newut, 0, sizeof(newut));
newut.ut_pid = mypid;
sprintf(newut.ut_id, "lo%04x", mypid);
snprintf(newut.ut_id, sizeof(newut.ut_id), "lo%04x", (unsigned)mypid);
utmpx_update(&newut, line, user, host);
ret = 0;
}

5
appl/otp/otp.c
View File

@@ -94,7 +94,8 @@ renew (int argc, char **argv, OtpAlgorithm *alg, char *user)
strncpy (newctx.seed, argv[1], sizeof(newctx.seed));
newctx.seed[sizeof(newctx.seed) - 1] = '\0';
strlwr(newctx.seed);
sprintf (prompt, "[ otp-%s %u %s ]",
snprintf (prompt, sizeof(prompt),
"[ otp-%s %u %s ]",
newctx.alg->name,
newctx.n,
newctx.seed);
@@ -132,7 +133,7 @@ verify_user_otp(char *username)
return 1;
}
sprintf (prompt, "%s's %s Password: ", username, ss);
snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss);
des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0);
return otp_verify_user (&ctx, passwd);
}

6
appl/otp/otpprint.c
View File

@@ -54,7 +54,7 @@ print (int argc,
char **argv,
int count,
OtpAlgorithm *alg,
void (*print_fn)(OtpKey, char *))
void (*print_fn)(OtpKey, char *, size_t))
{
char pw[64];
OtpKey key;
@@ -74,7 +74,7 @@ print (int argc,
alg->next (key);
if (i >= n - count) {
(*print_fn)(key, s);
(*print_fn)(key, s, sizeof(s));
printf ("%d: %s\n", i + 1, s);
}
}
@@ -88,7 +88,7 @@ main (int argc, char **argv)
int count = 10;
int hexp = 0;
int extendedp = 0;
void (*fn)(OtpKey, char *);
void (*fn)(OtpKey, char *, size_t);
OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT);
set_progname (argv[0]);

2
appl/popper/pop_dropcopy.c
View File

@@ -26,7 +26,7 @@ pop_dropcopy(POP *p, struct passwd *pwp)
int nchar; /* Bytes written/read */
/* Create a temporary maildrop into which to copy the updated maildrop */
sprintf(p->temp_drop,POP_DROP,p->user);
snprintf(p->temp_drop, sizeof(p->temp_drop), POP_DROP,p->user);
#ifdef DEBUG
if(p->debug)

6
appl/popper/pop_msg.c
View File

@@ -24,10 +24,8 @@ pop_msg(POP *p, int stat, char *format, ...)
mp = message;
/* Format the POP status code at the beginning of the message */
if (stat == POP_SUCCESS)
sprintf (mp,"%s ",POP_OK);
else
sprintf (mp,"%s ",POP_ERR);
snprintf (mp, sizeof(message), "%s ",
(stat == POP_SUCCESS) ? POP_OK : POP_ERR);
/* Point past the POP status indicator in the message message */
mp += strlen(mp);

5
appl/popper/pop_pass.c
View File

@@ -49,7 +49,8 @@ pop_pass (POP *p)
"Password supplied for \"%s\" is incorrect.",
p->user));
sprintf (tkt, TKT_ROOT "_popper.%d", (int)getpid());
snprintf (tkt, sizeof(tkt),
TKT_ROOT "_popper.%u", (unsigned)getpid());
krb_set_tkt_string (tkt);
if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0)
;
@@ -78,7 +79,7 @@ pop_pass (POP *p)
}
/* Build the name of the user's maildrop */
sprintf(p->drop_name, "%s/%s", POP_MAILDIR, p->user);
snprintf(p->drop_name, sizeof(p->drop_name), "%s/%s", POP_MAILDIR, p->user);
/* Make a temporary copy of the user's maildrop */
/* and set the group and user id */

2
appl/popper/pop_xover.c
View File

@@ -15,7 +15,7 @@ pop_xover (POP *p)
/* Loop through the message information list. Skip deleted messages */
for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) {
if (!mp->del_flag)
fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%lu\r\n",
fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%u\r\n",
mp->number,
mp->subject,
mp->from,

2
appl/telnet/libtelnet/auth.c
View File

@@ -642,7 +642,7 @@ auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
buf[buflen-2] = '*';
buflen -= 2;
for (; cnt > 0; cnt--, data++) {
sprintf((char *)tbuf, " %d", *data);
snprintf(tbuf, sizeof(tbuf), " %d", *data);
for (cp = tbuf; *cp && buflen > 0; --buflen)
*buf++ = *cp++;
if (buflen <= 0)

10
appl/telnet/libtelnet/enc_des.c
View File

@@ -464,28 +464,28 @@ void fb64_printsub(unsigned char *data, int cnt,
switch(data[2]) {
case FB64_IV:
sprintf(lbuf, "%s_IV", type);
snprintf(lbuf, sizeof(lbuf), "%s_IV", type);
cp = lbuf;
goto common;
case FB64_IV_OK:
sprintf(lbuf, "%s_IV_OK", type);
snprintf(lbuf, sizeof(lbuf), "%s_IV_OK", type);
cp = lbuf;
goto common;
case FB64_IV_BAD:
sprintf(lbuf, "%s_IV_BAD", type);
snprintf(lbuf, sizeof(lbuf), "%s_IV_BAD", type);
cp = lbuf;
goto common;
default:
sprintf(lbuf, " %d (unknown)", data[2]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[2]);
cp = lbuf;
common:
for (; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
for (i = 3; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
}

2
appl/telnet/libtelnet/encrypt.c
View File

@@ -953,7 +953,7 @@ void encrypt_gen_printsub(unsigned char *data, int cnt,
buf[buflen-2] = '*';
buflen -= 2;;
for (; cnt > 0; cnt--, data++) {
sprintf(tbuf, " %d", *data);
snprintf(tbuf, sizeof(tbuf), " %d", *data);
for (cp = tbuf; *cp && buflen > 0; --buflen)
*buf++ = *cp++;
if (buflen <= 0)

2
appl/telnet/libtelnet/forward.c
View File

@@ -418,7 +418,7 @@ rd_and_store_for_creds(inbuf, ticket, lusername)
return -1;
}
sprintf(ccname, "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
snprintf(ccname, sizeof(ccname), "FILE:/tmp/krb5cc_%d", pwd->pw_uid);
if (retval = krb5_cc_resolve(ccname, &ccache)) {
return(retval);

23
appl/telnet/libtelnet/kerberos.c
View File

@@ -74,6 +74,7 @@ RCSID("$Id$");
#include <pwd.h>
#include <stdlib.h>
#include <string.h>
#include <roken.h>
#include "encrypt.h"
#include "auth.h"
@@ -304,28 +305,28 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
char ts[MaxPathLen];
struct passwd *pw = getpwnam(UserNameRequested);
if(pw){
sprintf(ts, "%s%d", TKT_ROOT, pw->pw_uid);
snprintf(ts, sizeof(ts), "%s%u", TKT_ROOT, pw->pw_uid);
setenv("KRBTKFILE", ts, 1);
}
Data(ap, KRB_ACCEPT, NULL, 0);
} else {
char *msg = malloc(ANAME_SZ + 1 + INST_SZ +
REALM_SZ +
strlen(UserNameRequested) + 80);
char *msg;
if (msg == NULL)
Data(ap, KRB_REJECT, NULL, 0);
sprintf (msg, "user `%s' is not authorized to "
asprintf (&msg, "user `%s' is not authorized to "
"login as `%s'",
krb_unparse_name_long(adat.pname,
adat.pinst,
adat.prealm),
UserNameRequested);
if (msg == NULL)
Data(ap, KRB_REJECT, NULL, 0);
else {
Data(ap, KRB_REJECT, (void *)msg, -1);
free(msg);
}
}
auth_finished(ap, AUTH_USER);
break;
@@ -367,7 +368,6 @@ kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
{
des_key_schedule ks;
unsigned char netcred[sizeof(CREDENTIALS)];
char *msg;
CREDENTIALS cred;
int ret;
if(cnt > sizeof(cred))
@@ -538,12 +538,12 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}
@@ -589,7 +589,6 @@ kerberos4_cksum(unsigned char *d, int n)
static int
pack_cred(CREDENTIALS *cred, unsigned char *buf)
{
int l;
unsigned char *p = buf;
p += krb_put_nir(cred->service, cred->instance, cred->realm, p);

4
appl/telnet/libtelnet/kerberos5.c
View File

@@ -512,12 +512,12 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
#endif /* FORWARD */
default:
sprintf(lbuf, " %d (unknown)", data[3]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}

6
appl/telnet/libtelnet/krb4encpwd.c
View File

@@ -255,7 +255,7 @@ krb4encpwd_is(ap, data, cnt)
int i;
time(&now);
sprintf(challenge, "%x", now);
snprintf(challenge, sizeof(challenge), "%x", now);
Data(ap, KRB4_ENCPWD_CHALLENGE, challenge, strlen(challenge));
}
break;
@@ -389,12 +389,12 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}

6
appl/telnet/libtelnet/rsaencpwd.c
View File

@@ -258,7 +258,7 @@ rsaencpwd_is(ap, data, cnt)
time(&now);
if ((now % 2) == 0) {
sprintf(challenge, "%x", now);
snprintf(challenge, sizeof(challenge), "%x", now);
challenge_len = strlen(challenge);
} else {
strcpy(challenge, "randchal");
@@ -440,12 +440,12 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}

4
appl/telnet/libtelnet/spx.c
View File

@@ -556,12 +556,12 @@ spx_printsub(data, cnt, buf, buflen)
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
snprintf(lbuf, sizeof(lbuf), " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
snprintf(lbuf, sizeof(lbuf), " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}

5
appl/telnet/telnet/commands.c
View File

@@ -1658,9 +1658,8 @@ env_init()
hbuf[256] = '\0';
}
cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1);
sprintf((char *)cp, "%s%s", hbuf, cp2);
free(ep->value);
asprintf (&cp, "%s%s", hbuf, cp2);
free (ep->value);
ep->value = (unsigned char *)cp;
}
/*

9
appl/telnet/telnet/telnet.c
View File

@@ -735,7 +735,8 @@ suboption()
name = gettermname();
len = strlen(name) + 4 + 2;
if (len < NETROOM()) {
sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
snprintf((char *)temp, sizeof(temp),
"%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE,
TELQUAL_IS, name, IAC, SE);
ring_supply_data(&netoring, temp, len);
printsub('>', &temp[2], len-2);
@@ -757,7 +758,8 @@ suboption()
TerminalSpeeds(&ispeed, &ospeed);
sprintf((char *)temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
snprintf((char *)temp, sizeof(temp),
"%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED,
TELQUAL_IS, ospeed, ispeed, IAC, SE);
len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */
@@ -862,7 +864,8 @@ suboption()
send_wont(TELOPT_XDISPLOC, 1);
break;
}
sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
snprintf((char *)temp, sizeof(temp),
"%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC,
TELQUAL_IS, dp, IAC, SE);
len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */

3
appl/telnet/telnet/utilities.c
View File

@@ -625,7 +625,8 @@ printsub(char direction, unsigned char *pointer, int length)
}
{
char tbuf[64];
sprintf(tbuf, "%s%s%s%s%s",
snprintf(tbuf, sizeof(tbuf),
"%s%s%s%s%s",
pointer[2]&MODE_EDIT ? "|EDIT" : "",
pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "",
pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",

6
appl/telnet/telnetd/slc.c
View File

@@ -159,7 +159,8 @@ start_slc(getit)
slcchange = 0;
if (getit)
init_termbuf();
sprintf((char *)slcbuf, "%c%c%c%c",
snprintf((char *)slcbuf, sizeof(slcbuf),
"%c%c%c%c",
IAC, SB, TELOPT_LINEMODE, LM_SLC);
slcptr = slcbuf + 4;
@@ -200,7 +201,8 @@ end_slc(bufp)
*bufp = &slcbuf[4];
return(slcptr - slcbuf - 4);
} else {
sprintf((char *)slcptr, "%c%c", IAC, SE);
snprintf((char *)slcptr, sizeof(slcbuf) - (slcptr - slcbuf),
"%c%c", IAC, SE);
slcptr += 2;
len = slcptr - slcbuf;
writenet(slcbuf, len);

16
appl/telnet/telnetd/state.c
View File

@@ -436,7 +436,8 @@ send_do(int option, int init)
set_his_want_state_will(option);
do_dont_resp[option]++;
}
sprintf(nfrontp, (char *)doopt, option);
snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
(char *)doopt, option);
nfrontp += sizeof (dont) - 2;
DIAG(TD_OPTIONS, printoption("td: send do", option));
@@ -655,7 +656,8 @@ send_dont(int option, int init)
set_his_want_state_wont(option);
do_dont_resp[option]++;
}
sprintf(nfrontp, (char *)dont, option);
snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
(char *)dont, option);
nfrontp += sizeof (doopt) - 2;
DIAG(TD_OPTIONS, printoption("td: send dont", option));
@@ -802,7 +804,8 @@ send_will(int option, int init)
set_my_want_state_will(option);
will_wont_resp[option]++;
}
sprintf(nfrontp, (char *)will, option);
snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
(char *)will, option);
nfrontp += sizeof (doopt) - 2;
DIAG(TD_OPTIONS, printoption("td: send will", option));
@@ -959,7 +962,8 @@ send_wont(int option, int init)
set_my_want_state_wont(option);
will_wont_resp[option]++;
}
sprintf(nfrontp, (char *)wont, option);
snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
(char *)wont, option);
nfrontp += sizeof (wont) - 2;
DIAG(TD_OPTIONS, printoption("td: send wont", option));
@@ -1355,7 +1359,9 @@ suboption(void)
env_ovar_wrong:
env_ovar = OLD_ENV_VALUE;
env_ovalue = OLD_ENV_VAR;
DIAG(TD_OPTIONS, {sprintf(nfrontp,
DIAG(TD_OPTIONS, {snprintf(nfrontp,
BUFSIZ -
(nfrontp - netobuf),
"ENVIRON VALUE and VAR are reversed!\r\n");
nfrontp += strlen(nfrontp);});

17
appl/telnet/telnetd/sys_term.c
View File

@@ -357,7 +357,7 @@ char *line_nodev;
char *line_notty;
#ifdef CRAY
char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char myline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
#endif /* CRAY */
#ifndef HAVE_PTSNAME
@@ -392,9 +392,9 @@ set_utid(void)
/* Derive utmp ID from pty slave number */
if(isdigit(line_notty[0]) && sscanf(line_notty, "%d", &ptynum) == 1)
sprintf(utid, "tn%02x", ptynum & 0xff);
snprintf(utid, sizeof(utid), "tn%02x", ptynum & 0xff);
else
sprintf(utid, "tn%s", line_notty);
snprintf(utid, sizeof(utid), "tn%s", line_notty);
}
#else
void
@@ -459,11 +459,11 @@ int getpty(int *ptynum)
#ifndef CRAY
#ifndef __hpux
sprintf(line, "/dev/ptyXX");
snprintf(line, sizeof(Xline), "/dev/ptyXX");
p1 = &line[8];
p2 = &line[9];
#else
sprintf(line, "/dev/ptym/ptyXX");
snprintf(line, sizeof(Xline), "/dev/ptym/ptyXX");
p1 = &line[13];
p2 = &line[14];
#endif
@@ -511,11 +511,11 @@ int getpty(int *ptynum)
struct stat sb;
for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) {
sprintf(myline, "/dev/pty/%03d", *ptynum);
snprintf(myline, sizeof(myline), "/dev/pty/%03d", *ptynum);
p = open(myline, 2);
if (p < 0)
continue;
sprintf(line, "/dev/ttyp%03d", *ptynum);
snprintf(line, sizeof(Xline), "/dev/ttyp%03d", *ptynum);
/*
* Here are some shenanigans to make sure that there
* are no listeners lurking on the line.
@@ -1514,7 +1514,8 @@ void start_login(char *host, int autologin, char *name)
len = strlen(name)+1;
write(xpty, name, len);
write(xpty, name, len);
sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "",
snprintf(speed, sizeof(speed),
"%s/%d", (cp = getenv("TERM")) ? cp : "",
(def_rspeed > 0) ? def_rspeed : 9600);
len = strlen(speed)+1;
write(xpty, speed, len);

17
appl/telnet/telnetd/telnetd.c
View File

@@ -750,10 +750,10 @@ void doit(struct sockaddr_in *who)
if (secflag) {
char slave_dev[16];
sprintf(tty_dev, "/dev/pty/%03d", ptynum);
snprintf(tty_dev, sizeof(tty_dev), "/dev/pty/%03d", ptynum);
if (setdevs(tty_dev, &dv) < 0)
fatal(net, "cannot set pty security");
sprintf(slave_dev, "/dev/ttyp%03d", ptynum);
snprintf(slave_dev, sizeof(slave_dev), "/dev/ttyp%03d", ptynum);
if (setdevs(slave_dev, &dv) < 0)
fatal(net, "cannot set tty security");
}
@@ -936,7 +936,8 @@ telnet(f, p)
*/
if (his_want_state_is_will(TELOPT_ECHO)) {
DIAG(TD_OPTIONS,
{sprintf(nfrontp, "td: simulating recv\r\n");
{snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
"td: simulating recv\r\n");
nfrontp += strlen(nfrontp);});
willoption(TELOPT_ECHO);
}
@@ -1051,7 +1052,8 @@ telnet(f, p)
#endif /* LINEMODE */
DIAG(TD_REPORT,
{sprintf(nfrontp, "td: Entering processing loop\r\n");
{snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
"td: Entering processing loop\r\n");
nfrontp += strlen(nfrontp);});
@@ -1171,7 +1173,8 @@ telnet(f, p)
netip = netibuf;
}
DIAG((TD_REPORT | TD_NETDATA),
{sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
{snprintf(nfrontp, BUFSIZ - (nfrontp - netobuf),
"td: netread %d chars\r\n", ncc);
nfrontp += strlen(nfrontp);});
DIAG(TD_NETDATA, printdata("nd", netip, ncc));
}
@@ -1235,7 +1238,9 @@ telnet(f, p)
ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
if (newflow != flowmode) {
flowmode = newflow;
sprintf(nfrontp,
snprintf(nfrontp,
BUFSIZ -
(nfrontp - netobuf),
"%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON

1
appl/telnet/telnetd/telnetd.h
View File

@@ -37,6 +37,7 @@
#include "defs.h"
#include "ext.h"
#include <protos.h>
#include <roken.h>
#ifdef DIAGNOSTICS
#define DIAG(a,b) if (diagnostic & (a)) b

24
appl/telnet/telnetd/termstat.c
View File

@@ -276,7 +276,9 @@ localstat()
# endif /* KLUDGELINEMODE */
send_do(TELOPT_LINEMODE, 1);
/* send along edit modes */
sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
nfrontp += 7;
@@ -305,7 +307,9 @@ localstat()
/*
* Send along appropriate edit mode mask.
*/
sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c%c", IAC, SB,
TELOPT_LINEMODE, LM_MODE, useeditmode,
IAC, SE);
nfrontp += 7;
@@ -352,7 +356,9 @@ flowstat()
if (his_state_is_will(TELOPT_LFLOW)) {
if (tty_flowmode() != flowmode) {
flowmode = tty_flowmode();
sprintf(nfrontp, "%c%c%c%c%c%c",
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
flowmode ? LFLOW_ON : LFLOW_OFF,
IAC, SE);
@@ -360,7 +366,9 @@ flowstat()
}
if (tty_restartany() != restartany) {
restartany = tty_restartany();
sprintf(nfrontp, "%c%c%c%c%c%c",
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c",
IAC, SB, TELOPT_LFLOW,
restartany ? LFLOW_RESTART_ANY
: LFLOW_RESTART_XON,
@@ -438,7 +446,9 @@ clientstat(code, parm1, parm2)
useeditmode |= MODE_SOFT_TAB;
if (tty_islitecho())
useeditmode |= MODE_LIT_ECHO;
sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode, IAC, SE);
nfrontp += 7;
@@ -497,7 +507,9 @@ clientstat(code, parm1, parm2)
set_termbuf();
if (!ack) {
sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
snprintf(nfrontp,
BUFSIZ - (nfrontp - netobuf),
"%c%c%c%c%c%c%c", IAC,
SB, TELOPT_LINEMODE, LM_MODE,
useeditmode|MODE_ACK,
IAC, SE);

629
appl/telnet/telnetd/utility.c
View File

File diff suppressed because it is too large Load Diff

101
appl/xnlock/xnlock.c
View File

@@ -32,7 +32,8 @@ RCSID("$Id$");
#include <krb.h>
#include <kafs.h>
#include "roken.h"
#include <roken.h>
#include <err.h>
static char name[ANAME_SZ];
static char inst[INST_SZ];
@@ -65,7 +66,7 @@ static unsigned short Width, Height;
static Widget widget;
static GC gc;
static XtIntervalId timeout_id;
static char *ProgName, *words;
static char *words;
static int x, y;
static Pixel Black, White;
static XFontStruct *font;
@@ -151,7 +152,7 @@ get_words(void)
if(appres.text_prog){
pp = popen(appres.text_prog, "r");
if(!pp){
perror(appres.text_prog);
warn ("popen %s", appres.text_prog);
return appres.text;
}
fread(buf, BUFSIZ, 1, pp);
@@ -161,7 +162,7 @@ get_words(void)
if(appres.file){
pp = fopen(appres.file, "r");
if(!pp){
perror(appres.file);
warn ("fopen %s", appres.file);
return appres.text;
}
fread(buf, BUFSIZ, 1, pp);
@@ -172,11 +173,10 @@ get_words(void)
return appres.text;
}
static
void
static void
usage(void)
{
fprintf(stderr, "usage: %s [options] [message]\n", ProgName);
fprintf(stderr, "usage: %s [options] [message]\n", __progname);
fprintf(stderr, "-fg color foreground color\n");
fprintf(stderr, "-bg color background color\n");
fprintf(stderr, "-rv reverse foreground/background colors\n");
@@ -193,36 +193,43 @@ usage(void)
static void
init_words (int argc, char **argv)
{
char buf[BUFSIZ];
int i = 0;
while(argv[i]){
if(strcmp(argv[i], "-p") == 0){
while(argv[i]) {
if(strcmp(argv[i], "-p") == 0) {
i++;
if(argv[i]){
if(argv[i]) {
appres.text_prog = argv[i];
i++;
}else{
fprintf(stderr, "-p requires an argument\n");
} else {
warnx ("-p requires an argument");
usage();
}
}else if(strcmp(argv[i], "-f") == 0){
} else if(strcmp(argv[i], "-f") == 0) {
i++;
if(argv[i]){
if(argv[i]) {
appres.file = argv[i];
i++;
}else{
sprintf(buf, "%s/.msgfile", getenv("HOME"));
appres.file = strdup(buf);
} else {
asprintf (&appres.file,
"%s/.msgfile", getenv("HOME"));
if (appres.file == NULL)
errx (1, "cannot allocate memory for message");
}
}else{
strcpy(buf, "");
while(argv[i]){
strcat(buf, argv[i]);
strcat(buf, " ");
i++;
} else {
appres.text = strdup("");
if (appres.text == NULL)
errx (1, "cannot allocate memory for message");
while (argv[i]) {
int n = strlen (argv[i]);
char *tmp = realloc(appres.text,
strlen(appres.text) + n + 2);
if (tmp == NULL)
errx (1, "cannot allocate memory for message");
strcat (appres.text, argv[i]);
strcat (appres.text, " ");
++i;
}
appres.text = strdup(buf);
}
}
}
@@ -251,7 +258,7 @@ zrefresh(void)
{
switch (fork()) {
case -1:
fprintf(stderr, "Warning %s: Failed to fork zrefresh\n", ProgName);
warn ("zrefresh: fork");
return -1;
case 0:
/* Child */
@@ -431,10 +438,11 @@ post_prompt_box(Window window)
time_y = prompt_y = Height / 2;
box_y = prompt_y - 3 * font_height(font);
if (inst[0] == 0)
sprintf (s, "User: %s@%s", name, realm);
else
sprintf (s, "User: %s.%s@%s", name, inst, realm);
snprintf (s, sizeof(s), "User: %s%s%s@%s", name,
inst[0] ? "." : "",
inst ? inst : "",
realm);
/* erase current guy -- text message may still exist */
XSetForeground(dpy, gc, Black);
XFillRectangle(dpy, window, gc, x, y, 64, 64);
@@ -511,10 +519,12 @@ countdown(XtPointer _t, XtIntervalId *_d)
}
seconds = time(0) - locked_at;
if (seconds >= 3600)
sprintf(buf, "Locked for %d:%02d:%02d ",
snprintf(buf, sizeof(buf),
"Locked for %d:%02d:%02d ",
(int)seconds/3600, (int)seconds/60%60, (int)seconds%60);
else
sprintf(buf, "Locked for %2d:%02d ",
snprintf(buf, sizeof(buf),
"Locked for %2d:%02d ",
(int)seconds/60, (int)seconds%60);
XDrawImageString(dpy, XtWindow(widget), gc,
@@ -562,10 +572,9 @@ verify(char *password)
return 0;
}
if(ret != INTK_BADPW){
fprintf(stderr, "%s: Warning: %s\n", ProgName,
if(ret != INTK_BADPW)
warnx ("warning: %s",
(ret < 0) ? strerror(ret) : krb_get_err_text(ret));
}
/*
* Try copy of users password.
@@ -852,6 +861,8 @@ main (int argc, char **argv)
Widget override;
XGCValues gcvalues;
set_progname (argv[0]);
/*
* Must be setuid root to read /etc/shadow, copy encrypted
* passwords here and then switch to sane uid.
@@ -859,17 +870,11 @@ main (int argc, char **argv)
{
struct passwd *pw;
if (!(pw = k_getpwuid(0)))
{
fprintf(stderr, "%s: can't get root's passwd!\n", ProgName);
exit(1);
}
errx (1, "can't get root's passwd!");
strcpy(root_cpass, pw->pw_passwd);
if (!(pw = k_getpwuid(getuid())))
{
fprintf(stderr, "%s: Can't get your password entry!\n", ProgName);
exit(1);
}
errx (1, "Can't get your password entry!");
strcpy(user_cpass, pw->pw_passwd);
setuid(getuid());
/* Now we're no longer running setuid root. */
@@ -881,11 +886,6 @@ main (int argc, char **argv)
locked_at = time(0);
if ((ProgName = strrchr(*argv, '/')) != 0)
ProgName++;
else
ProgName = *argv;
krb_get_default_principal(name, inst, realm);
@@ -904,10 +904,7 @@ main (int argc, char **argv)
dpy = XtDisplay(override);
if (dpy == 0)
{
fprintf(stderr, "Error: Can't open display:\n");
exit(1);
}
errx (1, "Error: Can't open display");
Width = DisplayWidth(dpy, DefaultScreen(dpy)) + 2;
Height = DisplayHeight(dpy, DefaultScreen(dpy)) + 2;

4
lib/auth/afskauthlib/verify.c
View File

@@ -64,7 +64,9 @@ afs_verify(char *name,
if (krb_get_lrealm (lrealm, 1) != KFAILURE &&
(pwd = k_getpwnam (name)) != NULL) {
sprintf (tkt_string, "%s%d_%d", TKT_ROOT, (int)pwd->pw_uid, (int)getpid());
snprintf (tkt_string, sizeof(tkt_string),
"%s%d_%d", TKT_ROOT,
(unsigned)pwd->pw_uid, (unsigned)getpid());
krb_set_tkt_string (tkt_string);
ret = krb_verify_user (name, "", lrealm, password, 1, NULL);
if (ret == KSUCCESS) {

10
lib/auth/pam/pam.c
View File

@@ -105,7 +105,7 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
pmsg = &msg;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
sprintf(prompt, "%s's Password: ", user);
snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
msg.msg = prompt;
ret = conv->conv(1, (const struct pam_message**)&pmsg,
@@ -116,8 +116,9 @@ auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
{
char tkt[1024];
struct passwd *pw = getpwnam(user);
if(pw){
sprintf(tkt, "%s%d", TKT_ROOT, pw->pw_uid);
snprintf(tkt, sizeof(tkt), "%s%d", TKT_ROOT, pw->pw_uid);
ret = doit(pamh, user, "", resp->resp, tkt);
if(ret == PAM_SUCCESS)
chown(tkt, pw->pw_uid, pw->pw_gid);
@@ -155,7 +156,7 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
}
pmsg = &msg;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
sprintf(prompt, "%s's Password: ", krb_unparse_name(&pr));
snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
msg.msg = prompt;
ret = conv->conv(1, (const struct pam_message**)&pmsg,
@@ -165,7 +166,8 @@ auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
{
char tkt[1024];
sprintf(tkt, "%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
snprintf(tkt, sizeof(tkt),"%s_%s_to_%s", TKT_ROOT, pw->pw_name, user);
ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
if(ret == PAM_SUCCESS)
chown(tkt, pw->pw_uid, pw->pw_gid);

25
lib/auth/sia/sia.c
View File

@@ -198,7 +198,8 @@ siad_ses_authent(sia_collect_func_t *collect,
if(getpwnam_r(entity->name, &pw, pwbuf, sizeof(pwbuf), &pwd) != 0)
return SIADFAIL;
sprintf((char*)entity->mech[pkgind], "%s%d_%d",
snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
"%s%d_%d",
TKT_ROOT, pwd->pw_uid, getpid());
krb_set_tkt_string((char*)entity->mech[pkgind]);
@@ -235,7 +236,7 @@ siad_ses_launch(sia_collect_func_t *collect,
char buf[MaxPathLen];
static char env[64];
chown((char*)entity->mech[pkgind],entity->pwd->pw_uid, entity->pwd->pw_gid);
sprintf(env, "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
snprintf(env, sizeof(env), "KRBTKFILE=%s", (char*)entity->mech[pkgind]);
putenv(env);
if (k_hasafs()) {
char cell[64];
@@ -294,18 +295,13 @@ siad_ses_suauthent(sia_collect_func_t *collect,
if(collect == NULL)
return SIADFAIL;
setup_password(entity, &prompt);
prompt.prompt = malloc(strlen(toname) + strlen(toinst) +
strlen(realm) + sizeof("'s Password: ") + 2);
if(prompt.prompt == NULL)
asprintf (&prompt.prompt,
"%s%s%s@%s's Password: ",
toname, toinst[0] ? "." : "",
toinst[0] ? toinst, "",
realm);
if (prompt.prompt == NULL)
return SIADFAIL;
strcpy(prompt.prompt, toname);
if(toinst[0]){
strcat(prompt.prompt, ".");
strcat(prompt.prompt, toinst);
}
strcat(prompt.prompt, "@");
strcat(prompt.prompt, realm);
strcat(prompt.prompt, "'s Password: ");
ret = (*collect)(0, SIAONELINER, (unsigned char*)"", 1, &prompt);
free(prompt.prompt);
if(ret != SIACOLSUCCESS)
@@ -319,7 +315,8 @@ siad_ses_suauthent(sia_collect_func_t *collect,
if(krb_kuserok(toname, toinst, realm, entity->name))
return SIADFAIL;
sprintf((char*)entity->mech[pkgind], "/tmp/tkt_%s_to_%s_%d",
snprintf((char*)entity->mech[pkgind], sizeof(entity->mech[pkgind]),
"/tmp/tkt_%s_to_%s_%d",
pwd->pw_name, topwd->pw_name, getpid());
krb_set_tkt_string((char*)entity->mech[pkgind]);
ret = krb_verify_user(toname, toinst, realm, entity->password, 1, NULL);

2
lib/kafs/afssys.c
View File

@@ -73,7 +73,7 @@ aix_setup(void)
if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL)
strcpy(path, p);
else
sprintf(path, "%s/afslib.so", LIBDIR);
snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR);
ptr = dlopen(path, 0);
if(ptr){

1
lib/kafs/kafs_locl.h
View File

@@ -83,6 +83,7 @@
#ifdef HAVE_RESOLV_H
#include <resolv.h>
#endif
#include <roken.h>
#include <krb.h>
#include <kafs.h>

8
lib/otp/otp.h
View File

@@ -80,10 +80,10 @@ typedef struct {
} OtpContext;
OtpAlgorithm *otp_find_alg (char *name);
void otp_print_stddict (OtpKey key, char *str);
void otp_print_hex (OtpKey key, char *str);
void otp_print_stddict_extended (OtpKey key, char *str);
void otp_print_hex_extended (OtpKey key, char *str);
void otp_print_stddict (OtpKey key, char *str, size_t sz);
void otp_print_hex (OtpKey key, char *str, size_t sz);
void otp_print_stddict_extended (OtpKey key, char *str, size_t sz);
void otp_print_hex_extended (OtpKey key, char *str, size_t sz);
unsigned otp_checksum (OtpKey key);
int otp_parse_hex (OtpKey key, char *);
int otp_parse_stddict (OtpKey key, char *);

4
lib/otp/otp_challenge.c
View File

@@ -65,7 +65,9 @@ otp_challenge (OtpContext *ctx, char *user, char *str, size_t len)
otp_db_close (dbm);
if (ret)
return ret;
sprintf (str, "[ otp-%s %u %s ]", ctx->alg->name, ctx->n-1, ctx->seed);
snprintf (str, len,
"[ otp-%s %u %s ]",
ctx->alg->name, ctx->n-1, ctx->seed);
ctx->challengep = 1;
return 0;
}

2
lib/otp/otp_parse.c
View File

@@ -2183,7 +2183,7 @@ parse_words(unsigned wn[],
return 0;
}
static
static int
otp_parse_internal (OtpKey key, char *str, OtpAlgorithm *alg,
int (*convert)(char *, void *))
{

48
lib/otp/otp_print.c
View File

@@ -303,18 +303,6 @@ static char *std_dict[] =
"YARD", "YARN", "YAWL", "YAWN", "YEAH", "YEAR", "YELL", "YOGA",
"YOKE" };
static char *
add_word (char *s, unsigned n)
{
char *w;
w = std_dict[n];
strcpy (s, w);
s += strlen(w);
*s++ = ' ';
return s;
}
unsigned
otp_checksum (OtpKey key)
{
@@ -331,38 +319,42 @@ otp_checksum (OtpKey key)
}
void
otp_print_stddict (OtpKey key, char *str)
otp_print_stddict (OtpKey key, char *str, size_t sz)
{
unsigned sum;
sum = otp_checksum (key);
str = add_word (str, (key[0] << 3) | (key[1] >> 5));
str = add_word (str, ((key[1] & 0x1F) << 6) | (key[2] >> 2));
str = add_word (str, ((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7));
str = add_word (str, ((key[4] & 0x7F) << 4) | (key[5] >> 4));
str = add_word (str, ((key[5] & 0x0F) << 7) | (key[6] >> 1));
str = add_word (str, ((key[6] & 0x01) << 10) | (key[7] << 2) | sum);
*--str = '\0';
snprintf (str, sz,
"%s %s %s %s %s %s",
std_dict[(key[0] << 3) | (key[1] >> 5)],
std_dict[((key[1] & 0x1F) << 6) | (key[2] >> 2)],
std_dict[((key[2] & 0x03) << 9) | (key[3] << 1) | (key[4] >> 7)],
std_dict[((key[4] & 0x7F) << 4) | (key[5] >> 4)],
std_dict[((key[5] & 0x0F) << 7) | (key[6] >> 1)],
std_dict[((key[6] & 0x01) << 10) | (key[7] << 2) | sum]);
}
void
otp_print_hex (OtpKey key, char *str)
otp_print_hex (OtpKey key, char *str, size_t sz)
{
sprintf (str, "%02x%02x%02x%02x%02x%02x%02x%02x",
snprintf (str, sz,
"%02x%02x%02x%02x%02x%02x%02x%02x",
key[0], key[1], key[2], key[3],
key[4], key[5], key[6], key[7]);
}
void
otp_print_hex_extended (OtpKey key, char *str)
otp_print_hex_extended (OtpKey key, char *str, size_t sz)
{
strcpy (str, OTP_HEXPREFIX);
otp_print_hex (key, str + strlen(OTP_HEXPREFIX));
strncpy (str, OTP_HEXPREFIX, sz);
str[sz-1] = '\0';
otp_print_hex (key, str + strlen(OTP_HEXPREFIX), sz - strlen(OTP_HEXPREFIX));
}
void
otp_print_stddict_extended (OtpKey key, char *str)
otp_print_stddict_extended (OtpKey key, char *str, size_t sz)
{
strcpy (str, OTP_WORDPREFIX);
otp_print_stddict (key, str + strlen(OTP_WORDPREFIX));
strncpy (str, OTP_WORDPREFIX, sz);
str[sz-1] = '\0';
otp_print_stddict (key, str + strlen(OTP_WORDPREFIX), sz - strlen(OTP_WORDPREFIX));
}

5
lib/otp/otptest.c
View File

@@ -46,13 +46,14 @@ RCSID("$Id$");
#include <otp.h>
static int
test_one(OtpKey key1, char *name, char *val, void (*print)(OtpKey,char*),
test_one(OtpKey key1, char *name, char *val,
void (*print)(OtpKey,char*, size_t),
OtpAlgorithm *alg)
{
char buf[256];
OtpKey key2;
(*print)(key1, buf);
(*print)(key1, buf, sizeof(buf));
printf ("%s: %s, ", name, buf);
if (strcmp (buf, val) != 0) {
printf ("failed(*%s* != *%s*)\n", buf, val);

2
lib/roken/Makefile.in
View File

@@ -38,7 +38,7 @@ SOURCES = \
herror.c hstrerror.c inaddr2str.c inet_aton.c \
initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \
memmove.c mini_inetd.c putenv.c rcmd.c setegid.c setenv.c \
seteuid.c signal.c strcasecmp.c strchr.c strdup.c \
seteuid.c signal.c snprintf.c strcasecmp.c strchr.c strdup.c \
strerror.c strftime.c strlwr.c strnlen.c strrchr.c \
strupr.c tm2time.c unsetenv.c verify.c verr.c \
verrx.c vsyslog.c vwarn.c vwarnx.c warn.c warnx.c \

2
lib/roken/err.h
View File

@@ -49,7 +49,7 @@
extern const char *__progname;
#ifndef __GNUC__
#if !defined(__GNUC__) && !defined(__attribute__)
#define __attribute__(x)
#endif

2
lib/roken/err.hin
View File

@@ -49,7 +49,7 @@
extern const char *__progname;
#ifndef __GNUC__
#if !defined(__GNUC__) && !defined(__attribute__)
#define __attribute__(x)
#endif

2
lib/roken/mini_inetd.c
View File

@@ -94,6 +94,6 @@ mini_inetd (int port)
close(s);
dup2(s2, STDIN_FILENO);
dup2(s2, STDOUT_FILENO);
/* dup2(s2, STDERR_FILENO); */
dup2(s2, STDERR_FILENO);
close(s2);
}

1
lib/roken/resolve.c
View File

@@ -97,6 +97,7 @@ dns_free_data(struct dns_reply *r)
rr = rr->next;
free(tmp);
}
free (r);
}
static struct dns_reply*

6
lib/roken/setenv.c
View File

@@ -60,12 +60,10 @@ setenv(const char *var, const char *val, int rewrite)
if (!rewrite && getenv(var) != 0)
return 0;
if ((t = malloc(strlen(var) + strlen(val) + 2)) == 0)
asprintf (&t, "%s=%s", var, val);
if (t == NULL)
return -1;
strcpy(t, var);
strcat(t, "=");
strcat(t, val);
if (putenv(t) == 0)
return 0;
else

2
lib/roken/strerror.c
View File

@@ -54,7 +54,7 @@ strerror(int eno)
static char emsg[1024];
if(eno < 0 || eno >= sys_nerr)
sprintf(emsg, "Error %d occurred.", eno);
snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno);
else
strcpy(emsg, sys_errlist[eno]);