From 4c6511de8488d9536562bce7e6bddd2906484a85 Mon Sep 17 00:00:00 2001
From: itojun <itojun@NetBSD.org>
Date: Wed, 21 Apr 2004 18:03:13 +0000
Subject: [PATCH] avoid unbounded sprintf(), use snprintf()

---
 sys/dev/ic/aic79xx.c     | 16 ++++++++++------
 sys/dev/ic/aic79xx_osm.c |  6 +++---
 sys/dev/ic/aic79xxvar.h  |  2 +-
 sys/dev/ic/aic7xxx.c     | 22 +++++++++++++---------
 sys/dev/ic/aic7xxx_osm.c |  6 +++---
 sys/dev/ic/aic7xxxvar.h  |  4 ++--
 6 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/sys/dev/ic/aic79xx.c b/sys/dev/ic/aic79xx.c
index b39071012031..b12f96ed2eea 100644
--- a/sys/dev/ic/aic79xx.c
+++ b/sys/dev/ic/aic79xx.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: aic79xx.c,v 1.27 2004/02/13 11:36:21 wiz Exp $	*/
+/*	$NetBSD: aic79xx.c,v 1.28 2004/04/21 18:03:13 itojun Exp $	*/
 
 /*
  * Core routines and tables shareable across OS platforms.
@@ -49,7 +49,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: aic79xx.c,v 1.27 2004/02/13 11:36:21 wiz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: aic79xx.c,v 1.28 2004/04/21 18:03:13 itojun Exp $");
 
 #include <dev/ic/aic79xx_osm.h>
 #include <dev/ic/aic79xx_inline.h>
@@ -5952,13 +5952,17 @@ ahd_alloc_scbs(struct ahd_softc *ahd)
 }
 
 void
-ahd_controller_info(struct ahd_softc *ahd, char *buf)
+ahd_controller_info(struct ahd_softc *ahd, char *buf, size_t l)
 {
 	const char *speed;
 	const char *type;
 	int len;
+	char *ep;
 
-	len = sprintf(buf, "%s: ", ahd_chip_names[ahd->chip & AHD_CHIPID_MASK]);
+	ep = buf + l;
+
+	len = snprintf(buf, ep - buf, "%s: ",
+	    ahd_chip_names[ahd->chip & AHD_CHIPID_MASK]);
 	buf += len;
 
 	speed = "Ultra320 ";
@@ -5967,11 +5971,11 @@ ahd_controller_info(struct ahd_softc *ahd, char *buf)
 	} else {
 		type = "Single ";
 	}
-	len = sprintf(buf, "%s%sChannel %c, SCSI Id=%d, ",
+	len = snprintf(buf, ep - buf, "%s%sChannel %c, SCSI Id=%d, ",
 		      speed, type, ahd->channel, ahd->our_id);
 	buf += len;
 
-	sprintf(buf, "%s, %d SCBs", ahd->bus_description,
+	snprintf(buf, ep - buf, "%s, %d SCBs", ahd->bus_description,
 		ahd->scb_data.maxhscbs);
 }
 
diff --git a/sys/dev/ic/aic79xx_osm.c b/sys/dev/ic/aic79xx_osm.c
index 641d2db395db..89df5ac57af8 100644
--- a/sys/dev/ic/aic79xx_osm.c
+++ b/sys/dev/ic/aic79xx_osm.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: aic79xx_osm.c,v 1.7 2003/10/30 01:58:17 simonb Exp $	*/
+/*	$NetBSD: aic79xx_osm.c,v 1.8 2004/04/21 18:03:13 itojun Exp $	*/
 
 /*
  * Bus independent NetBSD shim for the aic7xxx based adaptec SCSI controllers
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: aic79xx_osm.c,v 1.7 2003/10/30 01:58:17 simonb Exp $");
+__KERNEL_RCSID(0, "$NetBSD: aic79xx_osm.c,v 1.8 2004/04/21 18:03:13 itojun Exp $");
 
 #include <dev/ic/aic79xx_osm.h>
 #include <dev/ic/aic7xxx_cam.h>
@@ -74,7 +74,7 @@ ahd_attach(struct ahd_softc *ahd)
 	int 	s;
 	char	ahd_info[256];
 
-	ahd_controller_info(ahd, ahd_info);
+	ahd_controller_info(ahd, ahd_info, sizeof(ahd_info));
         printf("%s: %s\n", ahd->sc_dev.dv_xname, ahd_info);
 
         ahd_lock(ahd, &s);
diff --git a/sys/dev/ic/aic79xxvar.h b/sys/dev/ic/aic79xxvar.h
index 5789fa3ac4d0..658fc96b53a3 100644
--- a/sys/dev/ic/aic79xxvar.h
+++ b/sys/dev/ic/aic79xxvar.h
@@ -1371,7 +1371,7 @@ int			ahd_match_scb(struct ahd_softc *, struct scb *,
 /****************************** Initialization ********************************/
 /*struct ahd_softc	*ahd_alloc(void *, char *);*/
 int			 ahd_softc_init(struct ahd_softc *);
-void			 ahd_controller_info(struct ahd_softc *, char *);
+void			 ahd_controller_info(struct ahd_softc *, char *, size_t);
 int			 ahd_init(struct ahd_softc *);
 int			 ahd_default_config(struct ahd_softc *);
 int			 ahd_parse_vpddata(struct ahd_softc *,
diff --git a/sys/dev/ic/aic7xxx.c b/sys/dev/ic/aic7xxx.c
index 82be502683e2..32a6c04a96d8 100644
--- a/sys/dev/ic/aic7xxx.c
+++ b/sys/dev/ic/aic7xxx.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: aic7xxx.c,v 1.109 2004/02/13 11:36:22 wiz Exp $	*/
+/*	$NetBSD: aic7xxx.c,v 1.110 2004/04/21 18:03:13 itojun Exp $	*/
 
 /*
  * Core routines and tables shareable across OS platforms.
@@ -39,7 +39,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGES.
  *
- * $Id: aic7xxx.c,v 1.109 2004/02/13 11:36:22 wiz Exp $
+ * $Id: aic7xxx.c,v 1.110 2004/04/21 18:03:13 itojun Exp $
  *
  * //depot/aic7xxx/aic7xxx/aic7xxx.c#112 $
  *
@@ -50,7 +50,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: aic7xxx.c,v 1.109 2004/02/13 11:36:22 wiz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: aic7xxx.c,v 1.110 2004/04/21 18:03:13 itojun Exp $");
 
 #include <dev/ic/aic7xxx_osm.h>
 #include <dev/ic/aic7xxx_inline.h>
@@ -4387,14 +4387,18 @@ ahc_alloc_scbs(struct ahc_softc *ahc)
 }
 
 void
-ahc_controller_info(struct ahc_softc *ahc, char *buf)
+ahc_controller_info(struct ahc_softc *ahc, char *buf, size_t l)
 {
 	int len;
+	char *ep;
 
-	len = sprintf(buf, "%s: ", ahc_chip_names[ahc->chip & AHC_CHIPID_MASK]);
+	ep = buf + l;
+
+	len = snprintf(buf, ep - buf, "%s: ",
+	    ahc_chip_names[ahc->chip & AHC_CHIPID_MASK]);
 	buf += len;
 	if ((ahc->features & AHC_TWIN) != 0)
- 		len = sprintf(buf, "Twin Channel, A SCSI Id=%d, "
+ 		len = snprintf(buf, ep - buf, "Twin Channel, A SCSI Id=%d, "
 			      "B SCSI Id=%d, primary %c, ",
 			      ahc->our_id, ahc->our_id_b,
 			      (ahc->flags & AHC_PRIMARY_CHANNEL) + 'A');
@@ -4415,16 +4419,16 @@ ahc_controller_info(struct ahc_softc *ahc, char *buf)
 		} else {
 			type = "Single";
 		}
-		len = sprintf(buf, "%s%s Channel %c, SCSI Id=%d, ",
+		len = snprintf(buf, ep - buf, "%s%s Channel %c, SCSI Id=%d, ",
 			      speed, type, ahc->channel, ahc->our_id);
 	}
 	buf += len;
 
 	if ((ahc->flags & AHC_PAGESCBS) != 0)
-		sprintf(buf, "%d/%d SCBs",
+		snprintf(buf, ep - buf, "%d/%d SCBs",
 			ahc->scb_data->maxhscbs, AHC_MAX_QUEUE);
 	else
-		sprintf(buf, "%d SCBs", ahc->scb_data->maxhscbs);
+		snprintf(buf, ep - buf, "%d SCBs", ahc->scb_data->maxhscbs);
 }
 
 /*
diff --git a/sys/dev/ic/aic7xxx_osm.c b/sys/dev/ic/aic7xxx_osm.c
index c1d0a42ef6e1..78a59dc4e119 100644
--- a/sys/dev/ic/aic7xxx_osm.c
+++ b/sys/dev/ic/aic7xxx_osm.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: aic7xxx_osm.c,v 1.14 2003/11/02 11:07:44 wiz Exp $	*/
+/*	$NetBSD: aic7xxx_osm.c,v 1.15 2004/04/21 18:03:13 itojun Exp $	*/
 
 /*
  * Bus independent FreeBSD shim for the aic7xxx based adaptec SCSI controllers
@@ -39,7 +39,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: aic7xxx_osm.c,v 1.14 2003/11/02 11:07:44 wiz Exp $");
+__KERNEL_RCSID(0, "$NetBSD: aic7xxx_osm.c,v 1.15 2004/04/21 18:03:13 itojun Exp $");
 
 #include <dev/ic/aic7xxx_osm.h>
 #include <dev/ic/aic7xxx_inline.h>
@@ -99,7 +99,7 @@ ahc_attach(struct ahc_softc *ahc)
 		ahc->sc_channel_b.chan_channel = 1;
 	}
 
-	ahc_controller_info(ahc, ahc_info);
+	ahc_controller_info(ahc, ahc_info, sizeof(ahc_info));
 	printf("%s: %s\n", ahc->sc_dev.dv_xname, ahc_info);
 
 	if ((ahc->flags & AHC_PRIMARY_CHANNEL) == 0) {
diff --git a/sys/dev/ic/aic7xxxvar.h b/sys/dev/ic/aic7xxxvar.h
index 6c4b43d091a8..9fdee50c6365 100644
--- a/sys/dev/ic/aic7xxxvar.h
+++ b/sys/dev/ic/aic7xxxvar.h
@@ -37,7 +37,7 @@
  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGES.
  *
- * $Id: aic7xxxvar.h,v 1.44 2004/04/19 12:44:10 wiz Exp $
+ * $Id: aic7xxxvar.h,v 1.45 2004/04/21 18:03:13 itojun Exp $
  *
  * $FreeBSD: /repoman/r/ncvs/src/sys/dev/aic7xxx/aic7xxx.h,v 1.44 2003/01/20 20:44:55 gibbs Exp $
  */
@@ -1275,7 +1275,7 @@ int		ahc_match_scb(struct ahc_softc *, struct scb *,
 
 /****************************** Initialization ********************************/
 int			 ahc_softc_init(struct ahc_softc *);
-void			 ahc_controller_info(struct ahc_softc *, char *);
+void			 ahc_controller_info(struct ahc_softc *, char *, size_t);
 int			 ahc_init(struct ahc_softc *);
 void			 ahc_intr_enable(struct ahc_softc *, int);
 void			 ahc_pause_and_flushwork(struct ahc_softc *);