From 5402d14cf456fe4de12aed50b138b25ea16ee2ea Mon Sep 17 00:00:00 2001 From: itojun Date: Mon, 14 Jul 2003 06:08:04 +0000 Subject: [PATCH] use boundedd string ops --- usr.sbin/bootp/bootpd/bootpd.c | 22 +++++++++++----------- usr.sbin/bootp/bootptest/bootptest.c | 6 +++--- usr.sbin/bootp/common/hwaddr.c | 11 ++++++----- usr.sbin/bootp/common/readfile.c | 13 +++++++------ 4 files changed, 27 insertions(+), 25 deletions(-) diff --git a/usr.sbin/bootp/bootpd/bootpd.c b/usr.sbin/bootp/bootpd/bootpd.c index 96ace3f34a00..c9ddd9cbae94 100644 --- a/usr.sbin/bootp/bootpd/bootpd.c +++ b/usr.sbin/bootp/bootpd/bootpd.c @@ -22,7 +22,7 @@ SOFTWARE. #include #ifndef lint -__RCSID("$NetBSD: bootpd.c,v 1.18 2003/05/17 20:58:39 itojun Exp $"); +__RCSID("$NetBSD: bootpd.c,v 1.19 2003/07/14 06:08:04 itojun Exp $"); #endif /* @@ -626,7 +626,7 @@ ignoring request for server %s from client at %s address %s", return; } } else { - strcpy(bp->bp_sname, hostname); + strlcpy(bp->bp_sname, hostname, sizeof(bp->bp_sname)); } /* If it uses an unknown network type, ignore the request. */ @@ -744,10 +744,10 @@ HW addr type is IEEE 802. convert to %s and check again\n", if (hp->flags.exec_file) { char tst[100]; /* XXX - Check string lengths? -gwr */ - strcpy (tst, hp->exec_file->string); - strcat (tst, " "); - strcat (tst, hp->hostname->string); - strcat (tst, " &"); + strlcpy(tst, hp->exec_file->string, sizeof(tst)); + strlcat(tst, " ", sizeof(tst)); + strlcat(tst, hp->hostname->string, sizeof(tst)); + strlcat(tst, " &", sizeof(tst)); if (debug) report(LOG_INFO, "executing %s", tst); system(tst); /* Hope this finishes soon... */ @@ -877,10 +877,10 @@ HW addr type is IEEE 802. convert to %s and check again\n", } if (bootfile) { if (bootfile[0] != '/') { - strcat(realpath, "/"); + strlcat(realpath, "/", sizeof(realpath)); realpath[sizeof(realpath) - 1] = '\0'; } - strcat(realpath, bootfile); + strlcat(realpath, bootfile, sizeof(realpath)); realpath[sizeof(realpath) - 1] = '\0'; bootfile = NULL; } @@ -889,8 +889,8 @@ HW addr type is IEEE 802. convert to %s and check again\n", * First try to find the file with a ".host" suffix */ n = strlen(clntpath); - strcat(clntpath, "."); - strcat(clntpath, hp->hostname->string); + strlcat(clntpath, ".", sizeof(clntpath)); + strlcat(clntpath, hp->hostname->string, sizeof(clntpath)); if (chk_access(realpath, &bootsize) < 0) { clntpath[n] = 0; /* Try it without the suffix */ if (chk_access(realpath, &bootsize) < 0) { @@ -1160,7 +1160,7 @@ dovend_cmu(struct bootp *bp, struct host *hp) * domain name server, ien name server, time server */ vendp = (struct cmu_vend *) bp->bp_vend; - strcpy(vendp->v_magic, (char *)vm_cmu); + strlcpy(vendp->v_magic, (char *)vm_cmu, sizeof(vendp->v_magic)); if (hp->flags.subnet_mask) { (vendp->v_smask).s_addr = hp->subnet_mask.s_addr; (vendp->v_flags) |= VF_SMASK; diff --git a/usr.sbin/bootp/bootptest/bootptest.c b/usr.sbin/bootp/bootptest/bootptest.c index 4c2744231d2e..2f1bc552f051 100644 --- a/usr.sbin/bootp/bootptest/bootptest.c +++ b/usr.sbin/bootp/bootptest/bootptest.c @@ -1,4 +1,4 @@ -/* $NetBSD: bootptest.c,v 1.12 2003/05/17 20:58:40 itojun Exp $ */ +/* $NetBSD: bootptest.c,v 1.13 2003/07/14 06:08:04 itojun Exp $ */ /* * bootptest.c - Test out a bootp server. @@ -36,7 +36,7 @@ #include #ifndef lint -__RCSID("$NetBSD: bootptest.c,v 1.12 2003/05/17 20:58:40 itojun Exp $"); +__RCSID("$NetBSD: bootptest.c,v 1.13 2003/07/14 06:08:04 itojun Exp $"); #endif char *usage = "bootptest [-h] server-name [vendor-data-template-file]"; @@ -487,7 +487,7 @@ ipaddr_string(struct in_addr *ina) u_char *p; p = (u_char *) ina; - sprintf(b, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + snprintf(b, sizeof(b), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); return (b); } diff --git a/usr.sbin/bootp/common/hwaddr.c b/usr.sbin/bootp/common/hwaddr.c index b9dc81bf9b9e..5eec957d4a3a 100644 --- a/usr.sbin/bootp/common/hwaddr.c +++ b/usr.sbin/bootp/common/hwaddr.c @@ -1,8 +1,8 @@ -/* $NetBSD: hwaddr.c,v 1.7 2002/07/14 00:30:02 wiz Exp $ */ +/* $NetBSD: hwaddr.c,v 1.8 2003/07/14 06:08:05 itojun Exp $ */ #include #ifndef lint -__RCSID("$NetBSD: hwaddr.c,v 1.7 2002/07/14 00:30:02 wiz Exp $"); +__RCSID("$NetBSD: hwaddr.c,v 1.8 2003/07/14 06:08:05 itojun Exp $"); #endif /* @@ -138,8 +138,8 @@ setarp(int s, struct in_addr *ia, u_char *ha, int len) char *a; a = inet_ntoa(*ia); - sprintf(buf, "arp -d %s; arp -s %s %s temp", - a, a, haddrtoa(ha, len)); + snprintf(buf, sizeof(buf), "arp -d %s; arp -s %s %s temp", + a, a, haddrtoa(ha, len)); if (debug > 2) report(LOG_INFO, "%s", buf); status = system(buf); @@ -164,7 +164,8 @@ haddrtoa(u_char *haddr, int hlen) bufptr = haddrbuf; while (hlen > 0) { - sprintf(bufptr, "%02X:", (unsigned) (*haddr++ & 0xFF)); + snprintf(bufptr, sizeof(haddrbuf) - (bufptr - haddrbuf), + "%02X:", (unsigned) (*haddr++ & 0xFF)); bufptr += 3; hlen--; } diff --git a/usr.sbin/bootp/common/readfile.c b/usr.sbin/bootp/common/readfile.c index 7ed48d61307f..85e62698a895 100644 --- a/usr.sbin/bootp/common/readfile.c +++ b/usr.sbin/bootp/common/readfile.c @@ -22,7 +22,7 @@ SOFTWARE. #include #ifndef lint -__RCSID("$NetBSD: readfile.c,v 1.11 2003/01/28 22:19:30 wiz Exp $"); +__RCSID("$NetBSD: readfile.c,v 1.12 2003/07/14 06:08:05 itojun Exp $"); #endif @@ -337,7 +337,7 @@ readtab(int force) #ifdef DEBUG if (debug > 3) { char timestr[28]; - strcpy(timestr, ctime(&(st.st_mtime))); + strlcpy(timestr, ctime(&(st.st_mtime)), sizeof(timestr)); /* zap the newline */ timestr[24] = '\0'; report(LOG_INFO, "bootptab mtime: %s", @@ -805,7 +805,8 @@ eval_symbol(char **symbol, struct host *hp) if ((*symbol)[0] == 'T') { /* generic symbol */ (*symbol)++; value = get_u_long(symbol); - sprintf(current_tagname, "T%d", value); + snprintf(current_tagname, sizeof(current_tagname), + "T%d", value); eat_whitespace(symbol); if ((*symbol)[0] != '=') { return E_SYNTAX_ERROR; @@ -1210,10 +1211,10 @@ get_shared_string(char **src) length = sizeof(retstring); (void) get_string(src, retstring, &length); - s = (struct shared_string *) smalloc(sizeof(struct shared_string) - + length); + s = (struct shared_string *) smalloc(sizeof(struct shared_string) + + length); s->linkcount = 1; - strcpy(s->string, retstring); + strlcpy(s->string, retstring, sizeof(retstring)); return s; }