From 56d95f62f00e14fa09d55c60d6d6831815d2ee34 Mon Sep 17 00:00:00 2001
From: mrg <mrg@NetBSD.org>
Date: Tue, 11 Feb 1997 08:15:08 +0000
Subject: [PATCH] remove dangerous sprintf calls.

---
 usr.bin/login/k5login.c | 18 +++++++++---------
 usr.bin/login/klogin.c  | 20 +++++++++++---------
 usr.bin/login/login.c   | 10 +++++-----
 3 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/usr.bin/login/k5login.c b/usr.bin/login/k5login.c
index 33a10950f465..44cd836ac2c1 100644
--- a/usr.bin/login/k5login.c
+++ b/usr.bin/login/k5login.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: k5login.c,v 1.2 1994/12/23 06:52:58 jtc Exp $	*/
+/*	$NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $	*/
 
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)klogin.c	5.11 (Berkeley) 7/12/92";
 #endif
-static char rcsid[] = "$NetBSD: k5login.c,v 1.2 1994/12/23 06:52:58 jtc Exp $";
+static char rcsid[] = "$NetBSD: k5login.c,v 1.3 1997/02/11 08:15:08 mrg Exp $";
 #endif /* not lint */
 
 #ifdef KERBEROS5
@@ -130,18 +130,18 @@ klogin(pw, instance, localhost, password)
 	 */
 
 	if (strcmp(instance, "root") != 0)
-	    (void)sprintf(tkt_location, "FILE:/tmp/krb5cc_%d.%s",
-		          pw->pw_uid, tty);
+	    (void)snprintf(tkt_location, sizeof tkt_location,
+		"FILE:/tmp/krb5cc_%d.%s", pw->pw_uid, tty);
 	else
-	    (void)sprintf(tkt_location, "FILE:/tmp/krb5cc_root_%d.%s",
-		          pw->pw_uid, tty);
+	    (void)snprintf(tkt_location, sizeof tkt_location,
+		"FILE:/tmp/krb5cc_root_%d.%s", pw->pw_uid, tty);
 	krbtkfile_env = tkt_location;
 
 	principal = malloc(strlen(pw->pw_name)+strlen(instance)+2);
-	strcpy(principal, pw->pw_name);
+	strcpy(principal, pw->pw_name);	/* XXX strcpy is safe */
 	if (strlen(instance)) {
-	    strcat(principal, "/");
-	    strcat(principal, instance);
+	    strcat(principal, "/");		/* XXX strcat is safe */
+	    strcat(principal, instance);	/* XXX strcat is safe */
 	}
 	
 	if (kerror = krb5_cc_resolve(tkt_location, &ccache)) {
diff --git a/usr.bin/login/klogin.c b/usr.bin/login/klogin.c
index 62f407653a82..a07b44d61608 100644
--- a/usr.bin/login/klogin.c
+++ b/usr.bin/login/klogin.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $	*/
+/*	$NetBSD: klogin.c,v 1.8 1997/02/11 08:15:09 mrg Exp $	*/
 
 /*-
  * Copyright (c) 1990, 1993, 1994
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)klogin.c	8.3 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$NetBSD: klogin.c,v 1.7 1996/05/21 22:07:04 mrg Exp $";
+static char rcsid[] = "$NetBSD: klogin.c,v 1.8 1997/02/11 08:15:09 mrg Exp $";
 #endif /* not lint */
 
 #ifdef KERBEROS
@@ -114,11 +114,11 @@ klogin(pw, instance, localhost, password)
 	 */
 
 	if (strcmp(instance, "root") != 0)
-		(void)sprintf(tkt_location, "%s%d.%s",
-			      TKT_ROOT, pw->pw_uid, tty);
+		(void)snprintf(tkt_location, sizeof tkt_location, "%s%d.%s",
+		    TKT_ROOT, pw->pw_uid, tty);
 	else
-		(void)sprintf(tkt_location, "%s_root_%d.%s",
-			      TKT_ROOT, pw->pw_uid, tty);
+		(void)snprintf(tkt_location, sizeof tkt_location,
+		    "%s_root_%d.%s", TKT_ROOT, pw->pw_uid, tty);
 	krbtkfile_env = tkt_location;
 	(void)krb_set_tkt_string(tkt_location);
 
@@ -263,13 +263,15 @@ kdestroy()
 	(void) unlink(file);
 
 out:
-	if (errno != 0) return;
+	if (errno != 0)
+		return;
 #ifdef TKT_SHMEM
 	/* 
 	 * handle the shared memory case 
 	 */
-	(void) strcpy(shmidname, file);
-	(void) strcat(shmidname, ".shm");
+	/* 5 == 4 (".shm") + 1 */
+	(void)strncpy(shmidname, file, sizeof(shmidname) - 5);
+	(void)strcat(shmidname, ".shm");	/* XXX strcat is safe */
 	if (krb_shm_dest(shmidname) != KSUCCESS)
 	    return;
 #endif /* TKT_SHMEM */
diff --git a/usr.bin/login/login.c b/usr.bin/login/login.c
index f0c7d05dd799..faa363d9c234 100644
--- a/usr.bin/login/login.c
+++ b/usr.bin/login/login.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: login.c,v 1.16 1996/12/20 20:17:30 sommerfe Exp $	*/
+/*	$NetBSD: login.c,v 1.17 1997/02/11 08:15:10 mrg Exp $	*/
 
 /*-
  * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -43,7 +43,7 @@ static char copyright[] =
 #if 0
 static char sccsid[] = "@(#)login.c	8.4 (Berkeley) 4/2/94";
 #endif
-static char rcsid[] = "$NetBSD: login.c,v 1.16 1996/12/20 20:17:30 sommerfe Exp $";
+static char rcsid[] = "$NetBSD: login.c,v 1.17 1997/02/11 08:15:10 mrg Exp $";
 #endif /* not lint */
 
 /*
@@ -237,7 +237,7 @@ main(argc, argv)
 				badlogin(tbuf);
 			failures = 0;
 		}
-		(void)strcpy(tbuf, username);
+		(void)strncpy(tbuf, username, sizeof(tbuf) - 1);
 
 		if (pwd = getpwnam(username))
 			salt = pwd->pw_passwd;
@@ -450,8 +450,8 @@ main(argc, argv)
 	(void)signal(SIGTSTP, SIG_IGN);
 
 	tbuf[0] = '-';
-	(void)strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
-	    p + 1 : pwd->pw_shell);
+	(void)strncpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
+	    p + 1 : pwd->pw_shell, sizeof(tbuf) - 2);
 
 	if (setlogin(pwd->pw_name) < 0)
 		syslog(LOG_ERR, "setlogin() failure: %m");