Change from sprintf() to snprintf() where we may print externally

supplied data of unknown length. Changes adapted from FreeBSD-SA-00:61.
2000-10-31 12:17:07 +00:00 · 2000-10-31 12:17:07 +00:00 · 70a24dc7c0
parent ddfa644677
commit 70a24dc7c0
3 changed files with 38 additions and 29 deletions
--- a/usr.sbin/tcpdump/print-atalk.c
+++ b/usr.sbin/tcpdump/print-atalk.c
@ -1,4 +1,4 @@
-/*	$NetBSD: print-atalk.c,v 1.7 2000/04/04 05:44:35 itojun Exp $	*/
+/*	$NetBSD: print-atalk.c,v 1.8 2000/10/31 12:17:07 he Exp $	*/

 /*
 * Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997
@ -29,7 +29,7 @@
 static const char rcsid[] =
    "@(#) Header: print-atalk.c,v 1.48 97/05/28 12:50:58 leres Exp  (LBL)";
 #else
-__RCSID("$NetBSD: print-atalk.c,v 1.7 2000/04/04 05:44:35 itojun Exp $");
+__RCSID("$NetBSD: print-atalk.c,v 1.8 2000/10/31 12:17:07 he Exp $");
 #endif
 #endif

@ -522,7 +522,7 @@ ataddr_string(u_short atnet, u_char athost)
 {
 	register struct hnamemem *tp, *tp2;
 	register int i = (atnet << 8) | athost;
-	char nambuf[256];
+	char nambuf[MAXHOSTNAMELEN + 20];
 	static int first = 1;
 	FILE *fp;

@ -569,7 +569,8 @@ ataddr_string(u_short atnet, u_char athost)
 		if (tp2->addr == i) {
 			tp->addr = (atnet << 8) | athost;
 			tp->nxt = newhnamemem();
-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
+			(void)snprintf(nambuf, sizeof(nambuf), 
+					"%s.%d", tp2->name, athost);
 			tp->name = savestr(nambuf);
 			return (tp->name);
 		}
--- a/usr.sbin/tcpdump/print-icmp.c
+++ b/usr.sbin/tcpdump/print-icmp.c
@ -1,4 +1,4 @@
-/*	$NetBSD: print-icmp.c,v 1.6 1999/07/02 11:31:32 itojun Exp $	*/
+/*	$NetBSD: print-icmp.c,v 1.7 2000/10/31 12:17:07 he Exp $	*/

 /*
 * Copyright (c) 1988, 1989, 1990, 1991, 1993, 1994, 1995, 1996
@ -27,7 +27,7 @@
 static const char rcsid[] =
    "@(#) Header: print-icmp.c,v 1.38 96/09/26 23:36:44 leres Exp  (LBL)";
 #else
-__RCSID("$NetBSD: print-icmp.c,v 1.6 1999/07/02 11:31:32 itojun Exp $");
+__RCSID("$NetBSD: print-icmp.c,v 1.7 2000/10/31 12:17:07 he Exp $");
 #endif
 #endif

@ -183,7 +183,7 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 	register const struct ip *oip;
 	register const struct udphdr *ouh;
 	register u_int hlen, dport, mtu;
-	char buf[256];
+	char buf[MAXHOSTNAMELEN + 100];

 	dp = (struct icmp *)bp;
 	ip = (struct ip *)bp2;
@ -204,7 +204,8 @@ icmp_print(register const u_char *bp, register const u_char *bp2)

 		case ICMP_UNREACH_PROTOCOL:
 			TCHECK(dp->icmp_ip.ip_p);
-			(void)sprintf(buf, "%s protocol %d unreachable",
+			(void)snprintf(buf, sizeof(buf),
+				       "%s protocol %d unreachable",
 				       ipaddr_string(&dp->icmp_ip.ip_dst),
 				       dp->icmp_ip.ip_p);
 			break;
@ -218,21 +219,21 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 			switch (oip->ip_p) {

 			case IPPROTO_TCP:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s tcp port %s unreachable",
 					ipaddr_string(&oip->ip_dst),
 					tcpport_string(dport));
 				break;

 			case IPPROTO_UDP:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s udp port %s unreachable",
 					ipaddr_string(&oip->ip_dst),
 					udpport_string(dport));
 				break;

 			default:
-				(void)sprintf(buf,
+				(void)snprintf(buf, sizeof(buf),
 					"%s protocol %d port %d unreachable",
 					ipaddr_string(&oip->ip_dst),
 					oip->ip_p, dport);
@ -247,11 +248,11 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 			mp = (struct mtu_discovery *)&dp->icmp_void;
                        mtu = EXTRACT_16BITS(&mp->nexthopmtu);
                        if (mtu)
-			    (void)sprintf(buf,
+			    (void)snprintf(buf, sizeof(buf),
 				"%s unreachable - need to frag (mtu %d)",
 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
                        else
-			    (void)sprintf(buf,
+			    (void)snprintf(buf, sizeof(buf),
 				"%s unreachable - need to frag",
 				ipaddr_string(&dp->icmp_ip.ip_dst));
 			}
@ -260,7 +261,7 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 		default:
 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
 			    dp->icmp_code);
-			(void)sprintf(buf, fmt,
+			(void)snprintf(buf, sizeof(buf), fmt,
 			    ipaddr_string(&dp->icmp_ip.ip_dst));
 			break;
 		}
@ -270,7 +271,7 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 		TCHECK(dp->icmp_ip.ip_dst);
 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
 		    dp->icmp_code);
-		(void)sprintf(buf, fmt,
+		(void)snprintf(buf, sizeof(buf), fmt,
 		    ipaddr_string(&dp->icmp_ip.ip_dst),
 		    ipaddr_string(&dp->icmp_gwaddr));
 		break;
@ -290,30 +291,34 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 		cp = buf + strlen(buf);
 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
 		if (lifetime < 60)
-			(void)sprintf(cp, "%u", lifetime);
+			(void)snprintf(cp, sizeof(buf) - strlen(buf),
+				       "%u", lifetime);
 		else if (lifetime < 60 * 60)
-			(void)sprintf(cp, "%u:%02u",
-			    lifetime / 60, lifetime % 60);
+			(void)snprintf(cp, sizeof(buf) - strlen(buf),
+			    "%u:%02u", lifetime / 60, lifetime % 60);
 		else
-			(void)sprintf(cp, "%u:%02u:%02u",
+			(void)snprintf(cp, sizeof(buf) - strlen(buf),
+			    "%u:%02u:%02u",
 			    lifetime / 3600,
 			    (lifetime % 3600) / 60,
 			    lifetime % 60);
 		cp = buf + strlen(buf);

 		num = ihp->ird_addrnum;
-		(void)sprintf(cp, " %d:", num);
+		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
 		cp = buf + strlen(buf);

 		size = ihp->ird_addrsiz;
 		if (size != 2) {
-			(void)sprintf(cp, " [size %d]", size);
+			(void)snprintf(cp, sizeof(buf) - strlen(buf),
+				       " [size %d]", size);
 			break;
 		}
 		idp = (struct id_rdiscovery *)&dp->icmp_data;
 		while (num-- > 0) {
 			TCHECK(*idp);
-			(void)sprintf(cp, " {%s %u}",
+			(void)snprintf(cp, sizeof(buf) - strlen(buf),
+			    " {%s %u}",
 			    ipaddr_string(&idp->ird_addr),
 			    EXTRACT_32BITS(&idp->ird_pref));
 			cp = buf + strlen(buf);
@ -334,25 +339,28 @@ icmp_print(register const u_char *bp, register const u_char *bp2)
 			break;

 		default:
-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
+			(void)snprintf(buf, sizeof(buf),
+					"time exceeded-#%d", dp->icmp_code);
 			break;
 		}
 		break;

 	case ICMP_PARAMPROB:
 		if (dp->icmp_code)
-			(void)sprintf(buf, "parameter problem - code %d",
+			(void)snprintf(buf, sizeof(buf),
+					"parameter problem - code %d",
 					dp->icmp_code);
 		else {
 			TCHECK(dp->icmp_pptr);
-			(void)sprintf(buf, "parameter problem - octet %d",
+			(void)snprintf(buf, sizeof(buf),
+					"parameter problem - octet %d",
 					dp->icmp_pptr);
 		}
 		break;

 	case ICMP_MASKREPLY:
 		TCHECK(dp->icmp_mask);
-		(void)sprintf(buf, "address mask is 0x%08x",
+		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
 		    (u_int32_t)ntohl(dp->icmp_mask));
 		break;

--- a/usr.sbin/tcpdump/util.c
+++ b/usr.sbin/tcpdump/util.c
@ -1,4 +1,4 @@
-/*	$NetBSD: util.c,v 1.7 2000/08/01 17:29:48 itojun Exp $	*/
+/*	$NetBSD: util.c,v 1.8 2000/10/31 12:17:07 he Exp $	*/

 /*
 * Copyright (c) 1990, 1991, 1993, 1994, 1995, 1996, 1997
@ -27,7 +27,7 @@
 static const char rcsid[] =
    "@(#) Header: util.c,v 1.58 97/05/09 14:52:17 leres Exp  (LBL)";
 #else
-__RCSID("$NetBSD: util.c,v 1.7 2000/08/01 17:29:48 itojun Exp $");
+__RCSID("$NetBSD: util.c,v 1.8 2000/10/31 12:17:07 he Exp $");
 #endif
 #endif

@ -161,7 +161,7 @@ tok2str(register const struct tok *lp, register const char *fmt,
 	}
 	if (fmt == NULL)
 		fmt = "#%d";
-	(void)sprintf(buf, fmt, v);
+	(void)snprintf(buf, sizeof(buf), fmt, v);
 	return (buf);
 }