From 8b2d1fefd2c83b7b0cb0622006cd3748102a0b38 Mon Sep 17 00:00:00 2001
From: sommerfeld <sommerfeld@NetBSD.org>
Date: Thu, 5 Oct 2000 14:09:07 +0000
Subject: [PATCH] Miscellaneous format string safety improvements

---
 crypto/dist/ssh/auth-skey.c  |  6 +++---
 crypto/dist/ssh/auth1.c      |  6 +++---
 crypto/dist/ssh/channels.c   | 30 ++++++++++++------------------
 crypto/dist/ssh/log-server.c | 13 ++++++++-----
 crypto/dist/ssh/scp.c        |  7 ++++---
 crypto/dist/ssh/ssh-agent.c  | 36 +++++++++++++++++++++++++-----------
 crypto/dist/ssh/ssh.h        |  5 +++--
 7 files changed, 58 insertions(+), 45 deletions(-)

diff --git a/crypto/dist/ssh/auth-skey.c b/crypto/dist/ssh/auth-skey.c
index 41169b36e9ca..c6c8102adb8d 100644
--- a/crypto/dist/ssh/auth-skey.c
+++ b/crypto/dist/ssh/auth-skey.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-skey.c,v 1.1.1.1 2000/09/28 22:09:41 thorpej Exp $	*/
+/*	$NetBSD: auth-skey.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $	*/
 
 /*
  * Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
@@ -28,7 +28,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: auth-skey.c,v 1.1.1.1 2000/09/28 22:09:41 thorpej Exp $");
+__RCSID("$NetBSD: auth-skey.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -54,7 +54,7 @@ auth_skey_password(struct passwd * pw, const char *password)
 			skeyinfo = skey_fake_keyinfo(pw->pw_name);
 		}
 		if (skeyinfo != NULL)
-			packet_send_debug(skeyinfo);
+			packet_send_debug("%s", skeyinfo);
 		/* Try again. */
 		return 0;
 	} else if (skey_haskey(pw->pw_name) == 0 &&
diff --git a/crypto/dist/ssh/auth1.c b/crypto/dist/ssh/auth1.c
index 6284b2962f3e..151b497a9744 100644
--- a/crypto/dist/ssh/auth1.c
+++ b/crypto/dist/ssh/auth1.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth1.c,v 1.1.1.1 2000/09/28 22:09:42 thorpej Exp $	*/
+/*	$NetBSD: auth1.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $	*/
 
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -15,7 +15,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: auth1.c,v 1.1.1.1 2000/09/28 22:09:42 thorpej Exp $");
+__RCSID("$NetBSD: auth1.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -105,7 +105,7 @@ do_fake_authloop1(char *user)
 				   (password = packet_get_string(&dlen)) != NULL &&
 				   dlen == 5 &&
 				   strncasecmp(password, "s/key", 5) == 0 ) {
-				packet_send_debug(skeyinfo);
+				packet_send_debug("%s", skeyinfo);
 			}
 		}
 		if (password != NULL)
diff --git a/crypto/dist/ssh/channels.c b/crypto/dist/ssh/channels.c
index c37477330f0d..e4ea6bcac464 100644
--- a/crypto/dist/ssh/channels.c
+++ b/crypto/dist/ssh/channels.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: channels.c,v 1.1.1.1 2000/09/28 22:09:51 thorpej Exp $	*/
+/*	$NetBSD: channels.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -45,7 +45,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: channels.c,v 1.1.1.1 2000/09/28 22:09:51 thorpej Exp $");
+__RCSID("$NetBSD: channels.c,v 1.2 2000/10/05 14:09:07 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -1821,25 +1821,19 @@ static
 int
 connect_local_xsocket(unsigned int dnr)
 {
-	static const char *const x_sockets[] = {
-		_PATH_XUNIX_DIR "%u",
-		NULL
-	};
+	static const char x_socket[] = _PATH_XUNIX_DIR "%u";
 	int sock;
 	struct sockaddr_un addr;
-	const char *const * path;
 
-	for (path = x_sockets; *path; ++path) {
-		sock = socket(AF_UNIX, SOCK_STREAM, 0);
-		if (sock < 0)
-			error("socket: %.100s", strerror(errno));
-		memset(&addr, 0, sizeof(addr));
-		addr.sun_family = AF_UNIX;
-		snprintf(addr.sun_path, sizeof addr.sun_path, *path, dnr);
-		if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0)
-			return sock;
-		close(sock);
-	}
+	sock = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (sock < 0)
+	  	error("socket: %.100s", strerror(errno));
+	memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	snprintf(addr.sun_path, sizeof addr.sun_path, x_socket, dnr);
+	if (connect(sock, (struct sockaddr *) & addr, sizeof(addr)) == 0)
+		return sock;
+	close(sock);
 	error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
 	return -1;
 }
diff --git a/crypto/dist/ssh/log-server.c b/crypto/dist/ssh/log-server.c
index 930d63ec611d..ee4946bd12f2 100644
--- a/crypto/dist/ssh/log-server.c
+++ b/crypto/dist/ssh/log-server.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: log-server.c,v 1.1.1.1 2000/09/28 22:10:04 thorpej Exp $	*/
+/*	$NetBSD: log-server.c,v 1.2 2000/10/05 14:09:08 sommerfeld Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -41,7 +41,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: log-server.c,v 1.1.1.1 2000/09/28 22:10:04 thorpej Exp $");
+__RCSID("$NetBSD: log-server.c,v 1.2 2000/10/05 14:09:08 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -138,7 +138,6 @@ void
 do_log(LogLevel level, const char *fmt, va_list args)
 {
 	char msgbuf[MSGBUFSIZ];
-	char fmtbuf[MSGBUFSIZ];
 	char *txt = NULL;
 	int pri = LOG_INFO;
 	extern char *__progname;
@@ -176,8 +175,12 @@ do_log(LogLevel level, const char *fmt, va_list args)
 		break;
 	}
 	if (txt != NULL) {
-		snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
-		vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
+	  	int len;
+
+		snprintf(msgbuf, sizeof(msgbuf), "%s: ", txt);
+		len = strlen(msgbuf);
+		if (len < sizeof(msgbuf))
+		  	vsnprintf(msgbuf+len, sizeof(msgbuf)-len, fmt, args);
 	} else {
 		vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
 	}
diff --git a/crypto/dist/ssh/scp.c b/crypto/dist/ssh/scp.c
index fd09fb342b11..eedaa5de49e8 100644
--- a/crypto/dist/ssh/scp.c
+++ b/crypto/dist/ssh/scp.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: scp.c,v 1.1.1.1 2000/09/28 22:10:14 thorpej Exp $	*/
+ /*	$NetBSD: scp.c,v 1.2 2000/10/05 14:09:08 sommerfeld Exp $	*/
 
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
@@ -80,7 +80,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: scp.c,v 1.1.1.1 2000/09/28 22:10:14 thorpej Exp $");
+__RCSID("$NetBSD: scp.c,v 1.2 2000/10/05 14:09:08 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -258,7 +258,8 @@ char *colon(char *);
 void lostconn(int);
 void nospace(void);
 int okname(char *);
-void run_err(const char *,...);
+void run_err(const char *,...)
+     __attribute__((__format__(__printf__,1,2)));
 void verifydir(char *);
 
 struct passwd *pwd;
diff --git a/crypto/dist/ssh/ssh-agent.c b/crypto/dist/ssh/ssh-agent.c
index 9aa8d1420875..2b7b40511133 100644
--- a/crypto/dist/ssh/ssh-agent.c
+++ b/crypto/dist/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh-agent.c,v 1.2 2000/10/04 03:43:58 itojun Exp $	*/
+/*	$NetBSD: ssh-agent.c,v 1.3 2000/10/05 14:09:08 sommerfeld Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -40,7 +40,7 @@
 
 #include <sys/cdefs.h>
 #ifndef lint
-__RCSID("$NetBSD: ssh-agent.c,v 1.2 2000/10/04 03:43:58 itojun Exp $");
+__RCSID("$NetBSD: ssh-agent.c,v 1.3 2000/10/05 14:09:08 sommerfeld Exp $");
 #endif
 
 #include "includes.h"
@@ -101,6 +101,24 @@ char socket_dir[1024];
 
 extern char *__progname;
 
+static void
+printunset(int c_flag, char *varname)
+{
+	if (c_flag)
+	  	printf("unsetenv %s;\n", varname);
+	else
+	  	printf("unset %s;\n", varname);
+}
+
+static void
+printset(int c_flag, char *varname, char *val)
+{
+	if (c_flag)
+	  	printf("setenv %s %s;\n", varname, val);
+	else
+	  	printf("%s=%s; export %s;\n", varname, val, varname);
+}
+
 static void
 idtab_init(void)
 {
@@ -668,7 +686,7 @@ main(int ac, char **av)
 	int sock, c_flag = 0, k_flag = 0, s_flag = 0, ch;
 	struct sockaddr_un sunaddr;
 	pid_t pid;
-	char *shell, *format, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
+	char *shell, *pidstr, pidstrbuf[1 + 3 * sizeof pid];
 
 	/* check if RSA support exists */
 	if (rsa_alive() == 0) {
@@ -725,9 +743,8 @@ main(int ac, char **av)
 			perror("kill");
 			exit(1);
 		}
-		format = c_flag ? "unsetenv %s;\n" : "unset %s;\n";
-		printf(format, SSH_AUTHSOCKET_ENV_NAME);
-		printf(format, SSH_AGENTPID_ENV_NAME);
+		printunset(c_flag, SSH_AUTHSOCKET_ENV_NAME);
+		printunset(c_flag, SSH_AGENTPID_ENV_NAME);
 		printf("echo Agent pid %d killed;\n", pid);
 		exit(0);
 	}
@@ -775,11 +792,8 @@ main(int ac, char **av)
 		close(sock);
 		snprintf(pidstrbuf, sizeof pidstrbuf, "%d", pid);
 		if (ac == 0) {
-			format = c_flag ? "setenv %s %s;\n" : "%s=%s; export %s;\n";
-			printf(format, SSH_AUTHSOCKET_ENV_NAME, socket_name,
-			       SSH_AUTHSOCKET_ENV_NAME);
-			printf(format, SSH_AGENTPID_ENV_NAME, pidstrbuf,
-			       SSH_AGENTPID_ENV_NAME);
+			printset(c_flag, SSH_AUTHSOCKET_ENV_NAME, socket_name);
+			printset(c_flag, SSH_AGENTPID_ENV_NAME, pidstrbuf);
 			printf("echo Agent pid %d;\n", pid);
 			exit(0);
 		}
diff --git a/crypto/dist/ssh/ssh.h b/crypto/dist/ssh/ssh.h
index d3726b334cf4..f4e4a71e47e7 100644
--- a/crypto/dist/ssh/ssh.h
+++ b/crypto/dist/ssh/ssh.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssh.h,v 1.1.1.1 2000/09/28 22:10:34 thorpej Exp $	*/
+/*	$NetBSD: ssh.h,v 1.2 2000/10/05 14:09:08 sommerfeld Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -348,7 +348,8 @@ void    log_init(const char *av0, LogLevel level, SyslogFacility facility,
 	    int on_stderr, int quiet_mode, int debug_mode);
 
 /* Logging implementation, depending on server or client */
-void    do_log(LogLevel level, const char *fmt, va_list args);
+void    do_log(LogLevel level, const char *fmt, va_list args)
+     __attribute__((format(printf, 2, 0)));
 
 /* name to facility/level */
 SyslogFacility log_facility_number(const char *name);