From 9cd5492c0260bc081b84b3657f5d7fd950e2aa9b Mon Sep 17 00:00:00 2001 From: mrg Date: Thu, 23 Jan 1997 14:01:45 +0000 Subject: [PATCH] - convert unsafe strcpy(), strcat() and sprintf() to the `n' versions. - some KNF. --- lib/libc/compat-43/getwd.c | 4 +-- lib/libc/db/hash/ndbm.c | 8 ++--- lib/libc/gen/disklabel.c | 16 ++++----- lib/libc/gen/fstab.c | 6 ++-- lib/libc/gen/getcap.c | 8 ++--- lib/libc/gen/getpwent.c | 6 ++-- lib/libc/gen/psignal.c | 8 ++--- lib/libc/gen/timezone.c | 7 ++-- lib/libc/gmon/gmon.c | 8 ++--- lib/libc/locale/setlocale.c | 16 +++++---- lib/libc/net/ethers.c | 6 ++-- lib/libc/net/gethostnamadr.c | 8 ++--- lib/libc/net/rcmd.c | 8 ++--- lib/libc/net/res_debug.c | 58 +++++++++++++++++++----------- lib/libc/net/res_init.c | 6 ++-- lib/libc/net/res_query.c | 6 ++-- lib/libc/regex/engine.c | 6 ++-- lib/libc/regex/regerror.c | 35 +++++++++--------- lib/libc/rpc/clnt_perror.c | 67 +++++++++++++++++++++-------------- lib/libc/rpc/clnt_simple.c | 6 ++-- lib/libc/shlib_version | 2 +- lib/libc/stdio/perror.c | 8 ++--- lib/libc/stdlib/realpath.c | 12 +++---- lib/libc/string/__strerror.c | 7 ++-- lib/libc/string/__strsignal.c | 11 +++--- lib/libc/string/strerror.c | 7 ++-- lib/libc/string/strsignal.c | 7 ++-- lib/libc/time/asctime.c | 4 +-- lib/libc/time/ialloc.c | 7 ++-- lib/libc/time/localtime.c | 12 +++---- lib/libc/time/zdump.c | 6 ++-- lib/libc/time/zic.c | 43 ++++++++++++---------- lib/libc/yp/yplib.c | 6 ++-- lib/libcompat/4.3/rexec.c | 2 +- lib/libcompat/4.4/timezone.c | 7 ++-- lib/libcompat/regexp/regexp.c | 12 ++++--- lib/libcurses/PSD.doc/ex2.c | 6 ++-- lib/libcurses/setterm.c | 2 +- lib/libedit/history.c | 6 ++-- lib/libedit/search.c | 12 ++++--- lib/libedit/term.c | 12 ++++--- lib/libkvm.old/kvm.c | 8 ++--- lib/libkvm/kvm.c | 8 ++--- lib/libpcap/bpf_image.c | 6 ++-- lib/libpcap/gencode.c | 7 ++-- lib/libpcap/inet.c | 28 ++++++++------- lib/libpcap/pcap-bpf.c | 41 +++++++++++++-------- lib/libpcap/pcap.c | 4 +-- lib/libpcap/savefile.c | 28 ++++++++------- lib/librmt/rmtlib.c | 18 +++++----- lib/libskey/put.c | 4 +-- lib/libskey/skey.h | 4 +-- lib/libskey/skeylogin.c | 17 +++++---- lib/libskey/skeysubr.c | 8 ++--- lib/libterm/termcap.c | 7 ++-- lib/libterm/tgoto.c | 6 ++-- lib/libwrap/diag.c | 4 +-- lib/libwrap/eval.c | 10 +++--- lib/libwrap/fix_options.c | 3 +- lib/libwrap/options.c | 6 ++-- lib/libwrap/socket.c | 5 +-- lib/libwrap/update.c | 4 +-- lib/libz/example.c | 14 ++++---- lib/libz/gzio.c | 13 +++---- lib/libz/minigzip.c | 10 +++--- 65 files changed, 414 insertions(+), 333 deletions(-) diff --git a/lib/libc/compat-43/getwd.c b/lib/libc/compat-43/getwd.c index e1e17080f839..5a04bdc4b779 100644 --- a/lib/libc/compat-43/getwd.c +++ b/lib/libc/compat-43/getwd.c @@ -33,7 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)getwd.c 5.1 (Berkeley) 2/20/91";*/ -static char *rcsid = "$Id: getwd.c,v 1.3 1993/08/26 00:43:05 jtc Exp $"; +static char *rcsid = "$Id: getwd.c,v 1.4 1997/01/23 14:01:48 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -50,6 +50,6 @@ getwd(buf) if (p = getcwd(buf, MAXPATHLEN)) return(p); - (void)strcpy(buf, strerror(errno)); + (void)strncpy(buf, strerror(errno), MAXPATHLEN); /* XXX strncpy may be unsafe */ return((char *)NULL); } diff --git a/lib/libc/db/hash/ndbm.c b/lib/libc/db/hash/ndbm.c index f9e8a200a6c7..3f9aea996dab 100644 --- a/lib/libc/db/hash/ndbm.c +++ b/lib/libc/db/hash/ndbm.c @@ -1,4 +1,4 @@ -/* $NetBSD: ndbm.c,v 1.10 1996/11/07 06:48:03 jtc Exp $ */ +/* $NetBSD: ndbm.c,v 1.11 1997/01/23 14:01:50 mrg Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -40,7 +40,7 @@ #if 0 static char sccsid[] = "@(#)ndbm.c 8.4 (Berkeley) 7/21/94"; #else -static char rcsid[] = "$NetBSD: ndbm.c,v 1.10 1996/11/07 06:48:03 jtc Exp $"; +static char rcsid[] = "$NetBSD: ndbm.c,v 1.11 1997/01/23 14:01:50 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -76,8 +76,8 @@ dbm_open(file, flags, mode) info.cachesize = 0; info.hash = NULL; info.lorder = 0; - (void)strcpy(path, file); - (void)strcat(path, DBM_SUFFIX); + (void)strncpy(path, file, sizeof(path) - 1); + (void)strncat(path, DBM_SUFFIX, sizeof(path) - strlen(path) - 1); return ((DBM *)__hash_open(path, flags, mode, &info, 0)); } diff --git a/lib/libc/gen/disklabel.c b/lib/libc/gen/disklabel.c index 6deaa1b4fa55..2d9a2cde61f2 100644 --- a/lib/libc/gen/disklabel.c +++ b/lib/libc/gen/disklabel.c @@ -1,4 +1,4 @@ -/* $NetBSD: disklabel.c,v 1.11 1995/06/07 13:14:09 cgd Exp $ */ +/* $NetBSD: disklabel.c,v 1.12 1997/01/23 14:01:51 mrg Exp $ */ /* * Copyright (c) 1983, 1987, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)disklabel.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: disklabel.c,v 1.11 1995/06/07 13:14:09 cgd Exp $"; +static char rcsid[] = "$NetBSD: disklabel.c,v 1.12 1997/01/23 14:01:51 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -121,11 +121,11 @@ getdiskbyname(name) getnumdflt(dp->d_trkseek, "ts", 0); getnumdflt(dp->d_bbsize, "bs", BBSIZE); getnumdflt(dp->d_sbsize, "sb", SBSIZE); - strcpy(psize, "px"); - strcpy(pbsize, "bx"); - strcpy(pfsize, "fx"); - strcpy(poffset, "ox"); - strcpy(ptype, "tx"); + (void)strncpy(psize, "px", sizeof(psize) - 1); + (void)strncpy(pbsize, "bx", sizeof(pbsize) - 1); + (void)strncpy(pfsize, "fx", sizeof(pfsize) - 1); + (void)strncpy(poffset, "ox", sizeof(poffset) - 1); + (void)strncpy(ptype, "tx", sizeof(ptype) - 1); max = 'a' - 1; pp = &dp->d_partitions[0]; for (p = 'a'; p < 'a' + MAXPARTITIONS; p++, pp++) { @@ -153,7 +153,7 @@ getdiskbyname(name) } } dp->d_npartitions = max + 1 - 'a'; - (void)strcpy(psize, "dx"); + (void)strncpy(psize, "dx", sizeof(psize) - 1); dx = dp->d_drivedata; for (p = '0'; p < '0' + NDDATA; p++, dx++) { psize[1] = p; diff --git a/lib/libc/gen/fstab.c b/lib/libc/gen/fstab.c index a17b33858b8a..f51ab0e23849 100644 --- a/lib/libc/gen/fstab.c +++ b/lib/libc/gen/fstab.c @@ -1,4 +1,4 @@ -/* $NetBSD: fstab.c,v 1.8 1996/04/03 19:48:56 jtc Exp $ */ +/* $NetBSD: fstab.c,v 1.9 1997/01/23 14:01:52 mrg Exp $ */ /* * Copyright (c) 1980, 1988, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)fstab.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: fstab.c,v 1.8 1996/04/03 19:48:56 jtc Exp $"; +static char rcsid[] = "$NetBSD: fstab.c,v 1.9 1997/01/23 14:01:52 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -108,7 +108,7 @@ fstabscan() if ((cp = strtok((char *)NULL, " \t\n")) != NULL) _fs_fstab.fs_passno = atoi(cp); } - strcpy(subline, _fs_fstab.fs_mntops); + (void)strncpy(subline, _fs_fstab.fs_mntops, sizeof(subline)-1); for (typexx = 0, cp = strtok(subline, ","); cp; cp = strtok((char *)NULL, ",")) { if (strlen(cp) != 2) diff --git a/lib/libc/gen/getcap.c b/lib/libc/gen/getcap.c index 3f34ab3452aa..1203a79f27cf 100644 --- a/lib/libc/gen/getcap.c +++ b/lib/libc/gen/getcap.c @@ -1,4 +1,4 @@ -/* $NetBSD: getcap.c,v 1.10 1995/08/24 05:26:35 mycroft Exp $ */ +/* $NetBSD: getcap.c,v 1.11 1997/01/23 14:01:54 mrg Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -40,7 +40,7 @@ #if 0 static char sccsid[] = "@(#)getcap.c 8.3 (Berkeley) 3/25/94"; #else -static char rcsid[] = "$NetBSD: getcap.c,v 1.10 1995/08/24 05:26:35 mycroft Exp $"; +static char rcsid[] = "$NetBSD: getcap.c,v 1.11 1997/01/23 14:01:54 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -96,7 +96,7 @@ cgetset(ent) return (-1); } gottoprec = 0; - (void)strcpy(toprec, ent); + (void)strcpy(toprec, ent); /* XXX: strcpy is safe */ return (0); } @@ -220,7 +220,7 @@ getent(cap, len, db_array, fd, name, depth, nfield) errno = ENOMEM; return (-2); } - (void)strcpy(record, toprec); + (void)strcpy(record, toprec); /* XXX: strcpy is safe */ myfd = 0; db_p = db_array; rp = record + topreclen + 1; diff --git a/lib/libc/gen/getpwent.c b/lib/libc/gen/getpwent.c index 0a9b394740ac..7da9e4ec211b 100644 --- a/lib/libc/gen/getpwent.c +++ b/lib/libc/gen/getpwent.c @@ -1,4 +1,4 @@ -/* $NetBSD: getpwent.c,v 1.15 1996/12/20 20:16:05 sommerfe Exp $ */ +/* $NetBSD: getpwent.c,v 1.16 1997/01/23 14:01:56 mrg Exp $ */ /* * Copyright (c) 1988, 1993 @@ -38,7 +38,7 @@ #if 0 static char sccsid[] = "@(#)getpwent.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: getpwent.c,v 1.15 1996/12/20 20:16:05 sommerfe Exp $"; +static char rcsid[] = "$NetBSD: getpwent.c,v 1.16 1997/01/23 14:01:56 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -672,7 +672,7 @@ getpwuid(uid) int s = -1; const char *host, *user, *dom; - sprintf(uidbuf, "%d", uid); + snprintf(uidbuf, sizeof uidbuf, "%d", uid); for(_pw_keynum=1; _pw_keynum; _pw_keynum++) { bf[0] = _PW_KEYBYNUM; bcopy((char *)&_pw_keynum, bf + 1, sizeof(_pw_keynum)); diff --git a/lib/libc/gen/psignal.c b/lib/libc/gen/psignal.c index 20c3fcf44d18..51fd2d173b54 100644 --- a/lib/libc/gen/psignal.c +++ b/lib/libc/gen/psignal.c @@ -1,4 +1,4 @@ -/* $NetBSD: psignal.c,v 1.8 1995/02/27 04:35:42 cgd Exp $ */ +/* $NetBSD: psignal.c,v 1.9 1997/01/23 14:01:57 mrg Exp $ */ /* * Copyright (c) 1983, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)psignal.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: psignal.c,v 1.8 1995/02/27 04:35:42 cgd Exp $"; +static char rcsid[] = "$NetBSD: psignal.c,v 1.9 1997/01/23 14:01:57 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -50,7 +50,7 @@ static char rcsid[] = "$NetBSD: psignal.c,v 1.8 1995/02/27 04:35:42 cgd Exp $"; #include #include -extern char *__strsignal __P((int , char *)); +extern char *__strsignal __P((int , char *, int)); void psignal(sig, s) @@ -61,7 +61,7 @@ psignal(sig, s) register const char *c; register int n; - c = __strsignal(sig, buf); + c = __strsignal(sig, buf, NL_TEXTMAX); if (s && *s) { n = strlen(s); (void)write(STDERR_FILENO, s, n); diff --git a/lib/libc/gen/timezone.c b/lib/libc/gen/timezone.c index 02fb353023f8..b54f3c6d9d75 100644 --- a/lib/libc/gen/timezone.c +++ b/lib/libc/gen/timezone.c @@ -1,4 +1,4 @@ -/* $NetBSD: timezone.c,v 1.5 1995/02/27 05:54:24 cgd Exp $ */ +/* $NetBSD: timezone.c,v 1.6 1997/01/23 14:01:58 mrg Exp $ */ /* * Copyright (c) 1987, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)timezone.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: timezone.c,v 1.5 1995/02/27 05:54:24 cgd Exp $"; +static char rcsid[] = "$NetBSD: timezone.c,v 1.6 1997/01/23 14:01:58 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -135,6 +135,7 @@ _tztab(zone,dst) } else sign = '-'; - (void)sprintf(czone,"GMT%c%d:%02d",sign,zone / 60,zone % 60); + (void)snprintf(czone, TZ_MAX_CHARS, "GMT%c%d:%02d", sign, zone / 60, + zone % 60); return(czone); } diff --git a/lib/libc/gmon/gmon.c b/lib/libc/gmon/gmon.c index 8e4a674d47c0..19d4679c0253 100644 --- a/lib/libc/gmon/gmon.c +++ b/lib/libc/gmon/gmon.c @@ -1,4 +1,4 @@ -/* $NetBSD: gmon.c,v 1.7 1996/12/19 07:56:32 cgd Exp $ */ +/* $NetBSD: gmon.c,v 1.8 1997/01/23 14:02:00 mrg Exp $ */ /*- * Copyright (c) 1983, 1992, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)gmon.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: gmon.c,v 1.7 1996/12/19 07:56:32 cgd Exp $"; +static char rcsid[] = "$NetBSD: gmon.c,v 1.8 1997/01/23 14:02:00 mrg Exp $"; #endif #endif @@ -226,7 +226,7 @@ _mcleanup() perror("mcount: gmon.log"); return; } - len = sprintf(buf, "[mcleanup1] kcount 0x%x ssiz %d\n", + len = snprintf(buf, sizeof buf, "[mcleanup1] kcount 0x%x ssiz %d\n", p->kcount, p->kcountsize); write(log, buf, len); #endif @@ -248,7 +248,7 @@ _mcleanup() for (toindex = p->froms[fromindex]; toindex != 0; toindex = p->tos[toindex].link) { #ifdef DEBUG - len = sprintf(buf, + len = snprintf(buf, sizeof buf, "[mcleanup2] frompc 0x%x selfpc 0x%x count %d\n" , frompc, p->tos[toindex].selfpc, p->tos[toindex].count); diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c index 251f4ecb8fde..0ef8b00af420 100644 --- a/lib/libc/locale/setlocale.c +++ b/lib/libc/locale/setlocale.c @@ -105,7 +105,8 @@ setlocale(category, locale) * Default to the current locale for everything. */ for (i = 1; i < _LC_LAST; ++i) - (void)strcpy(new_categories[i], current_categories[i]); + (void)strncpy(new_categories[i], current_categories[i], + sizeof(new_categories[i]) - 1); /* * Now go fill up new_categories from the locale argument @@ -155,8 +156,9 @@ setlocale(category, locale) while (*++r && *r != '/'); } while (*locale); while (i < _LC_LAST) - (void)strcpy(new_categories[i], - new_categories[i-1]); + (void)strncpy(new_categories[i], + new_categories[i-1], + sizeof(new_categories[i]) - 1); } } @@ -177,7 +179,8 @@ currentlocale() { int i; - (void)strcpy(current_locale_string, current_categories[1]); + (void)strncpy(current_locale_string, current_categories[1], + sizeof(current_locale_string) - 1); for (i = 2; i < _LC_LAST; ++i) if (strcmp(current_categories[1], current_categories[i])) { @@ -209,8 +212,9 @@ loadlocale(category) * C locale. Since we have no way to change them as of yet, * there is no need to reset them. */ - (void)strcpy(current_categories[category], - new_categories[category]); + (void)strncpy(current_categories[category], + new_categories[category], + sizeof(current_categories[category]) - 1); return (current_categories[category]); } diff --git a/lib/libc/net/ethers.c b/lib/libc/net/ethers.c index 409fa55e7567..d2e5a7c93749 100644 --- a/lib/libc/net/ethers.c +++ b/lib/libc/net/ethers.c @@ -1,4 +1,4 @@ -/* $NetBSD: ethers.c,v 1.6 1997/01/17 08:23:26 mikel Exp $ */ +/* $NetBSD: ethers.c,v 1.7 1997/01/23 14:02:03 mrg Exp $ */ /* * ethers(3N) a la Sun. @@ -29,7 +29,7 @@ ether_ntoa(e) { static char a[] = "xx:xx:xx:xx:xx:xx"; - sprintf(a, "%02x:%02x:%02x:%02x:%02x:%02x", + snprintf(a, sizeof a, "%02x:%02x:%02x:%02x:%02x:%02x", e->ether_addr_octet[0], e->ether_addr_octet[1], e->ether_addr_octet[2], e->ether_addr_octet[3], e->ether_addr_octet[4], e->ether_addr_octet[5]); @@ -69,7 +69,7 @@ ether_ntohost(hostname, e) char trybuf[sizeof "xx:xx:xx:xx:xx:xx"]; int trylen; - sprintf(trybuf, "%x:%x:%x:%x:%x:%x", + (void)snprintf(trybuf, sizeof trybuf, "%x:%x:%x:%x:%x:%x", e->ether_addr_octet[0], e->ether_addr_octet[1], e->ether_addr_octet[2], e->ether_addr_octet[3], e->ether_addr_octet[4], e->ether_addr_octet[5]); diff --git a/lib/libc/net/gethostnamadr.c b/lib/libc/net/gethostnamadr.c index 2df469c0f921..8ff95aa951a0 100644 --- a/lib/libc/net/gethostnamadr.c +++ b/lib/libc/net/gethostnamadr.c @@ -1,4 +1,4 @@ -/* $NetBSD: gethostnamadr.c,v 1.17 1996/12/20 19:41:30 cgd Exp $ */ +/* $NetBSD: gethostnamadr.c,v 1.18 1997/01/23 14:02:04 mrg Exp $ */ /*- * Copyright (c) 1985, 1988, 1993 @@ -58,7 +58,7 @@ static char sccsid[] = "@(#)gethostnamadr.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$Id: gethnamaddr.c,v 4.9.1.1 1993/05/02 22:43:03 vixie Rel "; #else -static char rcsid[] = "$NetBSD: gethostnamadr.c,v 1.17 1996/12/20 19:41:30 cgd Exp $"; +static char rcsid[] = "$NetBSD: gethostnamadr.c,v 1.18 1997/01/23 14:02:04 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -360,7 +360,7 @@ gethostbyaddr(addr, len, type) if (type != AF_INET) return ((struct hostent *) NULL); - (void)sprintf(qbuf, "%u.%u.%u.%u.in-addr.arpa", + (void)snprintf(qbuf, sizeof qbuf, "%u.%u.%u.%u.in-addr.arpa", ((unsigned)addr[3] & 0xff), ((unsigned)addr[2] & 0xff), ((unsigned)addr[1] & 0xff), @@ -621,7 +621,7 @@ _yp_gethtbyaddr(addr, len, type) if (_yp_check(&__ypdomain) == 0) return (hp); } - sprintf(name, "%u.%u.%u.%u", + (void)snprintf(name, sizeof name, "%u.%u.%u.%u", ((unsigned)addr[0] & 0xff), ((unsigned)addr[1] & 0xff), ((unsigned)addr[2] & 0xff), diff --git a/lib/libc/net/rcmd.c b/lib/libc/net/rcmd.c index a3562439cb0d..5be02853ac7f 100644 --- a/lib/libc/net/rcmd.c +++ b/lib/libc/net/rcmd.c @@ -1,4 +1,4 @@ -/* $NetBSD: rcmd.c,v 1.17 1996/12/28 18:48:31 veego Exp $ */ +/* $NetBSD: rcmd.c,v 1.18 1997/01/23 14:02:05 mrg Exp $ */ /* * Copyright (c) 1983, 1993, 1994 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)rcmd.c 8.3 (Berkeley) 3/26/94"; #else -static char *rcsid = "$NetBSD: rcmd.c,v 1.17 1996/12/28 18:48:31 veego Exp $"; +static char *rcsid = "$NetBSD: rcmd.c,v 1.18 1997/01/23 14:02:05 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -310,8 +310,8 @@ again: first = 0; if ((pwd = getpwnam(luser)) == NULL) return (-1); - (void)strcpy(pbuf, pwd->pw_dir); - (void)strcat(pbuf, "/.rhosts"); + (void)strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1); + (void)strncat(pbuf, "/.rhosts", sizeof(pbuf) - strlen(pbuf) - 1); /* * Change effective uid while opening .rhosts. If root and diff --git a/lib/libc/net/res_debug.c b/lib/libc/net/res_debug.c index 557be8852287..58265f1e2fe1 100644 --- a/lib/libc/net/res_debug.c +++ b/lib/libc/net/res_debug.c @@ -1,4 +1,4 @@ -/* $NetBSD: res_debug.c,v 1.8 1996/02/02 15:22:27 mrg Exp $ */ +/* $NetBSD: res_debug.c,v 1.9 1997/01/23 14:02:06 mrg Exp $ */ /*- * Copyright (c) 1985, 1990, 1993 @@ -58,7 +58,7 @@ static char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$Id: res_debug.c,v 8.7 1995/12/22 10:20:39 vixie Exp "; #else -static char rcsid[] = "$NetBSD: res_debug.c,v 1.8 1996/02/02 15:22:27 mrg Exp $"; +static char rcsid[] = "$NetBSD: res_debug.c,v 1.9 1997/01/23 14:02:06 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -166,7 +166,9 @@ dewks(wks) case 161: return "snmp"; case 162: return "snmp-trap"; case 170: return "print-srv"; - default: (void) sprintf(nbuf, "%d", wks); return (nbuf); + default: + (void)snprintf(nbuf, sizeof nbuf, "%d", wks); + return (nbuf); } } @@ -190,7 +192,9 @@ deproto(protonum) case 12: return "pup"; case 16: return "chaos"; case 17: return "udp"; - default: (void) sprintf(nbuf, "%d", protonum); return (nbuf); + default: + (void)snprintf(nbuf, sizeof nbuf, "%d", protonum); + return (nbuf); } } @@ -732,7 +736,9 @@ __p_type(type) #ifdef ALLOW_T_UNSPEC case T_UNSPEC: return "UNSPEC"; #endif /* ALLOW_T_UNSPEC */ - default: (void)sprintf(nbuf, "%d", type); return (nbuf); + default: + snprintf(nbuf, sizeof nbuf, "%d", type); + return (nbuf); } } @@ -749,7 +755,9 @@ __p_class(class) case C_IN: return "IN"; case C_HS: return "HS"; case C_ANY: return "ANY"; - default: (void)sprintf(nbuf, "%d", class); return (nbuf); + default: + (void)snprintf(nbuf, sizeof nbuf, "%d", class); + return (nbuf); } } @@ -775,8 +783,9 @@ __p_option(option) case RES_DNSRCH: return "dnsrch"; case RES_INSECURE1: return "insecure1"; case RES_INSECURE2: return "insecure2"; - default: sprintf(nbuf, "?0x%lx?", (u_long)option); - return (nbuf); + default: + (void)snprintf(nbuf, sizeof nbuf, "?0x%lx?", (u_long)option); + return (nbuf); } } @@ -788,11 +797,11 @@ __p_time(value) u_int32_t value; { static char nbuf[40]; - int secs, mins, hours, days; + int secs, mins, hours, days, len = sizeof nbuf; register char *p; if (value == 0) { - strcpy(nbuf, "0 secs"); + strncpy(nbuf, "0 secs", sizeof(nbuf) - 1); return(nbuf); } @@ -808,25 +817,34 @@ __p_time(value) #define PLURALIZE(x) x, (x == 1) ? "" : "s" p = nbuf; if (days) { - (void)sprintf(p, "%d day%s", PLURALIZE(days)); - while (*++p); + len -= snprintf(p, len, "%d day%s", PLURALIZE(days)); + while (*++p) + len--; } if (hours) { - if (days) + if (days) { *p++ = ' '; - (void)sprintf(p, "%d hour%s", PLURALIZE(hours)); - while (*++p); + len--; + } + len -= snprintf(p, len, "%d hour%s", PLURALIZE(hours)); + while (*++p) + len--; } if (mins) { - if (days || hours) + if (days || hours) { *p++ = ' '; - (void)sprintf(p, "%d min%s", PLURALIZE(mins)); - while (*++p); + len--; + } + len -= snprintf(p, len, "%d min%s", PLURALIZE(mins)); + while (*++p) + len--; } if (secs || ! (days || hours || mins)) { - if (days || hours || mins) + if (days || hours || mins) { *p++ = ' '; - (void)sprintf(p, "%d sec%s", PLURALIZE(secs)); + len--; + } + (void)snprintf(p, len, "%d sec%s", PLURALIZE(secs)); } return(nbuf); } diff --git a/lib/libc/net/res_init.c b/lib/libc/net/res_init.c index ff8e1b1e5e6f..95723318ad59 100644 --- a/lib/libc/net/res_init.c +++ b/lib/libc/net/res_init.c @@ -1,4 +1,4 @@ -/* $NetBSD: res_init.c,v 1.9 1996/02/02 15:22:30 mrg Exp $ */ +/* $NetBSD: res_init.c,v 1.10 1997/01/23 14:02:08 mrg Exp $ */ /*- * Copyright (c) 1985, 1989, 1993 @@ -58,7 +58,7 @@ static char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; static char rcsid[] = "$Id: res_init.c,v 8.3 1995/06/29 09:26:28 vixie Exp "; #else -static char rcsid[] = "$NetBSD: res_init.c,v 1.9 1996/02/02 15:22:30 mrg Exp $"; +static char rcsid[] = "$NetBSD: res_init.c,v 1.10 1997/01/23 14:02:08 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -317,7 +317,7 @@ res_init() if (_res.defdname[0] == 0) { if (gethostname(buf, sizeof(_res.defdname) - 1) == 0 && (cp = strchr(buf, '.'))) - (void)strcpy(_res.defdname, cp + 1); + (void)strncpy(_res.defdname, cp + 1, sizeof(_res.defdname) - 1); } /* find components of local domain that might be searched */ diff --git a/lib/libc/net/res_query.c b/lib/libc/net/res_query.c index 81c4d3194d30..f7bd5b94f642 100644 --- a/lib/libc/net/res_query.c +++ b/lib/libc/net/res_query.c @@ -1,4 +1,4 @@ -/* $NetBSD: res_query.c,v 1.10 1996/02/02 15:22:34 mrg Exp $ */ +/* $NetBSD: res_query.c,v 1.11 1997/01/23 14:02:09 mrg Exp $ */ /*- * Copyright (c) 1988, 1993 @@ -58,7 +58,7 @@ static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$Id: res_query.c,v 8.6 1995/06/29 09:26:28 vixie Exp "; #else -static char rcsid[] = "$NetBSD: res_query.c,v 1.10 1996/02/02 15:22:34 mrg Exp $"; +static char rcsid[] = "$NetBSD: res_query.c,v 1.11 1997/01/23 14:02:09 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -350,7 +350,7 @@ res_querydomain(name, domain, class, type, answer, anslen) } else longname = name; } else - (void)sprintf(nbuf, "%.*s.%.*s", + (void)snprintf(nbuf, sizeof nbuf, "%.*s.%.*s", MAXDNAME, name, MAXDNAME, domain); return (res_query(longname, class, type, answer, anslen)); diff --git a/lib/libc/regex/engine.c b/lib/libc/regex/engine.c index 93f6842ac1ad..b0ea3425d557 100644 --- a/lib/libc/regex/engine.c +++ b/lib/libc/regex/engine.c @@ -1,4 +1,4 @@ -/* $NetBSD: engine.c,v 1.5 1995/02/27 13:28:39 cgd Exp $ */ +/* $NetBSD: engine.c,v 1.6 1997/01/23 14:02:11 mrg Exp $ */ /*- * Copyright (c) 1992, 1993, 1994 Henry Spencer. @@ -1074,9 +1074,9 @@ int ch; static char pbuf[10]; if (isprint(ch) || ch == ' ') - sprintf(pbuf, "%c", ch); + (void)snprintf(pbuf, sizeof pbuf, "%c", ch); else - sprintf(pbuf, "\\%o", ch); + (void)snprintf(pbuf, sizeof pbuf, "\\%o", ch); return(pbuf); } #endif diff --git a/lib/libc/regex/regerror.c b/lib/libc/regex/regerror.c index 54c1333d980a..a6a64c613cab 100644 --- a/lib/libc/regex/regerror.c +++ b/lib/libc/regex/regerror.c @@ -1,4 +1,4 @@ -/* $NetBSD: regerror.c,v 1.4 1995/02/27 13:29:20 cgd Exp $ */ +/* $NetBSD: regerror.c,v 1.5 1997/01/23 14:02:12 mrg Exp $ */ /*- * Copyright (c) 1992, 1993, 1994 Henry Spencer. @@ -43,7 +43,7 @@ #if 0 static char sccsid[] = "@(#)regerror.c 8.4 (Berkeley) 3/20/94"; #else -static char rcsid[] = "$NetBSD: regerror.c,v 1.4 1995/02/27 13:29:20 cgd Exp $"; +static char rcsid[] = "$NetBSD: regerror.c,v 1.5 1997/01/23 14:02:12 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -63,7 +63,7 @@ extern "C" { #endif /* === regerror.c === */ -static char *regatoi __P((const regex_t *preg, char *localbuf)); +static char *regatoi __P((const regex_t *preg, char *localbuf, int buflen)); #ifdef __cplusplus } @@ -114,8 +114,8 @@ static struct rerr { }; /* - - regerror - the interface to error numbers - = extern size_t regerror(int, const regex_t *, char *, size_t); + * regerror - the interface to error numbers + * extern size_t regerror(int, const regex_t *, char *, size_t); */ /* ARGSUSED */ size_t @@ -132,7 +132,7 @@ size_t errbuf_size; char convbuf[50]; if (errcode == REG_ATOI) - s = regatoi(preg, convbuf); + s = regatoi(preg, convbuf, sizeof convbuf); else { for (r = rerrs; r->code != 0; r++) if (r->code == target) @@ -140,10 +140,10 @@ size_t errbuf_size; if (errcode®_ITOA) { if (r->code != 0) - (void) strcpy(convbuf, r->name); + (void)strncpy(convbuf, r->name, sizeof convbuf); else - sprintf(convbuf, "REG_0x%x", target); - assert(strlen(convbuf) < sizeof(convbuf)); + (void)snprintf(convbuf, sizeof convbuf, + "REG_0x%x", target); s = convbuf; } else s = r->explain; @@ -151,25 +151,22 @@ size_t errbuf_size; len = strlen(s) + 1; if (errbuf_size > 0) { - if (errbuf_size > len) - (void) strcpy(errbuf, s); - else { - (void) strncpy(errbuf, s, errbuf_size-1); - errbuf[errbuf_size-1] = '\0'; - } + (void)strncpy(errbuf, s, errbuf_size - 1); + errbuf[errbuf_size-1] = '\0'; } return(len); } /* - - regatoi - internal routine to implement REG_ATOI - == static char *regatoi(const regex_t *preg, char *localbuf); + * regatoi - internal routine to implement REG_ATOI + * static char *regatoi(const regex_t *preg, char *localbuf, int buflen); */ static char * -regatoi(preg, localbuf) +regatoi(preg, localbuf, buflen) const regex_t *preg; char *localbuf; +int buflen; { register struct rerr *r; register size_t siz; @@ -181,6 +178,6 @@ char *localbuf; if (r->code == 0) return("0"); - sprintf(localbuf, "%d", r->code); + (void)snprintf(localbuf, buflen, "%d", r->code); return(localbuf); } diff --git a/lib/libc/rpc/clnt_perror.c b/lib/libc/rpc/clnt_perror.c index 73a09c1d4f0a..f6bf6ea60968 100644 --- a/lib/libc/rpc/clnt_perror.c +++ b/lib/libc/rpc/clnt_perror.c @@ -1,4 +1,4 @@ -/* $NetBSD: clnt_perror.c,v 1.8 1996/06/19 20:38:45 jtc Exp $ */ +/* $NetBSD: clnt_perror.c,v 1.9 1997/01/23 14:02:15 mrg Exp $ */ /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for @@ -32,7 +32,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)clnt_perror.c 1.15 87/10/07 Copyr 1984 Sun Micro";*/ /*static char *sccsid = "from: @(#)clnt_perror.c 2.1 88/07/29 4.0 RPCSRC";*/ -static char *rcsid = "$NetBSD: clnt_perror.c,v 1.8 1996/06/19 20:38:45 jtc Exp $"; +static char *rcsid = "$NetBSD: clnt_perror.c,v 1.9 1997/01/23 14:02:15 mrg Exp $"; #endif /* @@ -52,6 +52,7 @@ static char *rcsid = "$NetBSD: clnt_perror.c,v 1.8 1996/06/19 20:38:45 jtc Exp $ static char *auth_errmsg(); static char *buf; +static int buflen; static char * _buf() @@ -59,6 +60,7 @@ _buf() if (buf == 0) buf = (char *)malloc(256); + buflen = 256; return (buf); } @@ -75,16 +77,20 @@ clnt_sperror(rpch, s) char *err; char *str = _buf(); char *strstart = str; + int len = buflen, i; if (str == 0) return (0); CLNT_GETERR(rpch, &e); - (void) sprintf(str, "%s: ", s); - str += strlen(str); + i = snprintf(str, len, "%s: ", s); + str += i; + len -= i; - (void) strcpy(str, clnt_sperrno(e.re_status)); - str += strlen(str); + (void)strncpy(str, clnt_sperrno(e.re_status), len - 1); + i = strlen(str); + str += i; + len -= i; switch (e.re_status) { case RPC_SUCCESS: @@ -104,44 +110,50 @@ clnt_sperror(rpch, s) case RPC_CANTSEND: case RPC_CANTRECV: - (void) sprintf(str, "; errno = %s", + i = snprintf(str, len, "; errno = %s", strerror(e.re_errno)); - str += strlen(str); + str += i; + len -= i; break; case RPC_VERSMISMATCH: - (void) sprintf(str, + i = snprintf(str, len, "; low version = %lu, high version = %lu", e.re_vers.low, e.re_vers.high); - str += strlen(str); + str += i; + len -= i; break; case RPC_AUTHERROR: err = auth_errmsg(e.re_why); - (void) sprintf(str,"; why = "); - str += strlen(str); + i = snprintf(str, len, "; why = "); + str += i; + len -= i; if (err != NULL) { - (void) sprintf(str, "%s",err); + i = snprintf(str, len, "%s",err); } else { - (void) sprintf(str, + i = snprintf(str, len, "(unknown authentication error - %d)", (int) e.re_why); } - str += strlen(str); + str += i; + len -= i; break; case RPC_PROGVERSMISMATCH: - (void) sprintf(str, + i = snprintf(str, len, "; low version = %lu, high version = %lu", e.re_vers.low, e.re_vers.high); - str += strlen(str); + str += i; + len -= i; break; default: /* unknown */ - (void) sprintf(str, + i = snprintf(str, len, "; s1 = %lu, s2 = %lu", e.re_lb.s1, e.re_lb.s2); - str += strlen(str); + str += i; + len -= i; break; } return(strstart) ; @@ -207,21 +219,24 @@ clnt_spcreateerror(s) char *s; { char *str = _buf(); + int len = buflen, i; if (str == 0) return(0); - (void) sprintf(str, "%s: ", s); - (void) strcat(str, clnt_sperrno(rpc_createerr.cf_stat)); + i = snprintf(str, len, "%s: ", s); + len -= i; + (void)strncat(str, clnt_sperrno(rpc_createerr.cf_stat), len - 1); switch (rpc_createerr.cf_stat) { case RPC_PMAPFAILURE: - (void) strcat(str, " - "); - (void) strcat(str, - clnt_sperrno(rpc_createerr.cf_error.re_status)); + (void) strncat(str, " - ", len - 1); + (void) strncat(str, + clnt_sperrno(rpc_createerr.cf_error.re_status), len - 4); break; case RPC_SYSTEMERROR: - (void) strcat(str, " - "); - (void) strcat(str, strerror(rpc_createerr.cf_error.re_errno)); + (void)strncat(str, " - ", len - 1); + (void)strncat(str, strerror(rpc_createerr.cf_error.re_errno), + len - 4); break; } return (str); diff --git a/lib/libc/rpc/clnt_simple.c b/lib/libc/rpc/clnt_simple.c index 65fd75d42f4a..3b6423843298 100644 --- a/lib/libc/rpc/clnt_simple.c +++ b/lib/libc/rpc/clnt_simple.c @@ -1,4 +1,4 @@ -/* $NetBSD: clnt_simple.c,v 1.6 1996/03/29 23:00:51 jtc Exp $ */ +/* $NetBSD: clnt_simple.c,v 1.7 1997/01/23 14:02:16 mrg Exp $ */ /* * Sun RPC is a product of Sun Microsystems, Inc. and is provided for @@ -32,7 +32,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)clnt_simple.c 1.35 87/08/11 Copyr 1984 Sun Micro";*/ /*static char *sccsid = "from: @(#)clnt_simple.c 2.2 88/08/01 4.0 RPCSRC";*/ -static char *rcsid = "$NetBSD: clnt_simple.c,v 1.6 1996/03/29 23:00:51 jtc Exp $"; +static char *rcsid = "$NetBSD: clnt_simple.c,v 1.7 1997/01/23 14:02:16 mrg Exp $"; #endif /* @@ -105,7 +105,7 @@ callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) crp->valid = 1; crp->oldprognum = prognum; crp->oldversnum = versnum; - (void) strcpy(crp->oldhost, host); + (void)strncpy(crp->oldhost, host, 256 - 1); } tottimeout.tv_sec = 25; tottimeout.tv_usec = 0; diff --git a/lib/libc/shlib_version b/lib/libc/shlib_version index 5f96bc7b388f..28c63f422930 100644 --- a/lib/libc/shlib_version +++ b/lib/libc/shlib_version @@ -1,2 +1,2 @@ major=12 -minor=9 +minor=10 diff --git a/lib/libc/stdio/perror.c b/lib/libc/stdio/perror.c index 3e2ff5ff2b68..172a466690ee 100644 --- a/lib/libc/stdio/perror.c +++ b/lib/libc/stdio/perror.c @@ -1,4 +1,4 @@ -/* $NetBSD: perror.c,v 1.8 1995/02/02 02:10:11 jtc Exp $ */ +/* $NetBSD: perror.c,v 1.9 1997/01/23 14:02:17 mrg Exp $ */ /* * Copyright (c) 1988, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)perror.c 8.1 (Berkeley) 6/4/93"; #endif -static char rcsid[] = "$NetBSD: perror.c,v 1.8 1995/02/02 02:10:11 jtc Exp $"; +static char rcsid[] = "$NetBSD: perror.c,v 1.9 1997/01/23 14:02:17 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -53,7 +53,7 @@ static char rcsid[] = "$NetBSD: perror.c,v 1.8 1995/02/02 02:10:11 jtc Exp $"; * internal function __strerror(). */ -extern char *__strerror __P((int , char *)); +extern char *__strerror __P((int , char *, int)); void perror(s) @@ -72,7 +72,7 @@ perror(s) v->iov_len = 2; v++; } - v->iov_base = __strerror(errno, buf); + v->iov_base = __strerror(errno, buf, NL_TEXTMAX); v->iov_len = strlen(v->iov_base); v++; v->iov_base = "\n"; diff --git a/lib/libc/stdlib/realpath.c b/lib/libc/stdlib/realpath.c index adace75ba6b7..1cc03edf0fef 100644 --- a/lib/libc/stdlib/realpath.c +++ b/lib/libc/stdlib/realpath.c @@ -1,4 +1,4 @@ -/* $NetBSD: realpath.c,v 1.2 1995/12/28 08:52:47 thorpej Exp $ */ +/* $NetBSD: realpath.c,v 1.3 1997/01/23 14:02:19 mrg Exp $ */ /* * Copyright (c) 1994 @@ -40,7 +40,7 @@ #if 0 static char sccsid[] = "from: @(#)realpath.c 8.1 (Berkeley) 2/16/94"; #else -static char *rcsid = "$NetBSD: realpath.c,v 1.2 1995/12/28 08:52:47 thorpej Exp $"; +static char *rcsid = "$NetBSD: realpath.c,v 1.3 1997/01/23 14:02:19 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -71,7 +71,7 @@ realpath(path, resolved) /* Save the starting point. */ if ((fd = open(".", O_RDONLY)) < 0) { - (void)strcpy(resolved, "."); + (void)strncpy(resolved, ".", MAXPATHLEN - 1); return (NULL); } @@ -123,7 +123,7 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strcpy(wbuf, p); + (void)strncpy(wbuf, p, sizeof wbuf - 1); if (getcwd(resolved, MAXPATHLEN) == 0) goto err1; @@ -142,8 +142,8 @@ loop: goto err1; } if (rootd == 0) - (void)strcat(resolved, "/"); - (void)strcat(resolved, wbuf); + (void)strcat(resolved, "/"); /* XXX: strcat is safe */ + (void)strcat(resolved, wbuf); /* XXX: strcat is safe */ } /* Go back to where we came from. */ diff --git a/lib/libc/string/__strerror.c b/lib/libc/string/__strerror.c index 65833f11c99f..6250277cb5a3 100644 --- a/lib/libc/string/__strerror.c +++ b/lib/libc/string/__strerror.c @@ -33,7 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)strerror.c 5.6 (Berkeley) 5/4/91";*/ -static char *rcsid = "$Id: __strerror.c,v 1.8 1996/10/11 00:51:07 jtc Exp $"; +static char *rcsid = "$Id: __strerror.c,v 1.9 1997/01/23 14:02:21 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #ifdef NLS @@ -58,9 +58,10 @@ static char *rcsid = "$Id: __strerror.c,v 1.8 1996/10/11 00:51:07 jtc Exp $"; */ char * -__strerror(num, buf) +__strerror(num, buf, buflen) int num; char *buf; + int buflen; { #define UPREFIX "Unknown error: %u" register unsigned int errnum; @@ -84,7 +85,7 @@ __strerror(num, buf) snprintf(buf, NL_TEXTMAX, catgets(catd, 1, 0xffff, UPREFIX), errnum); #else - sprintf(buf, UPREFIX, errnum); + snprintf(buf, buflen, UPREFIX, errnum); #endif } diff --git a/lib/libc/string/__strsignal.c b/lib/libc/string/__strsignal.c index e9d94859259a..d9dd772cd207 100644 --- a/lib/libc/string/__strsignal.c +++ b/lib/libc/string/__strsignal.c @@ -33,7 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)strerror.c 5.6 (Berkeley) 5/4/91";*/ -static char *rcsid = "$Id: __strsignal.c,v 1.11 1996/10/11 20:59:20 cgd Exp $"; +static char *rcsid = "$Id: __strsignal.c,v 1.12 1997/01/23 14:02:22 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #ifdef NLS @@ -51,9 +51,10 @@ static char *rcsid = "$Id: __strsignal.c,v 1.11 1996/10/11 20:59:20 cgd Exp $"; #include char * -__strsignal(num, buf) +__strsignal(num, buf, buflen) int num; char *buf; + int buflen; { #define UPREFIX "Unknown signal: %u" register unsigned int signum; @@ -66,7 +67,7 @@ __strsignal(num, buf) signum = num; /* convert to unsigned */ if (signum < NSIG) { #ifdef NLS - strncpy(buf, catgets(catd, 2, signum, + (void)strncpy(buf, catgets(catd, 2, signum, (char *)sys_siglist[signum]), NL_TEXTMAX); buf[NL_TEXTMAX - 1] = '\0'; #else @@ -74,10 +75,10 @@ __strsignal(num, buf) #endif } else { #ifdef NLS - snprintf(buf, NL_TEXTMAX, + (void)snprintf(buf, NL_TEXTMAX, catgets(catd, 1, 0xffff, UPREFIX), signum); #else - sprintf(buf, UPREFIX, signum); + (void)snprintf(buf, buflen, UPREFIX, signum); #endif } diff --git a/lib/libc/string/strerror.c b/lib/libc/string/strerror.c index a13bc70e84f2..44eba2cd3ca3 100644 --- a/lib/libc/string/strerror.c +++ b/lib/libc/string/strerror.c @@ -33,7 +33,7 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)strerror.c 5.6 (Berkeley) 5/4/91";*/ -static char *rcsid = "$Id: strerror.c,v 1.5 1994/10/12 02:35:26 deraadt Exp $"; +static char *rcsid = "$Id: strerror.c,v 1.6 1997/01/23 14:02:23 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -45,12 +45,13 @@ static char *rcsid = "$Id: strerror.c,v 1.5 1994/10/12 02:35:26 deraadt Exp $"; * internal function __strerror(). */ -extern char *__strerror __P((int, char *)); +extern char *__strerror __P((int, char *, int)); char * strerror(num) int num; { static char buf[NL_TEXTMAX]; - return __strerror(num, buf); + + return __strerror(num, buf, NL_TEXTMAX); } diff --git a/lib/libc/string/strsignal.c b/lib/libc/string/strsignal.c index f7332bb21f98..a31aca344fd5 100644 --- a/lib/libc/string/strsignal.c +++ b/lib/libc/string/strsignal.c @@ -33,18 +33,19 @@ #if defined(LIBC_SCCS) && !defined(lint) /*static char *sccsid = "from: @(#)strerror.c 5.6 (Berkeley) 5/4/91";*/ -static char *rcsid = "$Id: strsignal.c,v 1.3 1994/10/06 18:16:18 jtc Exp $"; +static char *rcsid = "$Id: strsignal.c,v 1.4 1997/01/23 14:02:25 mrg Exp $"; #endif /* LIBC_SCCS and not lint */ #include #include -extern char *__strsignal __P((int, char *)); +extern char *__strsignal __P((int, char *, int)); char * strsignal(sig) int sig; { static char buf[NL_TEXTMAX]; - return __strsignal(sig, buf); + + return __strsignal(sig, buf, NL_TEXTMAX); } diff --git a/lib/libc/time/asctime.c b/lib/libc/time/asctime.c index 4735c9f04b1c..090fd18179f2 100644 --- a/lib/libc/time/asctime.c +++ b/lib/libc/time/asctime.c @@ -1,4 +1,4 @@ -/* $NetBSD: asctime.c,v 1.3 1996/09/10 22:04:29 jtc Exp $ */ +/* $NetBSD: asctime.c,v 1.4 1997/01/23 14:02:26 mrg Exp $ */ /* ** This file is in the public domain, so clarified as of @@ -54,7 +54,7 @@ register const struct tm * timeptr; ** "%.3s %.3s%3d %02.2d:%02.2d:%02.2d %d\n" ** Since the .2 in 02.2d is ignored, we drop it. */ - (void) sprintf(result, "%.3s %.3s%3d %02d:%02d:%02d %d\n", + (void)snprintf(result, sizeof result,"%.3s %.3s%3d %02d:%02d:%02d %d\n", wn, mn, timeptr->tm_mday, timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec, diff --git a/lib/libc/time/ialloc.c b/lib/libc/time/ialloc.c index 2bf8310ad0e8..81d8858d19b7 100644 --- a/lib/libc/time/ialloc.c +++ b/lib/libc/time/ialloc.c @@ -1,4 +1,4 @@ -/* $NetBSD: ialloc.c,v 1.2 1995/03/10 18:12:38 jtc Exp $ */ +/* $NetBSD: ialloc.c,v 1.3 1997/01/23 14:02:28 mrg Exp $ */ #ifndef lint #ifndef NOID @@ -59,10 +59,11 @@ const char * const new; oldsize = 0; else if (newsize == 0) return old; - else oldsize = strlen(old); + else + oldsize = strlen(old); if ((result = irealloc(old, oldsize + newsize + 1)) != NULL) if (new != NULL) - (void) strcpy(result + oldsize, new); + (void) strcpy(result + oldsize, new); /* XXX strcpy is safe */ return result; } diff --git a/lib/libc/time/localtime.c b/lib/libc/time/localtime.c index 9add1b62776e..791642df1873 100644 --- a/lib/libc/time/localtime.c +++ b/lib/libc/time/localtime.c @@ -1,4 +1,4 @@ -/* $NetBSD: localtime.c,v 1.7 1996/09/10 22:04:30 jtc Exp $ */ +/* $NetBSD: localtime.c,v 1.8 1997/01/23 14:02:29 mrg Exp $ */ /* ** This file is in the public domain, so clarified as of @@ -296,9 +296,9 @@ register struct state * const sp; return -1; if ((strlen(p) + strlen(name) + 1) >= sizeof fullname) return -1; - (void) strcpy(fullname, p); - (void) strcat(fullname, "/"); - (void) strcat(fullname, name); + (void) strcpy(fullname, p); /* XXX strcpy is safe */ + (void) strcat(fullname, "/"); /* XXX strcat is safe */ + (void) strcat(fullname, name); /* XXX strcat is safe */ /* ** Set doaccess if '.' (as in "../") shows up in name. */ @@ -964,7 +964,7 @@ tzset P((void)) return; lcl_is_set = (strlen(name) < sizeof(lcl_TZname)); if (lcl_is_set) - (void) strcpy(lcl_TZname, name); + (void)strncpy(lcl_TZname, name, sizeof(lcl_TZname) - 1); #ifdef ALL_STATE if (lclptr == NULL) { @@ -983,7 +983,7 @@ tzset P((void)) lclptr->timecnt = 0; lclptr->ttis[0].tt_gmtoff = 0; lclptr->ttis[0].tt_abbrind = 0; - (void) strcpy(lclptr->chars, gmt); + (void)strncpy(lclptr->chars, gmt, sizeof(lclptr->chars) - 1); } else if (tzload(name, lclptr) != 0) if (name[0] == ':' || tzparse(name, lclptr, FALSE) != 0) (void) gmtload(lclptr); diff --git a/lib/libc/time/zdump.c b/lib/libc/time/zdump.c index db0270e89657..7ecbb5de3686 100644 --- a/lib/libc/time/zdump.c +++ b/lib/libc/time/zdump.c @@ -1,4 +1,4 @@ -/* $NetBSD: zdump.c,v 1.3 1996/09/10 22:04:35 jtc Exp $ */ +/* $NetBSD: zdump.c,v 1.4 1997/01/23 14:02:31 mrg Exp $ */ #ifndef lint #ifndef NOID @@ -199,7 +199,7 @@ _("%s: usage is %s [ -v ] [ -c cutoff ] zonename ...\n"), (void) exit(EXIT_FAILURE); } to = 0; - (void) strcpy(fakeenv[to++], "TZ="); + (void)strcpy(fakeenv[to++], "TZ="); /* XXX strcpy is safe */ for (from = 0; environ[from] != NULL; ++from) if (strncmp(environ[from], "TZ=", 3) != 0) fakeenv[to++] = environ[from]; @@ -209,7 +209,7 @@ _("%s: usage is %s [ -v ] [ -c cutoff ] zonename ...\n"), for (i = optind; i < argc; ++i) { static char buf[MAX_STRING_LENGTH]; - (void) strcpy(&fakeenv[0][3], argv[i]); + (void) strcpy(&fakeenv[0][3], argv[i]); /* XXX strcpy is safe */ if (!vflag) { show(argv[i], now, FALSE); continue; diff --git a/lib/libc/time/zic.c b/lib/libc/time/zic.c index a0596e2c8442..f030d03870db 100644 --- a/lib/libc/time/zic.c +++ b/lib/libc/time/zic.c @@ -1,4 +1,4 @@ -/* $NetBSD: zic.c,v 1.5 1996/09/10 22:04:36 jtc Exp $ */ +/* $NetBSD: zic.c,v 1.6 1997/01/23 14:02:32 mrg Exp $ */ #ifndef lint #ifndef NOID @@ -100,7 +100,7 @@ static void associate P((void)); static int ciequal P((const char * ap, const char * bp)); static void convert P((long val, char * buf)); static void dolink P((const char * fromfile, const char * tofile)); -static void doabbr P((char * abbr, const char * format, +static void doabbr P((char * abbr, int abbrlen, const char * format, const char * letters, int isdst)); static void eat P((const char * name, int num)); static void eats P((const char * name, int num, @@ -943,7 +943,7 @@ const int nfields; } if (strcmp(fields[ZF_NAME], TZDEFAULT) == 0 && lcltime != NULL) { buf = erealloc(buf, (int) (132 + strlen(TZDEFAULT))); - (void) sprintf(buf, + (void)sprintf(buf, /* XXX: sprintf is safe */ _("\"Zone %s\" line and -l option are mutually exclusive"), TZDEFAULT); error(buf); @@ -951,7 +951,7 @@ _("\"Zone %s\" line and -l option are mutually exclusive"), } if (strcmp(fields[ZF_NAME], TZDEFRULES) == 0 && psxrules != NULL) { buf = erealloc(buf, (int) (132 + strlen(TZDEFRULES))); - (void) sprintf(buf, + (void)sprintf(buf, /* XXX: sprintf is safe */ _("\"Zone %s\" line and -p option are mutually exclusive"), TZDEFRULES); error(buf); @@ -963,7 +963,7 @@ _("\"Zone %s\" line and -p option are mutually exclusive"), buf = erealloc(buf, (int) (132 + strlen(fields[ZF_NAME]) + strlen(zones[i].z_filename))); - (void) sprintf(buf, + (void)sprintf(buf, /* XXX: sprintf is safe */ _("duplicate zone name %s (file \"%s\", line %d)"), fields[ZF_NAME], zones[i].z_filename, @@ -1423,7 +1423,7 @@ const char * const name; } fullname = erealloc(fullname, (int) (strlen(directory) + 1 + strlen(name) + 1)); - (void) sprintf(fullname, "%s/%s", directory, name); + (void)sprintf(fullname, "%s/%s", directory, name); /* XXX: sprintf is safe */ if ((fp = fopen(fullname, "wb")) == NULL) { if (mkdirs(fullname) != 0) (void) exit(EXIT_FAILURE); @@ -1500,20 +1500,22 @@ const char * const name; } static void -doabbr(abbr, format, letters, isdst) +doabbr(abbr, abbrlen, format, letters, isdst) char * const abbr; +const int abbrlen; const char * const format; const char * const letters; const int isdst; { if (strchr(format, '/') == NULL) { if (letters == NULL) - (void) strcpy(abbr, format); - else (void) sprintf(abbr, format, letters); + (void)strncpy(abbr, format, abbrlen - 1); + else + (void)snprintf(abbr, abbrlen, format, letters); } else if (isdst) - (void) strcpy(abbr, strchr(format, '/') + 1); + (void)strncpy(abbr, strchr(format, '/') + 1, abbrlen - 1); else { - (void) strcpy(abbr, format); + (void)strncpy(abbr, format, abbrlen - 1); *strchr(abbr, '/') = '\0'; } } @@ -1567,7 +1569,7 @@ const int zonecount; startoff = zp->z_gmtoff; if (zp->z_nrules == 0) { stdoff = zp->z_stdoff; - doabbr(startbuf, zp->z_format, + doabbr(startbuf, sizeof startbuf, zp->z_format, (char *) NULL, stdoff != 0); type = addtype(oadd(zp->z_gmtoff, stdoff), startbuf, stdoff != 0, startttisstd, @@ -1653,7 +1655,8 @@ const int zonecount; if (ktime < starttime) { startoff = oadd(zp->z_gmtoff, stdoff); - doabbr(startbuf, zp->z_format, + doabbr(startbuf,sizeof startbuf, + zp->z_format, rp->r_abbrvar, rp->r_stdoff != 0); continue; @@ -1661,15 +1664,16 @@ const int zonecount; if (*startbuf == '\0' && startoff == oadd(zp->z_gmtoff, stdoff)) { - doabbr(startbuf, zp->z_format, + doabbr(startbuf,sizeof startbuf, + zp->z_format, rp->r_abbrvar, rp->r_stdoff != 0); } } eats(zp->z_filename, zp->z_linenum, rp->r_filename, rp->r_linenum); - doabbr(buf, zp->z_format, rp->r_abbrvar, - rp->r_stdoff != 0); + doabbr(buf, sizeof buf, zp->z_format, + rp->r_abbrvar, rp->r_stdoff != 0); offset = oadd(zp->z_gmtoff, rp->r_stdoff); type = addtype(offset, buf, rp->r_stdoff != 0, rp->r_todisstd, rp->r_todisgmt); @@ -1681,7 +1685,8 @@ const int zonecount; zp->z_format != NULL && strchr(zp->z_format, '%') == NULL && strchr(zp->z_format, '/') == NULL) - (void) strcpy(startbuf, zp->z_format); + (void)strncpy(startbuf, zp->z_format, + sizeof(startbuf) - 1); eat(zp->z_filename, zp->z_linenum); if (*startbuf == '\0') error(_("can't determine time zone abbrevation to use just after until time")); @@ -1837,7 +1842,7 @@ const char * const type; if (type == NULL || *type == '\0') return TRUE; buf = erealloc(buf, (int) (132 + strlen(yitcommand) + strlen(type))); - (void) sprintf(buf, "%s %d %s", yitcommand, year, type); + (void)sprintf(buf, "%s %d %s", yitcommand, year, type); /* XXX: sprintf is safe */ result = system(buf); if (result == 0) return TRUE; @@ -2084,7 +2089,7 @@ const char * const string; error(_("too many, or too long, time zone abbreviations")); (void) exit(EXIT_FAILURE); } - (void) strcpy(&chars[charcnt], string); + (void)strncpy(&chars[charcnt], string, sizeof(chars) - charcnt - 1); charcnt += eitol(i); } diff --git a/lib/libc/yp/yplib.c b/lib/libc/yp/yplib.c index 381bb87e5d9f..98c431a41655 100644 --- a/lib/libc/yp/yplib.c +++ b/lib/libc/yp/yplib.c @@ -1,4 +1,4 @@ -/* $NetBSD: yplib.c,v 1.26 1997/01/21 20:40:07 thorpej Exp $ */ +/* $NetBSD: yplib.c,v 1.27 1997/01/23 14:02:35 mrg Exp $ */ /* * Copyright (c) 1992, 1993 Theo de Raadt @@ -32,7 +32,7 @@ */ #if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$NetBSD: yplib.c,v 1.26 1997/01/21 20:40:07 thorpej Exp $"; +static char rcsid[] = "$NetBSD: yplib.c,v 1.27 1997/01/23 14:02:35 mrg Exp $"; #endif #include @@ -221,7 +221,7 @@ trynet: bn->ypbind_binding_port; gotit: ysd->dom_vers = YPVERS; - (void)strcpy(ysd->dom_domain, dom); + (void)strncpy(ysd->dom_domain, dom, sizeof(ysd->dom_domain)-1); } if (ysd->dom_client) clnt_destroy(ysd->dom_client); diff --git a/lib/libcompat/4.3/rexec.c b/lib/libcompat/4.3/rexec.c index 2ce19427029b..f1ea537e4640 100644 --- a/lib/libcompat/4.3/rexec.c +++ b/lib/libcompat/4.3/rexec.c @@ -111,7 +111,7 @@ retry: goto bad; } port = ntohs((u_short)sin2.sin_port); - (void) sprintf(num, "%u", port); + (void)snprintf(num, sizeof num, "%u", port); (void) write(s, num, strlen(num)+1); { int len = sizeof (from); s3 = accept(s2, (struct sockaddr *)&from, &len); diff --git a/lib/libcompat/4.4/timezone.c b/lib/libcompat/4.4/timezone.c index 02fb353023f8..b54f3c6d9d75 100644 --- a/lib/libcompat/4.4/timezone.c +++ b/lib/libcompat/4.4/timezone.c @@ -1,4 +1,4 @@ -/* $NetBSD: timezone.c,v 1.5 1995/02/27 05:54:24 cgd Exp $ */ +/* $NetBSD: timezone.c,v 1.6 1997/01/23 14:01:58 mrg Exp $ */ /* * Copyright (c) 1987, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)timezone.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: timezone.c,v 1.5 1995/02/27 05:54:24 cgd Exp $"; +static char rcsid[] = "$NetBSD: timezone.c,v 1.6 1997/01/23 14:01:58 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -135,6 +135,7 @@ _tztab(zone,dst) } else sign = '-'; - (void)sprintf(czone,"GMT%c%d:%02d",sign,zone / 60,zone % 60); + (void)snprintf(czone, TZ_MAX_CHARS, "GMT%c%d:%02d", sign, zone / 60, + zone % 60); return(czone); } diff --git a/lib/libcompat/regexp/regexp.c b/lib/libcompat/regexp/regexp.c index 6e0584ca470d..f180362f4f03 100644 --- a/lib/libcompat/regexp/regexp.c +++ b/lib/libcompat/regexp/regexp.c @@ -34,7 +34,7 @@ */ #ifndef lint -static char *rcsid = "$Id: regexp.c,v 1.5 1995/06/07 03:55:49 cgd Exp $"; +static char *rcsid = "$Id: regexp.c,v 1.6 1997/01/23 14:02:39 mrg Exp $"; #endif /* not lint */ #include @@ -1209,7 +1209,7 @@ char *op; register char *p; static char buf[50]; - (void) strcpy(buf, ":"); + (void)strncpy(buf, ":", sizeof(buf) - 1); switch (OP(op)) { case BOL: @@ -1251,7 +1251,8 @@ char *op; case OPEN+7: case OPEN+8: case OPEN+9: - sprintf(buf+strlen(buf), "OPEN%d", OP(op)-OPEN); + (void)snprintf(buf+strlen(buf), sizeof(buf) - strlen(buf), + "OPEN%d", OP(op)-OPEN); p = NULL; break; case CLOSE+1: @@ -1263,7 +1264,8 @@ char *op; case CLOSE+7: case CLOSE+8: case CLOSE+9: - sprintf(buf+strlen(buf), "CLOSE%d", OP(op)-CLOSE); + (void)snprintf(buf+strlen(buf), sizeof(buf) - strlen(buf), + "CLOSE%d", OP(op)-CLOSE); p = NULL; break; case STAR: @@ -1283,7 +1285,7 @@ char *op; break; } if (p != NULL) - (void) strcat(buf, p); + (void)strncat(buf, p, sizeof(buf) - strlen(buf) - 1); return(buf); } #endif diff --git a/lib/libcurses/PSD.doc/ex2.c b/lib/libcurses/PSD.doc/ex2.c index 13e8f2990b99..72f792a58e0d 100644 --- a/lib/libcurses/PSD.doc/ex2.c +++ b/lib/libcurses/PSD.doc/ex2.c @@ -68,7 +68,7 @@ main() move(0,0); refresh(); for (i = 0; i < YSIZE + 2; i++) { - sprintf(id, "%d: ", i); + (void)snprintf(id, sizeof id, "%d: ", i); addstr(id); for (j = 0; j < XSIZE - strlen(id); j++) addch('0' + (i % 10)); @@ -179,7 +179,7 @@ main() base--; move(0, 0); insertln(); - sprintf(id, "%d: ", base); + (void)snprintf(id, sizeof id, "%d: ", base); addstr(id); for (j = 0; j < XSIZE - strlen(id) - 2; j++) addch('0' + (base % 10)); @@ -188,7 +188,7 @@ main() move(0, 0); deleteln(); move(YSIZE - 1, 0); - sprintf(id, "%d: ", base + YSIZE); + (void)snprintf(id, sizeof id, "%d: ", base + YSIZE); addstr(id); for (j = 0; j < XSIZE - strlen(id) - 2; j++) addch('0' + ((base + YSIZE) % 10)); diff --git a/lib/libcurses/setterm.c b/lib/libcurses/setterm.c index 1d134903c112..6b8594c5e6d8 100644 --- a/lib/libcurses/setterm.c +++ b/lib/libcurses/setterm.c @@ -99,7 +99,7 @@ setterm(type) unknown = 0; if (tgetent(genbuf, type) != 1) { unknown++; - strcpy(genbuf, "xx|dumb:"); + (void)strncpy(genbuf, "xx|dumb:", sizeof(genbuf) - 1); } #ifdef DEBUG __CTRACE("setterm: tty = %s\n", type); diff --git a/lib/libedit/history.c b/lib/libedit/history.c index 5e192f4f5d30..08adad90e93b 100644 --- a/lib/libedit/history.c +++ b/lib/libedit/history.c @@ -1,4 +1,4 @@ -/* $NetBSD: history.c,v 1.3 1997/01/11 06:47:57 lukem Exp $ */ +/* $NetBSD: history.c,v 1.4 1997/01/23 14:02:45 mrg Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -233,8 +233,8 @@ history_def_add(p, str) return (history_def_enter(p, str)); len = strlen(h->cursor->ev.str) + strlen(str) + 1; s = (char *) h_malloc(len); - (void) strcpy(s, h->cursor->ev.str); - (void) strcat(s, str); + (void)strcpy(s, h->cursor->ev.str); /* XXX strcpy is safe */ + (void)strcat(s, str); /* XXX strcat is safe */ h_free((ptr_t) h->cursor->ev.str); h->cursor->ev.str = s; return &h->cursor->ev; diff --git a/lib/libedit/search.c b/lib/libedit/search.c index 866c509ac3c0..1149a58237b8 100644 --- a/lib/libedit/search.c +++ b/lib/libedit/search.c @@ -1,4 +1,4 @@ -/* $NetBSD: search.c,v 1.3 1997/01/11 06:48:09 lukem Exp $ */ +/* $NetBSD: search.c,v 1.4 1997/01/23 14:02:47 mrg Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -40,7 +40,7 @@ #if 0 static char sccsid[] = "@(#)search.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: search.c,v 1.3 1997/01/11 06:48:09 lukem Exp $"; +static char rcsid[] = "$NetBSD: search.c,v 1.4 1997/01/23 14:02:47 mrg Exp $"; #endif #endif /* not lint && not SCCSID */ @@ -467,10 +467,11 @@ cv_search(el, dir) } #ifdef ANCHOR if (el->el_search.patbuf[0] != '.' && el->el_search.patbuf[0] != '*') { - (void) strcpy(tmpbuf, el->el_search.patbuf); + (void)strncpy(tmpbuf, el->el_search.patbuf, sizeof(tmpbuf) - 1); el->el_search.patbuf[0] = '.'; el->el_search.patbuf[1] = '*'; - (void) strcpy(&el->el_search.patbuf[2], tmpbuf); + (void)strncpy(&el->el_search.patbuf[2], tmpbuf, + sizeof(el->el_search.patbuf) - 3); el->el_search.patlen++; el->el_search.patbuf[el->el_search.patlen++] = '.'; el->el_search.patbuf[el->el_search.patlen++] = '*'; @@ -484,7 +485,8 @@ cv_search(el, dir) tmpbuf[tmplen++] = '*'; #endif tmpbuf[tmplen] = '\0'; - (void) strcpy(el->el_search.patbuf, tmpbuf); + (void)strncpy(el->el_search.patbuf, tmpbuf, + sizeof(el->el_search.patbuf) - 1); el->el_search.patlen = tmplen; } el->el_state.lastcmd = (el_action_t) dir; /* avoid c_setpat */ diff --git a/lib/libedit/term.c b/lib/libedit/term.c index 669ab8b16489..8cc21fa08e4f 100644 --- a/lib/libedit/term.c +++ b/lib/libedit/term.c @@ -1,4 +1,4 @@ -/* $NetBSD: term.c,v 1.7 1997/01/11 06:48:13 lukem Exp $ */ +/* $NetBSD: term.c,v 1.8 1997/01/23 14:02:49 mrg Exp $ */ /*- * Copyright (c) 1992, 1993 @@ -40,7 +40,7 @@ #if 0 static char sccsid[] = "@(#)term.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: term.c,v 1.7 1997/01/11 06:48:13 lukem Exp $"; +static char rcsid[] = "$NetBSD: term.c,v 1.8 1997/01/23 14:02:49 mrg Exp $"; #endif #endif /* not lint && not SCCSID */ @@ -370,7 +370,7 @@ term_alloc(el, t, cap) * New string is shorter; no need to allocate space */ if (clen <= tlen) { - (void) strcpy(*str, cap); + (void)strcpy(*str, cap); /* XXX strcpy is safe */ return; } @@ -378,7 +378,8 @@ term_alloc(el, t, cap) * New string is longer; see if we have enough space to append */ if (el->el_term.t_loc + 3 < TC_BUFSIZE) { - (void) strcpy(*str = &el->el_term.t_buf[el->el_term.t_loc], cap); + /* XXX strcpy is safe */ + (void)strcpy(*str = &el->el_term.t_buf[el->el_term.t_loc], cap); el->el_term.t_loc += clen + 1; /* one for \0 */ return; } @@ -402,7 +403,8 @@ term_alloc(el, t, cap) (void) fprintf(el->el_errfile, "Out of termcap string space.\n"); return; } - (void) strcpy(*str = &el->el_term.t_buf[el->el_term.t_loc], cap); + /* XXX strcpy is safe */ + (void)strcpy(*str = &el->el_term.t_buf[el->el_term.t_loc], cap); el->el_term.t_loc += clen + 1; /* one for \0 */ return; } /* end term_alloc */ diff --git a/lib/libkvm.old/kvm.c b/lib/libkvm.old/kvm.c index 9af5a0676249..9b835c2a0805 100644 --- a/lib/libkvm.old/kvm.c +++ b/lib/libkvm.old/kvm.c @@ -1,4 +1,4 @@ -/* $NetBSD: kvm.c,v 1.4 1996/10/12 00:50:56 cgd Exp $ */ +/* $NetBSD: kvm.c,v 1.5 1997/01/23 14:02:54 mrg Exp $ */ /*- * Copyright (c) 1989, 1992, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)kvm.c 8.2 (Berkeley) 2/13/94"; #else -static char rcsid[] = "$NetBSD: kvm.c,v 1.4 1996/10/12 00:50:56 cgd Exp $"; +static char rcsid[] = "$NetBSD: kvm.c,v 1.5 1997/01/23 14:02:54 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -269,7 +269,7 @@ failed: * Copy out the error if doing sane error semantics. */ if (errout != 0) - strcpy(errout, kd->errbuf); + (void)strncpy(errout, kd->errbuf, _POSIX2_LINE_MAX - 1); (void)kvm_close(kd); return (0); } @@ -285,7 +285,7 @@ kvm_openfiles(uf, mf, sf, flag, errout) register kvm_t *kd; if ((kd = malloc(sizeof(*kd))) == NULL) { - (void)strcpy(errout, strerror(errno)); + (void)strncpy(errout, strerror(errno), _POSIX2_LINE_MAX - 1); return (0); } kd->program = 0; diff --git a/lib/libkvm/kvm.c b/lib/libkvm/kvm.c index cf9f9a5df8c6..ab81352e3335 100644 --- a/lib/libkvm/kvm.c +++ b/lib/libkvm/kvm.c @@ -1,4 +1,4 @@ -/* $NetBSD: kvm.c,v 1.49 1996/11/09 23:44:53 pk Exp $ */ +/* $NetBSD: kvm.c,v 1.50 1997/01/23 14:02:52 mrg Exp $ */ /*- * Copyright (c) 1989, 1992, 1993 @@ -41,7 +41,7 @@ #if 0 static char sccsid[] = "@(#)kvm.c 8.2 (Berkeley) 2/13/94"; #else -static char *rcsid = "$NetBSD: kvm.c,v 1.49 1996/11/09 23:44:53 pk Exp $"; +static char *rcsid = "$NetBSD: kvm.c,v 1.50 1997/01/23 14:02:52 mrg Exp $"; #endif #endif /* LIBC_SCCS and not lint */ @@ -324,7 +324,7 @@ failed: * Copy out the error if doing sane error semantics. */ if (errout != 0) - strcpy(errout, kd->errbuf); + (void)strncpy(errout, kd->errbuf, _POSIX2_LINE_MAX - 1); (void)kvm_close(kd); return (0); } @@ -631,7 +631,7 @@ kvm_openfiles(uf, mf, sf, flag, errout) register kvm_t *kd; if ((kd = malloc(sizeof(*kd))) == NULL) { - (void)strcpy(errout, strerror(errno)); + (void)strncpy(errout, strerror(errno), _POSIX2_LINE_MAX - 1); return (0); } kd->program = 0; diff --git a/lib/libpcap/bpf_image.c b/lib/libpcap/bpf_image.c index a77f681b23f8..ad41aa0a48b4 100644 --- a/lib/libpcap/bpf_image.c +++ b/lib/libpcap/bpf_image.c @@ -1,4 +1,4 @@ -/* $NetBSD: bpf_image.c,v 1.3 1996/12/13 08:25:58 mikel Exp $ */ +/* $NetBSD: bpf_image.c,v 1.4 1997/01/23 14:02:56 mrg Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1994, 1995, 1996 @@ -279,8 +279,8 @@ bpf_image(p, n) fmt = ""; break; } - (void)sprintf(operand, fmt, v); - (void)sprintf(image, + (void)snprintf(operand, sizeof operand, fmt, v); + (void)snprintf(image, sizeof image, (BPF_CLASS(p->code) == BPF_JMP && BPF_OP(p->code) != BPF_JA) ? "(%03d) %-8s %-16s jt %d\tjf %d" diff --git a/lib/libpcap/gencode.c b/lib/libpcap/gencode.c index c7e4a3d4034b..9cd2baa2ff41 100644 --- a/lib/libpcap/gencode.c +++ b/lib/libpcap/gencode.c @@ -1,4 +1,4 @@ -/* $NetBSD: gencode.c,v 1.5 1996/12/13 08:26:03 mikel Exp $ */ +/* $NetBSD: gencode.c,v 1.6 1997/01/23 14:02:58 mrg Exp $ */ /* * Copyright (c) 1990, 1991, 1992, 1993, 1994, 1995, 1996 @@ -90,7 +90,8 @@ bpf_error(fmt, va_alist) va_start(ap); #endif if (bpf_pcap != NULL) - (void)vsprintf(pcap_geterr(bpf_pcap), fmt, ap); + (void)vsnprintf(pcap_geterr(bpf_pcap), + PCAP_ERRBUF_SIZE, fmt, ap); va_end(ap); longjmp(top_ctx, 1); /* NOTREACHED */ @@ -200,7 +201,7 @@ sdup(s) int n = strlen(s) + 1; char *cp = newchunk(n); - strcpy(cp, s); + strcpy(cp, s); /* XXX strcpy is safe */ return (cp); } diff --git a/lib/libpcap/inet.c b/lib/libpcap/inet.c index bf4adb24ddd5..dcf26ac07ddf 100644 --- a/lib/libpcap/inet.c +++ b/lib/libpcap/inet.c @@ -1,4 +1,4 @@ -/* $NetBSD: inet.c,v 1.4 1996/12/13 08:26:06 mikel Exp $ */ +/* $NetBSD: inet.c,v 1.5 1997/01/23 14:02:59 mrg Exp $ */ /* * Copyright (c) 1994, 1995, 1996 @@ -95,7 +95,8 @@ pcap_lookupdev(errbuf) fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { - (void)sprintf(errbuf, "socket: %s", pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", + pcap_strerror(errno)); return (NULL); } ifc.ifc_len = sizeof ibuf; @@ -103,7 +104,8 @@ pcap_lookupdev(errbuf) if (ioctl(fd, SIOCGIFCONF, (char *)&ifc) < 0 || ifc.ifc_len < sizeof(struct ifreq)) { - (void)sprintf(errbuf, "SIOCGIFCONF: %s", pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFCONF: %s", + pcap_strerror(errno)); (void)close(fd); return (NULL); } @@ -132,8 +134,8 @@ pcap_lookupdev(errbuf) */ strncpy(ifr.ifr_name, ifrp->ifr_name, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifr) < 0) { - (void)sprintf(errbuf, "SIOCGIFFLAGS: %s", - pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "SIOCGIFFLAGS: %s", pcap_strerror(errno)); (void)close(fd); return (NULL); } @@ -152,7 +154,8 @@ pcap_lookupdev(errbuf) } (void)close(fd); if (mp == NULL) { - (void)strcpy(errbuf, "no suitable device found"); + (void)strncpy(errbuf, "no suitable device found", + PCAP_ERRBUF_SIZE - 1); return (NULL); } @@ -173,7 +176,8 @@ pcap_lookupnet(device, netp, maskp, errbuf) fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd < 0) { - (void)sprintf(errbuf, "socket: %s", pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", + pcap_strerror(errno)); return (-1); } memset(&ifr, 0, sizeof(ifr)); @@ -183,7 +187,7 @@ pcap_lookupnet(device, netp, maskp, errbuf) #endif (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, SIOCGIFADDR, (char *)&ifr) < 0) { - (void)sprintf(errbuf, "SIOCGIFADDR: %s: %s", + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "SIOCGIFADDR: %s: %s", device, pcap_strerror(errno)); (void)close(fd); return (-1); @@ -191,8 +195,8 @@ pcap_lookupnet(device, netp, maskp, errbuf) sin = (struct sockaddr_in *)&ifr.ifr_addr; *netp = sin->sin_addr.s_addr; if (ioctl(fd, SIOCGIFNETMASK, (char *)&ifr) < 0) { - (void)sprintf(errbuf, "SIOCGIFNETMASK: %s: %s", - device, pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "SIOCGIFNETMASK: %s: %s", device, pcap_strerror(errno)); (void)close(fd); return (-1); } @@ -206,8 +210,8 @@ pcap_lookupnet(device, netp, maskp, errbuf) else if (IN_CLASSC(*netp)) *maskp = IN_CLASSC_NET; else { - (void)sprintf(errbuf, "inet class for 0x%x unknown", - *netp); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "inet class for 0x%x unknown", *netp); return (-1); } } diff --git a/lib/libpcap/pcap-bpf.c b/lib/libpcap/pcap-bpf.c index bd8aa28ccb0a..2fc21f37f9ef 100644 --- a/lib/libpcap/pcap-bpf.c +++ b/lib/libpcap/pcap-bpf.c @@ -1,4 +1,4 @@ -/* $NetBSD: pcap-bpf.c,v 1.4 1996/12/13 08:26:09 mikel Exp $ */ +/* $NetBSD: pcap-bpf.c,v 1.5 1997/01/23 14:03:00 mrg Exp $ */ /* * Copyright (c) 1993, 1994, 1995, 1996 @@ -55,7 +55,8 @@ pcap_stats(pcap_t *p, struct pcap_stat *ps) struct bpf_stat s; if (ioctl(p->fd, BIOCGSTATS, (caddr_t)&s) < 0) { - sprintf(p->errbuf, "BIOCGSTATS: %s", pcap_strerror(errno)); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCGSTATS: %s", + pcap_strerror(errno)); return (-1); } @@ -99,7 +100,8 @@ pcap_read(pcap_t *p, int cnt, pcap_handler callback, u_char *user) /* fall through */ #endif } - sprintf(p->errbuf, "read: %s", pcap_strerror(errno)); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "read: %s", + pcap_strerror(errno)); return (-1); } bp = p->buffer; @@ -142,7 +144,7 @@ bpf_open(pcap_t *p, char *errbuf) * Go through all the minors and find one that isn't in use. */ do { - (void)sprintf(device, "/dev/bpf%d", n++); + (void)snprintf(device, sizeof device, "/dev/bpf%d", n++); fd = open(device, O_RDONLY); } while (fd < 0 && errno == EBUSY); @@ -150,7 +152,8 @@ bpf_open(pcap_t *p, char *errbuf) * XXX better message for all minors used */ if (fd < 0) - sprintf(errbuf, "%s: %s", device, pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", device, + pcap_strerror(errno)); return (fd); } @@ -166,7 +169,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { - sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", + pcap_strerror(errno)); return (NULL); } bzero(p, sizeof(*p)); @@ -178,22 +182,26 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) p->snapshot = snaplen; if (ioctl(fd, BIOCVERSION, (caddr_t)&bv) < 0) { - sprintf(ebuf, "BIOCVERSION: %s", pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCVERSION: %s", + pcap_strerror(errno)); goto bad; } if (bv.bv_major != BPF_MAJOR_VERSION || bv.bv_minor < BPF_MINOR_VERSION) { - sprintf(ebuf, "kernel bpf filter out of date"); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, + "kernel bpf filter out of date"); goto bad; } (void)strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name)); if (ioctl(fd, BIOCSETIF, (caddr_t)&ifr) < 0) { - sprintf(ebuf, "%s: %s", device, pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "%s: %s", device, + pcap_strerror(errno)); goto bad; } /* Get the data link layer type. */ if (ioctl(fd, BIOCGDLT, (caddr_t)&v) < 0) { - sprintf(ebuf, "BIOCGDLT: %s", pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGDLT: %s", + pcap_strerror(errno)); goto bad; } p->linktype = v; @@ -204,8 +212,8 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) to.tv_sec = to_ms / 1000; to.tv_usec = (to_ms * 1000) % 1000000; if (ioctl(p->fd, BIOCSRTIMEOUT, (caddr_t)&to) < 0) { - sprintf(ebuf, "BIOCSRTIMEOUT: %s", - pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, + "BIOCSRTIMEOUT: %s", pcap_strerror(errno)); goto bad; } } @@ -214,13 +222,15 @@ pcap_open_live(char *device, int snaplen, int promisc, int to_ms, char *ebuf) (void)ioctl(p->fd, BIOCPROMISC, NULL); if (ioctl(fd, BIOCGBLEN, (caddr_t)&v) < 0) { - sprintf(ebuf, "BIOCGBLEN: %s", pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "BIOCGBLEN: %s", + pcap_strerror(errno)); goto bad; } p->bufsize = v; p->buffer = (u_char *)malloc(p->bufsize); if (p->buffer == NULL) { - sprintf(ebuf, "malloc: %s", pcap_strerror(errno)); + (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s", + pcap_strerror(errno)); goto bad; } @@ -237,7 +247,8 @@ pcap_setfilter(pcap_t *p, struct bpf_program *fp) if (p->sf.rfile != NULL) p->fcode = *fp; else if (ioctl(p->fd, BIOCSETF, (caddr_t)fp) < 0) { - sprintf(p->errbuf, "BIOCSETF: %s", pcap_strerror(errno)); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "BIOCSETF: %s", + pcap_strerror(errno)); return (-1); } return (0); diff --git a/lib/libpcap/pcap.c b/lib/libpcap/pcap.c index c3de319d1de6..85bc31c48493 100644 --- a/lib/libpcap/pcap.c +++ b/lib/libpcap/pcap.c @@ -1,4 +1,4 @@ -/* $NetBSD: pcap.c,v 1.3 1996/12/13 08:26:13 mikel Exp $ */ +/* $NetBSD: pcap.c,v 1.4 1997/01/23 14:03:01 mrg Exp $ */ /* * Copyright (c) 1993, 1994, 1995, 1996 @@ -175,7 +175,7 @@ pcap_strerror(int errnum) if ((unsigned int)errnum < sys_nerr) return ((char *)sys_errlist[errnum]); - (void)sprintf(ebuf, "Unknown error: %d", errnum); + (void)snprintf(ebuf, sizeof ebuf, "Unknown error: %d", errnum); return(ebuf); #endif } diff --git a/lib/libpcap/savefile.c b/lib/libpcap/savefile.c index 73ffd626fb15..98c49dd68c1e 100644 --- a/lib/libpcap/savefile.c +++ b/lib/libpcap/savefile.c @@ -1,4 +1,4 @@ -/* $NetBSD: savefile.c,v 1.3 1996/12/13 08:26:14 mikel Exp $ */ +/* $NetBSD: savefile.c,v 1.4 1997/01/23 14:03:03 mrg Exp $ */ /* * Copyright (c) 1993, 1994, 1995, 1996 @@ -115,7 +115,7 @@ pcap_open_offline(char *fname, char *errbuf) p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) { - strcpy(errbuf, "out of swap"); + (void)strncpy(errbuf, "out of swap", PCAP_ERRBUF_SIZE - 1); return (NULL); } @@ -130,24 +130,27 @@ pcap_open_offline(char *fname, char *errbuf) else { fp = fopen(fname, "r"); if (fp == NULL) { - sprintf(errbuf, "%s: %s", fname, pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "%s: %s", + fname, pcap_strerror(errno)); goto bad; } } if (fread((char *)&hdr, sizeof(hdr), 1, fp) != 1) { - sprintf(errbuf, "fread: %s", pcap_strerror(errno)); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "fread: %s", + pcap_strerror(errno)); goto bad; } if (hdr.magic != TCPDUMP_MAGIC) { if (SWAPLONG(hdr.magic) != TCPDUMP_MAGIC) { - sprintf(errbuf, "bad dump file format"); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "bad dump file format"); goto bad; } p->sf.swapped = 1; swap_hdr(&hdr); } if (hdr.version_major < PCAP_VERSION_MAJOR) { - sprintf(errbuf, "archaic file format"); + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "archaic file format"); goto bad; } p->tzoff = hdr.thiszone; @@ -241,22 +244,23 @@ sf_next_packet(pcap_t *p, struct pcap_pkthdr *hdr, u_char *buf, int buflen) free((u_char *)tp); tp = (u_char *)malloc(tsize); if (tp == NULL) { - sprintf(p->errbuf, "BUFMOD hack malloc"); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "BUFMOD hack malloc"); return (-1); } } if (fread((char *)tp, hdr->caplen, 1, fp) != 1) { - sprintf(p->errbuf, "truncated dump file"); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "truncated dump file"); return (-1); } memcpy((char *)buf, (char *)tp, buflen); } else { /* read the packet itself */ - if (fread((char *)buf, hdr->caplen, 1, fp) != 1) { - sprintf(p->errbuf, "truncated dump file"); - return (-1); + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "truncated dump file"); } } return (0); @@ -320,7 +324,7 @@ pcap_dump_open(pcap_t *p, char *fname) else { f = fopen(fname, "w"); if (f == NULL) { - sprintf(p->errbuf, "%s: %s", + (void)snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", fname, pcap_strerror(errno)); return (NULL); } diff --git a/lib/librmt/rmtlib.c b/lib/librmt/rmtlib.c index 66c3df52e0d3..7b0b0227a3ce 100644 --- a/lib/librmt/rmtlib.c +++ b/lib/librmt/rmtlib.c @@ -1,4 +1,4 @@ -/* $NetBSD: rmtlib.c,v 1.4 1996/08/13 20:09:50 thorpej Exp $ */ +/* $NetBSD: rmtlib.c,v 1.5 1997/01/23 14:03:05 mrg Exp $ */ /* * rmt --- remote tape emulator subroutines @@ -278,7 +278,8 @@ int mode; if (*(path - 1) == '@') { - (void) strcpy (user, system); /* saw user part of user@host */ + (void)strncpy(user, system, sizeof(login) - 1); + /* saw user part of user@host */ sys = system; /* start over */ while (*path != ':') { *sys++ = *path++; @@ -358,7 +359,7 @@ int mode; * now attempt to open the tape device */ - sprintf(buffer, "O%s\n%d\n", device, oflag); + (void)snprintf(buffer, sizeof(buffer), "O%s\n%d\n", device, oflag); if (command(i, buffer) == -1 || status(i) == -1) return(-1); @@ -401,7 +402,7 @@ unsigned int nbyte; int rc, i; char buffer[BUFMAGIC]; - sprintf(buffer, "R%d\n", nbyte); + (void)snprintf(buffer, sizeof buffer, "R%d\n", nbyte); if (command(fildes, buffer) == -1 || (rc = status(fildes)) == -1) return(-1); @@ -434,7 +435,7 @@ unsigned int nbyte; char buffer[BUFMAGIC]; void (*pstat)(); - sprintf(buffer, "W%d\n", nbyte); + (void)snprintf(buffer, sizeof buffer, "W%d\n", nbyte); if (command(fildes, buffer) == -1) return(-1); @@ -464,7 +465,7 @@ int whence; { char buffer[BUFMAGIC]; - sprintf(buffer, "L%d\n%d\n", offset, whence); + (void)snprintf(buffer, sizeof buffer, "L%d\n%d\n", offset, whence); if (command(fildes, buffer) == -1) return(-1); @@ -492,8 +493,9 @@ char *arg; if (op == MTIOCTOP) { - sprintf(buffer, "I%d\n%d\n", ((struct mtop *) arg)->mt_op, - ((struct mtop *) arg)->mt_count); + (void)snprintf(buffer, sizeof buffer, "I%d\n%d\n", + ((struct mtop *)arg)->mt_op, + ((struct mtop *)arg)->mt_count); if (command(fildes, buffer) == -1) return(-1); return(status(fildes)); diff --git a/lib/libskey/put.c b/lib/libskey/put.c index e10c4cbf5821..5166f224e897 100644 --- a/lib/libskey/put.c +++ b/lib/libskey/put.c @@ -1,4 +1,4 @@ -/* $NetBSD: put.c,v 1.3 1996/09/19 19:39:43 thorpej Exp $ */ +/* $NetBSD: put.c,v 1.4 1997/01/23 14:03:07 mrg Exp $ */ /* S/KEY v1.1b (put.c) * @@ -2176,7 +2176,7 @@ char * char *out; char *s; { - sprintf (out, "%02X%02X %02X%02X %02X%02X %02X%02X", + sprintf (out, "%02X%02X %02X%02X %02X%02X %02X%02X", /* XXX: sprintf (put8()) appears to be unused */ s[0] & 0xff, s[1] & 0xff, s[2] & 0xff, s[3] & 0xff, s[4] & 0xff, s[5] & 0xff, s[6] & 0xff, s[7] & 0xff); diff --git a/lib/libskey/skey.h b/lib/libskey/skey.h index e9bb1b58d345..26071ac2b478 100644 --- a/lib/libskey/skey.h +++ b/lib/libskey/skey.h @@ -1,4 +1,4 @@ -/* $NetBSD: skey.h,v 1.3 1996/09/19 19:39:45 thorpej Exp $ */ +/* $NetBSD: skey.h,v 1.4 1997/01/23 14:03:08 mrg Exp $ */ /* * S/KEY v1.1b (skey.h) @@ -58,7 +58,7 @@ char *btoe __ARGS ((char *engout, char *c)); char *put8 __ARGS ((char *out, char *s)); int etob __ARGS ((char *out, char *e)); void rip __ARGS ((char *buf)); -int skeychallenge __ARGS ((struct skey * mp, char *name, char *ss)); +int skeychallenge __ARGS ((struct skey * mp, char *name, char *ss, int sslen)); int skeylookup __ARGS ((struct skey * mp, char *name)); int skeyverify __ARGS ((struct skey * mp, char *response)); void sevenbit __ARGS ((char *s)); diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c index d8530e35fd7b..1b57ebbf8811 100644 --- a/lib/libskey/skeylogin.c +++ b/lib/libskey/skeylogin.c @@ -1,4 +1,4 @@ -/* $NetBSD: skeylogin.c,v 1.6 1996/09/19 19:39:48 thorpej Exp $ */ +/* $NetBSD: skeylogin.c,v 1.7 1997/01/23 14:03:09 mrg Exp $ */ /* S/KEY v1.1b (skeylogin.c) * @@ -53,12 +53,14 @@ getskeyprompt(mp,name,prompt) sevenbit(name); rval = skeylookup(mp,name); - strcpy(prompt,"s/key 55 latour1\n"); +#if 0 + strcpy(prompt, "s/key 55 latour1\n"); +#endif switch (rval) { case -1: /* File error */ return -1; case 0: /* Lookup succeeded, return challenge */ - sprintf(prompt,"s/key %d %s\n",mp->n - 1,mp->seed); + sprintf(prompt,"s/key %d %s\n",mp->n - 1,mp->seed); /* XXX: sprintf (getskeyprompt()) appears unused */ return 0; case 1: /* User not found */ fclose(mp->keyfile); @@ -75,10 +77,11 @@ getskeyprompt(mp,name,prompt) * record. */ int -skeychallenge(mp,name, ss) +skeychallenge(mp,name, ss, sslen) struct skey *mp; char *name; char *ss; + int sslen; { int rval; @@ -87,7 +90,7 @@ skeychallenge(mp,name, ss) case -1: /* File error */ return -1; case 0: /* Lookup succeeded, issue challenge */ - sprintf(ss, "s/key %d %s",mp->n - 1,mp->seed); + (void)snprintf(ss, sslen, "s/key %d %s",mp->n - 1,mp->seed); return 0; case 1: /* User not found */ fclose(mp->keyfile); @@ -289,7 +292,7 @@ skey_keyinfo (username) static char str [50]; struct skey skey; - i = skeychallenge (&skey, username, str); + i = skeychallenge (&skey, username, str, sizeof str); if (i == -1) return 0; @@ -342,7 +345,7 @@ skey_authenticate (username) struct skey skey; /* Attempt a S/Key challenge */ - i = skeychallenge (&skey, username, skeyprompt); + i = skeychallenge (&skey, username, skeyprompt, sizeof skeyprompt); if (i == -2) return 0; diff --git a/lib/libskey/skeysubr.c b/lib/libskey/skeysubr.c index 4e8e7b5dcbd8..0a7c0d4164f1 100644 --- a/lib/libskey/skeysubr.c +++ b/lib/libskey/skeysubr.c @@ -1,4 +1,4 @@ -/* $NetBSD: skeysubr.c,v 1.7 1996/09/19 19:39:50 thorpej Exp $ */ +/* $NetBSD: skeysubr.c,v 1.8 1997/01/23 14:03:10 mrg Exp $ */ /* S/KEY v1.1b (skeysubr.c) * @@ -49,8 +49,8 @@ char *passwd; /* Password, any length */ buflen = strlen(seed) + strlen(passwd); if ((buf = (char *)malloc(buflen+1)) == NULL) return -1; - strcpy(buf,seed); - strcat(buf,passwd); + strcpy(buf, seed); /* XXX strcpy is safe */ + strcat(buf, passwd); /* XXX strcat is safe */ /* Crunch the key through MD4 */ sevenbit(buf); @@ -242,7 +242,7 @@ btoa8(out, in) return -1; for (i=0;i<8;i++) { - sprintf(out,"%02x",*in++ & 0xff); + sprintf(out,"%02x",*in++ & 0xff); /* XXX: sprintf() (btoa8() appears to be unused */ out += 2; } return 0; diff --git a/lib/libterm/termcap.c b/lib/libterm/termcap.c index 2138396fd5ad..983adaf7ece0 100644 --- a/lib/libterm/termcap.c +++ b/lib/libterm/termcap.c @@ -1,4 +1,4 @@ -/* $NetBSD: termcap.c,v 1.9 1996/11/12 07:50:11 mikel Exp $ */ +/* $NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $ */ /* * Copyright (c) 1980, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)termcap.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: termcap.c,v 1.9 1996/11/12 07:50:11 mikel Exp $"; +static char rcsid[] = "$NetBSD: termcap.c,v 1.10 1997/01/23 14:03:12 mrg Exp $"; #endif #endif /* not lint */ @@ -109,7 +109,8 @@ tgetent(bp, name) if ((home = getenv("HOME")) != NULL) { /* set up default */ p += strlen(home); /* path, looking in */ - strcpy(pathbuf, home); /* $HOME first */ + (void)strncpy(pathbuf, home, + sizeof(pathbuf) - 1); /* $HOME first */ *p++ = '/'; } /* if no $HOME look in current directory */ strncpy(p, _PATH_DEF, PBUFSIZ - (p - pathbuf)); diff --git a/lib/libterm/tgoto.c b/lib/libterm/tgoto.c index a859ce165d40..bd20211bf6bd 100644 --- a/lib/libterm/tgoto.c +++ b/lib/libterm/tgoto.c @@ -1,4 +1,4 @@ -/* $NetBSD: tgoto.c,v 1.5 1995/06/05 19:45:54 pk Exp $ */ +/* $NetBSD: tgoto.c,v 1.6 1997/01/23 14:03:13 mrg Exp $ */ /* * Copyright (c) 1980, 1993 @@ -37,7 +37,7 @@ #if 0 static char sccsid[] = "@(#)tgoto.c 8.1 (Berkeley) 6/4/93"; #else -static char rcsid[] = "$NetBSD: tgoto.c,v 1.5 1995/06/05 19:45:54 pk Exp $"; +static char rcsid[] = "$NetBSD: tgoto.c,v 1.6 1997/01/23 14:03:13 mrg Exp $"; #endif #endif /* not lint */ @@ -210,6 +210,6 @@ setwhich: goto toohard; } } - strcpy(dp, added); + (void)strncpy(dp, added, (sizeof(result) - (dp - result) - 1)); return (result); } diff --git a/lib/libwrap/diag.c b/lib/libwrap/diag.c index e0bd792c319d..34a67213a2fa 100644 --- a/lib/libwrap/diag.c +++ b/lib/libwrap/diag.c @@ -38,10 +38,10 @@ va_list ap; char fmt[BUFSIZ]; if (tcpd_context.file) - sprintf(fmt, "%s: %s, line %d: %s", + (void)snprintf(fmt, sizeof fmt, "%s: %s, line %d: %s", tag, tcpd_context.file, tcpd_context.line, format); else - sprintf(fmt, "%s: %s", tag, format); + (void)snprintf(fmt, sizeof fmt, "%s: %s", tag, format); vsyslog(severity, fmt, ap); } diff --git a/lib/libwrap/eval.c b/lib/libwrap/eval.c index d68358f3b9c3..a5d07a3b8571 100644 --- a/lib/libwrap/eval.c +++ b/lib/libwrap/eval.c @@ -46,7 +46,7 @@ char *eval_user(request) struct request_info *request; { if (request->user[0] == 0) { - strcpy(request->user, unknown); + (void)strncpy(request->user, unknown, sizeof(request->user) - 1); if (request->sink == 0 && request->client->sin && request->server->sin) rfc931(request->client->sin, request->server->sin, request->user); } @@ -59,7 +59,7 @@ char *eval_hostaddr(host) struct host_info *host; { if (host->addr[0] == 0) { - strcpy(host->addr, unknown); + (void)strncpy(host->addr, unknown, sizeof(host->addr) - 1); if (host->request->hostaddr != 0) host->request->hostaddr(host); } @@ -72,7 +72,7 @@ char *eval_hostname(host) struct host_info *host; { if (host->name[0] == 0) { - strcpy(host->name, unknown); + (void)strncpy(host->name, unknown, sizeof(host->name) - 1); if (host->request->hostname != 0) host->request->hostname(host); } @@ -111,7 +111,7 @@ struct request_info *request; return (hostinfo); #endif if (STR_NE(eval_user(request), unknown)) { - sprintf(both, "%s@%s", request->user, hostinfo); + (void)snprintf(both, sizeof both, "%s@%s", request->user, hostinfo); return (both); } else { return (hostinfo); @@ -128,7 +128,7 @@ struct request_info *request; char *daemon = eval_daemon(request); if (STR_NE(host, unknown)) { - sprintf(both, "%s@%s", daemon, host); + (void)snprintf(both, sizeof both, "%s@%s", daemon, host); return (both); } else { return (daemon); diff --git a/lib/libwrap/fix_options.c b/lib/libwrap/fix_options.c index fbf5c2709246..f039e7b7402c 100644 --- a/lib/libwrap/fix_options.c +++ b/lib/libwrap/fix_options.c @@ -29,6 +29,7 @@ struct request_info *request; int optsize = sizeof(optbuf), ipproto; struct protoent *ip; int fd = request->fd; + int len = sizeof lbuf; if ((ip = getprotobyname("ip")) != 0) ipproto = ip->p_proto; @@ -39,7 +40,7 @@ struct request_info *request; && optsize != 0) { lp = lbuf; for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) - sprintf(lp, " %2.2x", *cp); + len -= snprintf(lp, len, " %2.2x", *cp); syslog(LOG_NOTICE, "connect from %s with IP options (ignored):%s", eval_client(request), lbuf); diff --git a/lib/libwrap/options.c b/lib/libwrap/options.c index 4fc6c9468732..db1f070e83d7 100644 --- a/lib/libwrap/options.c +++ b/lib/libwrap/options.c @@ -224,14 +224,14 @@ struct request_info *request; int ch; FILE *fp; - sprintf(path, "%s/%s", value, eval_daemon(request)); + (void)snprintf(path, sizeof path, "%s/%s", value, eval_daemon(request)); if ((fp = fopen(path, "r")) != 0) { while ((ch = fgetc(fp)) == 0) write(request->fd, "", 1); ungetc(ch, fp); - while (fgets(ibuf, sizeof(ibuf) - 1, fp)) { + while (fgets(ibuf, sizeof(ibuf) - 2, fp)) { if (split_at(ibuf, '\n')) - strcat(ibuf, "\r\n"); + strcat(ibuf, "\r\n"); /* XXX strcat is safe */ percent_x(obuf, sizeof(obuf), ibuf, request); write(request->fd, obuf, strlen(obuf)); } diff --git a/lib/libwrap/socket.c b/lib/libwrap/socket.c index 7033b7e7a964..f96bbbbb39a0 100644 --- a/lib/libwrap/socket.c +++ b/lib/libwrap/socket.c @@ -61,7 +61,7 @@ char *name; if (strchr(name, '.') == 0 || strlen(name) >= MAXHOSTNAMELEN - 1) { return (gethostbyname(name)); } else { - sprintf(dot_name, "%s.", name); + (void)snprintf(dot_name, sizeof dot_name, "%s.", name); return (gethostbyname(dot_name)); } } @@ -213,7 +213,8 @@ struct host_info *host; tcpd_warn("host name/address mismatch: %s != %s", inet_ntoa(sin->sin_addr), hp->h_name); } - strcpy(host->name, paranoid); /* name is bad, clobber it */ + /* name is bad, clobber it */ + (void)strncpy(host->name, paranoid, sizeof(host->name) - 1); } } diff --git a/lib/libwrap/update.c b/lib/libwrap/update.c index a76cf2bb2375..ab5074e30041 100644 --- a/lib/libwrap/update.c +++ b/lib/libwrap/update.c @@ -96,8 +96,8 @@ struct request_info *VARARGS(request_init, struct request_info *, request) VASTART(ap, struct request_info *, request); *request = default_info; request->fd = -1; - strcpy(request->daemon, unknown); - sprintf(request->pid, "%d", getpid()); + (void)strncpy(request->daemon, unknown, sizeof(request->daemon) - 1); + (void)snprintf(request->pid, sizeof(request->pid), "%d", getpid()); request->client->request = request; request->server->request = request; r = request_fill(request, ap); diff --git a/lib/libz/example.c b/lib/libz/example.c index bc805f3f1820..3e5dff53e9fd 100644 --- a/lib/libz/example.c +++ b/lib/libz/example.c @@ -1,4 +1,4 @@ -/* $NetBSD: example.c,v 1.2 1996/09/13 00:30:04 cgd Exp $ */ +/* $NetBSD: example.c,v 1.3 1997/01/23 14:03:25 mrg Exp $ */ /* example.c -- usage example of the zlib compression library * Copyright (C) 1995-1996 Jean-loup Gailly. @@ -62,7 +62,7 @@ void test_compress(compr, comprLen, uncompr, uncomprLen) err = compress(compr, &comprLen, (const Bytef*)hello, len); CHECK_ERR(err, "compress"); - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); err = uncompress(uncompr, &uncomprLen, compr, comprLen); CHECK_ERR(err, "uncompress"); @@ -102,7 +102,7 @@ void test_gzio(out, in, uncompr, uncomprLen) if (file == NULL) { fprintf(stderr, "gzopen error\n"); } - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); uncomprLen = gzread(file, uncompr, (unsigned)uncomprLen); if (uncomprLen != len) { @@ -165,7 +165,7 @@ void test_inflate(compr, comprLen, uncompr, uncomprLen) int err; z_stream d_stream; /* decompression stream */ - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); d_stream.zalloc = (alloc_func)0; d_stream.zfree = (free_func)0; @@ -257,7 +257,7 @@ void test_large_inflate(compr, comprLen, uncompr, uncomprLen) int err; z_stream d_stream; /* decompression stream */ - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); d_stream.zalloc = (alloc_func)0; d_stream.zfree = (free_func)0; @@ -333,7 +333,7 @@ void test_sync(compr, comprLen, uncompr, uncomprLen) int err; z_stream d_stream; /* decompression stream */ - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); d_stream.zalloc = (alloc_func)0; d_stream.zfree = (free_func)0; @@ -411,7 +411,7 @@ void test_dict_inflate(compr, comprLen, uncompr, uncomprLen) int err; z_stream d_stream; /* decompression stream */ - strcpy((char*)uncompr, "garbage"); + (void)strncpy((char*)uncompr, "garbage", uncomprLen - 1); d_stream.zalloc = (alloc_func)0; d_stream.zfree = (free_func)0; diff --git a/lib/libz/gzio.c b/lib/libz/gzio.c index de7cfbf357af..d8218825608b 100644 --- a/lib/libz/gzio.c +++ b/lib/libz/gzio.c @@ -1,4 +1,4 @@ -/* $NetBSD: gzio.c,v 1.4 1996/09/13 00:30:06 cgd Exp $ */ +/* $NetBSD: gzio.c,v 1.5 1997/01/23 14:03:27 mrg Exp $ */ /* gzio.c -- IO on .gz files * Copyright (C) 1995-1996 Jean-loup Gailly. @@ -91,7 +91,8 @@ local gzFile gz_open (path, mode, fd) if (s->path == NULL) { return destroy(s), (gzFile)Z_NULL; } - strcpy(s->path, path); /* do this early for debugging */ + /* do this early for debugging */ + (void)strcpy(s->path, path); /* XXX strcpy is safe */ s->mode = '\0'; do { @@ -167,7 +168,7 @@ gzFile gzdopen (fd, mode) char name[20]; if (fd < 0) return (gzFile)Z_NULL; - sprintf(name, "", fd); /* for debugging */ + (void)snprintf(name, sizeof name, "", fd); /* for debugging */ return gz_open (name, mode, fd); } @@ -532,8 +533,8 @@ const char* gzerror (file, errnum) TRYFREE(s->msg); s->msg = (char*)ALLOC(strlen(s->path) + strlen(m) + 3); - strcpy(s->msg, s->path); - strcat(s->msg, ": "); - strcat(s->msg, m); + (void)strcpy(s->msg, s->path); /* XXX strcpy is safe */ + strcat(s->msg, ": "); /* XXX strcat is safe */ + strcat(s->msg, m); /* XXX strcat is safe */ return (const char*)s->msg; } diff --git a/lib/libz/minigzip.c b/lib/libz/minigzip.c index 664b39b96aae..41b08001fcf6 100644 --- a/lib/libz/minigzip.c +++ b/lib/libz/minigzip.c @@ -1,4 +1,4 @@ -/* $NetBSD: minigzip.c,v 1.3 1996/09/13 00:30:41 cgd Exp $ */ +/* $NetBSD: minigzip.c,v 1.4 1997/01/23 14:03:29 mrg Exp $ */ /* minigzip.c -- simulate gzip using the zlib compression library * Copyright (C) 1995-1996 Jean-loup Gailly. @@ -138,8 +138,8 @@ void file_compress(file) FILE *in; gzFile out; - strcpy(outfile, file); - strcat(outfile, GZ_SUFFIX); + (void)strncpy(outfile, file, MAX_NAME_LEN - 1 - GZ_SUFFIX_LEN); + (void)strcat(outfile, GZ_SUFFIX); /* XXX strcat is safe */ in = fopen(file, "rb"); if (in == NULL) { @@ -169,7 +169,7 @@ void file_uncompress(file) gzFile in; int len = strlen(file); - strcpy(buf, file); + (void)strncpy(buf, file, MAX_NAME_LEN - 1 - GZ_SUFFIX); if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) { infile = file; @@ -178,7 +178,7 @@ void file_uncompress(file) } else { outfile = file; infile = buf; - strcat(infile, GZ_SUFFIX); + (void)strcat(infile, GZ_SUFFIX); /* XXX strcat is safe */ } in = gzopen(infile, "rb"); if (in == NULL) {