snprintf length audit. from openbsd

2001-08-19 02:01:24 +00:00 · 2001-08-19 02:01:24 +00:00 · bc9b3f2aa8
parent 511e898dc2
commit bc9b3f2aa8
2 changed files with 45 additions and 13 deletions
--- a/usr.bin/netstat/atalk.c
+++ b/usr.bin/netstat/atalk.c
@ -1,4 +1,4 @@
-/*	$NetBSD: atalk.c,v 1.6 2000/10/11 14:46:14 is Exp $	*/
+/*	$NetBSD: atalk.c,v 1.7 2001/08/19 02:01:24 itojun Exp $	*/

 /*
 * Copyright (c) 1983, 1988, 1993
@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "from @(#)atalk.c	1.1 (Whistle) 6/6/96";
 #else
-__RCSID("$NetBSD: atalk.c,v 1.6 2000/10/11 14:46:14 is Exp $");
+__RCSID("$NetBSD: atalk.c,v 1.7 2001/08/19 02:01:24 itojun Exp $");
 #endif
 #endif /* not lint */

@ -205,7 +205,7 @@ atalk_print2(sa, mask, what)
 	const struct sockaddr *mask;
 	int what;
 {
-	int             n;
+	size_t          n, l;
 	static char     buf[100];
 	struct sockaddr_at *sat1, *sat2;
 	struct sockaddr_at thesockaddr;
@ -218,15 +218,28 @@ atalk_print2(sa, mask, what)
 	thesockaddr.sat_addr.s_net = sat1->sat_addr.s_net &
 	    sat2->sat_addr.s_net;
 	n = snprintf(buf, sizeof(buf), "%s", atalk_print(sa2, 1 | (what & 8)));
+	if (n >= sizeof(buf))
+		n = sizeof(buf) - 1;
+	else if (n == -1)
+		n = 0;	/* What else can be done ? */
 	if (sat2->sat_addr.s_net != 0xFFFF) {
 		thesockaddr.sat_addr.s_net = sat1->sat_addr.s_net |
 		    ~sat2->sat_addr.s_net;
-		n += snprintf(buf + n, sizeof(buf) - n,
+		l = snprintf(buf + n, sizeof(buf) - n,
 		    "-%s", atalk_print(sa2, 1 | (what & 8)));
+		if (l >= sizeof(buf) - n)
+			l = sizeof(buf) - n - 1;
+		if (l > 0)
+			n += l;
 	}
-	if (what & 2)
-		n += snprintf(buf + n, sizeof(buf) - n, ".%s",
+	if (what & 2) {
+		l = snprintf(buf + n, sizeof(buf) - n, ".%s",
 		    atalk_print(sa, what & (~1)));
+		if (l >= sizeof(buf) - n)
+			l = sizeof(buf) - n - 1;
+		if (l > 0)
+			n += l;
+	}
 	return (buf);
 }

--- a/usr.bin/netstat/route.c
+++ b/usr.bin/netstat/route.c
@ -1,4 +1,4 @@
-/*	$NetBSD: route.c,v 1.56 2001/05/28 04:22:56 assar Exp $	*/
+/*	$NetBSD: route.c,v 1.57 2001/08/19 02:01:25 itojun Exp $	*/

 /*
 * Copyright (c) 1983, 1988, 1993
@ -38,7 +38,7 @@
 #if 0
 static char sccsid[] = "from: @(#)route.c	8.3 (Berkeley) 3/9/94";
 #else
-__RCSID("$NetBSD: route.c,v 1.56 2001/05/28 04:22:56 assar Exp $");
+__RCSID("$NetBSD: route.c,v 1.57 2001/08/19 02:01:25 itojun Exp $");
 #endif
 #endif /* not lint */

@ -423,6 +423,7 @@ p_sockaddr(sa, mask, flags, width)
 	char workbuf[128], *cplim;
 	char *cp = workbuf;
 	char *ep = workbuf + sizeof(workbuf);
+	int n;

 	switch(sa->sa_family) {
 	case AF_INET:
@ -511,8 +512,13 @@ p_sockaddr(sa, mask, flags, width)
 			cplim = "";
 			for (i = 0; i < alen; i++, lla++) {
 				/* XXX */
-				cp += snprintf(cp, ep - cp,
+				n = snprintf(cp, ep - cp,
 				    "%s%02x", cplim, *lla);
+				if (n < 0)
+					continue;
+				if (n >= ep - cp)
+					n = ep - cp - 1;
+				cp += n;
 				cplim = ":";
 			}
 			cp = workbuf;
@ -531,11 +537,24 @@ p_sockaddr(sa, mask, flags, width)

 		slim =  sa->sa_len + (u_char *) sa;
 		cplim = cp + sizeof(workbuf) - 6;
-		cp += snprintf(cp, ep - cp, "(%d)", sa->sa_family);
+		n = snprintf(cp, ep - cp, "(%d)", sa->sa_family);
+		if (n >= ep - cp)
+			n = ep - cp - 1;
+		if (n > 0)
+			cp += n;
 		while (s < slim && cp < cplim) {
-			cp += snprintf(cp, ep - cp, " %02x", *s++);
-			if (s < slim)
-			    cp += snprintf(cp, ep - cp, "%02x", *s++);
+			n = snprintf(cp, ep - cp, " %02x", *s++);
+			if (n >= ep - cp)
+				n = ep - cp - 1;
+			if (n > 0)
+				cp += n;
+			if (s < slim) {
+				n = snprintf(cp, ep - cp, "%02x", *s++);
+				if (n >= ep - cp)
+					n = ep - cp - 1;
+				if (n > 0)
+					cp += n;
+			}
 		}
 		cp = workbuf;
 	    }