Eliminate unsafe calls to strcpy() and sprintf().

usr.sbin/cron/crontab.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: crontab.c,v 1.2 1994/03/30 01:46:45 jtc Exp $";
+static char rcsid[] = "$Id: crontab.c,v 1.3 1996/12/16 22:30:43 thorpej Exp $";
 #endif
 
 /* crontab - install and manage per-user crontab files
@@ -143,8 +143,10 @@ parse_args(argc, argv)
 		fprintf(stderr, "bailing out.\n");
 		exit(ERROR_EXIT);
 	}
-	strcpy(User, pw->pw_name);
-	strcpy(RealUser, User);
+	strncpy(User, pw->pw_name, sizeof(User) - 1);
+	User[sizeof(User) - 1] = '\0';
+	strncpy(RealUser, User, sizeof(RealUser) - 1);
+	RealUser[sizeof(RealUser) - 1] = '\0';
 	Filename[0] = '\0';
 	Option = opt_unknown;
 	while (EOF != (argch = getopt(argc, argv, "u:lerx:"))) {
@@ -166,7 +168,8 @@ parse_args(argc, argv)
 					ProgramName, optarg);
 				exit(ERROR_EXIT);
 			}
-			(void) strcpy(User, optarg);
+			(void) strncpy(User, optarg, sizeof(User - 1));
+			User[sizeof(User) - 1] = '\0';
 			break;
 		case 'l':
 			if (Option != opt_unknown)
@@ -197,7 +200,9 @@ parse_args(argc, argv)
 	} else {
 		if (argv[optind] != NULL) {
 			Option = opt_replace;
-			(void) strcpy (Filename, argv[optind]);
+			(void) strncpy (Filename, argv[optind],
+			    sizeof(Filename) - 1);
+			Filename[sizeof(Filename) - 1] = '\0';
 		} else {
 			usage("file name must be specified for replace");
 		}
@@ -246,7 +251,7 @@ list_cmd() {
 	int	ch;
 
 	log_it(RealUser, Pid, "LIST", User);
-	(void) sprintf(n, CRON_TAB(User));
+	(void) snprintf(n, sizeof(n), CRON_TAB(User));
 	if (!(f = fopen(n, "r"))) {
 		if (errno == ENOENT)
 			fprintf(stderr, "no crontab for %s\n", User);
@@ -269,7 +274,7 @@ delete_cmd() {
 	char	n[MAX_FNAME];
 
 	log_it(RealUser, Pid, "DELETE", User);
-	(void) sprintf(n, CRON_TAB(User));
+	(void) snprintf(n, sizeof(n), CRON_TAB(User));
 	if (unlink(n)) {
 		if (errno == ENOENT)
 			fprintf(stderr, "no crontab for %s\n", User);
@@ -301,7 +306,7 @@ edit_cmd() {
 	PID_T		pid, xpid;
 
 	log_it(RealUser, Pid, "BEGIN EDIT", User);
-	(void) sprintf(n, CRON_TAB(User));
+	(void) snprintf(n, sizeof(n), CRON_TAB(User));
 	if (!(f = fopen(n, "r"))) {
 		if (errno != ENOENT) {
 			perror(n);
@@ -315,7 +320,7 @@ edit_cmd() {
 		}
 	}
 
-	(void) sprintf(Filename, "/tmp/crontab.%d", Pid);
+	(void) snprintf(Filename, sizeof(Filename), "/tmp/crontab.%d", Pid);
 	if (-1 == (t = open(Filename, O_CREAT|O_EXCL|O_RDWR, 0600))) {
 		perror(Filename);
 		goto fatal;
@@ -409,7 +414,7 @@ edit_cmd() {
 				ProgramName);
 			exit(ERROR_EXIT);
 		}
-		sprintf(q, "%s %s", editor, Filename);
+		snprintf(q, sizeof(q), "%s %s", editor, Filename);
 		execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", q, NULL);
 		perror(editor);
 		exit(ERROR_EXIT);
@@ -496,8 +501,8 @@ replace_cmd() {
 	time_t	now = time(NULL);
 	char	**envp = env_init();
 
-	(void) sprintf(n, "tmp.%d", Pid);
-	(void) sprintf(tn, CRON_TAB(n));
+	(void) snprintf(n, sizeof(n), "tmp.%d", Pid);
+	(void) snprintf(tn, sizeof(tn), CRON_TAB(n));
 	if (!(tmp = fopen(tn, "w+"))) {
 		perror(tn);
 		return (-2);
@@ -585,7 +590,7 @@ replace_cmd() {
 		return (-2);
 	}
 
-	(void) sprintf(n, CRON_TAB(User));
+	(void) snprintf(n, sizeof(n), CRON_TAB(User));
 	if (rename(tn, n)) {
 		fprintf(stderr, "%s: error renaming %s to %s\n",
 			ProgramName, tn, n);

usr.sbin/cron/database.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: database.c,v 1.1.1.4 1994/01/20 02:47:20 jtc Exp $";
+static char rcsid[] = "$Id: database.c,v 1.2 1996/12/16 22:30:44 thorpej Exp $";
 #endif
 
 /* vix 26jan87 [RCS has the log]
@@ -112,8 +112,9 @@ load_database(old_db)
 		if (dp->d_name[0] == '.')
 			continue;
 
-		(void) strcpy(fname, dp->d_name);
-		sprintf(tabname, CRON_TAB(fname));
+		(void) strncpy(fname, dp->d_name, sizeof(fname) - 1);
+		fname[sizeof(fname) - 1] = '\0';
+		snprintf(tabname, sizeof(tabname), CRON_TAB(fname));
 
 		process_crontab(fname, fname, tabname,
 				&statbuf, &new_db, old_db);

usr.sbin/cron/do_command.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: do_command.c,v 1.2 1995/04/14 19:49:34 mycroft Exp $";
+static char rcsid[] = "$Id: do_command.c,v 1.3 1996/12/16 22:30:45 thorpej Exp $";
 #endif
 
 
@@ -425,7 +425,7 @@ child_process(e, u)
 			if (mailto && status) {
 				char buf[MAX_TEMPSTR];
 
-				sprintf(buf,
+				snprintf(buf, sizeof(buf),
 			"mailed %d byte%s of output but got status 0x%04x\n",
 					bytes, (bytes==1)?"":"s",
 					status);

usr.sbin/cron/entry.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: entry.c,v 1.1.1.4 1994/01/20 02:47:23 jtc Exp $";
+static char rcsid[] = "$Id: entry.c,v 1.2 1996/12/16 22:30:46 thorpej Exp $";
 #endif
 
 /* vix 26jan87 [RCS'd; rest of log is in RCS file]
@@ -249,21 +249,21 @@ load_entry(file, error_func, pw, envp)
 	 */
 	e->envp = env_copy(envp);
 	if (!env_get("SHELL", e->envp)) {
-		sprintf(envstr, "SHELL=%s", _PATH_BSHELL);
+		snprintf(envstr, sizeof(envstr), "SHELL=%s", _PATH_BSHELL);
 		e->envp = env_set(e->envp, envstr);
 	}
 	if (!env_get("HOME", e->envp)) {
-		sprintf(envstr, "HOME=%s", pw->pw_dir);
+		snprintf(envstr, sizeof(envstr), "HOME=%s", pw->pw_dir);
 		e->envp = env_set(e->envp, envstr);
 	}
 	if (!env_get("PATH", e->envp)) {
-		sprintf(envstr, "PATH=%s", _PATH_DEFPATH);
+		snprintf(envstr, sizeof(envstr), "PATH=%s", _PATH_DEFPATH);
 		e->envp = env_set(e->envp, envstr);
 	}
-	sprintf(envstr, "%s=%s", "LOGNAME", pw->pw_name);
+	snprintf(envstr, sizeof(envstr), "%s=%s", "LOGNAME", pw->pw_name);
 	e->envp = env_set(e->envp, envstr);
 #if defined(BSD)
-	sprintf(envstr, "%s=%s", "USER", pw->pw_name);
+	snprintf(envstr, sizeof(envstr), "%s=%s", "USER", pw->pw_name);
 	e->envp = env_set(e->envp, envstr);
 #endif
 

usr.sbin/cron/env.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: env.c,v 1.1.1.5 1994/01/26 19:09:39 jtc Exp $";
+static char rcsid[] = "$Id: env.c,v 1.2 1996/12/16 22:30:46 thorpej Exp $";
 #endif
 
 
@@ -148,13 +148,15 @@ load_env(envstr, f)
 			if (val[0] == '\'' || val[0] == '"') {
 				if (val[len-1] == val[0]) {
 					val[len-1] = '\0';
-					(void) strcpy(val, val+1);
+					(void) strncpy(val, val+1,
+					    sizeof(val - 1));
+					val[sizeof(val) - 1] = '\0';
 				}
 			}
 		}
 	}
 
-	(void) sprintf(envstr, "%s=%s", name, val);
+	(void) snprintf(envstr, MAX_ENVSTR, "%s=%s", name, val);
 	Debug(DPARS, ("load_env, <%s> <%s> -> <%s>\n", name, val, envstr))
 	return (TRUE);
 }

usr.sbin/cron/misc.c

@@ -16,7 +16,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char rcsid[] = "$Id: misc.c,v 1.2 1994/08/31 19:28:50 jtc Exp $";
+static char rcsid[] = "$Id: misc.c,v 1.3 1996/12/16 22:30:47 thorpej Exp $";
 #endif
 
 /* vix 26jan87 [RCS has the rest of the log]
@@ -263,11 +263,12 @@ acquire_daemonlock(closeflag)
 		char	buf[MAX_TEMPSTR];
 		int	fd, otherpid;
 
-		(void) sprintf(pidfile, PIDFILE, PIDDIR);
+		(void) snprintf(pidfile, sizeof(pidfile), PIDFILE, PIDDIR);
 		if ((-1 == (fd = open(pidfile, O_RDWR|O_CREAT, 0644)))
 		    || (NULL == (fp = fdopen(fd, "r+")))
 		    ) {
-			sprintf(buf, "can't open or create %s: %s",
+			snprintf(buf, sizeof(buf),
+				"can't open or create %s: %s",
 				pidfile, strerror(errno));
 			fprintf(stderr, "%s: %s\n", ProgramName, buf);
 			log_it("CRON", getpid(), "DEATH", buf);
@@ -278,7 +279,8 @@ acquire_daemonlock(closeflag)
 			int save_errno = errno;
 
 			fscanf(fp, "%d", &otherpid);
-			sprintf(buf, "can't lock %s, otherpid may be %d: %s",
+			snprintf(buf, sizeof(buf),
+				"can't lock %s, otherpid may be %d: %s",
 				pidfile, otherpid, strerror(save_errno));
 			fprintf(stderr, "%s: %s\n", ProgramName, buf);
 			log_it("CRON", getpid(), "DEATH", buf);
@@ -464,6 +466,7 @@ log_it(username, xpid, event, detail)
 	PID_T			pid = xpid;
 #if defined(LOG_FILE)
 	char			*msg;
+	size_t			msglen;
 	TIME_T			now = time((TIME_T) 0);
 	register struct tm	*t = localtime(&now);
 #endif /*LOG_FILE*/
@@ -475,10 +478,9 @@ log_it(username, xpid, event, detail)
 #if defined(LOG_FILE)
 	/* we assume that MAX_TEMPSTR will hold the date, time, &punctuation.
 	 */
-	msg = malloc(strlen(username)
-		     + strlen(event)
-		     + strlen(detail)
-		     + MAX_TEMPSTR);
+	msglen = strlen(username) + strlen(event) + strlen(detail) +
+	    MAX_TEMPSTR;
+	msg = malloc(msglen);
 
 	if (LogFD < OK) {
 		LogFD = open(LOG_FILE, O_WRONLY|O_APPEND|O_CREAT, 0600);
@@ -491,11 +493,11 @@ log_it(username, xpid, event, detail)
 		}
 	}
 
-	/* we have to sprintf() it because fprintf() doesn't always write
+	/* we have to snprintf() it because fprintf() doesn't always write
 	 * everything out in one chunk and this has to be atomically appended
 	 * to the log file.
 	 */
-	sprintf(msg, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
+	snprintf(msg, msglen, "%s (%02d/%02d-%02d:%02d:%02d-%d) %s (%s)\n",
 		username,
 		t->tm_mon+1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec, pid,
 		event, detail);
@@ -640,7 +642,7 @@ arpadate(clock)
 	struct tm *tm = localtime(&t);
 	static char ret[30];	/* zone name might be >3 chars */
 	
-	(void) sprintf(ret, "%s, %2d %s %2d %02d:%02d:%02d %s",
+	(void) snprintf(ret, sizeof(ret), "%s, %2d %s %2d %02d:%02d:%02d %s",
 		       DowNames[tm->tm_wday],
 		       tm->tm_mday,
 		       MonthNames[tm->tm_mon],