Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be
written, or snprintf otherwise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 22 insertions, 29 deletions

diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
index 265ccd6cf9..74d553ee63 100644
--- a/src/util/profile/prof_file.c
+++ b/src/util/profile/prof_file.c
@@ -407,15 +407,14 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
 	retval = ENOMEM;
 	
 	new_file = old_file = 0;
-	new_file = malloc(strlen(outfile) + 5);
-	if (!new_file)
-		goto errout;
-	old_file = malloc(strlen(outfile) + 5);
-	if (!old_file)
-		goto errout;
-
-	sprintf(new_file, "%s.$$$", outfile);
-	sprintf(old_file, "%s.bak", outfile);
+	if (asprintf(&new_file, "%s.$$$", outfile) < 0) {
+	    new_file = NULL;
+	    goto errout;
+	}
+	if (asprintf(&old_file, "%s.bak", outfile) < 0) {
+	    old_file = NULL;
+	    goto errout;
+	}
 
 	errno = 0;
 
diff --git a/src/util/support/errors.c b/src/util/support/errors.c
index e2101a2a9f..94290f857a 100644
--- a/src/util/support/errors.c
+++ b/src/util/support/errors.c
@@ -125,7 +125,8 @@ krb5int_get_error (struct errinfo *ep, long code)
 		return r2;
 	}
     format_number:
-	sprintf (ep->scratch_buf, _("error %ld"), code);
+	snprintf (ep->scratch_buf, sizeof(ep->scratch_buf),
+		  _("error %ld"), code);
 	return ep->scratch_buf;
     }
     r = (char *) fptr(code);
diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c
index b26726fab6..99d3aea570 100644
--- a/src/util/support/plugins.c
+++ b/src/util/support/plugins.c
@@ -49,6 +49,8 @@
 #include <unistd.h>
 #endif
 
+#include "k5-platform.h"
+
 #include <stdarg.h>
 static void Tprintf (const char *fmt, ...)
 {
@@ -377,15 +379,11 @@ krb5int_get_plugin_filenames (const char * const *filebases, char ***filenames)
     if (!err) {
         int j;
         for (i = 0; !err && (filebases[i] != NULL); i++) {
-            size_t baselen = strlen (filebases[i]);
             for (j = 0; !err && (fileexts[j] != NULL); j++) {
-                size_t len = baselen + strlen (fileexts[j]) + 2; /* '.' + NULL */
-                tempnames[i+j] = malloc (len * sizeof (char));
-                if (tempnames[i+j] == NULL) { 
-                    err = errno; 
-                } else {
-                    sprintf (tempnames[i+j], "%s%s", filebases[i], fileexts[j]);
-                }
+		if (asprintf(&tempnames[i+j], "%s%s", filebases[i], fileexts[j]) < 0) {
+		    tempnames[i+j] = NULL;
+		    err = errno;
+		}
             }
         }
     }
@@ -426,7 +424,6 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
     }
     
     for (i = 0; !err && dirnames[i] != NULL; i++) {
-	size_t dirnamelen = strlen (dirnames[i]) + 1; /* '/' */
         if (filenames != NULL) {
             /* load plugins with names from filenames from each directory */
             int j;
@@ -436,11 +433,9 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
 		char *filepath = NULL;
 		
 		if (!err) {
-		    filepath = malloc (dirnamelen + strlen (filenames[j]) + 1); /* NULL */
-		    if (filepath == NULL) { 
-			err = errno; 
-		    } else {
-			sprintf (filepath, "%s/%s", dirnames[i], filenames[j]);
+		    if (asprintf(&filepath, "%s/%s", dirnames[i], filenames[j]) < 0) {
+			filepath = NULL;
+			err = errno;
 		    }
 		}
 		
@@ -472,11 +467,9 @@ krb5int_open_plugin_dirs (const char * const *dirnames,
                 
 		if (!err) {
                     int len = NAMELEN (d);
-		    filepath = malloc (dirnamelen + len + 1); /* NULL */
-		    if (filepath == NULL) { 
-			err = errno; 
-		    } else {
-			sprintf (filepath, "%s/%*s", dirnames[i], len, d->d_name);
+		    if (asprintf(&filepath, "%s/%*s", dirnames[i], len, d->d_name) < 0) {
+			filepath = NULL;
+			err = errno;
 		    }
 		}