Avoid use of unchecked sprintf in libraries. Use asprintf if the

output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
author: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
committer: Ken Raeburn <raeburn@mit.edu> 2007-07-12 23:33:25 +0000
commit: 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree: 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/kadm5
parent: 57913ccc175061dd41e98914d50eda56dd9685c0 (diff)
5 files changed, 72 insertions, 78 deletions
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index 5567b0c24..6802090d5 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -468,20 +468,17 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config,
      * admin database name and lockfile are now always derived from dbname
      */
     if (params.mask & KADM5_CONFIG_DBNAME) {
-	 params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7);
-	 if (params.admin_dbname) {
-	      sprintf(params.admin_dbname, "%s.kadm5", params.dbname);
-	      params.mask |= KADM5_CONFIG_ADBNAME;
-	 }
+	if (asprintf(&params.admin_dbname, "%s.kadm5", params.dbname) > 0)
+	    params.mask |= KADM5_CONFIG_ADBNAME;
+	else
+	    params.admin_dbname = NULL;
     }
 
     if (params.mask & KADM5_CONFIG_ADBNAME) {
-	 params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname)
-						 + 6);
-	 if (params.admin_lockfile) {
-	      sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname);
-	      params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
-	 }
+	if (asprintf(&params.admin_lockfile, "%s.lock", params.admin_dbname) > 0)
+	    params.mask |= KADM5_CONFIG_ADB_LOCKFILE;
+	else
+	    params.admin_lockfile = NULL;
     }
     
     /* Get the value for the admin (policy) database lock file*/
@@ -816,7 +813,7 @@ kadm5_get_admin_service_name(krb5_context ctx,
 	ret = ENOMEM;
 	goto err_params;
     }
-    sprintf(admin_name, "kadmin/%s", hp->h_name);
+    snprintf(admin_name, maxlen, "kadmin/%s", hp->h_name);
 
 err_params:
     kadm5_free_config_params(ctx, &params_out);
diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c
index dc6ebb61b..8f6f8c5d7 100644
--- a/src/lib/kadm5/chpass_util.c
+++ b/src/lib/kadm5/chpass_util.c
@@ -139,12 +139,13 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
   if ((code != KADM5_PASS_Q_TOOSHORT) && 
       (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && 
       (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) {
-    /* Can't get more info for other errors */
-    sprintf(buffer, "%s %s", error_message(code), 
-	    string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
-    sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
-	    buffer);
-    return(code);
+      /* Can't get more info for other errors */
+      snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), 
+	       string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+      snprintf(msg_ret, msg_len, "%s\n%s\n",
+	       string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
+	       buffer);
+      return(code);
   }
 
   /* Ok, we have a password quality error. Return a good message */
@@ -200,31 +201,31 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
   code2 = kadm5_get_policy(lhandle, princ_ent.policy,
 			   &policy_ent);
   if (code2 != 0) {
-    sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", error_message(code2), 
-	    string_text(CHPASS_UTIL_GET_POLICY_INFO),
-	    error_message(code),
-	    string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
-	    string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
-    (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-    return(code);
+      snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2), 
+	       string_text(CHPASS_UTIL_GET_POLICY_INFO),
+	       error_message(code),
+	       string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE),
+	       string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED));
+      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+      return(code);
   }
   
   if (code == KADM5_PASS_Q_TOOSHORT) {
-    sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), 
-	    policy_ent.pw_min_length);
-    (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-    (void) kadm5_free_policy_ent(lhandle, &policy_ent);
-    return(code);
+      snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), 
+	       policy_ent.pw_min_length);
+      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+      (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+      return(code);
   }
 
 /* Can't get more info for other errors */
 
   if (code == KADM5_PASS_Q_CLASS) {
-    sprintf(msg_ret, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), 
-	    policy_ent.pw_min_classes);
-    (void) kadm5_free_principal_ent(lhandle, &princ_ent);
-    (void) kadm5_free_policy_ent(lhandle, &policy_ent);
-    return(code);
+      snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), 
+	       policy_ent.pw_min_classes);
+      (void) kadm5_free_principal_ent(lhandle, &princ_ent);
+      (void) kadm5_free_policy_ent(lhandle, &policy_ent);
+      return(code);
   }
 
   if (code == KADM5_PASS_TOOSOON) {
@@ -237,18 +238,19 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle,
     if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
       *ptr = '\0';
 
-    sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), 
-	    time_string);
+    snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), 
+	     time_string);
     (void) kadm5_free_principal_ent(lhandle, &princ_ent);
     (void) kadm5_free_policy_ent(lhandle, &policy_ent);
     return(code);
   }
 
   /* We should never get here, but just in case ... */
-  sprintf(buffer, "%s %s", error_message(code), 
-	  string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
-  sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
-	  buffer);
+  snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), 
+	   string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE));
+  snprintf(msg_ret, msg_len, "%s\n%s\n",
+	   string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), 
+	   buffer);
   (void) kadm5_free_principal_ent(lhandle, &princ_ent);
   (void) kadm5_free_policy_ent(lhandle, &policy_ent);
   return(code);
diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
index 92cb715b2..bdef3e293 100644
--- a/src/lib/kadm5/clnt/client_init.c
+++ b/src/lib/kadm5/clnt/client_init.c
@@ -405,23 +405,21 @@ kadm5_get_init_creds(kadm5_server_handle_t handle,
 
      if (init_type == INIT_CREDS) {
 	  ccache = ccache_in;
-	  handle->cache_name = (char *)
-	       malloc(strlen(krb5_cc_get_type(handle->context, ccache)) +
-		      strlen(krb5_cc_get_name(handle->context, ccache)) + 2);
-	  if (handle->cache_name == NULL) {
-	       code = ENOMEM;
-	       goto error;
+	  if (asprintf(&handle->cache_name, "%s:%s",
+		       krb5_cc_get_type(handle->context, ccache),
+		       krb5_cc_get_name(handle->context, ccache)) < 0) {
+	      handle->cache_name = NULL;
+	      code = ENOMEM;
+	      goto error;
 	  }
-	  sprintf(handle->cache_name, "%s:%s",
-		  krb5_cc_get_type(handle->context, ccache),
-		  krb5_cc_get_name(handle->context, ccache));
      } else {
 	  static int counter = 0;
 
-	  handle->cache_name = malloc(sizeof("MEMORY:kadm5_")
-				      + 3*sizeof(counter));
-	  sprintf(handle->cache_name, "MEMORY:kadm5_%u", counter++);
-
+	  if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) {
+	      handle->cache_name = NULL;
+	      code = ENOMEM;
+	      goto error;
+	  }
 	  code = krb5_cc_resolve(handle->context, handle->cache_name,
 				 &ccache);
 	  if (code) 
@@ -477,6 +475,7 @@ kadm5_gic_iter(kadm5_server_handle_t handle,
      krb5_keytab kt;
      krb5_get_init_creds_opt opt;
      krb5_creds mcreds, outcreds;
+     int n;
 
      ctx = handle->context;
      kt = NULL;
@@ -487,20 +486,17 @@ kadm5_gic_iter(kadm5_server_handle_t handle,
 
      code = ENOMEM;
      if (realm) {
-          if ((strlen(svcname) + strlen(realm) + 1) >= full_svcname_len)
-	       goto error;
-	  sprintf(full_svcname, "%s@%s", svcname, realm);
+	 n = snprintf(full_svcname, full_svcname_len, "%s@%s",
+		      svcname, realm);
+	 if (n < 0 || n >= full_svcname_len)
+	     goto error;
      } else {
-	  /* krb5_princ_realm(client) is not null terminated */
-          if ((strlen(svcname) + krb5_princ_realm(ctx, client)->length + 1)
-	      >= full_svcname_len)
-	       goto error;
-
-	  strcpy(full_svcname, svcname);
-	  strcat(full_svcname, "@");
-	  strncat(full_svcname,
-		  krb5_princ_realm(ctx, client)->data,
-		  krb5_princ_realm(ctx, client)->length);
+	 /* krb5_princ_realm(client) is not null terminated */
+	 n = snprintf(full_svcname, full_svcname_len, "%s@%.*s",
+		      svcname, krb5_princ_realm(ctx, client)->length,
+		      krb5_princ_realm(ctx, client)->data);
+	 if (n < 0 || n >= full_svcname_len)
+	     goto error;
      }
 
      if (init_type != INIT_CREDS)
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
index 86abf48e9..dabb399c1 100644
--- a/src/lib/kadm5/logger.c
+++ b/src/lib/kadm5/logger.c
@@ -189,7 +189,7 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list
     char	*syslogp;
 
     /* Make the header */
-    sprintf(outbuf, "%s: ", whoami);
+    snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
     /*
      * Squirrel away address after header for syslog since syslog makes
      * a header
@@ -844,13 +844,13 @@ klog_vsyslog(int priority, const char *format, va_list arglist)
     cp += 15;
 #endif	/* HAVE_STRFTIME */
 #ifdef VERBOSE_LOGS
-    sprintf(cp, " %s %s[%ld](%s): ",
-	    log_control.log_hostname ? log_control.log_hostname : "", 
-	    log_control.log_whoami ? log_control.log_whoami : "", 
-	    (long) getpid(),
-	    severity2string(priority));
+    snprintf(cp, sizeof(outbuf) - (cp-outbuf), " %s %s[%ld](%s): ",
+	     log_control.log_hostname ? log_control.log_hostname : "", 
+	     log_control.log_whoami ? log_control.log_whoami : "", 
+	     (long) getpid(),
+	     severity2string(priority));
 #else
-    sprintf(cp, " ");
+    snprintf(cp, sizeof(outbuf) - (cp-outbuf), " ");
 #endif
     syslogp = &outbuf[strlen(outbuf)];
 
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index 6392ef10d..700b53a66 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -113,11 +113,10 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r)
 	realm = r;
     }
 
-    if ((hist_name = (char *) malloc(strlen(KADM5_HIST_PRINCIPAL) +
-				     strlen(realm) + 2)) == NULL)
+    if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) {
+	hist_name = NULL;
 	goto done;
-
-    (void) sprintf(hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm);
+    }
 
     if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ)))
 	goto done;
author	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
committer	Ken Raeburn <raeburn@mit.edu>	2007-07-12 23:33:25 +0000
commit	52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch)
tree	9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/kadm5
parent	57913ccc175061dd41e98914d50eda56dd9685c0 (diff)