diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-07-12 23:33:25 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-07-12 23:33:25 +0000 |
| commit | 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch) | |
| tree | 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/krb5 | |
| parent | 57913ccc175061dd41e98914d50eda56dd9685c0 (diff) | |
Avoid use of unchecked sprintf in libraries. Use asprintf if the
output buffer is allocated according to the size of data to be
written, or snprintf otherwise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_encode.c | 9 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/ccapi/stdcc.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/ser_cc.c | 12 | ||||
| -rw-r--r-- | src/lib/krb5/ccache/t_cc.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/keytab/kt_file.c | 13 | ||||
| -rw-r--r-- | src/lib/krb5/krb/gic_pwd.c | 48 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 44 | ||||
| -rw-r--r-- | src/lib/krb5/krb/srv_rcache.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/krb/str_conv.c | 18 | ||||
| -rw-r--r-- | src/lib/krb5/krb/t_ser.c | 29 | ||||
| -rw-r--r-- | src/lib/krb5/os/ccdefname.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/os/dnssrv.c | 6 | ||||
| -rw-r--r-- | src/lib/krb5/os/gen_rname.c | 10 | ||||
| -rw-r--r-- | src/lib/krb5/os/hst_realm.c | 3 | ||||
| -rw-r--r-- | src/lib/krb5/os/ktdefname.c | 2 | ||||
| -rw-r--r-- | src/lib/krb5/os/locate_kdc.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/os/sendto_kdc.c | 15 | ||||
| -rw-r--r-- | src/lib/krb5/rcache/rc_io.c | 48 | ||||
| -rw-r--r-- | src/lib/krb5/rcache/ser_rc.c | 12 |
19 files changed, 153 insertions, 141 deletions
diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index c5e3452b8..5ef2a3efa 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -261,9 +261,12 @@ asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, gtime->tm_mday > 31 || gtime->tm_hour > 23 || gtime->tm_min > 59 || gtime->tm_sec > 59) return ASN1_BAD_GMTIME; - sprintf(s, "%04d%02d%02d%02d%02d%02dZ", - 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, - gtime->tm_hour, gtime->tm_min, gtime->tm_sec); + if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", + 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, + gtime->tm_hour, gtime->tm_min, gtime->tm_sec) + >= sizeof(s)) + /* Shouldn't be possible given above tests. */ + return ASN1_BAD_GMTIME; sp = s; } diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index babfea48b..8f98ef7db 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -1060,7 +1060,7 @@ krb5_error_code KRB5_CALLCONV krb5_stdcc_generate_new /* create a unique name */ cc_get_change_time(gCntrlBlock, &change_time); - sprintf(name, "gen_new_cache%d", change_time); + snprintf(name, 256, "gen_new_cache%d", change_time); /* create the new cache */ err = cc_create(gCntrlBlock, name, name, CC_CRED_V5, 0L, diff --git a/src/lib/krb5/ccache/ser_cc.c b/src/lib/krb5/ccache/ser_cc.c index a7d34f93d..d2abf532d 100644 --- a/src/lib/krb5/ccache/ser_cc.c +++ b/src/lib/krb5/ccache/ser_cc.c @@ -120,13 +120,13 @@ krb5_ccache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **bu fnamep = krb5_cc_get_name(kcontext, ccache); namelen += (strlen(fnamep)+1); - if ((ccname = (char *) malloc(namelen))) { - /* Format the ccache name. */ - if (ccache->ops && ccache->ops->prefix) - sprintf(ccname, "%s:%s", ccache->ops->prefix, fnamep); - else - strcpy(ccname, fnamep); + if (ccache->ops && ccache->ops->prefix) { + if (asprintf(&ccname, "%s:%s", ccache->ops->prefix, fnamep) < 0) + ccname = NULL; + } else + ccname = strdup(fnamep); + if (ccname) { /* Put the length of the file name */ (void) krb5_ser_pack_int32((krb5_int32) strlen(ccname), &bp, &remain); diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index 393ac92cd..862411509 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -170,7 +170,7 @@ static void cc_test(krb5_context context, const char *name, int flags) { /* Copy the cache test*/ - sprintf(newcache, "%s.new", name); + snprintf(newcache, sizeof(newcache), "%s.new", name); kret = krb5_cc_resolve(context, newcache, &id2); CHECK(kret, "resolve of new cache"); @@ -212,12 +212,11 @@ static void cc_test(krb5_context context, const char *name, int flags) */ static int check_registered(krb5_context context, const char *prefix) { - char name[300]; krb5_error_code kret; krb5_ccache id; - sprintf(name, "%s/tmp/cctest.%ld", prefix, (long) getpid()); + snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); kret = krb5_cc_resolve(context, name, &id); if(kret != KRB5_OK) { @@ -242,7 +241,7 @@ static void do_test(krb5_context context, const char *prefix) { char name[300]; - sprintf(name, "%s/tmp/cctest.%ld", prefix, (long) getpid()); + snprintf(name, sizeof(name), "%s/tmp/cctest.%ld", prefix, (long) getpid()); printf("Starting test on %s\n", name); cc_test (context, name, 0); cc_test (context, name, !0); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index df0a80501..2652c00af 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -607,14 +607,13 @@ krb5_ktf_keytab_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet fnamep = ktfile_def_name; namelen += (strlen(fnamep)+1); - if ((ktname = (char *) malloc(namelen))) { - /* Format the keytab name. */ - if (keytab->ops && keytab->ops->prefix) - sprintf(ktname, "%s:%s", keytab->ops->prefix, fnamep); - - else - strcpy(ktname, fnamep); + if (keytab->ops && keytab->ops->prefix) { + if (asprintf(&ktname, "%s:%s", keytab->ops->prefix, fnamep) < 0) + ktname = NULL; + } else + ktname = strdup(fnamep); + if (ktname) { /* Fill in the file-specific keytab information. */ if (ktdata) { if (ktdata->openf) { diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c index 02d344c5d..dd3f011d9 100644 --- a/src/lib/krb5/krb/gic_pwd.c +++ b/src/lib/krb5/krb/gic_pwd.c @@ -257,10 +257,12 @@ krb5_get_init_creds_password(krb5_context context, if (strcmp(pw0.data, pw1.data) != 0) { ret = KRB5_LIBOS_BADPWDMATCH; - sprintf(banner, "%s. Please try again.", error_message(ret)); + snprintf(banner, sizeof(banner), + "%s. Please try again.", error_message(ret)); } else if (pw0.length == 0) { ret = KRB5_CHPW_PWDNULL; - sprintf(banner, "%s. Please try again.", error_message(ret)); + snprintf(banner, sizeof(banner), + "%s. Please try again.", error_message(ret)); } else { int result_code; krb5_data code_string; @@ -295,11 +297,11 @@ krb5_get_init_creds_password(krb5_context context, if (result_string.length > (sizeof(banner)-100)) result_string.length = sizeof(banner)-100; - sprintf(banner, "%.*s%s%.*s. Please try again.\n", - (int) code_string.length, code_string.data, - result_string.length ? ": " : "", - (int) result_string.length, - result_string.data ? result_string.data : ""); + snprintf(banner, sizeof(banner), "%.*s%s%.*s. Please try again.\n", + (int) code_string.length, code_string.data, + result_string.length ? ": " : "", + (int) result_string.length, + result_string.data ? result_string.data : ""); krb5_xfree(code_string.data); krb5_xfree(result_string.data); @@ -340,14 +342,16 @@ cleanup: ((hours = ((as_reply->enc_part2->key_exp-now)/(60*60))) <= 7*24) && (hours >= 0)) { if (hours < 1) - sprintf(banner, - "Warning: Your password will expire in less than one hour."); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in less than one hour."); else if (hours <= 48) - sprintf(banner, "Warning: Your password will expire in %d hour%s.", - hours, (hours == 1)?"":"s"); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d hour%s.", + hours, (hours == 1)?"":"s"); else - sprintf(banner, "Warning: Your password will expire in %d days.", - hours/24); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d days.", + hours/24); /* ignore an error here */ /* PROMPTER_INVOCATION */ @@ -376,17 +380,17 @@ cleanup: delta = (*last_req)->value - now; if (delta < 3600) - sprintf(banner, - "Warning: Your password will expire in less than one " - "hour on %s", ts); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in less than one hour on %s", + ts); else if (delta < 86400*2) - sprintf(banner, - "Warning: Your password will expire in %d hour%s on %s", - delta / 3600, delta < 7200 ? "" : "s", ts); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d hour%s on %s", + delta / 3600, delta < 7200 ? "" : "s", ts); else - sprintf(banner, - "Warning: Your password will expire in %d days on %s", - delta / 86400, ts); + snprintf(banner, sizeof(banner), + "Warning: Your password will expire in %d days on %s", + delta / 86400, ts); /* ignore an error here */ /* PROMPTER_INVOCATION */ (*prompter)(context, data, 0, banner, 0, 0); diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index f59b899c6..7be2becfe 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -799,21 +799,21 @@ krb5_error_code pa_sam(krb5_context context, prompter_data, salt, s2kparams, as_key, gak_data))) return(ret); } - sprintf(name, "%.*s", - SAMDATA(sam_challenge->sam_type_name, "SAM Authentication", - sizeof(name) - 1)); + snprintf(name, sizeof(name), "%.*s", + SAMDATA(sam_challenge->sam_type_name, "SAM Authentication", + sizeof(name) - 1)); - sprintf(banner, "%.*s", - SAMDATA(sam_challenge->sam_challenge_label, - sam_challenge_banner(sam_challenge->sam_type), - sizeof(banner)-1)); + snprintf(banner, sizeof(banner), "%.*s", + SAMDATA(sam_challenge->sam_challenge_label, + sam_challenge_banner(sam_challenge->sam_type), + sizeof(banner)-1)); /* sprintf(prompt, "Challenge is [%s], %s: ", challenge, prompt); */ - sprintf(prompt, "%s%.*s%s%.*s", - sam_challenge->sam_challenge.length?"Challenge is [":"", - SAMDATA(sam_challenge->sam_challenge, "", 20), - sam_challenge->sam_challenge.length?"], ":"", - SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55)); + snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s", + sam_challenge->sam_challenge.length?"Challenge is [":"", + SAMDATA(sam_challenge->sam_challenge, "", 20), + sam_challenge->sam_challenge.length?"], ":"", + SAMDATA(sam_challenge->sam_response_prompt, "passcode", 55)); response_data.data = response; response_data.length = sizeof(response); @@ -1064,20 +1064,20 @@ krb5_error_code pa_sam_2(krb5_context context, } } - sprintf(name, "%.*s", + snprintf(name, sizeof(name), "%.*s", SAMDATA(sc2b->sam_type_name, "SAM Authentication", sizeof(name) - 1)); - sprintf(banner, "%.*s", - SAMDATA(sc2b->sam_challenge_label, - sam_challenge_banner(sc2b->sam_type), - sizeof(banner)-1)); + snprintf(banner, sizeof(banner), "%.*s", + SAMDATA(sc2b->sam_challenge_label, + sam_challenge_banner(sc2b->sam_type), + sizeof(banner)-1)); - sprintf(prompt, "%s%.*s%s%.*s", - sc2b->sam_challenge.length?"Challenge is [":"", - SAMDATA(sc2b->sam_challenge, "", 20), - sc2b->sam_challenge.length?"], ":"", - SAMDATA(sc2b->sam_response_prompt, "passcode", 55)); + snprintf(prompt, sizeof(prompt), "%s%.*s%s%.*s", + sc2b->sam_challenge.length?"Challenge is [":"", + SAMDATA(sc2b->sam_challenge, "", 20), + sc2b->sam_challenge.length?"], ":"", + SAMDATA(sc2b->sam_response_prompt, "passcode", 55)); response_data.data = response; response_data.length = sizeof(response); diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index f88df5ee5..c8cbe72bc 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -84,7 +84,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, continue; } if (!isvalidrcname((int) piece->data[i])) { - sprintf(tmp, "%03o", piece->data[i]); + snprintf(tmp, sizeof(tmp), "%03o", piece->data[i]); cachename[p++] = '-'; cachename[p++] = tmp[0]; cachename[p++] = tmp[1]; diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index d0a11db28..a650496fc 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -264,9 +264,9 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen if (!ndone) { #define sftime_default_len 2+1+2+1+4+1+2+1+2+1 if (buflen >= sftime_default_len) { - sprintf(buffer, "%02d/%02d/%4d %02d:%02d", - tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, - tmp->tm_hour, tmp->tm_min); + snprintf(buffer, buflen, "%02d/%02d/%4d %02d:%02d", + tmp->tm_mday, tmp->tm_mon+1, 1900+tmp->tm_year, + tmp->tm_hour, tmp->tm_min); ndone = strlen(buffer); } } @@ -309,14 +309,14 @@ krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen) memset (tmpbuf, 0, sizeof (tmpbuf)); if (days == 0) - sprintf(buffer, "%d:%02d:%02d", hours, minutes, seconds); + snprintf(buffer, buflen, "%d:%02d:%02d", hours, minutes, seconds); else if (hours || minutes || seconds) - sprintf(buffer, "%d %s %02d:%02d:%02d", days, - (days > 1) ? "days" : "day", - hours, minutes, seconds); + snprintf(buffer, buflen, "%d %s %02d:%02d:%02d", days, + (days > 1) ? "days" : "day", + hours, minutes, seconds); else - sprintf(buffer, "%d %s", days, - (days > 1) ? "days" : "day"); + snprintf(buffer, buflen, "%d %s", days, + (days > 1) ? "days" : "day"); if (tmpbuf[sizeof(tmpbuf)-1] != 0) /* Something must be very wrong with my math above, or the assumptions going into it... */ diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index d62bceeb7..383b6708d 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -203,7 +203,7 @@ ser_kcontext_test(krb5_context kcontext, int verbose) profile_t sprofile; char dbname[128]; - sprintf(dbname, "temp_%d", (int) getpid()); + snprintf(dbname, sizeof(dbname), "temp_%d", (int) getpid()); sprofile = kcontext->profile; kcontext->profile = (profile_t) NULL; if (!(kret = ser_data(verbose, "> Context with no profile", @@ -320,7 +320,8 @@ ser_acontext_test(krb5_context kcontext, int verbose) */ memset(&aent, 0, sizeof(aent)); aent.magic = KV5M_AUTHENTICATOR; - sprintf(clname, "help/me/%d@this.is.a.test", (int) getpid()); + snprintf(clname, sizeof(clname), + "help/me/%d@this.is.a.test", (int) getpid()); actx->authentp = &aent; if (!(kret = krb5_parse_name(kcontext, clname, &aent.client)) && @@ -368,9 +369,10 @@ ser_ccache_test(krb5_context kcontext, int verbose) krb5_ccache ccache; krb5_principal principal; - sprintf(ccname, "temp_cc_%d", (int) getpid()); - sprintf(princname, "zowie%d/instance%d@this.is.a.test", - (int) getpid(), (int) getpid()); + snprintf(ccname, sizeof(ccname), "temp_cc_%d", (int) getpid()); + snprintf(princname, sizeof(princname), + "zowie%d/instance%d@this.is.a.test", + (int) getpid(), (int) getpid()); if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && !(kret = ser_data(verbose, "> Resolved default ccache", (krb5_pointer) ccache, KV5M_CCACHE)) && @@ -380,9 +382,9 @@ ser_ccache_test(krb5_context kcontext, int verbose) (krb5_pointer) ccache, KV5M_CCACHE)) && !(kret = krb5_cc_destroy(kcontext, ccache))) { krb5_free_principal(kcontext, principal); - sprintf(ccname, "FILE:temp_cc_%d", (int) getpid()); - sprintf(princname, "xxx%d/i%d@this.is.a.test", - (int) getpid(), (int) getpid()); + snprintf(ccname, sizeof(ccname), "FILE:temp_cc_%d", (int) getpid()); + snprintf(princname, sizeof(princname), "xxx%d/i%d@this.is.a.test", + (int) getpid(), (int) getpid()); if (!(kret = krb5_cc_resolve(kcontext, ccname, &ccache)) && !(kret = ser_data(verbose, "> Resolved FILE ccache", (krb5_pointer) ccache, KV5M_CCACHE)) && @@ -412,7 +414,7 @@ ser_keytab_test(krb5_context kcontext, int verbose) char ccname[128]; krb5_keytab keytab; - sprintf(ccname, "temp_kt_%d", (int) getpid()); + snprintf(ccname, sizeof(ccname), "temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && !(kret = ser_data(verbose, "> Resolved default keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && @@ -422,7 +424,8 @@ ser_keytab_test(krb5_context kcontext, int verbose) !(kret = ser_data(verbose, "> Resolved FILE keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && !(kret = krb5_kt_close(kcontext, keytab))) { - sprintf(ccname, "WRFILE:temp_kt_%d", (int) getpid()); + snprintf(ccname, sizeof(ccname), + "WRFILE:temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && !(kret = ser_data(verbose, "> Resolved WRFILE keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && @@ -447,7 +450,7 @@ ser_rcache_test(krb5_context kcontext, int verbose) char rcname[128]; krb5_rcache rcache; - sprintf(rcname, "dfl:temp_rc_%d", (int) getpid()); + snprintf(rcname, sizeof(rcname), "dfl:temp_rc_%d", (int) getpid()); if (!(kret = krb5_rc_resolve_full(kcontext, &rcache, rcname)) && !(kret = ser_data(verbose, "> Resolved FILE rcache", (krb5_pointer) rcache, KV5M_RCACHE)) && @@ -527,7 +530,9 @@ ser_princ_test(krb5_context kcontext, int verbose) krb5_principal princ; char pname[1024]; - sprintf(pname, "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test", (int) getpid()); + snprintf(pname, sizeof(pname), + "the/quick/brown/fox/jumped/over/the/lazy/dog/%d@this.is.a.test", + (int) getpid()); if (!(kret = krb5_parse_name(kcontext, pname, &princ))) { if (!(kret = ser_data(verbose, "> Principal", (krb5_pointer) princ, KV5M_PRINCIPAL))) { diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index d140b0896..8fa52f7b8 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -213,7 +213,8 @@ static krb5_error_code get_from_os(char *name_buf, int name_size) result = ENOMEM; goto cleanup; } else { - sprintf (name_buf, "API:%s", default_name -> data); + snprintf (name_buf, name_size, "API:%s", + default_name -> data); } } @@ -233,8 +234,8 @@ cleanup: #if !(defined(_WIN32)) static krb5_error_code get_from_os(char *name_buf, int name_size) { - sprintf(name_buf, "FILE:/tmp/krb5cc_%ld", (long) getuid()); - return 0; + snprintf(name_buf, name_size, "FILE:/tmp/krb5cc_%ld", (long) getuid()); + return 0; } #endif #endif diff --git a/src/lib/krb5/os/dnssrv.c b/src/lib/krb5/os/dnssrv.c index d1c96b291..d726fb7e5 100644 --- a/src/lib/krb5/os/dnssrv.c +++ b/src/lib/krb5/os/dnssrv.c @@ -84,8 +84,10 @@ krb5int_make_srv_query_realm(const krb5_data *realm, if ( strlen(service) + strlen(protocol) + realm->length + 6 > MAXDNAME ) return 0; - sprintf(host, "%s.%s.%.*s", service, protocol, (int) realm->length, - realm->data); + if (snprintf(host, sizeof(host), "%s.%s.%.*s", + service, protocol, (int) realm->length, + realm->data) >= sizeof(host)) + return 0; /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the diff --git a/src/lib/krb5/os/gen_rname.c b/src/lib/krb5/os/gen_rname.c index 7978a5dbc..609815338 100644 --- a/src/lib/krb5/os/gen_rname.c +++ b/src/lib/krb5/os/gen_rname.c @@ -36,14 +36,16 @@ krb5_gen_replay_name(krb5_context context, const krb5_address *address, const ch { char * tmp; int i; + int len; - if ((*string = malloc(strlen(uniq) + (address->length * 2) + 1)) == NULL) + len = strlen(uniq) + (address->length * 2) + 1; + if ((*string = malloc(len)) == NULL) return ENOMEM; - sprintf(*string, "%s", uniq); - tmp = (*string) + strlen(uniq); + snprintf(*string, len, "%s", uniq); + tmp = *string + strlen(uniq); for (i = 0; i < address->length; i++) { - sprintf(tmp, "%.2x", address->contents[i] & 0xff); + snprintf(tmp, len - (tmp-*string), "%.2x", address->contents[i] & 0xff); tmp += 2; } return 0; diff --git a/src/lib/krb5/os/hst_realm.c b/src/lib/krb5/os/hst_realm.c index 7e24b8d6d..983637864 100644 --- a/src/lib/krb5/os/hst_realm.c +++ b/src/lib/krb5/os/hst_realm.c @@ -105,7 +105,8 @@ krb5_try_realm_txt_rr(const char *prefix, const char *name, char **realm) } else { if ( strlen(prefix) + strlen(name) + 3 > MAXDNAME ) return KRB5_ERR_HOST_REALM_UNKNOWN; - sprintf(host,"%s.%s", prefix, name); + if (snprintf(host, sizeof(host), "%s.%s", prefix, name) >= sizeof(host)) + return KRB5_ERR_HOST_REALM_UNKNOWN; /* Realm names don't (normally) end with ".", but if the query doesn't end with "." and doesn't get an answer as is, the diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index 925b6e1b5..28fac5dee 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -70,7 +70,7 @@ krb5_kt_default_name(krb5_context context, char *name, size_t namesize) defname[len]= '\0'; if ( (len + strlen(krb5_defkeyname) + 1) > namesize ) return KRB5_CONFIG_NOTENUFSPACE; - sprintf(name, krb5_defkeyname, defname); + snprintf(name, namesize, krb5_defkeyname, defname); } #else if (namesize < (strlen(krb5_defkeyname)+1)) diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 566213d35..f03568b36 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -257,8 +257,11 @@ krb5int_add_host_to_list (struct addrlist *lp, const char *hostname, #ifdef AI_NUMERICSERV hint.ai_flags = AI_NUMERICSERV; #endif - sprintf(portbuf, "%d", ntohs(port)); - sprintf(secportbuf, "%d", ntohs(secport)); + if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf)) + /* XXX */ + return EINVAL; + if (snprintf(secportbuf, sizeof(secportbuf), "%d", ntohs(secport)) >= sizeof(secportbuf)) + return EINVAL; err = getaddrinfo (hostname, portbuf, &hint, &addrs); if (err) { Tprintf ("\tgetaddrinfo(\"%s\", \"%s\", ...)\n\treturns %d: %s\n", diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index a476ef400..3be46de9f 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -122,7 +122,7 @@ krb5int_debug_fprint (const char *fmt, ...) va_start(args, fmt); -#define putf(FMT,X) (sprintf(tmpbuf,FMT,X),putstr(tmpbuf)) +#define putf(FMT,X) (snprintf(tmpbuf,sizeof(tmpbuf),FMT,X),putstr(tmpbuf)) for (; *fmt; fmt++) { if (*fmt != '%') { @@ -152,7 +152,7 @@ krb5int_debug_fprint (const char *fmt, ...) case 'E': /* %E => krb5_error_code */ kerr = va_arg(args, krb5_error_code); - sprintf(tmpbuf, "%lu/", (unsigned long) kerr); + snprintf(tmpbuf, sizeof(tmpbuf), "%lu/", (unsigned long) kerr); putstr(tmpbuf); p = error_message(kerr); putstr(p); @@ -204,7 +204,7 @@ krb5int_debug_fprint (const char *fmt, ...) /* %t => struct timeval * */ tv = va_arg(args, struct timeval *); if (tv) { - sprintf(tmpbuf, "%ld.%06ld", + snprintf(tmpbuf, sizeof(tmpbuf), "%ld.%06ld", (long) tv->tv_sec, (long) tv->tv_usec); putstr(tmpbuf); } else @@ -226,7 +226,7 @@ krb5int_debug_fprint (const char *fmt, ...) else if (ai->ai_socktype == SOCK_STREAM) strcpy(tmpbuf, "stream"); else - sprintf(tmpbuf, "socktype%d", ai->ai_socktype); + snprintf(tmpbuf, sizeof(tmpbuf), "socktype%d", ai->ai_socktype); if (0 != getnameinfo (ai->ai_addr, ai->ai_addrlen, addrbuf, sizeof (addrbuf), portbuf, sizeof (portbuf), @@ -234,9 +234,12 @@ krb5int_debug_fprint (const char *fmt, ...) if (ai->ai_addr->sa_family == AF_UNSPEC) strcpy(tmpbuf + strlen(tmpbuf), " AF_UNSPEC"); else - sprintf(tmpbuf + strlen(tmpbuf), " af%d", ai->ai_addr->sa_family); + snprintf(tmpbuf + strlen(tmpbuf), + sizeof(tmpbuf)-strlen(tmpbuf), + " af%d", ai->ai_addr->sa_family); } else - sprintf(tmpbuf + strlen(tmpbuf), " %s.%s", addrbuf, portbuf); + snprintf(tmpbuf + strlen(tmpbuf), sizeof(tmpbuf)-strlen(tmpbuf), + " %s.%s", addrbuf, portbuf); putstr(tmpbuf); break; case 'D': diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index adc6a8c49..32357283e 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -76,8 +76,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) size_t dirlen; GETDIR; - if (fn && *fn) - { + if (fn && *fn) { if (!(d->fn = malloc(strlen(*fn) + dirlen + 1))) return KRB5_RC_IO_MALLOC; (void) strcpy(d->fn, dir); @@ -85,43 +84,34 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) (void) strcat(d->fn, *fn); d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY, 0600); - } - else - { - /* %d is max 11 digits (-, 10 digits of 32-bit number) - * 11 + /krb5_RC + aaa = 24, +6 for slop */ - if (!(d->fn = malloc(30 + dirlen))) + } else { + if (asprintf(&d->fn, "%s%skrb5_RC%daaa", + dir, PATH_SEPARATOR, (int) UNIQUE) < 0) { + d->fn = NULL; return KRB5_RC_IO_MALLOC; - if (fn) - if (!(*fn = malloc(35))) { - FREE(d->fn); - return KRB5_RC_IO_MALLOC; - } - (void) sprintf(d->fn, "%s%skrb5_RC%d", dir, PATH_SEPARATOR, - (int) UNIQUE); - c = d->fn + strlen(d->fn); - (void) strcpy(c, "aaa"); + } + c = d->fn + strlen(d->fn) - 3; while ((d->fd = THREEPARAMOPEN(d->fn, O_WRONLY | O_CREAT | O_TRUNC | - O_EXCL | O_BINARY, 0600)) == -1) - { - if ((c[2]++) == 'z') - { + O_EXCL | O_BINARY, 0600)) == -1) { + if ((c[2]++) == 'z') { c[2] = 'a'; - if ((c[1]++) == 'z') - { + if ((c[1]++) == 'z') { c[1] = 'a'; if ((c[0]++) == 'z') break; /* sigh */ } } } - if (fn) - (void) strcpy(*fn, d->fn + dirlen); + if (fn) { + *fn = strdup(d->fn + dirlen); + if (*fn == NULL) { + free(d->fn); + return KRB5_RC_IO_MALLOC; + } + } } - if (d->fd == -1) - { - switch(errno) - { + if (d->fd == -1) { + switch(errno) { case EFBIG: #ifdef EDQUOT case EDQUOT: diff --git a/src/lib/krb5/rcache/ser_rc.c b/src/lib/krb5/rcache/ser_rc.c index 0b3d098a8..af19edf7a 100644 --- a/src/lib/krb5/rcache/ser_rc.c +++ b/src/lib/krb5/rcache/ser_rc.c @@ -121,13 +121,13 @@ krb5_rcache_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **bu fnamep = krb5_rc_get_name(kcontext, rcache); namelen += (strlen(fnamep)+1); - if ((rcname = (char *) malloc(namelen))) { - /* Format the rcache name. */ - if (rcache->ops && rcache->ops->type) - sprintf(rcname, "%s:%s", rcache->ops->type, fnamep); - else - strcpy(rcname, fnamep); + if (rcache->ops && rcache->ops->type) { + if (asprintf(&rcname, "%s:%s", rcache->ops->type, fnamep) < 0) + rcname = NULL; + } else + rcname = strdup(fnamep); + if (rcname) { /* Put the length of the file name */ (void) krb5_ser_pack_int32((krb5_int32) strlen(rcname), &bp, &remain); |