use g_strdup_printf to avoir buffer size calculations and g_snprintf to avoir

buffer overrun.

8 files changed, 21 insertions, 33 deletions

diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c
index 931781ef..161aaaa6 100644
--- a/lasso/id-ff/defederation.c
+++ b/lasso/id-ff/defederation.c
@@ -136,8 +136,7 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation)
       goto done;
     }
 
-    profile->msg_url = g_new(gchar, strlen(url) + strlen(query) + 1 + 1);
-    g_sprintf(profile->msg_url, "%s?%s", url, query);
+    profile->msg_url = g_strdup_printf("%s?%s", url, query);
     profile->msg_body = NULL;
   }
   else {
@@ -507,10 +506,8 @@ lasso_defederation_validate_notification(LassoDefederation *defederation)
 
     /* if a relay state, then build the query part */
     if (profile->msg_relayState != NULL) {
-      gchar *url = NULL;
-      url = g_new(gchar, strlen(profile->msg_url) + strlen("RelayState=") + strlen(profile->msg_relayState) + 1 + 1);
-      g_sprintf(url, "%s?RelayState=%s", url, profile->msg_relayState);
-
+      gchar *url;
+      url = g_strdup_printf("%s?RelayState=%s", profile->msg_url, profile->msg_relayState);
       xmlFree(profile->msg_url);
       profile->msg_url = url;
     }
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 4bcbad46..a780a10b 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -487,11 +487,11 @@ lasso_login_build_artifact_msg(LassoLogin      *login,
 
   switch (http_method) {
   case lassoHttpMethodRedirect:
-    LASSO_PROFILE(login)->msg_url = g_new(gchar, 1024+1);
-    g_sprintf(LASSO_PROFILE(login)->msg_url, "%s?SAMLart=%s", url, b64_samlArt);
-    if (relayState != NULL) {
-      g_sprintf(LASSO_PROFILE(login)->msg_url, "%s&RelayState=%s",
-	      LASSO_PROFILE(login)->msg_url, relayState);
+    if (relayState == NULL) {
+      LASSO_PROFILE(login)->msg_url = g_strdup_printf("%s?SAMLart=%s", url, b64_samlArt);
+    else {
+      LASSO_PROFILE(login)->msg_url = g_strdup_printf("%s?SAMLart=%s&RelayState=%s",
+                      url, b64_samlArt, relayState);
     }
     break;
   case lassoHttpMethodPost:
@@ -597,8 +597,7 @@ lasso_login_build_authn_request_msg(LassoLogin      *login,
       }
     }
     /* alloc msg_url (+2 for the ? and \0) */
-    LASSO_PROFILE(login)->msg_url = (gchar *) g_new(gchar, strlen(url) + strlen(query) + 2);
-    g_sprintf(LASSO_PROFILE(login)->msg_url, "%s?%s", url, query);
+    LASSO_PROFILE(login)->msg_url = g_strdup_printf("%s?%s", url, query);
     LASSO_PROFILE(login)->msg_body = NULL;
     g_free(query);
   }
@@ -787,7 +786,7 @@ lasso_login_dump(LassoLogin *login)
   node = lasso_node_new_from_dump(parent_dump);
   g_free(parent_dump);
 
-  g_sprintf(protocolProfile, "%d", login->protocolProfile);
+  g_snprintf(protocolProfile, 6, "%d", login->protocolProfile);
   LASSO_NODE_GET_CLASS(node)->new_child(node, "ProtocolProfile", protocolProfile, FALSE);
 
   /* nico : Added dump of assertion */
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index c95f2837..62715550 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -138,8 +138,7 @@ lasso_logout_build_request_msg(LassoLogout *logout)
     }
 
     /* build the msg_url */
-    profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1);
-    g_sprintf(profile->msg_url, "%s?%s", url, query);
+    profile->msg_url = g_strdup_printf("%s?%s", url, query);
     profile->msg_body = NULL;
   }
   else {
@@ -244,8 +243,7 @@ lasso_logout_build_response_msg(LassoLogout *logout)
       goto done;
     }
 
-    profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1);
-    g_sprintf(profile->msg_url, "%s?%s", url, query);
+    profile->msg_url = g_strdup_printf("%s?%s", url, query);
     profile->msg_body = NULL;
     break;
   default:
@@ -766,8 +764,7 @@ lasso_logout_process_response_msg(LassoLogout     *logout,
       query = lasso_node_export_to_query(profile->request,
 					 profile->server->signature_method,
 					 profile->server->private_key);
-      profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1);
-      g_sprintf(profile->msg_url, "%s?%s", url, query);
+      profile->msg_url = g_strdup_printf("%s?%s", url, query);
       profile->msg_body = NULL;
 
       /* send a HTTP Redirect / GET method, so first remove session */
diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c
index f9bc4472..3b5bbbda 100644
--- a/lasso/id-ff/name_registration.c
+++ b/lasso/id-ff/name_registration.c
@@ -150,8 +150,7 @@ lasso_name_registration_build_request_msg(LassoNameRegistration *name_registrati
     }
 
     /* build the msg_url */
-    profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1);
-    g_sprintf(profile->msg_url, "%s?%s", url, query);
+    profile->msg_url = g_strdup_printf("%s?%s", url, query);
     profile->msg_body = NULL;
   }
   else {
@@ -227,8 +226,7 @@ lasso_name_registration_build_response_msg(LassoNameRegistration *name_registrat
       goto done;
     }
 
-    profile->msg_url = g_new(gchar, strlen(url)+strlen(query)+1+1);
-    g_sprintf(profile->msg_url, "%s?%s", url, query);
+    profile->msg_url = g_strdup_printf("%s?%s", url, query);
     profile->msg_body = NULL;
     break;
   default:
diff --git a/lasso/id-ff/profile.c b/lasso/id-ff/profile.c
index d3052010..2b4c8fd6 100644
--- a/lasso/id-ff/profile.c
+++ b/lasso/id-ff/profile.c
@@ -157,13 +157,13 @@ lasso_profile_dump(LassoProfile *ctx,
 					  ctx->msg_relayState, FALSE);
   }
 
-  g_sprintf(request_type, "%d", ctx->request_type);
+  g_snprintf(request_type, 6, "%d", ctx->request_type);
   LASSO_NODE_GET_CLASS(node)->new_child(node, "RequestType", request_type, FALSE);
   g_free(request_type);
-  g_sprintf(response_type, "%d", ctx->response_type);
+  g_snprintf(response_type, 6, "%d", ctx->response_type);
   LASSO_NODE_GET_CLASS(node)->new_child(node, "ResponseType", response_type, FALSE);
   g_free(response_type);
-  g_sprintf(provider_type, "%d", ctx->provider_type);
+  g_snprintf(provider_type, 6, "%d", ctx->provider_type);
   LASSO_NODE_GET_CLASS(node)->new_child(node, "ProviderType", provider_type, FALSE);
   g_free(provider_type);
 
diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
index c1518296..aea93dda 100644
--- a/lasso/id-ff/server.c
+++ b/lasso/id-ff/server.c
@@ -146,7 +146,7 @@ lasso_server_dump(LassoServer *server)
 
   /* signature method */
   signature_method_str = g_new(gchar, 6);
-  sprintf(signature_method_str, "%d", server->signature_method);
+  g_snprintf(signature_method_str, 6, "%d", server->signature_method);
   server_class->set_prop(server_node, LASSO_SERVER_SIGNATURE_METHOD_NODE, signature_method_str);
   g_free(signature_method_str);
 
diff --git a/lasso/xml/errors.c b/lasso/xml/errors.c
index a3ee1ce0..0351cc88 100644
--- a/lasso/xml/errors.c
+++ b/lasso/xml/errors.c
@@ -30,8 +30,6 @@
 const char*
 lasso_strerror(int error_code)
 {
-  char msg[256];
-
   switch (error_code) {
   case LASSO_XML_ERROR_NODE_NOT_FOUND:
     return "Unable to get '%s' child of '%s' element.\n";
@@ -82,7 +80,6 @@ lasso_strerror(int error_code)
     return "The error return location should be either NULL or contains a NULL error.\n";
 
   default:
-    sprintf(msg, "Undefined error code %d.", error_code);
-    return strdup(msg);
+    return g_strdup_printf("Undefined error code %d.", error_code);
   }
 }
diff --git a/lasso/xml/lib_scoping.c b/lasso/xml/lib_scoping.c
index d156a067..75583d1d 100644
--- a/lasso/xml/lib_scoping.c
+++ b/lasso/xml/lib_scoping.c
@@ -65,7 +65,7 @@ lasso_lib_scoping_set_proxyCount(LassoLibScoping *node,
   g_assert(LASSO_IS_LIB_SCOPING(node));
   g_assert(proxyCount >= 0);
 
-  g_sprintf(str, "%d", proxyCount);
+  g_snprintf(str, 6, "%d", proxyCount);
   class = LASSO_NODE_GET_CLASS(node);
   class->new_child(LASSO_NODE (node), "ProxyCount", str, FALSE);
 }