Secured vsprintf into vsnprintf

2005-08-27 17:50:28 +00:00 · 2005-08-27 17:50:28 +00:00 · b8c6dd296c
commit b8c6dd296c
parent a7fbf0de1e
4 changed files with 10 additions and 9 deletions
--- a/lib/charset.c
+++ b/lib/charset.c
@ -65,7 +65,7 @@ int str_printf(char *buf, size_t len, const char *fmt, ...)
 	        
    va_start(args, fmt);
 		    
-    n = vsprintf(buf, fmt, args);
+    n = vsnprintf(buf, len, fmt, args);
    if (n >= len) {
 	WriteError("Internal error - str_printf() buf overflow");
 	/**NOT REACHED**/
--- a/lib/clcomm.c
+++ b/lib/clcomm.c
@ -156,7 +156,7 @@ void SockS(const char *format, ...)
 	out = calloc(SS_BUFSIZE, sizeof(char));

 	va_start(va_ptr, format);
-	vsprintf(out, format, va_ptr);
+	vsnprintf(out, SS_BUFSIZE -1, format, va_ptr);
 	va_end(va_ptr);

 	if (socket_send(out) == 0)
@ -177,7 +177,7 @@ char *SockR(const char *format, ...)
 	out = calloc(SS_BUFSIZE, sizeof(char));

 	va_start(va_ptr, format);
-	vsprintf(out, format, va_ptr);
+	vsnprintf(out, SS_BUFSIZE -1, format, va_ptr);
 	va_end(va_ptr);

 	if (socket_send(out) == 0)
@ -198,7 +198,8 @@ void WriteError(const char *format, ...)
 	outputstr = calloc(10240, sizeof(char));

 	va_start(va_ptr, format);
-	vsprintf(outputstr, format, va_ptr);
+	vsnprintf(outputstr, 10239, format, va_ptr);
+
 	va_end(va_ptr);

 	for (i = 0; i < strlen(outputstr); i++)
@ -247,7 +248,7 @@ void Syslog(int level, const char *format, ...)
 	outstr = calloc(10240, sizeof(char));

 	va_start(va_ptr, format);
-	vsprintf(outstr, format, va_ptr);
+	vsnprintf(outstr, 10239, format, va_ptr);
 	va_end(va_ptr);
 	Syslogp(level, outstr);
 	free(outstr);
@ -347,7 +348,7 @@ void Mgrlog(const char *format, ...)
    outstr = calloc(10240, sizeof(char));

    va_start(va_ptr, format);
-    vsprintf(outstr, format, va_ptr);
+    vsnprintf(outstr, 10239, format, va_ptr);
    va_end(va_ptr);

    for (i = 0; i < strlen(outstr); i++)
@ -371,7 +372,7 @@ void IsDoing(const char *format, ...)
 	outputstr = calloc(SS_BUFSIZE, sizeof(char));

 	va_start(va_ptr, format);
-	vsprintf(outputstr, format, va_ptr);
+	vsnprintf(outputstr, SS_BUFSIZE -1, format, va_ptr);
 	va_end(va_ptr);

 	SockS("ADOI:2,%d,%s;", mypid, outputstr);
--- a/lib/diesel.c
+++ b/lib/diesel.c
@ -739,7 +739,7 @@ Mfunc(f_edtime)
 {
    double val;
    Dsarg(pic);
-    long ltime;
+    time_t ltime;
    struct tm *jd;
    char *pp = pic;

--- a/lib/term.c
+++ b/lib/term.c
@ -141,7 +141,7 @@ void mbse_mvprintw(int y, int x, const char *format, ...)
    outputstr = calloc(2048, sizeof(char));

    va_start(va_ptr, format);
-    vsprintf(outputstr, format, va_ptr);
+    vsnprintf(outputstr, 2047, format, va_ptr);
    va_end(va_ptr);

    mbse_locate(y, x);