From b8c6dd296c56d54ec5560f83113e2c3b114ddd94 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sat, 27 Aug 2005 17:50:28 +0000 Subject: [PATCH] Secured vsprintf into vsnprintf --- lib/charset.c | 2 +- lib/clcomm.c | 13 +++++++------ lib/diesel.c | 2 +- lib/term.c | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/lib/charset.c b/lib/charset.c index 4ac19545..619d6bd6 100644 --- a/lib/charset.c +++ b/lib/charset.c @@ -65,7 +65,7 @@ int str_printf(char *buf, size_t len, const char *fmt, ...) va_start(args, fmt); - n = vsprintf(buf, fmt, args); + n = vsnprintf(buf, len, fmt, args); if (n >= len) { WriteError("Internal error - str_printf() buf overflow"); /**NOT REACHED**/ diff --git a/lib/clcomm.c b/lib/clcomm.c index 5d9525c6..6b14807a 100644 --- a/lib/clcomm.c +++ b/lib/clcomm.c @@ -156,7 +156,7 @@ void SockS(const char *format, ...) out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsprintf(out, format, va_ptr); + vsnprintf(out, SS_BUFSIZE -1, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) @@ -177,7 +177,7 @@ char *SockR(const char *format, ...) out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsprintf(out, format, va_ptr); + vsnprintf(out, SS_BUFSIZE -1, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) @@ -198,7 +198,8 @@ void WriteError(const char *format, ...) outputstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsprintf(outputstr, format, va_ptr); + vsnprintf(outputstr, 10239, format, va_ptr); + va_end(va_ptr); for (i = 0; i < strlen(outputstr); i++) @@ -247,7 +248,7 @@ void Syslog(int level, const char *format, ...) outstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsprintf(outstr, format, va_ptr); + vsnprintf(outstr, 10239, format, va_ptr); va_end(va_ptr); Syslogp(level, outstr); free(outstr); @@ -347,7 +348,7 @@ void Mgrlog(const char *format, ...) outstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsprintf(outstr, format, va_ptr); + vsnprintf(outstr, 10239, format, va_ptr); va_end(va_ptr); for (i = 0; i < strlen(outstr); i++) @@ -371,7 +372,7 @@ void IsDoing(const char *format, ...) outputstr = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsprintf(outputstr, format, va_ptr); + vsnprintf(outputstr, SS_BUFSIZE -1, format, va_ptr); va_end(va_ptr); SockS("ADOI:2,%d,%s;", mypid, outputstr); diff --git a/lib/diesel.c b/lib/diesel.c index 37a540d3..4a969396 100644 --- a/lib/diesel.c +++ b/lib/diesel.c @@ -739,7 +739,7 @@ Mfunc(f_edtime) { double val; Dsarg(pic); - long ltime; + time_t ltime; struct tm *jd; char *pp = pic; diff --git a/lib/term.c b/lib/term.c index 368a314a..e4791670 100644 --- a/lib/term.c +++ b/lib/term.c @@ -141,7 +141,7 @@ void mbse_mvprintw(int y, int x, const char *format, ...) outputstr = calloc(2048, sizeof(char)); va_start(va_ptr, format); - vsprintf(outputstr, format, va_ptr); + vsnprintf(outputstr, 2047, format, va_ptr); va_end(va_ptr); mbse_locate(y, x);