faraphel/chrony
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Replace sprintf by snprintf (John Hasler)

Browse source
This commit is contained in:
richard 2003-09-21 23:11:06 +00:00 committed by Richard P. Curnow
parent 7812181e74
commit 77303c285f
9 changed files with 37 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
NEWS
View file

@ -17,6 +17,7 @@ New in version 1.20
* Fix for chrony.spec on SuSE (Paul Elliot) * Fix for chrony.spec on SuSE (Paul Elliot)
* Fix handling of initstepslew if no servers are listed (John Hasler) * Fix handling of initstepslew if no servers are listed (John Hasler)
* Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek) * Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek)
* Replace sprintf by snprintf to remove risk of buffer overrun (John Hasler)
New in version 1.19 New in version 1.19
=================== ===================

3
README
View file

@ -198,6 +198,7 @@ John Hasler <john@dhh.gt.org>
Changes to support 64 bit machines (i.e. those where Changes to support 64 bit machines (i.e. those where
sizeof(unsigned long) > 4) sizeof(unsigned long) > 4)
Bug fix to initstepslew directive Bug fix to initstepslew directive
Fix to remove potential buffer overrun errors.
Liam Hatton <me@liamhatton.com> Liam Hatton <me@liamhatton.com>
Advice on configuring for Linux on PPC Advice on configuring for Linux on PPC
@ -242,6 +243,6 @@ sorry I can't identify all of you individually.
Version control information Version control information
=========================== ===========================
$Header: /cvs/src/chrony/README,v 1.29 2003/09/19 22:48:26 richard Exp $ $Header: /cvs/src/chrony/README,v 1.30 2003/09/21 23:11:06 richard Exp $
vim:tw=72 vim:tw=72

17
client.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/client.c,v 1.66 2003/01/20 22:52:07 richard Exp $ $Header: /cvs/src/chrony/client.c,v 1.67 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -76,7 +76,8 @@ time_to_log_form(time_t t)
stm = *gmtime(&t); stm = *gmtime(&t);
sprintf(buffer, "%2d%s%02d %02d:%02d:%02d", snprintf(buffer, sizeof(buffer),
"%2d%s%02d %02d:%02d:%02d",
stm.tm_mday, months[stm.tm_mon], stm.tm_year % 100, stm.tm_mday, months[stm.tm_mon], stm.tm_year % 100,
stm.tm_hour, stm.tm_min, stm.tm_sec); stm.tm_hour, stm.tm_min, stm.tm_sec);
@ -94,7 +95,7 @@ UTI_IPToDottedQuad(unsigned long ip)
b = (ip>>16) & 0xff; b = (ip>>16) & 0xff;
c = (ip>> 8) & 0xff; c = (ip>> 8) & 0xff;
d = (ip>> 0) & 0xff; d = (ip>> 0) & 0xff;
sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d); snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
return result; return result;
} }
@ -1456,7 +1457,7 @@ process_cmd_sources(char *line)
hostname_buf[25] = 0; hostname_buf[25] = 0;
if (no_dns) { if (no_dns) {
sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr)); snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
} else { } else {
dns_lookup = DNS_IPAddress2Name(ip_addr); dns_lookup = DNS_IPAddress2Name(ip_addr);
strncpy(hostname_buf, dns_lookup, 25); strncpy(hostname_buf, dns_lookup, 25);
@ -1578,7 +1579,7 @@ process_cmd_sourcestats(char *line)
hostname_buf[25] = 0; hostname_buf[25] = 0;
if (no_dns) { if (no_dns) {
sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr)); snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
} else { } else {
dns_lookup = DNS_IPAddress2Name(ip_addr); dns_lookup = DNS_IPAddress2Name(ip_addr);
strncpy(hostname_buf, dns_lookup, 25); strncpy(hostname_buf, dns_lookup, 25);
@ -1918,7 +1919,8 @@ process_cmd_clients(char *line)
last_cmd_hit_ago = ntohl(reply.data.client_accesses.clients[j].last_cmd_hit_ago); last_cmd_hit_ago = ntohl(reply.data.client_accesses.clients[j].last_cmd_hit_ago);
if (no_dns) { if (no_dns) {
sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip)); snprintf(hostname_buf, sizeof(hostname_buf),
"%s", UTI_IPToDottedQuad(ip));
} else { } else {
dns_lookup = DNS_IPAddress2Name(ip); dns_lookup = DNS_IPAddress2Name(ip);
hostname_buf[25] = 0; hostname_buf[25] = 0;
@ -2042,7 +2044,8 @@ process_cmd_clients(char *line)
last_cmd_hit_ago = ntohl(reply.data.client_accesses_by_index.clients[j].last_cmd_hit_ago); last_cmd_hit_ago = ntohl(reply.data.client_accesses_by_index.clients[j].last_cmd_hit_ago);
if (no_dns) { if (no_dns) {
sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip)); snprintf(hostname_buf, sizeof(hostname_buf),
"%s", UTI_IPToDottedQuad(ip));
} else { } else {
dns_lookup = DNS_IPAddress2Name(ip); dns_lookup = DNS_IPAddress2Name(ip);
hostname_buf[25] = 0; hostname_buf[25] = 0;

10
conf.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/conf.c,v 1.43 2003/09/19 22:44:06 richard Exp $ $Header: /cvs/src/chrony/conf.c,v 1.44 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -561,8 +561,8 @@ parse_cmdport(const char *line)
/* ================================================== */ /* ================================================== */
#define HOSTNAME_LEN 255 #define HOSTNAME_LEN 2047
#define SHOSTNAME_LEN "255" #define SHOSTNAME_LEN "2047"
static void static void
parse_initstepslew(const char *line) parse_initstepslew(const char *line)
@ -650,8 +650,8 @@ parse_logchange(const char *line)
/* ================================================== */ /* ================================================== */
#define BUFLEN 127 #define BUFLEN 2047
#define SBUFLEN "127" #define SBUFLEN "2047"
static void static void
parse_mailonchange(const char *line) parse_mailonchange(const char *line)

6
logging.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/logging.c,v 1.13 2003/03/24 23:35:43 richard Exp $ $Header: /cvs/src/chrony/logging.c,v 1.14 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -87,7 +87,7 @@ LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *form
char buf[2048]; char buf[2048];
va_list other_args; va_list other_args;
va_start(other_args, format); va_start(other_args, format);
vsprintf(buf, format, other_args); vsnprintf(buf, sizeof(buf), format, other_args);
va_end(other_args); va_end(other_args);
#ifdef WINNT #ifdef WINNT
if (logfile) { if (logfile) {
@ -122,7 +122,7 @@ LOG_Fatal_Function(LOG_Facility facility, const char *format, ...)
char buf[2048]; char buf[2048];
va_list other_args; va_list other_args;
va_start(other_args, format); va_start(other_args, format);
vsprintf(buf, format, other_args); vsnprintf(buf, sizeof(buf), format, other_args);
va_end(other_args); va_end(other_args);
#ifdef WINNT #ifdef WINNT

4
nameserv.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/nameserv.c,v 1.13 2002/02/28 23:27:11 richard Exp $ $Header: /cvs/src/chrony/nameserv.c,v 1.14 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -80,7 +80,7 @@ DNS_IPAddress2Name(unsigned long ip_addr)
b = (ip_addr >> 16) & 0xff; b = (ip_addr >> 16) & 0xff;
c = (ip_addr >> 8) & 0xff; c = (ip_addr >> 8) & 0xff;
d = (ip_addr) & 0xff; d = (ip_addr) & 0xff;
sprintf(buffer, "%u.%u.%u.%u", a, b, c, d); snprintf(buffer, sizeof(buffer), "%u.%u.%u.%u", a, b, c, d);
return buffer; return buffer;
} else { } else {
return host->h_name; return host->h_name;

4
reference.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/reference.c,v 1.40 2003/03/24 23:35:43 richard Exp $ $Header: /cvs/src/chrony/reference.c,v 1.41 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -280,7 +280,7 @@ maybe_log_offset(double offset)
if (do_mail_change && if (do_mail_change &&
(abs_offset > mail_change_threshold)) { (abs_offset > mail_change_threshold)) {
sprintf(buffer, "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user); snprintf(buffer, sizeof(buffer), "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user);
p = popen(buffer, "w"); p = popen(buffer, "w");
if (p) { if (p) {
if (gethostname(host, sizeof(host)) < 0) { if (gethostname(host, sizeof(host)) < 0) {

16
sources.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/sources.c,v 1.31 2003/03/24 23:35:43 richard Exp $ $Header: /cvs/src/chrony/sources.c,v 1.32 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -770,7 +770,7 @@ void
SRC_DumpSources(void) SRC_DumpSources(void)
{ {
FILE *out; FILE *out;
int direc_len; int direc_len, file_len;
char *filename; char *filename;
unsigned int a, b, c, d; unsigned int a, b, c, d;
int i; int i;
@ -778,7 +778,8 @@ SRC_DumpSources(void)
direc = CNF_GetDumpDir(); direc = CNF_GetDumpDir();
direc_len = strlen(direc); direc_len = strlen(direc);
filename = MallocArray(char, direc_len+24); /* a bit of slack */ file_len = direc_len + 24;
filename = MallocArray(char, file_len); /* a bit of slack */
if (mkdir_and_parents(direc)) { if (mkdir_and_parents(direc)) {
for (i=0; i<n_sources; i++) { for (i=0; i<n_sources; i++) {
a = (sources[i]->ref_id) >> 24; a = (sources[i]->ref_id) >> 24;
@ -786,7 +787,7 @@ SRC_DumpSources(void)
c = ((sources[i]->ref_id) >> 8) & 0xff; c = ((sources[i]->ref_id) >> 8) & 0xff;
d = ((sources[i]->ref_id)) & 0xff; d = ((sources[i]->ref_id)) & 0xff;
sprintf(filename, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d); snprintf(filename, file_len-1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
out = fopen(filename, "w"); out = fopen(filename, "w");
if (!out) { if (!out) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename); LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
@ -811,7 +812,7 @@ SRC_ReloadSources(void)
unsigned int a, b, c, d; unsigned int a, b, c, d;
int i; int i;
char *dumpdir; char *dumpdir;
int dumpdirlen; int dumpdirlen, filelen;
for (i=0; i<n_sources; i++) { for (i=0; i<n_sources; i++) {
a = (sources[i]->ref_id) >> 24; a = (sources[i]->ref_id) >> 24;
@ -821,8 +822,9 @@ SRC_ReloadSources(void)
dumpdir = CNF_GetDumpDir(); dumpdir = CNF_GetDumpDir();
dumpdirlen = strlen(dumpdir); dumpdirlen = strlen(dumpdir);
filename = MallocArray(char, dumpdirlen+24); filelen = dumpdirlen + 24;
sprintf(filename, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d); filename = MallocArray(char, filelen);
snprintf(filename, filelen-1, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d);
in = fopen(filename, "r"); in = fopen(filename, "r");
if (!in) { if (!in) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename); LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);

6
util.c
View file

@ -1,5 +1,5 @@
/* /*
$Header: /cvs/src/chrony/util.c,v 1.19 2003/03/24 23:35:43 richard Exp $ $Header: /cvs/src/chrony/util.c,v 1.20 2003/09/21 23:11:06 richard Exp $
======================================================================= =======================================================================
@ -232,7 +232,7 @@ UTI_TimevalToString(struct timeval *tv)
stm = *gmtime((time_t *) &(tv->tv_sec)); stm = *gmtime((time_t *) &(tv->tv_sec));
strftime(buffer, sizeof(buffer), "%a %x %X", &stm); strftime(buffer, sizeof(buffer), "%a %x %X", &stm);
result = NEXT_BUFFER; result = NEXT_BUFFER;
sprintf(result, "%s.%06ld", buffer, (unsigned long)(tv->tv_usec)); snprintf(result, sizeof(buffer), "%s.%06ld", buffer, (unsigned long)(tv->tv_usec));
return result; return result;
} }
@ -273,7 +273,7 @@ UTI_IPToDottedQuad(unsigned long ip)
c = (ip>> 8) & 0xff; c = (ip>> 8) & 0xff;
d = (ip>> 0) & 0xff; d = (ip>> 0) & 0xff;
result = NEXT_BUFFER; result = NEXT_BUFFER;
sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d); snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
return result; return result;
} }