Replace sprintf by snprintf (John Hasler)

NEWS

@@ -17,6 +17,7 @@ New in version 1.20
 * Fix for chrony.spec on SuSE (Paul Elliot)
 * Fix handling of initstepslew if no servers are listed (John Hasler)
 * Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek)
+* Replace sprintf by snprintf to remove risk of buffer overrun (John Hasler)
 
 New in version 1.19
 ===================

README

@@ -198,6 +198,7 @@ John Hasler <john@dhh.gt.org>
     Changes to support 64 bit machines (i.e. those where
       sizeof(unsigned long) > 4)
     Bug fix to initstepslew directive
+    Fix to remove potential buffer overrun errors.
 
 Liam Hatton <me@liamhatton.com>
     Advice on configuring for Linux on PPC
@@ -242,6 +243,6 @@ sorry I can't identify all of you individually.
 Version control information
 ===========================
 
-$Header: /cvs/src/chrony/README,v 1.29 2003/09/19 22:48:26 richard Exp $
+$Header: /cvs/src/chrony/README,v 1.30 2003/09/21 23:11:06 richard Exp $
 
 vim:tw=72

client.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/client.c,v 1.66 2003/01/20 22:52:07 richard Exp $
+  $Header: /cvs/src/chrony/client.c,v 1.67 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -76,7 +76,8 @@ time_to_log_form(time_t t)
 
 
   stm = *gmtime(&t);
-  sprintf(buffer, "%2d%s%02d %02d:%02d:%02d",
+  snprintf(buffer, sizeof(buffer),
+          "%2d%s%02d %02d:%02d:%02d",
           stm.tm_mday, months[stm.tm_mon], stm.tm_year % 100,
           stm.tm_hour, stm.tm_min, stm.tm_sec);
 
@@ -94,7 +95,7 @@ UTI_IPToDottedQuad(unsigned long ip)
   b = (ip>>16) & 0xff;
   c = (ip>> 8) & 0xff;
   d = (ip>> 0) & 0xff;
-  sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d);
+  snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
   return result;
 }
 
@@ -1456,7 +1457,7 @@ process_cmd_sources(char *line)
 
           hostname_buf[25] = 0;
           if (no_dns) {
-            sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr));
+            snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
           } else {
             dns_lookup = DNS_IPAddress2Name(ip_addr);
             strncpy(hostname_buf, dns_lookup, 25);
@@ -1578,7 +1579,7 @@ process_cmd_sourcestats(char *line)
 
           hostname_buf[25] = 0;
           if (no_dns) {
-            sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr));
+            snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
           } else {
             dns_lookup = DNS_IPAddress2Name(ip_addr);
             strncpy(hostname_buf, dns_lookup, 25);
@@ -1918,7 +1919,8 @@ process_cmd_clients(char *line)
               last_cmd_hit_ago = ntohl(reply.data.client_accesses.clients[j].last_cmd_hit_ago);
 
               if (no_dns) {
-                sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip));
+                snprintf(hostname_buf, sizeof(hostname_buf), 
+                         "%s", UTI_IPToDottedQuad(ip));
               } else {
                 dns_lookup = DNS_IPAddress2Name(ip);
                 hostname_buf[25] = 0;
@@ -2042,7 +2044,8 @@ process_cmd_clients(char *line)
               last_cmd_hit_ago = ntohl(reply.data.client_accesses_by_index.clients[j].last_cmd_hit_ago);
 
               if (no_dns) {
-                sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip));
+                snprintf(hostname_buf, sizeof(hostname_buf),
+                         "%s", UTI_IPToDottedQuad(ip));
               } else {
                 dns_lookup = DNS_IPAddress2Name(ip);
                 hostname_buf[25] = 0;

conf.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/conf.c,v 1.43 2003/09/19 22:44:06 richard Exp $
+  $Header: /cvs/src/chrony/conf.c,v 1.44 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -561,8 +561,8 @@ parse_cmdport(const char *line)
 
 /* ================================================== */
 
-#define HOSTNAME_LEN 255
-#define SHOSTNAME_LEN "255"
+#define HOSTNAME_LEN 2047
+#define SHOSTNAME_LEN "2047"
 
 static void
 parse_initstepslew(const char *line)
@@ -650,8 +650,8 @@ parse_logchange(const char *line)
 
 /* ================================================== */
 
-#define BUFLEN 127
-#define SBUFLEN "127"
+#define BUFLEN 2047
+#define SBUFLEN "2047"
 
 static void
 parse_mailonchange(const char *line)

logging.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/logging.c,v 1.13 2003/03/24 23:35:43 richard Exp $
+  $Header: /cvs/src/chrony/logging.c,v 1.14 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -87,7 +87,7 @@ LOG_Line_Function(LOG_Severity severity, LOG_Facility facility, const char *form
   char buf[2048];
   va_list other_args;
   va_start(other_args, format);
-  vsprintf(buf, format, other_args);
+  vsnprintf(buf, sizeof(buf), format, other_args);
   va_end(other_args);
 #ifdef WINNT
   if (logfile) {
@@ -122,7 +122,7 @@ LOG_Fatal_Function(LOG_Facility facility, const char *format, ...)
   char buf[2048];
   va_list other_args;
   va_start(other_args, format);
-  vsprintf(buf, format, other_args);
+  vsnprintf(buf, sizeof(buf), format, other_args);
   va_end(other_args);
 
 #ifdef WINNT

nameserv.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/nameserv.c,v 1.13 2002/02/28 23:27:11 richard Exp $
+  $Header: /cvs/src/chrony/nameserv.c,v 1.14 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -80,7 +80,7 @@ DNS_IPAddress2Name(unsigned long ip_addr)
       b = (ip_addr >> 16) & 0xff;
       c = (ip_addr >>  8) & 0xff;
       d = (ip_addr)       & 0xff;
-      sprintf(buffer, "%u.%u.%u.%u", a, b, c, d);
+      snprintf(buffer, sizeof(buffer), "%u.%u.%u.%u", a, b, c, d);
       return buffer;
     } else {
       return host->h_name;

reference.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/reference.c,v 1.40 2003/03/24 23:35:43 richard Exp $
+  $Header: /cvs/src/chrony/reference.c,v 1.41 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -280,7 +280,7 @@ maybe_log_offset(double offset)
 
   if (do_mail_change &&
       (abs_offset > mail_change_threshold)) {
-    sprintf(buffer, "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user);
+    snprintf(buffer, sizeof(buffer), "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user);
     p = popen(buffer, "w");
     if (p) {
       if (gethostname(host, sizeof(host)) < 0) {

sources.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/sources.c,v 1.31 2003/03/24 23:35:43 richard Exp $
+  $Header: /cvs/src/chrony/sources.c,v 1.32 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -770,7 +770,7 @@ void
 SRC_DumpSources(void)
 {
   FILE *out;
-  int direc_len;
+  int direc_len, file_len;
   char *filename;
   unsigned int a, b, c, d;
   int i;
@@ -778,7 +778,8 @@ SRC_DumpSources(void)
 
   direc = CNF_GetDumpDir();
   direc_len = strlen(direc);
-  filename = MallocArray(char, direc_len+24); /* a bit of slack */
+  file_len = direc_len + 24;
+  filename = MallocArray(char, file_len); /* a bit of slack */
   if (mkdir_and_parents(direc)) {
     for (i=0; i<n_sources; i++) {
       a = (sources[i]->ref_id) >> 24;
@@ -786,7 +787,7 @@ SRC_DumpSources(void)
       c = ((sources[i]->ref_id) >> 8) & 0xff;
       d = ((sources[i]->ref_id)) & 0xff;
       
-      sprintf(filename, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
+      snprintf(filename, file_len-1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
       out = fopen(filename, "w");
       if (!out) {
         LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
@@ -811,7 +812,7 @@ SRC_ReloadSources(void)
   unsigned int a, b, c, d;
   int i;
   char *dumpdir;
-  int dumpdirlen;
+  int dumpdirlen, filelen;
 
   for (i=0; i<n_sources; i++) {
     a = (sources[i]->ref_id) >> 24;
@@ -821,8 +822,9 @@ SRC_ReloadSources(void)
 
     dumpdir = CNF_GetDumpDir();
     dumpdirlen = strlen(dumpdir);
-    filename = MallocArray(char, dumpdirlen+24);
-    sprintf(filename, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d);
+    filelen = dumpdirlen + 24;
+    filename = MallocArray(char, filelen);
+    snprintf(filename, filelen-1, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d);
     in = fopen(filename, "r");
     if (!in) {
       LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);

util.c

@@ -1,5 +1,5 @@
 /*
-  $Header: /cvs/src/chrony/util.c,v 1.19 2003/03/24 23:35:43 richard Exp $
+  $Header: /cvs/src/chrony/util.c,v 1.20 2003/09/21 23:11:06 richard Exp $
 
   =======================================================================
 
@@ -232,7 +232,7 @@ UTI_TimevalToString(struct timeval *tv)
   stm = *gmtime((time_t *) &(tv->tv_sec));
   strftime(buffer, sizeof(buffer), "%a %x %X", &stm);
   result = NEXT_BUFFER;
-  sprintf(result, "%s.%06ld", buffer, (unsigned long)(tv->tv_usec));
+  snprintf(result, sizeof(buffer), "%s.%06ld", buffer, (unsigned long)(tv->tv_usec));
   return result;
 }
 
@@ -273,7 +273,7 @@ UTI_IPToDottedQuad(unsigned long ip)
   c = (ip>> 8) & 0xff;
   d = (ip>> 0) & 0xff;
   result = NEXT_BUFFER;
-  sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d);
+  snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
   return result;
 }