From 9a1f6729af51ed5c6bb39411f2abd598dd04836b Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Tue, 9 Jun 1998 04:13:03 +0000 Subject: [PATCH] o Use snprintf over sprintf. o Use strncpy correctly. o Use enough buffer for line. Inspired by or Obtained from: Similar changes in OpenBSD --- usr.bin/netstat/inet.c | 11 ++++++----- usr.bin/netstat/route.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c index 0a8eff68e621..417f7db70bdc 100644 --- a/usr.bin/netstat/inet.c +++ b/usr.bin/netstat/inet.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)inet.c 8.5 (Berkeley) 5/24/95"; */ static const char rcsid[] = - "$Id: inet.c,v 1.27 1998/05/15 20:19:15 wollman Exp $"; + "$Id: inet.c,v 1.28 1998/05/19 16:00:55 pb Exp $"; #endif /* not lint */ #include @@ -559,7 +559,7 @@ inetname(inp) struct in_addr *inp; { register char *cp; - static char line[50]; + static char line[MAXHOSTNAMELEN + 1]; struct hostent *hp; struct netent *np; @@ -583,9 +583,10 @@ inetname(inp) } if (inp->s_addr == INADDR_ANY) strcpy(line, "*"); - else if (cp) - strcpy(line, cp); - else { + else if (cp) { + strncpy(line, cp, sizeof(line) - 1); + line[sizeof(line) - 1] = '\0'; + } else { inp->s_addr = ntohl(inp->s_addr); #define C(x) ((x) & 0xff) sprintf(line, "%lu.%lu.%lu.%lu", C(inp->s_addr >> 24), diff --git a/usr.bin/netstat/route.c b/usr.bin/netstat/route.c index fd769784f8ff..17fcd27c1b5b 100644 --- a/usr.bin/netstat/route.c +++ b/usr.bin/netstat/route.c @@ -36,7 +36,7 @@ static char sccsid[] = "From: @(#)route.c 8.6 (Berkeley) 4/28/95"; #endif static const char rcsid[] = - "$Id: route.c,v 1.29 1998/04/19 18:18:25 phk Exp $"; + "$Id: route.c,v 1.30 1998/04/22 06:54:31 phk Exp $"; #endif /* not lint */ #include @@ -573,9 +573,10 @@ routename(in) trimdomain(cp); } } - if (cp) + if (cp) { strncpy(line, cp, sizeof(line) - 1); - else { + line[sizeof(line) - 1] = '\0'; + } else { #define C(x) ((x) & 0xff) in = ntohl(in); sprintf(line, "%lu.%lu.%lu.%lu", @@ -754,14 +755,16 @@ ipx_print(sa) if (port) { if (strcmp(host, "*") == 0) host = ""; - if (sp) - sprintf(cport, "%s%s", *host ? "." : "", sp->s_name); - else - sprintf(cport, "%s%x", *host ? "." : "", port); + if (sp) + snprintf(cport, sizeof(cport), + "%s%s", *host ? "." : "", sp->s_name); + else + snprintf(cport, sizeof(cport), + "%s%x", *host ? "." : "", port); } else *cport = 0; - sprintf(mybuf,"%s.%s%s", net, host, cport); + snprintf(mybuf, sizeof(mybuf), "%s.%s%s", net, host, cport); return(mybuf); }