sprintf -> snprintf to avoid potential buffer overflow.

PR: 6907 Submitted by: Archie Cobbs <archie@whistle.com>
svn path=/head/; revision=36980
2025-01-21 15:45:02 +00:00 · 1998-06-14 16:03:40 +00:00 · 1998-06-14 16:03:40 +00:00 · a84507eabd · 2020-12-20 02:59:44 +00:00
commit a84507eabd
parent 4c4918c9e4
6 changed files with 27 additions and 21 deletions
--- a/usr.bin/more/ch.c
+++ b/usr.bin/more/ch.c
@ -394,8 +394,8 @@ ch_init(want_nbufs, keep)
 		 * If we don't have ANY, then quit.
 		 * Otherwise, just report the error and return.
 		 */
-		(void)sprintf(message, "cannot allocate %d buffers",
-		    want_nbufs - nbufs);
+		(void)snprintf(message, sizeof(message),
+		    "cannot allocate %d buffers", want_nbufs - nbufs);
 		error(message);
 		if (nbufs == 0)
 			quit();
--- a/usr.bin/more/command.c
+++ b/usr.bin/more/command.c
@ -185,19 +185,21 @@ prompt()
 		putstr(current_name);
 		putstr(":");
 		if (!ispipe) {
-			(void)sprintf(pbuf, " file %d/%d", curr_ac + 1, ac);
+			(void)snprintf(pbuf, sizeof(pbuf),
+			    " file %d/%d", curr_ac + 1, ac);
 			putstr(pbuf);
 		}
 		if (linenums) {
-			(void)sprintf(pbuf, " line %d", currline(BOTTOM));
+			(void)snprintf(pbuf, sizeof(pbuf),
+			    " line %d", currline(BOTTOM));
 			putstr(pbuf);
 		}
 		if ((pos = position(BOTTOM)) != NULL_POSITION) {
-			(void)sprintf(pbuf, " byte %qd", pos);
+			(void)snprintf(pbuf, sizeof(pbuf), " byte %qd", pos);
 			putstr(pbuf);
 			if (!ispipe && (len = ch_length())) {
-				(void)sprintf(pbuf, "/%qd pct %qd%%",
-				    len, ((100 * pos) / len));
+				(void)snprintf(pbuf, sizeof(pbuf),
+				    "/%qd pct %qd%%", len, ((100 * pos) / len));
 				putstr(pbuf);
 			}
 		}
@ -218,7 +220,8 @@ prompt()
 		else if (!ispipe &&
 		    (pos = position(BOTTOM)) != NULL_POSITION &&
 		    (len = ch_length())) {
-			(void)sprintf(pbuf, " (%qd%%)", ((100 * pos) / len));
+			(void)snprintf(pbuf, sizeof(pbuf),
+			    " (%qd%%)", ((100 * pos) / len));
 			putstr(pbuf);
 		}
 		so_exit();
@ -620,9 +623,10 @@ editfile()
 			dolinenumber = 0;
 	}
 	if (dolinenumber && (c = currline(MIDDLE)))
-		(void)sprintf(buf, "%s +%d %s", editor, c, current_file);
+		(void)snprintf(buf, sizeof(buf),
+		    "%s +%d %s", editor, c, current_file);
 	else
-		(void)sprintf(buf, "%s %s", editor, current_file);
+		(void)snprintf(buf, sizeof(buf), "%s %s", editor, current_file);
 	lsystem(buf);
 }

--- a/usr.bin/more/help.c
+++ b/usr.bin/more/help.c
@ -44,6 +44,6 @@ help()
 {
 	char cmd[MAXPATHLEN + 20];

-	(void)sprintf(cmd, "-more %s", _PATH_HELPFILE);
+	(void)snprintf(cmd, sizeof(cmd), "-more %s", _PATH_HELPFILE);
 	lsystem(cmd);
 }
--- a/usr.bin/more/main.c
+++ b/usr.bin/more/main.c
@ -48,6 +48,7 @@ static char sccsid[] = "@(#)main.c	8.1 (Berkeley) 6/7/93";
 */

 #include <sys/types.h>
+#include <sys/param.h>
 #include <sys/file.h>
 #include <stdio.h>
 #include <stdlib.h>
@ -87,7 +88,7 @@ edit(filename)
 	register char *m;
 	off_t initial_pos, position();
 	static int didpipe;
-	char message[100], *p;
+	char message[MAXPATHLEN + 50], *p;
 	char *rindex(), *strerror(), *save(), *bad_file();

 	initial_pos = NULL_POSITION;
@ -122,7 +123,8 @@ edit(filename)
 		return(0);
 	}
 	else if ((f = open(filename, O_RDONLY, 0)) < 0) {
-		(void)sprintf(message, "%s: %s", filename, strerror(errno));
+		(void)snprintf(message, sizeof(message),
+		   "%s: %s", filename, strerror(errno));
 		error(message);
 		free(filename);
 		return(0);
--- a/usr.bin/more/os.c
+++ b/usr.bin/more/os.c
@ -123,7 +123,8 @@ lsystem(cmd)
 			cmd = shell;
 		else
 		{
-			(void)sprintf(cmdbuf, "%s -c \"%s\"", shell, cmd);
+			(void)snprintf(cmdbuf, sizeof(cmdbuf),
+			    "%s -c \"%s\"", shell, cmd);
 			cmd = cmdbuf;
 		}
 	}
@ -215,19 +216,17 @@ glob(filename)
 		/*
 		 * Read the output of <echo filename>.
 		 */
-		cmd = malloc((u_int)(strlen(filename)+8));
+		(void)asprintf(&cmd, "echo \"%s\"", filename);
 		if (cmd == NULL)
 			return (filename);
-		(void)sprintf(cmd, "echo \"%s\"", filename);
 	} else
 	{
 		/*
 		 * Read the output of <$SHELL -c "echo filename">.
 		 */
-		cmd = malloc((u_int)(strlen(p)+12));
+		(void)asprintf(&cmd, "%s -c \"echo %s\"", p, filename);
 		if (cmd == NULL)
 			return (filename);
-		(void)sprintf(cmd, "%s -c \"echo %s\"", p, filename);
 	}

 	if ((f = popen(cmd, "r")) == NULL)
@ -255,7 +254,8 @@ bad_file(filename, message, len)
 	char *strcat(), *strerror();

 	if (stat(filename, &statbuf) < 0) {
-		(void)sprintf(message, "%s: %s", filename, strerror(errno));
+		(void)snprintf(message, len,
+		    "%s: %s", filename, strerror(errno));
 		return(message);
 	}
 	if ((statbuf.st_mode & S_IFMT) == S_IFDIR) {
--- a/usr.bin/more/prim.c
+++ b/usr.bin/more/prim.c
@ -374,8 +374,8 @@ jump_back(n)
 		while ((c = ch_forw_get()) != '\n')
 			if (c == EOI) {
 				char message[40];
-				(void)sprintf(message, "File has only %d lines",
-				    nlines - 1);
+				(void)snprintf(message, sizeof(message),
+				    "File has only %d lines", nlines - 1);
 				error(message);
 				return;
 			}