The branch main has been updated by cy:
URL:
https://cgit.FreeBSD.org/src/commit/?id=a6fb9bbea7318e993dfe0f8a7f00821f79850b26
commit a6fb9bbea7318e993dfe0f8a7f00821f79850b26
Author: Cy Schubert <c...@freebsd.org>
AuthorDate: 2021-12-13 22:54:38 +0000
Commit: Cy Schubert <c...@freebsd.org>
CommitDate: 2021-12-14 14:19:21 +0000
ipfilter userland: Replace sprintf with range checking version (snprintf)
MFC after: 1 week
---
contrib/ipfilter/iplang/iplang_y.y | 2 +-
contrib/ipfilter/ipsend/dlcommon.c | 20 +++---
contrib/ipfilter/ipsend/sbpf.c | 2 +-
contrib/ipfilter/lib/getnattype.c | 2 +-
contrib/ipfilter/lib/getsumd.c | 4 +-
contrib/ipfilter/lib/interror.c | 6 +-
contrib/ipfilter/lib/load_dstlistnode.c | 2 +-
contrib/ipfilter/lib/load_hashnode.c | 2 +-
contrib/ipfilter/lib/load_poolnode.c | 2 +-
contrib/ipfilter/lib/parseipfexpr.c | 2 +-
contrib/ipfilter/lib/portname.c | 2 +-
contrib/ipfilter/tools/ipf_y.y | 8 +--
contrib/ipfilter/tools/ipfstat.c | 48 ++++++-------
contrib/ipfilter/tools/ipfsyncd.c | 2 +-
contrib/ipfilter/tools/ipmon.c | 124 ++++++++++++++++----------------
contrib/ipfilter/tools/ipmon_y.y | 2 +-
contrib/ipfilter/tools/ipnat_y.y | 11 +--
contrib/ipfilter/tools/ippool_y.y | 6 +-
contrib/ipfilter/tools/lexer.c | 2 +-
19 files changed, 127 insertions(+), 122 deletions(-)
diff --git a/contrib/ipfilter/iplang/iplang_y.y
b/contrib/ipfilter/iplang/iplang_y.y
index f3335636cee1..484fe1951d52 100644
--- a/contrib/ipfilter/iplang/iplang_y.y
+++ b/contrib/ipfilter/iplang/iplang_y.y
@@ -1595,7 +1595,7 @@ void *ptr;
if (state == IL_IPO_RR || state == IL_IPO_SATID) {
if (param)
- sprintf(numbuf, "%d", *(int *)param);
+ snprintf(numbuf, sizeof(numbuf), "%d", *(int *)param);
else
strcpy(numbuf, "0");
arg = numbuf;
diff --git a/contrib/ipfilter/ipsend/dlcommon.c
b/contrib/ipfilter/ipsend/dlcommon.c
index 8a8cbf6a6a94..efb82df9ad32 100644
--- a/contrib/ipfilter/ipsend/dlcommon.c
+++ b/contrib/ipfilter/ipsend/dlcommon.c
@@ -497,7 +497,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
*/
(void) signal(SIGALRM, sigalrm);
if (alarm(MAXWAIT) < 0) {
- (void) sprintf(errmsg, "%s: alarm", caller);
+ (void) snprintf(errmsg, sizeof(errmsg), "%s: alarm", caller);
syserr(errmsg);
}
@@ -506,7 +506,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
*/
*flagsp = 0;
if ((rc = getmsg(fd, ctlp, datap, flagsp)) < 0) {
- (void) sprintf(errmsg, "%s: getmsg", caller);
+ (void) snprintf(errmsg, sizeof(errmsg), "%s: getmsg", caller);
syserr(errmsg);
}
@@ -514,7 +514,7 @@ strgetmsg(fd, ctlp, datap, flagsp, caller)
* Stop timer.
*/
if (alarm(0) < 0) {
- (void) sprintf(errmsg, "%s: alarm", caller);
+ (void) snprintf(errmsg, sizeof(errmsg), "%s: alarm", caller);
syserr(errmsg);
}
@@ -1188,7 +1188,7 @@ dlprim(prim)
CASERET(DL_RESET_RES);
CASERET(DL_RESET_CON);
default:
- (void) sprintf(primbuf, "unknown primitive 0x%x", prim);
+ (void) snprintf(primbuf, sizeof(primbuf), "unknown
primitive 0x%x", prim);
return (primbuf);
}
}
@@ -1223,7 +1223,7 @@ dlstate(state)
CASERET(DL_DISCON13_PENDING);
CASERET(DL_SUBS_BIND_PND);
default:
- (void) sprintf(statebuf, "unknown state 0x%x", state);
+ (void) snprintf(statebuf, sizeof(statebuf), "unknown
state 0x%x", state);
return (statebuf);
}
}
@@ -1265,7 +1265,7 @@ dlerrno(errno)
CASERET(DL_PENDING);
default:
- (void) sprintf(errnobuf, "unknown dlpi errno 0x%x",
errno);
+ (void) snprintf(errnobuf, sizeof(errnobuf), "unknown
dlpi errno 0x%x", errno);
return (errnobuf);
}
}
@@ -1281,7 +1281,7 @@ dlpromisclevel(level)
CASERET(DL_PROMISC_SAP);
CASERET(DL_PROMISC_MULTI);
default:
- (void) sprintf(levelbuf, "unknown promisc level 0x%x",
level);
+ (void) snprintf(levelbuf, sizeof(levelbuf), "unknown
promisc level 0x%x", level);
return (levelbuf);
}
}
@@ -1297,7 +1297,7 @@ dlservicemode(servicemode)
CASERET(DL_CLDLS);
CASERET(DL_CODLS|DL_CLDLS);
default:
- (void) sprintf(servicemodebuf,
+ (void) snprintf(servicemodebuf, sizeof(servicemodebuf),
"unknown provider service mode 0x%x",
servicemode);
return (servicemodebuf);
}
@@ -1313,7 +1313,7 @@ dlstyle(style)
CASERET(DL_STYLE1);
CASERET(DL_STYLE2);
default:
- (void) sprintf(stylebuf, "unknown provider style 0x%x",
style);
+ (void) snprintf(stylebuf, sizeof(stylebuf), "unknown
provider style 0x%x", style);
return (stylebuf);
}
}
@@ -1334,7 +1334,7 @@ dlmactype(media)
CASERET(DL_CHAR);
CASERET(DL_CTCA);
default:
- (void) sprintf(mediabuf, "unknown media type 0x%x",
media);
+ (void) snprintf(mediabuf, sizeof(mediabuf), "unknown
media type 0x%x", media);
return (mediabuf);
}
}
diff --git a/contrib/ipfilter/ipsend/sbpf.c b/contrib/ipfilter/ipsend/sbpf.c
index f3b8d2f37775..27f239185d37 100644
--- a/contrib/ipfilter/ipsend/sbpf.c
+++ b/contrib/ipfilter/ipsend/sbpf.c
@@ -74,7 +74,7 @@ int initdevice(device, tout)
for (i = 0; i < 16; i++)
{
- (void) sprintf(bpfname, "/dev/bpf%d", i);
+ (void) snprintf(bpfname, sizeof(bpfname), "/dev/bpf%d", i);
if ((fd = open(bpfname, O_RDWR)) >= 0)
break;
}
diff --git a/contrib/ipfilter/lib/getnattype.c
b/contrib/ipfilter/lib/getnattype.c
index ef7ffd47a050..81364738e94a 100644
--- a/contrib/ipfilter/lib/getnattype.c
+++ b/contrib/ipfilter/lib/getnattype.c
@@ -61,7 +61,7 @@ getnattype(nat)
which = "ENC-MAP";
break;
default :
- sprintf(unknownbuf, "unknown(%04x)",
+ snprintf(unknownbuf, sizeof(unknownbuf), "unknown(%04x)",
nat->nat_redir & 0xffffffff);
which = unknownbuf;
break;
diff --git a/contrib/ipfilter/lib/getsumd.c b/contrib/ipfilter/lib/getsumd.c
index 84acc7a282ed..53869131e694 100644
--- a/contrib/ipfilter/lib/getsumd.c
+++ b/contrib/ipfilter/lib/getsumd.c
@@ -16,8 +16,8 @@ char *getsumd(sum)
static char sumdbuf[17];
if (sum & NAT_HW_CKSUM)
- sprintf(sumdbuf, "hw(%#0x)", sum & 0xffff);
+ snprintf(sumdbuf, sizeof(sumdbuf), "hw(%#0x)", sum & 0xffff);
else
- sprintf(sumdbuf, "%#0x", sum);
+ snprintf(sumdbuf, sizeof(sumdbuf), "%#0x", sum);
return sumdbuf;
}
diff --git a/contrib/ipfilter/lib/interror.c b/contrib/ipfilter/lib/interror.c
index 183e465a0ca4..78ae4bf37849 100644
--- a/contrib/ipfilter/lib/interror.c
+++ b/contrib/ipfilter/lib/interror.c
@@ -557,9 +557,9 @@ ipf_geterror(fd, func)
ie = find_error(errnum);
if (ie != NULL)
return ie->iee_text;
- sprintf(text, "unknown error %d", errnum);
+ snprintf(text, sizeof(text), "unknown error %d", errnum);
} else {
- sprintf(text, "retrieving error number failed (%d)", errno);
+ snprintf(text, sizeof(text), "retrieving error number failed
(%d)", errno);
}
return text;
}
@@ -577,6 +577,6 @@ ipf_strerror(errnum)
if (ie != NULL)
return ie->iee_text;
- sprintf(text, "unknown error %d", errnum);
+ snprintf(text, sizeof(text), "unknown error %d", errnum);
return text;
}
diff --git a/contrib/ipfilter/lib/load_dstlistnode.c
b/contrib/ipfilter/lib/load_dstlistnode.c
index e1ec0013fae7..d8160ebaea9c 100644
--- a/contrib/ipfilter/lib/load_dstlistnode.c
+++ b/contrib/ipfilter/lib/load_dstlistnode.c
@@ -61,7 +61,7 @@ load_dstlistnode(role, name, node, iocfunc)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- (void) sprintf(msg, "%s lookup node", what);
+ (void) snprintf(msg, sizeof(msg), "%s lookup node",
what);
return ipf_perror_fd(pool_fd(), iocfunc, msg);
}
}
diff --git a/contrib/ipfilter/lib/load_hashnode.c
b/contrib/ipfilter/lib/load_hashnode.c
index 2aac4331b41f..203d75484ec3 100644
--- a/contrib/ipfilter/lib/load_hashnode.c
+++ b/contrib/ipfilter/lib/load_hashnode.c
@@ -60,7 +60,7 @@ load_hashnode(unit, name, node, ttl, iocfunc)
if (!(opts & OPT_DONOTHING)) {
char msg[80];
- sprintf(msg, "%s node from lookup hash table", what);
+ snprintf(msg, sizeof(msg), "%s node from lookup hash
table", what);
return ipf_perror_fd(pool_fd(), iocfunc, msg);
}
return 0;
diff --git a/contrib/ipfilter/lib/load_poolnode.c
b/contrib/ipfilter/lib/load_poolnode.c
index 5afca8412b08..0dfc1d25a8f7 100644
--- a/contrib/ipfilter/lib/load_poolnode.c
+++ b/contrib/ipfilter/lib/load_poolnode.c
@@ -59,7 +59,7 @@ load_poolnode(role, name, node, ttl, iocfunc)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%s pool node(%s/", what,
+ snprintf(msg, sizeof(msg), "%s pool node(%s/", what,
inet_ntoa(pn.ipn_addr.adf_addr.in4));
strcat(msg, inet_ntoa(pn.ipn_mask.adf_addr.in4));
return ipf_perror_fd(pool_fd(), iocfunc, msg);
diff --git a/contrib/ipfilter/lib/parseipfexpr.c
b/contrib/ipfilter/lib/parseipfexpr.c
index 18958301b900..b4b00f91bfca 100644
--- a/contrib/ipfilter/lib/parseipfexpr.c
+++ b/contrib/ipfilter/lib/parseipfexpr.c
@@ -97,7 +97,7 @@ parseipfexpr(line, errorptr)
if (e->ipoe_word == NULL) {
error = malloc(32);
if (error != NULL) {
- sprintf(error, "keyword (%.10s) not found",
+ snprintf(error, sizeof(error), "keyword (%.10s)
not found",
ops);
}
goto parseerror;
diff --git a/contrib/ipfilter/lib/portname.c b/contrib/ipfilter/lib/portname.c
index 925eace62532..f567b26fc3fd 100644
--- a/contrib/ipfilter/lib/portname.c
+++ b/contrib/ipfilter/lib/portname.c
@@ -38,6 +38,6 @@ portname(int pr, int port)
}
}
- (void) sprintf(buf, "%d", port);
+ (void) snprintf(buf, sizeof(buf), "%d", port);
return (buf);
}
diff --git a/contrib/ipfilter/tools/ipf_y.y b/contrib/ipfilter/tools/ipf_y.y
index 3851f34bb693..2013fe5b9452 100644
--- a/contrib/ipfilter/tools/ipf_y.y
+++ b/contrib/ipfilter/tools/ipf_y.y
@@ -2448,7 +2448,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(zero rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(zero
rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@@ -2468,7 +2468,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(delete rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(delete
rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@@ -2478,7 +2478,7 @@ void *ptr;
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(add/insert rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(add/insert
rule)",
fr->fr_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@@ -2572,7 +2572,7 @@ int value;
strncpy(buffer, varname, 60);
buffer[59] = '\0';
strcat(buffer, "=");
- sprintf(buffer, "%u", value);
+ snprintf(buffer, sizeof(buffer), "%u", value);
ipf_dotuning(ipffd, buffer, ioctl);
}
diff --git a/contrib/ipfilter/tools/ipfstat.c b/contrib/ipfilter/tools/ipfstat.c
index 2165a671a9e9..4517d3e857b4 100644
--- a/contrib/ipfilter/tools/ipfstat.c
+++ b/contrib/ipfilter/tools/ipfstat.c
@@ -1531,7 +1531,7 @@ static void topipstates(saddr, daddr, sport, dport,
protocol, ver,
attron(A_BOLD);
winy = 0;
move(winy,0);
- sprintf(str1, "%s - %s - state top", hostnm, IPL_VERSION);
+ snprintf(str1, sizeof(str1), "%s - %s - state top", hostnm,
IPL_VERSION);
for (j = 0 ; j < (maxx - 8 - strlen(str1)) / 2; j++)
printw(" ");
printw("%s", str1);
@@ -1549,50 +1549,50 @@ static void topipstates(saddr, daddr, sport, dport,
protocol, ver,
* while the programming is running :-)
*/
if (sport >= 0)
- sprintf(str1, "%s,%d", getip(ver, &saddr), sport);
+ snprintf(str1, sizeof(str1), "%s,%d", getip(ver,
&saddr), sport);
else
- sprintf(str1, "%s", getip(ver, &saddr));
+ snprintf(str1, sizeof(str1), "%s", getip(ver, &saddr));
if (dport >= 0)
- sprintf(str2, "%s,%d", getip(ver, &daddr), dport);
+ snprintf(str2, sizeof(str2), "%s,%d", getip(ver,
&daddr), dport);
else
- sprintf(str2, "%s", getip(ver, &daddr));
+ snprintf(str2, sizeof(str2), "%s", getip(ver, &daddr));
if (protocol < 0)
strcpy(str3, "any");
else if ((proto = getprotobynumber(protocol)) != NULL)
- sprintf(str3, "%s", proto->p_name);
+ snprintf(str3, sizeof(str3), "%s", proto->p_name);
else
- sprintf(str3, "%d", protocol);
+ snprintf(str3, sizeof(str3), "%d", protocol);
switch (sorting)
{
case STSORT_PR:
- sprintf(str4, "proto");
+ snprintf(str4, sizeof(str4), "proto");
break;
case STSORT_PKTS:
- sprintf(str4, "# pkts");
+ snprintf(str4, sizeof(str4), "# pkts");
break;
case STSORT_BYTES:
- sprintf(str4, "# bytes");
+ snprintf(str4, sizeof(str4), "# bytes");
break;
case STSORT_TTL:
- sprintf(str4, "ttl");
+ snprintf(str4, sizeof(str4), "ttl");
break;
case STSORT_SRCIP:
- sprintf(str4, "src ip");
+ snprintf(str4, sizeof(str4), "src ip");
break;
case STSORT_SRCPT:
- sprintf(str4, "src port");
+ snprintf(str4, sizeof(str4), "src port");
break;
case STSORT_DSTIP:
- sprintf(str4, "dest ip");
+ snprintf(str4, sizeof(str4), "dest ip");
break;
case STSORT_DSTPT:
- sprintf(str4, "dest port");
+ snprintf(str4, sizeof(str4), "dest port");
break;
default:
- sprintf(str4, "unknown");
+ snprintf(str4, sizeof(str4), "unknown");
break;
}
@@ -1639,16 +1639,16 @@ static void topipstates(saddr, daddr, sport, dport,
protocol, ver,
/* print src/dest and port */
if ((tp->st_p == IPPROTO_TCP) ||
(tp->st_p == IPPROTO_UDP)) {
- sprintf(str1, "%s,%hu",
+ snprintf(str1, sizeof(str1), "%s,%hu",
getip(tp->st_v, &tp->st_src),
ntohs(tp->st_sport));
- sprintf(str2, "%s,%hu",
+ snprintf(str2, sizeof(str2), "%s,%hu",
getip(tp->st_v, &tp->st_dst),
ntohs(tp->st_dport));
} else {
- sprintf(str1, "%s", getip(tp->st_v,
+ snprintf(str1, sizeof(str1), "%s",
getip(tp->st_v,
&tp->st_src));
- sprintf(str2, "%s", getip(tp->st_v,
+ snprintf(str2, sizeof(str2), "%s",
getip(tp->st_v,
&tp->st_dst));
}
winy++;
@@ -1656,7 +1656,7 @@ static void topipstates(saddr, daddr, sport, dport,
protocol, ver,
printw("%-*s %-*s", srclen + 6, str1, dstlen + 6, str2);
/* print state */
- sprintf(str1, "%X/%X", tp->st_state[0],
+ snprintf(str1, sizeof(str1), "%X/%X", tp->st_state[0],
tp->st_state[1]);
printw(" %3s", str1);
@@ -1666,7 +1666,7 @@ static void topipstates(saddr, daddr, sport, dport,
protocol, ver,
strncpy(str1, proto->p_name, 4);
str1[4] = '\0';
} else {
- sprintf(str1, "%d", tp->st_p);
+ snprintf(str1, sizeof(str1), "%d", tp->st_p);
}
/* just print icmp for IPv6-ICMP */
if (tp->st_p == IPPROTO_ICMPV6)
@@ -2015,9 +2015,9 @@ static char *ttl_to_string(ttl)
seconds = ttl % 60;
if (hours > 0)
- sprintf(ttlbuf, "%2d:%02d:%02d", hours, minutes, seconds);
+ snprintf(ttlbuf, sizeof(ttlbuf), "%2d:%02d:%02d", hours,
minutes, seconds);
else
- sprintf(ttlbuf, "%2d:%02d", minutes, seconds);
+ snprintf(ttlbuf, sizeof(ttlbuf), "%2d:%02d", minutes, seconds);
return ttlbuf;
}
diff --git a/contrib/ipfilter/tools/ipfsyncd.c
b/contrib/ipfilter/tools/ipfsyncd.c
index a75075059763..ead92b70371c 100644
--- a/contrib/ipfilter/tools/ipfsyncd.c
+++ b/contrib/ipfilter/tools/ipfsyncd.c
@@ -385,7 +385,7 @@ buildsocket(nicname, sinp)
(char *)&mreq, sizeof(mreq)) == -1) {
char buffer[80];
- sprintf(buffer, "%s,", inet_ntoa(sinp->sin_addr));
+ snprintf(buffer, sizeof(buffer), "%s,",
inet_ntoa(sinp->sin_addr));
strcat(buffer, inet_ntoa(reqip->sin_addr));
syslog(LOG_ERR,
diff --git a/contrib/ipfilter/tools/ipmon.c b/contrib/ipfilter/tools/ipmon.c
index 9022f12b6149..28586537da5b 100644
--- a/contrib/ipfilter/tools/ipmon.c
+++ b/contrib/ipfilter/tools/ipmon.c
@@ -447,7 +447,7 @@ static char *getlocalproto(p)
p &= 0xff;
s = protocols ? protocols[p] : NULL;
if (s == NULL) {
- sprintf(pnum, "%u", p);
+ snprintf(pnum, sizeof(pnum), "%u", p);
s = pnum;
}
return s;
@@ -483,7 +483,7 @@ char *portlocalname(res, proto, port)
port = ntohs(port);
port &= 0xffff;
- sprintf(pname, "%u", port);
+ snprintf(pname, sizeof(pname), "%u", port);
if (!res || (ipmonopts & IPMON_PORTNUM))
return pname;
s = NULL;
@@ -512,9 +512,9 @@ static char *icmpname(type, code)
s = it->it_name;
if (s == NULL)
- sprintf(name, "icmptype(%d)/", type);
+ snprintf(name, sizeof(name), "icmptype(%d)/", type);
else
- sprintf(name, "%s/", s);
+ snprintf(name, sizeof(name), "%s/", s);
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
@@ -522,8 +522,10 @@ static char *icmpname(type, code)
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
- else
- sprintf(name + strlen(name), "%d", code);
+ else {
+ int strlen_name = strlen(name);
+ snprintf(name + strlen_name, sizeof(name) - strlen_name, "%d",
code);
+ }
return name;
}
@@ -543,9 +545,9 @@ static char *icmpname6(type, code)
s = it->it_name;
if (s == NULL)
- sprintf(name, "icmpv6type(%d)/", type);
+ snprintf(name, sizeof(name), "icmpv6type(%d)/", type);
else
- sprintf(name, "%s/", s);
+ snprintf(name, sizeof(name), "%s/", s);
ist = NULL;
if (it != NULL && it->it_subtable != NULL)
@@ -553,8 +555,10 @@ static char *icmpname6(type, code)
if (ist != NULL && ist->ist_name != NULL)
strcat(name, ist->ist_name);
- else
- sprintf(name + strlen(name), "%d", code);
+ else {
+ int strlen_name = strlen(name);
+ snprintf(name + strlen_name, sizeof(name) - strlen_name, "%d",
code);
+ }
return name;
}
@@ -680,7 +684,7 @@ static void print_natlog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
- sprintf(t, ".%-.6ld @%hd ", (long)ipl->ipl_usec, nl->nl_rule + 1);
+ snprintf(t, sizeof(t), ".%-.6ld @%hd ", (long)ipl->ipl_usec,
nl->nl_rule + 1);
t += strlen(t);
switch (nl->nl_action)
@@ -710,7 +714,7 @@ static void print_natlog(conf, buf, blen)
break;
default :
- sprintf(t, "NAT:Action(%d)", nl->nl_action);
+ snprintf(t, sizeof(t), "NAT:Action(%d)", nl->nl_action);
break;
}
t += strlen(t);
@@ -763,7 +767,7 @@ static void print_natlog(conf, buf, blen)
break;
default :
- sprintf(t, "-Type(%d) ", nl->nl_type);
+ snprintf(t, sizeof(t), "-Type(%d) ", nl->nl_type);
break;
}
t += strlen(t);
@@ -773,25 +777,25 @@ static void print_natlog(conf, buf, blen)
family = vtof(nl->nl_v[0]);
if (simple == 1) {
- sprintf(t, "%s,%s <- -> ", hostname(family, nl->nl_osrcip.i6),
+ snprintf(t, sizeof(t), "%s,%s <- -> ", hostname(family,
nl->nl_osrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_osrcport));
t += strlen(t);
- sprintf(t, "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
+ snprintf(t, sizeof(t), "%s,%s ", hostname(family,
nl->nl_nsrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_nsrcport));
t += strlen(t);
- sprintf(t, "[%s,%s] ", hostname(family, nl->nl_odstip.i6),
+ snprintf(t, sizeof(t), "[%s,%s] ", hostname(family,
nl->nl_odstip.i6),
portlocalname(res, proto, (u_int)nl->nl_odstport));
} else {
- sprintf(t, "%s,%s ", hostname(family, nl->nl_osrcip.i6),
+ snprintf(t, sizeof(t), "%s,%s ", hostname(family,
nl->nl_osrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_osrcport));
t += strlen(t);
- sprintf(t, "%s,%s <- -> ", hostname(family, nl->nl_odstip.i6),
+ snprintf(t, sizeof(t), "%s,%s <- -> ", hostname(family,
nl->nl_odstip.i6),
portlocalname(res, proto, (u_int)nl->nl_odstport));
t += strlen(t);
- sprintf(t, "%s,%s ", hostname(family, nl->nl_nsrcip.i6),
+ snprintf(t, sizeof(t), "%s,%s ", hostname(family,
nl->nl_nsrcip.i6),
portlocalname(res, proto, (u_int)nl->nl_nsrcport));
t += strlen(t);
- sprintf(t, "%s,%s ", hostname(family, nl->nl_ndstip.i6),
+ snprintf(t, sizeof(t), "%s,%s ", hostname(family,
nl->nl_ndstip.i6),
portlocalname(res, proto, (u_int)nl->nl_ndstport));
}
t += strlen(t);
@@ -802,13 +806,13 @@ static void print_natlog(conf, buf, blen)
if (nl->nl_action == NL_EXPIRE || nl->nl_action == NL_FLUSH) {
#ifdef USE_QUAD_T
# ifdef PRId64
- sprintf(t, " Pkts %" PRId64 "/%" PRId64 " Bytes %" PRId64 "/%"
+ snprintf(t, sizeof(t), " Pkts %" PRId64 "/%" PRId64 " Bytes %"
PRId64 "/%"
PRId64,
# else
- sprintf(t, " Pkts %qd/%qd Bytes %qd/%qd",
+ snprintf(t, sizeof(t), " Pkts %qd/%qd Bytes %qd/%qd",
# endif
#else
- sprintf(t, " Pkts %ld/%ld Bytes %ld/%ld",
+ snprintf(t, sizeof(t), " Pkts %ld/%ld Bytes %ld/%ld",
#endif
nl->nl_pkts[0], nl->nl_pkts[1],
nl->nl_bytes[0], nl->nl_bytes[1]);
@@ -865,7 +869,7 @@ static void print_statelog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
- sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
+ snprintf(t, sizeof(t), ".%-.6ld ", (long)ipl->ipl_usec);
t += strlen(t);
family = vtof(sl->isl_v);
@@ -910,7 +914,7 @@ static void print_statelog(conf, buf, blen)
break;
default :
- sprintf(t, "Type: %d ", sl->isl_type);
+ snprintf(t, sizeof(t), "Type: %d ", sl->isl_type);
break;
}
t += strlen(t);
@@ -918,38 +922,38 @@ static void print_statelog(conf, buf, blen)
proto = getlocalproto(sl->isl_p);
if (sl->isl_p == IPPROTO_TCP || sl->isl_p == IPPROTO_UDP) {
- sprintf(t, "%s,%s -> ",
+ snprintf(t, sizeof(t), "%s,%s -> ",
hostname(family, (u_32_t *)&sl->isl_src),
portlocalname(res, proto, (u_int)sl->isl_sport));
t += strlen(t);
- sprintf(t, "%s,%s PR %s",
+ snprintf(t, sizeof(t), "%s,%s PR %s",
hostname(family, (u_32_t *)&sl->isl_dst),
portlocalname(res, proto, (u_int)sl->isl_dport), proto);
} else if (sl->isl_p == IPPROTO_ICMP) {
- sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
+ snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t
*)&sl->isl_src));
t += strlen(t);
- sprintf(t, "%s PR icmp %d",
+ snprintf(t, sizeof(t), "%s PR icmp %d",
hostname(family, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
} else if (sl->isl_p == IPPROTO_ICMPV6) {
- sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
+ snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t
*)&sl->isl_src));
t += strlen(t);
- sprintf(t, "%s PR icmpv6 %d",
+ snprintf(t, sizeof(t), "%s PR icmpv6 %d",
hostname(family, (u_32_t *)&sl->isl_dst),
sl->isl_itype);
} else {
- sprintf(t, "%s -> ", hostname(family, (u_32_t *)&sl->isl_src));
+ snprintf(t, sizeof(t), "%s -> ", hostname(family, (u_32_t
*)&sl->isl_src));
t += strlen(t);
- sprintf(t, "%s PR %s",
+ snprintf(t, sizeof(t), "%s PR %s",
hostname(family, (u_32_t *)&sl->isl_dst), proto);
}
t += strlen(t);
if (sl->isl_tag != FR_NOLOGTAG) {
- sprintf(t, " tag %u", sl->isl_tag);
+ snprintf(t, sizeof(t), " tag %u", sl->isl_tag);
t += strlen(t);
}
if (sl->isl_type != ISL_NEW) {
- sprintf(t,
+ snprintf(t, sizeof(t),
#ifdef USE_QUAD_T
#ifdef PRId64
" Forward: Pkts in %" PRId64 " Bytes in %" PRId64
@@ -1095,10 +1099,10 @@ static void print_ipflog(conf, buf, blen)
}
(void) strftime(t, len, "%T", tm);
t += strlen(t);
- sprintf(t, ".%-.6ld ", (long)ipl->ipl_usec);
+ snprintf(t, sizeof(t), ".%-.6ld ", (long)ipl->ipl_usec);
t += strlen(t);
if (ipl->ipl_count > 1) {
- sprintf(t, "%dx ", ipl->ipl_count);
+ snprintf(t, sizeof(t), "%dx ", ipl->ipl_count);
t += strlen(t);
}
{
@@ -1106,11 +1110,11 @@ static void print_ipflog(conf, buf, blen)
strncpy(ifname, ipf->fl_ifname, sizeof(ipf->fl_ifname));
ifname[sizeof(ipf->fl_ifname)] = '\0';
- sprintf(t, "%s", ifname);
+ snprintf(t, sizeof(t), "%s", ifname);
t += strlen(t);
# if SOLARIS
if (ISALPHA(*(t - 1))) {
- sprintf(t, "%d", ipf->fl_unit);
+ snprintf(t, sizeof(t), "%d", ipf->fl_unit);
t += strlen(t);
}
# endif
@@ -1120,12 +1124,12 @@ static void print_ipflog(conf, buf, blen)
else if (ipf->fl_group[0] == '\0')
(void) strcpy(t, " @0:");
else
- sprintf(t, " @%s:", ipf->fl_group);
+ snprintf(t, sizeof(t), " @%s:", ipf->fl_group);
t += strlen(t);
if (ipf->fl_rule == 0xffffffff)
strcat(t, "-1 ");
else
- sprintf(t, "%u ", ipf->fl_rule + 1);
+ snprintf(t, sizeof(t), "%u ", ipf->fl_rule + 1);
t += strlen(t);
lvl = LOG_NOTICE;
@@ -1212,10 +1216,10 @@ static void print_ipflog(conf, buf, blen)
if ((p == IPPROTO_TCP || p == IPPROTO_UDP) && !off) {
tp = (tcphdr_t *)((char *)ip + hl);
if (!(ipf->fl_lflags & FI_SHORT)) {
- sprintf(t, "%s,%s -> ", hostname(f, s),
+ snprintf(t, sizeof(t), "%s,%s -> ", hostname(f, s),
portlocalname(res, proto, (u_int)tp->th_sport));
t += strlen(t);
- sprintf(t, "%s,%s PR %s len %hu %hu",
+ snprintf(t, sizeof(t), "%s,%s PR %s len %hu %hu",
hostname(f, d),
portlocalname(res, proto, (u_int)tp->th_dport),
proto, hl, plen);
@@ -1228,7 +1232,7 @@ static void print_ipflog(conf, buf, blen)
if (tp->th_flags & tcpfl[i].value)
*t++ = tcpfl[i].flag;
if (ipmonopts & IPMON_VERBOSE) {
- sprintf(t, " %lu %lu %hu",
+ snprintf(t, sizeof(t), " %lu %lu %hu",
(u_long)(ntohl(tp->th_seq)),
(u_long)(ntohl(tp->th_ack)),
ntohs(tp->th_win));
@@ -1237,7 +1241,7 @@ static void print_ipflog(conf, buf, blen)
}
*t = '\0';
} else {
- sprintf(t, "%s -> ", hostname(f, s));
+ snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
sprintf(t, "%s PR %s len %hu %hu",
hostname(f, d), proto, hl, plen);
@@ -1245,17 +1249,17 @@ static void print_ipflog(conf, buf, blen)
#if defined(AF_INET6) && defined(IPPROTO_ICMPV6)
} else if ((p == IPPROTO_ICMPV6) && !off && (f == AF_INET6)) {
ic = (struct icmp *)((char *)ip + hl);
- sprintf(t, "%s -> ", hostname(f, s));
+ snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
- sprintf(t, "%s PR icmpv6 len %hu %hu icmpv6 %s",
+ snprintf(t, sizeof(t), "%s PR icmpv6 len %hu %hu icmpv6 %s",
hostname(f, d), hl, plen,
icmpname6(ic->icmp_type, ic->icmp_code));
#endif
} else if ((p == IPPROTO_ICMP) && !off && (f == AF_INET)) {
ic = (struct icmp *)((char *)ip + hl);
- sprintf(t, "%s -> ", hostname(f, s));
+ snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
- sprintf(t, "%s PR icmp len %hu %hu icmp %s",
+ snprintf(t, sizeof(t), "%s PR icmp len %hu %hu icmp %s",
hostname(f, d), hl, plen,
icmpname(ic->icmp_type, ic->icmp_code));
if (ic->icmp_type == ICMP_UNREACH ||
@@ -1279,12 +1283,12 @@ static void print_ipflog(conf, buf, blen)
(ipc->ip_p == IPPROTO_UDP))) {
tp = (tcphdr_t *)((char *)ipc + hl);
t += strlen(t);
- sprintf(t, " for %s,%s -",
+ snprintf(t, sizeof(t), " for %s,%s -",
HOSTNAMEV4(ipc->ip_src),
portlocalname(res, proto,
(u_int)tp->th_sport));
t += strlen(t);
- sprintf(t, " %s,%s PR %s len %hu %hu",
+ snprintf(t, sizeof(t), " %s,%s PR %s len %hu
%hu",
HOSTNAMEV4(ipc->ip_dst),
portlocalname(res, proto,
(u_int)tp->th_dport),
@@ -1294,25 +1298,25 @@ static void print_ipflog(conf, buf, blen)
icmp = (icmphdr_t *)((char *)ipc + hl);
t += strlen(t);
- sprintf(t, " for %s -",
+ snprintf(t, sizeof(t), " for %s -",
HOSTNAMEV4(ipc->ip_src));
t += strlen(t);
- sprintf(t,
+ snprintf(t, sizeof(t),
" %s PR icmp len %hu %hu icmp %d/%d",
HOSTNAMEV4(ipc->ip_dst),
IP_HL(ipc) << 2, i,
icmp->icmp_type, icmp->icmp_code);
} else {
t += strlen(t);
- sprintf(t, " for %s -",
+ snprintf(t, sizeof(t), " for %s -",
HOSTNAMEV4(ipc->ip_src));
t += strlen(t);
- sprintf(t, " %s PR %s len %hu (%hu)",
+ snprintf(t, sizeof(t), " %s PR %s len %hu
(%hu)",
HOSTNAMEV4(ipc->ip_dst), proto,
IP_HL(ipc) << 2, i);
t += strlen(t);
if (ipoff & IP_OFFMASK) {
- sprintf(t, "(frag %d:%hu@%hu%s%s)",
+ snprintf(t, sizeof(t), "(frag
%d:%hu@%hu%s%s)",
ntohs(ipc->ip_id),
i - (IP_HL(ipc) << 2),
(ipoff & IP_OFFMASK) << 3,
@@ -1323,13 +1327,13 @@ static void print_ipflog(conf, buf, blen)
}
} else {
- sprintf(t, "%s -> ", hostname(f, s));
+ snprintf(t, sizeof(t), "%s -> ", hostname(f, s));
t += strlen(t);
- sprintf(t, "%s PR %s len %hu (%hu)",
+ snprintf(t, sizeof(t), "%s PR %s len %hu (%hu)",
hostname(f, d), proto, hl, plen);
t += strlen(t);
if (off & IP_OFFMASK)
- sprintf(t, " (frag %d:%hu@%hu%s%s)",
+ snprintf(t, sizeof(t), " (frag %d:%hu@%hu%s%s)",
ntohs(ip->ip_id),
plen - hl, (off & IP_OFFMASK) << 3,
ipoff & IP_MF ? "+" : "",
@@ -1354,7 +1358,7 @@ printipflog:
strcpy(t, " OUT");
t += strlen(t);
if (ipf->fl_logtag != 0) {
- sprintf(t, " log-tag %d", ipf->fl_logtag);
+ snprintf(t, sizeof(t), " log-tag %d", ipf->fl_logtag);
t += strlen(t);
}
if (ipf->fl_nattag.ipt_num[0] != 0) {
diff --git a/contrib/ipfilter/tools/ipmon_y.y b/contrib/ipfilter/tools/ipmon_y.y
index 0aeb20a32519..e734c1c8c1f1 100644
--- a/contrib/ipfilter/tools/ipmon_y.y
+++ b/contrib/ipfilter/tools/ipmon_y.y
@@ -368,7 +368,7 @@ build_action(olist, todo)
if (o->o_str != NULL)
strncpy(a->ac_group, o->o_str, FR_GROUPLEN);
else
- sprintf(a->ac_group, "%d", o->o_num);
+ snprintf(a->ac_group, FR_GROUPLEN, "%d",
o->o_num);
break;
case IPM_LOGTAG :
a->ac_logtag = o->o_num;
diff --git a/contrib/ipfilter/tools/ipnat_y.y b/contrib/ipfilter/tools/ipnat_y.y
index 30e888d8b490..a6a5a0e49d76 100644
--- a/contrib/ipfilter/tools/ipnat_y.y
+++ b/contrib/ipfilter/tools/ipnat_y.y
@@ -1507,7 +1507,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(zero nat rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(zero nat
rule)",
ipn->in_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@@ -1527,7 +1527,7 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(delete nat rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(delete nat
rule)",
ipn->in_flineno);
return ipf_perror_fd(fd, ioctlfunc, msg);
}
@@ -1537,10 +1537,11 @@ ipnat_addrule(fd, ioctlfunc, ptr)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(add/insert nat rule)",
+ snprintf(msg, sizeof(msg), "%d:ioctl(add/insert
nat rule)",
ipn->in_flineno);
if (errno == EEXIST) {
- sprintf(msg + strlen(msg), "(line %d)",
+ int strlen_msg = strlen(msg);
+ snprintf(msg + strlen_msg, sizeof(msg)
-strlen_msg, "(line %d)",
ipn->in_flineno);
}
return ipf_perror_fd(fd, ioctlfunc, msg);
@@ -1717,7 +1718,7 @@ proxy_loadconfig(fd, ioctlfunc, proxy, proto, conf, list)
if ((opts & OPT_DONOTHING) == 0) {
char msg[80];
- sprintf(msg, "%d:ioctl(add/remove proxy rule)",
+ snprintf(msg, sizeof(msg),
"%d:ioctl(add/remove proxy rule)",
yylineNum);
ipf_perror_fd(fd, ioctlfunc, msg);
return;
diff --git a/contrib/ipfilter/tools/ippool_y.y
b/contrib/ipfilter/tools/ippool_y.y
index 741ae2db7466..03ee1731f24f 100644
--- a/contrib/ipfilter/tools/ippool_y.y
+++ b/contrib/ipfilter/tools/ippool_y.y
@@ -218,7 +218,7 @@ ipfgroup:
{ $$ = $3; }
;
-number: IPT_NUM '=' YY_NUMBER { sprintf(poolname,
"%u", $3);
+number: IPT_NUM '=' YY_NUMBER { snprintf(poolname,
sizeof(poolname), "%u", $3);
$$ = poolname;
}
| IPT_NAME '=' YY_STR { strncpy(poolname, $3,
@@ -237,7 +237,7 @@ setgroup:
free($3);
}
| IPT_GROUP '=' YY_NUMBER { char tmp[FR_GROUPLEN+1];
- sprintf(tmp, "%u", $3);
+ snprintf(tmp, sizeof(tmp), "%u", $3);
$$ = strdup(tmp);
}
;
@@ -516,7 +516,7 @@ poolline:
name: IPT_NAME YY_STR { $$ = $2; }
| IPT_NUM YY_NUMBER { char name[80];
- sprintf(name, "%d", $2);
+ snprintf(name, sizeof(name), "%d",
$2);
$$ = strdup(name);
}
;
diff --git a/contrib/ipfilter/tools/lexer.c b/contrib/ipfilter/tools/lexer.c
index 926ee201685f..2dc2c3e8fe8c 100644
--- a/contrib/ipfilter/tools/lexer.c
+++ b/contrib/ipfilter/tools/lexer.c
@@ -447,7 +447,7 @@ buildipv6:
oc = c;
if (prior == YY_NUMBER && c == ':') {
- sprintf(s, "%d", priornum);
+ snprintf(s, sizeof(s), "%d", priornum);
s += strlen(s);
}
