i'm trying to do little audit as suggested by the openbsd port checklist (http://www.openbsd.org/porting.html).
- sprintf: patch (compiles ok)
- lots of strcpy/strcmp/strcat: no use for strncpy & co ? (or strlcpy but only openbsd or need extra files)
comments ?
Regards
Julien
$OpenBSD$
--- webInterface.c.orig 2004-02-22 11:08:28.000000000 +0100
+++ webInterface.c 2004-02-22 11:09:10.000000000 +0100
@@ -5368,12 +5368,12 @@ void printNtopConfigInfo(int textPrintFl
char pid[16];
if(myGlobals.daemonMode == 1) {
- sprintf(pid, "%d", myGlobals.basentoppid);
+ snprintf(pid, sizeof(pid), "%d", myGlobals.basentoppid);
printFeatureConfigInfo(textPrintFlag, "ntop Process Id", pid);
- sprintf(pid, "%d", getppid());
+ snprintf(pid, sizeof(pid), "%d", getppid());
printFeatureConfigInfo(textPrintFlag, "http Process Id", pid);
} else {
- sprintf(pid, "%d", getppid());
+ snprintf(pid, sizeof(pid), "%d", getppid());
printFeatureConfigInfo(textPrintFlag, "Process Id", pid);
}
$OpenBSD$
--- emitter.c.orig 2004-02-22 10:57:31.000000000 +0100
+++ emitter.c 2004-02-22 11:00:42.000000000 +0100
@@ -233,7 +233,7 @@ static void wrtStrItm(FILE *fDescr, int
static void wrtIntItm(FILE *fDescr, int lang, char *indent, char *name,
int value, char last, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d",value);
+ snprintf(buf,sizeof(buf),"%d",value);
wrtStrItm(fDescr, lang, indent, name, buf, last, numEntriesSent);
}
@@ -242,7 +242,7 @@ static void wrtIntItm(FILE *fDescr, int
static void wrtIntStrItm(FILE *fDescr, int lang, char *indent,int name,
char *value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d",name);
+ snprintf(buf,sizeof(buf),"%d",name);
wrtStrItm(fDescr, lang, indent, buf, value, ',', numEntriesSent);
}
@@ -251,7 +251,7 @@ static void wrtIntStrItm(FILE *fDescr, i
static void wrtUintItm(FILE *fDescr, int lang, char *indent, char *name,
unsigned int value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d",value);
+ snprintf(buf,sizeof(buf),"%d",value);
wrtStrItm(fDescr, lang, indent, name, buf, ',', numEntriesSent);
}
@@ -260,7 +260,7 @@ static void wrtUintItm(FILE *fDescr, int
static void wrtUcharItm(FILE *fDescr, int lang, char *indent, char *name,
u_char value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d",value);
+ snprintf(buf,sizeof(buf),"%d",value);
wrtStrItm(fDescr, lang, indent, name, buf, ',', numEntriesSent);
}
@@ -269,7 +269,7 @@ static void wrtUcharItm(FILE *fDescr, in
static void wrtFloatItm(FILE *fDescr, int lang, char *indent, char *name,
float value, char last, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%0.2f",value);
+ snprintf(buf,sizeof(buf),"%0.2f",value);
wrtStrItm(fDescr, lang, indent, name, buf, last, numEntriesSent);
}
@@ -278,7 +278,7 @@ static void wrtFloatItm(FILE *fDescr, in
static void wrtIntFloatItm(FILE *fDescr, int lang, char *indent, int name,
float value, char last, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d", name);
+ snprintf(buf,sizeof(buf),"%d", name);
wrtFloatItm(fDescr, lang, indent, (lang == FLAG_XML_LANGUAGE) ? "number" : buf,
value, last, numEntriesSent);
}
@@ -289,7 +289,7 @@ static void wrtUlongItm(FILE *fDescr, in
unsigned long value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%lu",value);
+ snprintf(buf,sizeof(buf),"%lu",value);
wrtStrItm(fDescr, lang, indent, name, buf, ',', numEntriesSent);
}
@@ -299,7 +299,7 @@ static void wrtLlongItm(FILE *fDescr, in
TrafficCounter value, char last, int numEntriesSent) {
char buf[80];
- sprintf(buf, "%lu", (long unsigned int)value.value);
+ snprintf(buf, sizeof(buf), "%lu", (long unsigned int)value.value);
wrtStrItm(fDescr, lang, indent, name, buf, last, numEntriesSent);
}
@@ -308,7 +308,7 @@ static void wrtLlongItm(FILE *fDescr, in
static void wrtTime_tItm(FILE *fDescr, int lang, char *indent, char *name,
time_t value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%ld",value);
+ snprintf(buf,sizeof(buf),"%ld",value);
wrtStrItm(fDescr, lang, indent, name, buf, ',', numEntriesSent);
}
@@ -317,7 +317,7 @@ static void wrtTime_tItm(FILE *fDescr, i
static void wrtUshortItm(FILE *fDescr, int lang, char *indent, char *name,
u_short value, char useless, int numEntriesSent) {
char buf[80];
- sprintf(buf,"%d",value);
+ snprintf(buf,sizeof(buf),"%d",value);
wrtStrItm(fDescr, lang, indent, name, buf, ',', numEntriesSent);
}
$OpenBSD$
--- graph.c.orig 2004-02-22 11:01:52.000000000 +0100
+++ graph.c 2004-02-22 11:03:52.000000000 +0100
@@ -1799,7 +1799,7 @@ int drawHostsDistanceGraph(int checkOnly
memset(graphData, 0, sizeof(graphData));
for(i=0; i<=30; i++) {
- sprintf(labels[i], "%d", i);
+ snprintf(labels[i], sizeof(labels[i]), "%d", i);
lbls[i] = labels[i];
graphData[i] = 0;
}
@@ -2145,7 +2145,7 @@ void drawLunStatsBytesDistribution (Host
p[idx] = (float) (entry->stats->bytesSent.value +
entry->stats->bytesRcvd.value);
if (p[idx] > 0) {
- sprintf (label[idx],"%hd", entry->lun);
+ snprintf (label[idx], sizeof(label[idx]), "%hd", entry->lun);
lbl[idx] = label[idx];
idx++;
}
@@ -2213,7 +2213,7 @@ void drawLunStatsPktsDistribution (HostT
p[idx] = (float) (entry->stats->pktRcvd +
entry->stats->pktSent);
if (p[idx] > 0) {
- sprintf (label[idx],"%hd", entry->lun);
+ snprintf (label[idx], sizeof(label[idx]), "%hd", entry->lun);
lbl[idx] = label[idx];
idx++;
}
@@ -2288,10 +2288,10 @@ void drawVsanStatsBytesDistribution (int
if (tmpTable[i] != NULL) {
p[idx] = tmpTable[i]->totBytes.value;
if (tmpTable[i]->vsanId) {
- sprintf (label[idx], "%hd", tmpTable[i]->vsanId);
+ snprintf (label[idx], sizeof(label[idx]), "%hd", tmpTable[i]->vsanId);
}
else {
- sprintf (label[idx], "N/A");
+ snprintf (label[idx], sizeof(label[idx]), "N/A");
}
lbl[idx] = label[idx++];
}
@@ -2369,10 +2369,10 @@ void drawVsanStatsPktsDistribution (int
if (tmpTable[i] != NULL) {
p[idx] = tmpTable[i]->totPkts.value;
if (tmpTable[i]->vsanId) {
- sprintf (label[idx], "%d", tmpTable[i]->vsanId);
+ snprintf (label[idx], sizeof(label[idx]), "%d", tmpTable[i]->vsanId);
}
else {
- sprintf (label[idx], "N/A");
+ snprintf (label[idx], sizeof(label[idx]), "N/A");
}
lbl[idx] = label[idx++];
}
@@ -2552,7 +2552,7 @@ void drawVsanDomainTrafficDistribution(u
}
if (total > 0) {
p[idx] = (float)total;
- sprintf (labels[idx], "%x", fcDomainStats[i].domainId);
+ snprintf (labels[idx], sizeof(labels[idx]), "%x",
fcDomainStats[i].domainId);
lbl[idx] = labels[idx];
idx++;
}
$OpenBSD$
--- hash.c.orig 2004-02-22 11:13:13.000000000 +0100
+++ hash.c 2004-02-22 11:13:33.000000000 +0100
@@ -1246,7 +1246,7 @@ HostTraffic *lookupFcHost (FcAddress *ho
el->hostFcAddress.domain = hostFcAddress->domain;
el->hostFcAddress.area = hostFcAddress->area;
el->hostFcAddress.port = hostFcAddress->port;
- sprintf (el->hostNumFcAddress, "%02x.%02x.%02x", hostFcAddress->domain,
+ snprintf (el->hostNumFcAddress, sizeof(el->hostNumFcAddress), "%02x.%02x.%02x",
hostFcAddress->domain,
hostFcAddress->area, hostFcAddress->port);
/* TBD: Resolve FC_ID to WWN */
el->vsanId = vsanId;
$OpenBSD$
--- http.c.orig 2004-02-22 11:12:22.000000000 +0100
+++ http.c 2004-02-22 11:13:03.000000000 +0100
@@ -483,9 +483,9 @@ void sendStringLen(char *theString, unsi
if(compressFile) {
if(compressFileFd == NULL) {
#ifdef WIN32
- sprintf(compressedFilePath, "gzip-%d.ntop", fileSerial++);
+ snprintf(compressedFilePath, sizeof(compressedFilePath), "gzip-%d.ntop",
fileSerial++);
#else
- sprintf(compressedFilePath, "/tmp/gzip-%d.ntop", getpid());
+ snprintf(compressedFilePath, sizeof(compressedFilePath), "/tmp/gzip-%d.ntop",
getpid());
#endif
compressFileFd = gzopen(compressedFilePath, "wb");
$OpenBSD$
--- initialize.c.orig 2004-02-22 11:04:24.000000000 +0100
+++ initialize.c 2004-02-22 11:05:40.000000000 +0100
@@ -1221,11 +1221,11 @@ void addDevice(char* deviceName, char* d
if(strlen(myGlobals.pcapLog) > 64)
myGlobals.pcapLog[64] = '\0';
#ifdef WIN32
- sprintf(myName, "%s\%s.pcap",
+ snprintf(myName, sizeof(myName), "%s\%s.pcap",
myGlobals.pcapLogBasePath, /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
deviceId);
#else
- sprintf(myName, "%s/%s.%s.pcap",
+ snprintf(myName, sizeof(myName), "%s/%s.%s.pcap",
myGlobals.pcapLogBasePath, /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
myGlobals.pcapLog, myGlobals.device[deviceId].name);
#endif
@@ -1240,11 +1240,11 @@ void addDevice(char* deviceName, char* d
if(myGlobals.enableSuspiciousPacketDump) {
#ifdef WIN32
- sprintf(myName, "%s\ntop-suspicious-pkts.dev%d.pcap",
+ snprintf(myName, sizeof(myName), "%s\ntop-suspicious-pkts.dev%d.pcap",
myGlobals.pcapLogBasePath, /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
deviceId);
#else
- sprintf(myName, "%s/ntop-suspicious-pkts.%s.pcap",
+ snprintf(myName, sizeof(myName), "%s/ntop-suspicious-pkts.%s.pcap",
myGlobals.pcapLogBasePath, /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
myGlobals.device[deviceId].name);
#endif
@@ -1259,11 +1259,11 @@ void addDevice(char* deviceName, char* d
if(myGlobals.enableOtherPacketDump) {
#ifdef WIN32
- sprintf(myName, "%s\ntop-other-pkts.%s.pcap",
+ snprintf(myName, sizeof(myName), "%s\ntop-other-pkts.%s.pcap",
myGlobals.pcapLogBasePath,
deviceId);
#else
- sprintf(myName, "%s/ntop-other-pkts.%s.pcap",
+ snprintf(myName, sizeof(myName), "%s/ntop-other-pkts.%s.pcap",
myGlobals.pcapLogBasePath,
myGlobals.device[deviceId].name);
#endif
@@ -1488,7 +1488,7 @@ void initDevices(char* devices) {
initDeviceDatalink(0);
if(myGlobals.enableSuspiciousPacketDump) {
- sprintf(myName, "%s/ntop-suspicious-pkts.%s.pcap",
+ snprintf(myName, sizeof(myName), "%s/ntop-suspicious-pkts.%s.pcap",
myGlobals.pcapLogBasePath, /* Added by Ola Lundqvist <[EMAIL PROTECTED]>
*/
#ifdef WIN32
myGlobals.device[0].humanFriendlyName
$OpenBSD$
--- report.c.orig 2004-02-22 11:11:04.000000000 +0100
+++ report.c 2004-02-22 11:11:25.000000000 +0100
@@ -2176,7 +2176,7 @@ void printHostsInfo(int sortedColumn, in
} else
i = 0;
- sprintf(shortBuf, "%d", i % 256);
+ snprintf(shortBuf, sizeof(shortBuf), "%d", i % 256);
if(snprintf(buf, sizeof(buf), "<TD "TD_BG" ALIGN=RIGHT> %s</TD>",
(i == 0) ? "" : shortBuf) < 0)
$OpenBSD$
--- reportUtils.c.orig 2004-02-22 11:09:27.000000000 +0100
+++ reportUtils.c 2004-02-22 11:10:18.000000000 +0100
@@ -2916,7 +2916,7 @@ HostTraffic* quickHostLink(HostSerial th
memcpy ((u_int8_t *)&el->hostFcAddress,
(u_int8_t *)&theSerial.value.fcSerial.fcAddress,
LEN_FC_ADDRESS);
- sprintf (el->hostNumFcAddress, "%02x.%02x.%02x", el->hostFcAddress.domain,
+ snprintf (el->hostNumFcAddress, sizeof(el->hostNumFcAddress), "%02x.%02x.%02x",
el->hostFcAddress.domain,
el->hostFcAddress.area, el->hostFcAddress.port);
strcpy(el->hostSymIpAddress, el->hostNumFcAddress);
el->vsanId = theSerial.value.fcSerial.vsanId;
@@ -6792,10 +6792,10 @@ void printScsiLunStats (HostTraffic *el,
}
#ifdef WIN32
- sprintf(pcapFilename, "file:%s/ntop-suspicious-pkts.none.pcap",
+ snprintf(pcapFilename, sizeof(pcapFilename),
"file:%s/ntop-suspicious-pkts.none.pcap",
myGlobals.pcapLogBasePath); /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
#else
- sprintf(pcapFilename, "file://%s/ntop-suspicious-pkts.none.pcap",
+ snprintf(pcapFilename, sizeof(pcapFilename),
"file://%s/ntop-suspicious-pkts.none.pcap",
myGlobals.pcapLogBasePath); /* Added by Ola Lundqvist <[EMAIL
PROTECTED]> */
#endif
$OpenBSD$
--- sessions.c.orig 2004-02-22 11:10:33.000000000 +0100
+++ sessions.c 2004-02-22 11:10:50.000000000 +0100
@@ -1540,7 +1540,7 @@ static IPSession* handleSession(const st
} else {
sscanf(&tmpStr[27], "%d,%d,%d,%d,%d,%d", &a, &b, &c, &d, &e,
&f);
}
- sprintf(tmpStr, "%d.%d.%d.%d", a, b, c, d);
+ snprintf(tmpStr, sizeof(tmpStr), "%d.%d.%d.%d", a, b, c, d);
#ifdef FTP_DEBUG
traceEvent(CONST_TRACE_INFO, "FTP_DEBUG: (%d) [%d.%d.%d.%d:%d]",
$OpenBSD$
--- util.c.orig 2004-02-22 11:05:56.000000000 +0100
+++ util.c 2004-02-22 11:08:15.000000000 +0100
@@ -2792,7 +2792,7 @@ FILE* getNewRandomFile(char* fileName, i
char tmpFileName[NAME_MAX];
strcpy(tmpFileName, fileName);
- sprintf(fileName, "%s-%lu", tmpFileName,
+ snprintf(fileName, sizeof(fileName), "%s-%lu", tmpFileName,
myGlobals.numHandledRequests[0]+myGlobals.numHandledRequests[1]);
fd = fopen(fileName, "wb");
#endif /* 0 */
@@ -2887,7 +2887,7 @@ int snprintf(char *string, size_t maxlen
va_list args;
va_start(args, format);
- vsprintf(string,format,args);
+ vsnprintf(string,sizeof(string),format,args);
va_end(args);
return ret;
}
@@ -3379,7 +3379,7 @@ char* mapIcmpType(int icmpType) {
case 17: return("MASKREQ");
case 18: return("MASKREPLY");
default:
- sprintf(icmpString, "%d", icmpType);
+ snprintf(icmpString, sizeof(icmpString),"%d", icmpType);
return(icmpString);
}
}
@@ -4373,7 +4373,7 @@ void saveNtopPid(void) {
FILE *fd;
myGlobals.basentoppid = getpid();
- sprintf(pidFileName, "%s/%s",
+ snprintf(pidFileName, sizeof(pidFileName), "%s/%s",
getuid() ?
/* We're not root */ myGlobals.dbPath :
/* We are root */ DEFAULT_NTOP_PID_DIRECTORY,
@@ -4395,7 +4395,7 @@ void removeNtopPid(void) {
char pidFileName[NAME_MAX];
int rc;
- sprintf(pidFileName, "%s/%s",
+ snprintf(pidFileName, sizeof(pidFileName), "%s/%s",
getuid() ?
/* We're not root */ myGlobals.dbPath :
/* We are root */ DEFAULT_NTOP_PID_DIRECTORY,
@@ -4608,7 +4608,7 @@ static const char *inet_ntop6(const u_ch
tp += strlen(tp);
break;
}
- tp += sprintf(tp, "%x", words[i]);
+ tp += snprintf(tp, sizeof(tp), "%x", words[i]);
}
/* Was it a trailing run of 0x00's? */
if (best.base != -1 && (best.base + best.len) ==
$OpenBSD$ --- address.c.orig 2004-02-22 11:01:09.000000000 +0100 +++ address.c 2004-02-22 11:13:55.000000000 +0100 @@ -506,7 +506,7 @@ static void queueAddress(HostAddr elem, } #endif - sprintf(tmpBuf, "%s", addrtostr(&elem)); + snprintf(tmpBuf, sizeof(tmpBuf), "%s", addrtostr(&elem)); data_data.dptr = tmpBuf; data_data.dsize = strlen(tmpBuf)+1;
