I'll look them over. Of course, a lot of their recommendation are purely
pedantic.
Something like this:
- sprintf(shortBuf, "%d", i % 256);
+ snprintf(shortBuf, sizeof(shortBuf), "%d", i % 256);
is truly safe - the size of char shortBuf[8]; will clearly hold 0..255 - the
reason for changing it is to prevent a problem in the future if you change
the code.
Something like this:
$OpenBSD$
--- webInterface.c.orig 2004-02-22 11:08:28.000000000 +0100
+++ webInterface.c 2004-02-22 11:09:10.000000000 +0100
@@ -5368,12 +5368,12 @@ void printNtopConfigInfo(int textPrintFl
char pid[16];
if(myGlobals.daemonMode == 1) {
- sprintf(pid, "%d", myGlobals.basentoppid);
+ snprintf(pid, sizeof(pid), "%d", myGlobals.basentoppid);
printFeatureConfigInfo(textPrintFlag, "ntop Process Id", pid);
- sprintf(pid, "%d", getppid());
+ snprintf(pid, sizeof(pid), "%d", getppid());
printFeatureConfigInfo(textPrintFlag, "http Process Id", pid);
} else {
- sprintf(pid, "%d", getppid());
+ snprintf(pid, sizeof(pid), "%d", getppid());
printFeatureConfigInfo(textPrintFlag, "Process Id", pid);
}
If pid were a 64 bit unsigned integer, e.g. 0xFFFFFFFFFFFFFFFF it could
conceivably overflow (18446744073709551615) - 20 digits won't fit into 16
characters. However, even 64bit versions of Linux only have 32bit PIDs, so
in practical use it can never overflow.
Should these be fixed? Yeah. Like I said, I'll look them over.
THANKS!
-----Burton
PS: Our customary format is not this:
snprintf(tmpBuf, sizeof(tmpBuf), "%s", addrtostr(&elem));
but this:
if(snprintf(tmpBuf, sizeof(tmpBuf), "%s", addrtostr(&elem)) < 0)
BufferTooShort;
Defined thusly:
#define BufferTooShort() traceEvent(CONST_TRACE_ERROR, "Buffer too short @
%s:%d", __FILE__, __LINE__)
So that if there IS an overflow, it gets logged.
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Julien TOUCHE
> Sent: Sunday, February 22, 2004 5:25 AM
> To: Ntop
> Subject: [Ntop] openbsd port: sprintf/strcpy security
>
>
>
> i'm trying to do little audit as suggested by the openbsd port checklist
> (http://www.openbsd.org/porting.html).
>
> - sprintf: patch (compiles ok)
> - lots of strcpy/strcmp/strcat: no use for strncpy & co ? (or strlcpy
> but only openbsd or need extra files)
>
> comments ?
>
> Regards
>
> Julien
>
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
