Replace occurrences of snprintf() and vsnprintf() with xsnprintf() and
xvsnprintf() wherever the return values are blindly trusted.  This
will cause the program to immediately abort instead of run in an
undefined state whenever {,v}snprintf() fails or runs out of buffer.
---
 bin/asn1/asn_dump.c          |  11 +--
 bin/rpki-object/makeROA.c    |   5 +-
 bin/rpki-rsync/parse.c       |   7 +-
 bin/rpki-rsync/sig_handler.c |   7 +-
 bin/rpki/garbage.c           |  45 +++++-----
 bin/rpki/query.c             |  21 ++---
 bin/rpki/rcli.c              |  11 +--
 lib/casn/casn_real.c         |   3 +-
 lib/config/config.c          |   5 +-
 lib/configlib/configlib.c    |   3 +-
 lib/configlib/types/path.c   |   3 +-
 lib/configlib/types/sscanf.c |   9 +-
 lib/db/clients/chaser.c      |   9 +-
 lib/rpki/cms/roa_general.c   |   5 +-
 lib/rpki/diru.c              |   3 +-
 lib/rpki/initscm.c           |   7 +-
 lib/rpki/myssl.c             |  19 +++--
 lib/rpki/querySupport.c      |  59 ++++++-------
 lib/rpki/rpcommon.c          |  77 ++++++++---------
 lib/rpki/rpwork.c            |  41 ++++-----
 lib/rpki/sqcon.c             |  49 +++++------
 lib/rpki/sqhl.c              | 192 +++++++++++++++++++++----------------------
 22 files changed, 306 insertions(+), 285 deletions(-)

diff --git a/bin/asn1/asn_dump.c b/bin/asn1/asn_dump.c
index 5e93bab..3f6268c 100644
--- a/bin/asn1/asn_dump.c
+++ b/bin/asn1/asn_dump.c
@@ -22,6 +22,7 @@ char asn_dump_sfcsid[] = "@(#)asn_dump.c 865p";
 #include "casn/asn.h"
 #include "casn/casn.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 extern int aflag;
 
@@ -211,10 +212,10 @@ static int putform(
         }
         val = (val << 7) + *b++;
         if (val < 80)
-            snprintf((char *)locbuf, sizeof(locbuf), "%ld.%ld", (val / 40),
-                     (val % 40));
+            xsnprintf((char *)locbuf, sizeof(locbuf), "%ld.%ld", (val / 40),
+                      (val % 40));
         else
-            snprintf((char *)locbuf, sizeof(locbuf), "2.%ld", val - 80);
+            xsnprintf((char *)locbuf, sizeof(locbuf), "2.%ld", val - 80);
         for (d = locbuf; *d; d++);
         while (b < e)
         {
@@ -223,8 +224,8 @@ static int putform(
                 val = (val << 7) + (*b & 0x7F);
             }
             val = (val << 7) + *b++;
-            snprintf((char *)d, (sizeof(locbuf) - (d - &locbuf[0])), ".%ld",
-                     val);
+            xsnprintf((char *)d, (sizeof(locbuf) - (d - &locbuf[0])), ".%ld",
+                      val);
             while (*d)
                 d++;
         }
diff --git a/bin/rpki-object/makeROA.c b/bin/rpki-object/makeROA.c
index 3e59e6e..36432cb 100644
--- a/bin/rpki-object/makeROA.c
+++ b/bin/rpki-object/makeROA.c
@@ -1,5 +1,6 @@
 #include "rpki/cms/roa_utils.h"
 #include "rpki/err.h"
+#include "util/stringutils.h"
 
 
 /*
@@ -18,8 +19,8 @@ int main(
     checkErr(!roaFromConfig(argv[1], 0, &roa),
              "Could not read config from %s\n", argv[1]);
     isPEM = tolower((int)(argv[3][0])) != 'd';
-    snprintf(filename, sizeof(filename), "%s.roa.%s", argv[2],
-             isPEM ? "pem" : "der");
+    xsnprintf(filename, sizeof(filename), "%s.roa.%s", argv[2],
+              isPEM ? "pem" : "der");
     checkErr(!roaToFile(&roa, filename, isPEM ? FMT_PEM : FMT_DER),
              "Could not write file: %s\n", filename);
     return 0;
diff --git a/bin/rpki-rsync/parse.c b/bin/rpki-rsync/parse.c
index 980c11b..59873ef 100644
--- a/bin/rpki-rsync/parse.c
+++ b/bin/rpki-rsync/parse.c
@@ -2,6 +2,7 @@
 // #include <linux/limits.h>
 #include "parse.h"
 #include "main.h"
+#include "util/stringutils.h"
 
 /*
  * $Id$ 
@@ -341,7 +342,7 @@ char *makeGenericStr(
     }
 
     strip(copiedStr, WHITESPACE);
-    ret = snprintf(retStr, holdLen, "%c %s\r\n", c, copiedStr);
+    ret = xsnprintf(retStr, holdLen, "%c %s\r\n", c, copiedStr);
     if (retlen)
         *retlen = ret;
 
@@ -847,7 +848,7 @@ char *makeStartStr(
     if (!out_str)
         return (NULL);
 
-    snprintf(out_str, 3, "B "); /* auto tack of \0 */
+    xsnprintf(out_str, 3, "B "); /* auto tack of \0 */
 
     strncat(out_str, time_str, strlen(time_str));
 
@@ -873,7 +874,7 @@ char *makeEndStr(
     if (!out_str)
         return (NULL);
 
-    snprintf(out_str, 3, "E "); /* auto tack of \0 */
+    xsnprintf(out_str, 3, "E "); /* auto tack of \0 */
 
     strncat(out_str, time_str, strlen(time_str));
 
diff --git a/bin/rpki-rsync/sig_handler.c b/bin/rpki-rsync/sig_handler.c
index 452ec8e..6a79e7f 100644
--- a/bin/rpki-rsync/sig_handler.c
+++ b/bin/rpki-rsync/sig_handler.c
@@ -14,6 +14,7 @@
  * signals.                                           *
  *****************************************************/
 #include "main.h"
+#include "util/stringutils.h"
 
 /*
  * $Id$ 
@@ -34,7 +35,7 @@ void sig_handler(
 
     if (sig == SIGINT)
     {
-        snprintf(errorStr, sizeof(errorStr), "SIGINT caught\r\n");
+        xsnprintf(errorStr, sizeof(errorStr), "SIGINT caught\r\n");
         outStr = makeFatalStr(errorStr, strlen(errorStr), &retlen);
         if (outStr)
         {
@@ -53,7 +54,7 @@ void sig_handler(
     }
     else if (sig == SIGQUIT)
     {
-        snprintf(errorStr, sizeof(errorStr), "SIGQUIT caught\r\n");
+        xsnprintf(errorStr, sizeof(errorStr), "SIGQUIT caught\r\n");
         outStr = makeFatalStr(errorStr, strlen(errorStr), &retlen);
         if (outStr)
         {
@@ -72,7 +73,7 @@ void sig_handler(
     }
     else if (sig == SIGTERM)
     {
-        snprintf(errorStr, sizeof(errorStr), "SIGTERM caught\r\n");
+        xsnprintf(errorStr, sizeof(errorStr), "SIGTERM caught\r\n");
         outStr = makeFatalStr(errorStr, strlen(errorStr), &retlen);
         if (outStr)
         {
diff --git a/bin/rpki/garbage.c b/bin/rpki/garbage.c
index 77318e5..c8e9236 100644
--- a/bin/rpki/garbage.c
+++ b/bin/rpki/garbage.c
@@ -11,6 +11,7 @@
 #include "rpki/err.h"
 #include "config/config.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 /*
  * $Id$ 
@@ -67,13 +68,13 @@ static int handleIfStale(
         return 0;               // exists another crl that is current
     mysql_escape_string(escaped_aki, theAKI, strlen(theAKI));
     mysql_escape_string(escaped_issuer, theIssuer, strlen(theIssuer));
-    snprintf(msg, 600,
-             "update %s set flags = flags + %d where aki=\"%s\" and 
issuer=\"%s\"",
-             certTable->tabname, SCM_FLAG_STALECRL, escaped_aki,
-             escaped_issuer);
+    xsnprintf(msg, 600,
+              "update %s set flags = flags + %d where aki=\"%s\" and 
issuer=\"%s\"",
+              certTable->tabname, SCM_FLAG_STALECRL, escaped_aki,
+              escaped_issuer);
     addFlagTest(msg, SCM_FLAG_STALECRL, 0, 1);
     addFlagTest(msg, SCM_FLAG_CA, 1, 1);
-    snprintf(msg + strlen(msg), 600, ";");
+    xsnprintf(msg + strlen(msg), 600, ";");
     return statementscm_no_data(conp, msg);
 }
 
@@ -90,8 +91,8 @@ static int handleIfCurrent(
     UNREFERENCED_PARAMETER(s);
     if (cnt == 0)
         return 0;               // exists another crl that is current
-    snprintf(msg, 128, "update %s set flags = flags - %d where local_id=%d;",
-             certTable->tabname, SCM_FLAG_STALECRL, theID);
+    xsnprintf(msg, 128, "update %s set flags = flags - %d where local_id=%d;",
+              certTable->tabname, SCM_FLAG_STALECRL, theID);
     return statementscm_no_data(conp, msg);
 }
 
@@ -123,9 +124,9 @@ static int countCurrentCRLs(
     {
         theID = *((unsigned int *)s->vec[2].valptr);
     }
-    snprintf(cntSrch->wherestr, WHERESTR_SIZE,
-             "issuer=\"%s\" and aki=\"%s\" and next_upd>=\"%s\"",
-             escaped_issuer, escaped_aki, currTimestamp);
+    xsnprintf(cntSrch->wherestr, WHERESTR_SIZE,
+              "issuer=\"%s\" and aki=\"%s\" and next_upd>=\"%s\"",
+              escaped_issuer, escaped_aki, currTimestamp);
     return searchscm(conp, crlTable, cntSrch, countHandler, NULL,
                      SCM_SRCH_DOCOUNT, NULL);
 }
@@ -145,10 +146,10 @@ static int handleStaleMan2(
 {
     char escaped_files[2 * strlen(files) + 1];
     mysql_escape_string(escaped_files, files, strlen(files));
-    snprintf(staleManStmt, MANFILES_SIZE,
-             "update %s set flags=flags+%d where (flags%%%d)<%d and \"%s\" 
regexp binary filename;",
-             tab->tabname, SCM_FLAG_STALEMAN,
-             2 * SCM_FLAG_STALEMAN, SCM_FLAG_STALEMAN, escaped_files);
+    xsnprintf(staleManStmt, MANFILES_SIZE,
+              "update %s set flags=flags+%d where (flags%%%d)<%d and \"%s\" 
regexp binary filename;",
+              tab->tabname, SCM_FLAG_STALEMAN,
+              2 * SCM_FLAG_STALEMAN, SCM_FLAG_STALEMAN, escaped_files);
     return statementscm_no_data(conp, staleManStmt);
 }
 
@@ -178,10 +179,10 @@ static int handleFreshMan2(
 {
     char escaped_files[2 * strlen(files) + 1];
     mysql_escape_string(escaped_files, files, strlen(files));
-    snprintf(staleManStmt, MANFILES_SIZE,
-             "update %s set flags=flags-%d where (flags%%%d)>=%d and \"%s\" 
regexp binary filename;",
-             tab->tabname, SCM_FLAG_STALEMAN,
-             2 * SCM_FLAG_STALEMAN, SCM_FLAG_STALEMAN, escaped_files);
+    xsnprintf(staleManStmt, MANFILES_SIZE,
+              "update %s set flags=flags-%d where (flags%%%d)>=%d and \"%s\" 
regexp binary filename;",
+              tab->tabname, SCM_FLAG_STALEMAN,
+              2 * SCM_FLAG_STALEMAN, SCM_FLAG_STALEMAN, escaped_files);
     return statementscm_no_data(conp, staleManStmt);
 }
 
@@ -265,7 +266,7 @@ int main(
     // to be unknown
     srch.nused = 0;
     srch.vald = 0;
-    snprintf(msg, WHERESTR_SIZE, "next_upd<=\"%s\"", currTimestamp);
+    xsnprintf(msg, WHERESTR_SIZE, "next_upd<=\"%s\"", currTimestamp);
     srch.wherestr = msg;
     addcolsrchscm(&srch, "issuer", SQL_C_CHAR, SUBJSIZE);
     addcolsrchscm(&srch, "aki", SQL_C_CHAR, SKISIZE);
@@ -306,7 +307,7 @@ int main(
         free(staleManFiles[i]);
     }
     srch.vald = 0;
-    snprintf(msg, WHERESTR_SIZE, "next_upd>\"%s\"", currTimestamp);
+    xsnprintf(msg, WHERESTR_SIZE, "next_upd>\"%s\"", currTimestamp);
     numStaleManFiles = 0;
     status = searchscm(connect, manifestTable, &srch, NULL, handleStaleMan,
                        SCM_SRCH_DOVALUE_ALWAYS, NULL);
@@ -351,8 +352,8 @@ int main(
     }
 
     // write timestamp into database
-    snprintf(msg, WHERESTR_SIZE, "update %s set gc_last=\"%s\";",
-             metaTable->tabname, currTimestamp);
+    xsnprintf(msg, WHERESTR_SIZE, "update %s set gc_last=\"%s\";",
+              metaTable->tabname, currTimestamp);
     status = statementscm_no_data(connect, msg);
     if (status != 0)
     {
diff --git a/bin/rpki/query.c b/bin/rpki/query.c
index 4af5b60..3c7ba09 100644
--- a/bin/rpki/query.c
+++ b/bin/rpki/query.c
@@ -15,6 +15,7 @@
 #include "rpki/querySupport.h"
 #include "config/config.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 
 /*
@@ -114,30 +115,30 @@ static int handleResults(
         {
             if (field->sqlType == SQL_C_CHAR)
             {
-                snprintf(resultStr, MAX_RESULT_SZ,
-                         "%s", (char *)s->vec[result].valptr);
+                xsnprintf(resultStr, MAX_RESULT_SZ,
+                          "%s", (char *)s->vec[result].valptr);
             }
             else if (field->sqlType == SQL_C_BINARY)
             {
-                snprintf(resultStr, MAX_RESULT_SZ, "0x");
+                xsnprintf(resultStr, MAX_RESULT_SZ, "0x");
                 for (i = 0;
                      i < s->vec[result].avalsize && MAX_RESULT_SZ > 2 + 2*i;
                      ++i)
                 {
-                    snprintf(resultStr + 2 + 2*i, MAX_RESULT_SZ - (2 + 2*i),
-                             "%02" PRIX8,
-                             ((uint8_t *)s->vec[result].valptr)[i]);
+                    xsnprintf(resultStr + 2 + 2*i, MAX_RESULT_SZ - (2 + 2*i),
+                              "%02" PRIX8,
+                              ((uint8_t *)s->vec[result].valptr)[i]);
                 }
                 if (strlen("0x") + 2 * s->vec[result].avalsize >= 
MAX_RESULT_SZ &&
                     MAX_RESULT_SZ > strlen("..."))
                 {
-                    snprintf(resultStr + MAX_RESULT_SZ - (1 + strlen("...")),
-                             1 + strlen("..."), "...");
+                    xsnprintf(resultStr + MAX_RESULT_SZ - (1 + strlen("...")),
+                              1 + strlen("..."), "...");
                 }
             }
             else
-                snprintf(resultStr, MAX_RESULT_SZ,
-                         "%d", *((unsigned int *)s->vec[result].valptr));
+                xsnprintf(resultStr, MAX_RESULT_SZ,
+                          "%d", *((unsigned int *)s->vec[result].valptr));
             result++;
         }
         else
diff --git a/bin/rpki/rcli.c b/bin/rpki/rcli.c
index e71263b..691a742 100644
--- a/bin/rpki/rcli.c
+++ b/bin/rpki/rcli.c
@@ -34,6 +34,7 @@
 #include "rpki/err.h"
 #include "config/config.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 
 static char *tdir = NULL;       // top level dir of the repository
@@ -59,8 +60,8 @@ static int saveState(
         stmt = (char *)calloc(leen, sizeof(char));
         if (stmt == NULL)
             return (ERR_SCM_NOMEM);
-        snprintf(stmt, leen, "select * from %s into outfile 'backup_%s';",
-                 name, name);
+        xsnprintf(stmt, leen, "select * from %s into outfile 'backup_%s';",
+                  name, name);
         sta = statementscm_no_data(conp, stmt);
         free((void *)stmt);
         stmt = NULL;
@@ -91,10 +92,10 @@ static int restoreState(
         stmt = (char *)calloc(leen, sizeof(char));
         if (stmt == NULL)
             return (ERR_SCM_NOMEM);
-        snprintf(stmt, leen, "delete from %s;", name);
+        xsnprintf(stmt, leen, "delete from %s;", name);
         sta = statementscm_no_data(conp, stmt);
-        snprintf(stmt, leen, "load data infile 'backup_%s' into table %s;",
-                 name, name);
+        xsnprintf(stmt, leen, "load data infile 'backup_%s' into table %s;",
+                  name, name);
         free((void *)stmt);
         stmt = NULL;
         sta = statementscm_no_data(conp, stmt);
diff --git a/lib/casn/casn_real.c b/lib/casn/casn_real.c
index 9d08d64..942ca1c 100644
--- a/lib/casn/casn_real.c
+++ b/lib/casn/casn_real.c
@@ -15,6 +15,7 @@ char casn_real_sfcsid[] = "@(#)casn_real.c 860P";
 
 #include <stdio.h>
 #include "casn.h"
+#include "util/stringutils.h"
 
 extern int _casn_obj_err(
     struct casn *,
@@ -314,7 +315,7 @@ int write_casn_double(
         else
         {                       // append nulls since sprintf will not
             for (ptp = Ep; ptp < &Ep[6]; *ptp++ = 0);
-            snprintf(Ep, 6, "E%ld", exponent);
+            xsnprintf(Ep, 6, "E%ld", exponent);
         }
         i = strlen((char *)locbuf);
     }
diff --git a/lib/config/config.c b/lib/config/config.c
index 4ee824e..320f88c 100644
--- a/lib/config/config.c
+++ b/lib/config/config.c
@@ -8,6 +8,7 @@
 #include "configlib/types/sscanf.h"
 #include "configlib/types/string_cvt.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 #include "config.h"
 
@@ -297,8 +298,8 @@ bool my_config_load(
         return false;
     }
 
-    snprintf(user_conf_file, user_conf_file_len, "%s/.%s.conf", user_home,
-             PACKAGE_NAME);
+    xsnprintf(user_conf_file, user_conf_file_len, "%s/.%s.conf", user_home,
+              PACKAGE_NAME);
 
     char const * const default_config_files[] = {
         user_conf_file,
diff --git a/lib/configlib/configlib.c b/lib/configlib/configlib.c
index 794f724..f1008c8 100644
--- a/lib/configlib/configlib.c
+++ b/lib/configlib/configlib.c
@@ -6,6 +6,7 @@
 #include <string.h>
 
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 #include "configlib.h"
 #include "config_load.h"
@@ -141,7 +142,7 @@ void config_message(
     char message[512];
 
     va_start(ap, format);
-    vsnprintf(message, sizeof(message), format, ap);
+    xvsnprintf(message, sizeof(message), format, ap);
     va_end(ap);
 
     if (context->is_default)
diff --git a/lib/configlib/types/path.c b/lib/configlib/types/path.c
index 19b3fa2..586297c 100644
--- a/lib/configlib/types/path.c
+++ b/lib/configlib/types/path.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 
 #include "util/path_compat.h"
+#include "util/stringutils.h"
 
 #include "path.h"
 
@@ -179,7 +180,7 @@ static char * realpath_noent(
                 free(copy_for_basename);
                 return NULL;
             }
-            snprintf(base, length, "%s/%s", dir_basename, tmp);
+            xsnprintf(base, length, "%s/%s", dir_basename, tmp);
             free(tmp);
             free(copy_for_basename);
         }
diff --git a/lib/configlib/types/sscanf.c b/lib/configlib/types/sscanf.c
index 23724d8..2f3a198 100644
--- a/lib/configlib/types/sscanf.c
+++ b/lib/configlib/types/sscanf.c
@@ -2,6 +2,7 @@
 #include <inttypes.h>
 
 #include "sscanf.h"
+#include "util/stringutils.h"
 
 bool config_type_sscanf_converter(
     const struct config_context * context,
@@ -29,8 +30,8 @@ bool config_type_sscanf_converter(
     }
 
     if ((ssize_t)
-        snprintf(scan_format, sizeof(scan_format), "%%%s%%n",
-                 args->scan_format) >= (ssize_t) sizeof(scan_format))
+        xsnprintf(scan_format, sizeof(scan_format), "%%%s%%n",
+                  args->scan_format) >= (ssize_t) sizeof(scan_format))
     {
         LOG(LOG_ERR, "scan_format too long: %s", args->scan_format);
         free(*data);
@@ -101,7 +102,7 @@ char * config_type_sscanf_converter_inverse(
                 LOG(LOG_ERR, "out of memory");
                 return NULL;
             }
-            snprintf(output, output_size, "%" PRIdMAX, value);
+            xsnprintf(output, output_size, "%" PRIdMAX, value);
             return output;
         }
 
@@ -134,7 +135,7 @@ char * config_type_sscanf_converter_inverse(
                 LOG(LOG_ERR, "out of memory");
                 return NULL;
             }
-            snprintf(output, output_size, "%" PRIuMAX, value);
+            xsnprintf(output, output_size, "%" PRIuMAX, value);
             return output;
         }
 
diff --git a/lib/db/clients/chaser.c b/lib/db/clients/chaser.c
index 7690ad1..d12c46c 100644
--- a/lib/db/clients/chaser.c
+++ b/lib/db/clients/chaser.c
@@ -15,6 +15,7 @@
 #include "db/prep-stmt.h"
 #include "rpki/db_constants.h"
 #include "db/util.h"
+#include "util/stringutils.h"
 
 
/**=============================================================================
 
------------------------------------------------------------------------------*/
@@ -75,10 +76,10 @@ int db_chaser_read_time(
         return -1;
     }
 
-    snprintf(curr, curr_len, "%04d-%02d-%02d %02d:%02d:%02d",
-             curr_ts.year,
-             curr_ts.month,
-             curr_ts.day, curr_ts.hour, curr_ts.minute, curr_ts.second);
+    xsnprintf(curr, curr_len, "%04d-%02d-%02d %02d:%02d:%02d",
+              curr_ts.year,
+              curr_ts.month,
+              curr_ts.day, curr_ts.hour, curr_ts.minute, curr_ts.second);
 
     mysql_stmt_free_result(stmt);
 
diff --git a/lib/rpki/cms/roa_general.c b/lib/rpki/cms/roa_general.c
index cf45bac..a034b3c 100644
--- a/lib/rpki/cms/roa_general.c
+++ b/lib/rpki/cms/roa_general.c
@@ -8,6 +8,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include "roa_utils.h"
+#include "util/stringutils.h"
 
 #define SKI_SIZE 20
 
@@ -630,8 +631,8 @@ int roaGenerateFilter(
         {
             if (str != NULL)
             {
-                iRes = snprintf(str, strLen, "%s %s %s\n",
-                                cSID, cAS_ID, pcAddresses[j]);
+                xsnprintf(str, strLen, "%s %s %s\n",
+                          cSID, cAS_ID, pcAddresses[j]);
                 strLen -= strlen(str);
                 str += strlen(str);
             }
diff --git a/lib/rpki/diru.c b/lib/rpki/diru.c
index f6c7b9e..fa0bcbc 100644
--- a/lib/rpki/diru.c
+++ b/lib/rpki/diru.c
@@ -12,6 +12,7 @@
 
 #include "diru.h"
 #include "err.h"
+#include "util/stringutils.h"
 
 
 /*
@@ -252,7 +253,7 @@ int splitdf(
         *outfile = outf;
     if (outfull != NULL)
     {
-        (void)snprintf(work, PATH_MAX, "%s/%s", outd, outf);
+        xsnprintf(work, PATH_MAX, "%s/%s", outd, outf);
         *outfull = strdup(work);
         if (*outfull == NULL)
             return (ERR_SCM_NOMEM);
diff --git a/lib/rpki/initscm.c b/lib/rpki/initscm.c
index d2f77fe..86213fa 100644
--- a/lib/rpki/initscm.c
+++ b/lib/rpki/initscm.c
@@ -9,6 +9,7 @@
 #include <ctype.h>
 
 #include "config/config.h"
+#include "util/stringutils.h"
 
 #include "scm.h"
 #define  SCM_DEFINED_HERE
@@ -265,10 +266,10 @@ char *makedsnscm(
     if (ptr == NULL)
         return (NULL);
     if (pass == NULL || pass[0] == 0)
-        (void)snprintf(ptr, len, "DSN=%s;DATABASE=%s;UID=%s", pref, db, usr);
+        xsnprintf(ptr, len, "DSN=%s;DATABASE=%s;UID=%s", pref, db, usr);
     else
-        (void)snprintf(ptr, len, "DSN=%s;DATABASE=%s;UID=%s;PASSWORD=%s",
-                       pref, db, usr, pass);
+        xsnprintf(ptr, len, "DSN=%s;DATABASE=%s;UID=%s;PASSWORD=%s",
+                  pref, db, usr, pass);
     return (ptr);
 }
 
diff --git a/lib/rpki/myssl.c b/lib/rpki/myssl.c
index 5468e18..f8a1d59 100644
--- a/lib/rpki/myssl.c
+++ b/lib/rpki/myssl.c
@@ -24,6 +24,7 @@
 #include "util/logging.h"
 #include "rpwork.h"
 #include "rpki-asn1/crlv2.h"
+#include "util/stringutils.h"
 
 int strict_profile_checks = 0;
 
@@ -201,8 +202,8 @@ char *ASNTimeToDBTime(
         *stap = ERR_SCM_NOMEM;
         return (NULL);
     }
-    (void)snprintf(out, 48, "%4d-%02d-%02d %02d:%02d:%02d",
-                   year, mon, day, hour, min, sec);
+    xsnprintf(out, 48, "%4d-%02d-%02d %02d:%02d:%02d",
+              year, mon, day, hour, min, sec);
     return (out);
 }
 
@@ -236,9 +237,9 @@ char *UnixTimeToDBTime(
         return (NULL);
     }
     tmp = gmtime(&clck);
-    (void)snprintf(out, 48, "%d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
-                   1900 + tmp->tm_year, 1 + tmp->tm_mon, tmp->tm_mday,
-                   tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
+    xsnprintf(out, 48, "%d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
+              1900 + tmp->tm_year, 1 + tmp->tm_mon, tmp->tm_mday,
+              tmp->tm_hour, tmp->tm_min, tmp->tm_sec);
     return (out);
 }
 
@@ -304,7 +305,7 @@ static char *strappend(
     outstr = (char *)calloc(leen, sizeof(char));
     if (outstr == NULL)
         return (instr);
-    (void)snprintf(outstr, leen, "%s;%s", instr, nstr);
+    xsnprintf(outstr, leen, "%s;%s", instr, nstr);
     free((void *)instr);
     return (outstr);
 }
@@ -1334,7 +1335,7 @@ static void crf_get_crlno(
         return;
     }
 
-    snprintf(dptr, 2 + strlen(ptr) + 1, "^x%s", ptr);
+    xsnprintf(dptr, 2 + strlen(ptr) + 1, "^x%s", ptr);
 
     OPENSSL_free(ptr);
 
@@ -3919,8 +3920,8 @@ static int rescert_extensions_chk(
 
             if (oid_size > max_oid_print_length)
             {
-                snprintf(oid_print, sizeof(oid_print),
-                         "<oid too large to print>");
+                xsnprintf(oid_print, sizeof(oid_print),
+                          "<oid too large to print>");
             }
             else
             {
diff --git a/lib/rpki/querySupport.c b/lib/rpki/querySupport.c
index fb47e0f..c46457e 100644
--- a/lib/rpki/querySupport.c
+++ b/lib/rpki/querySupport.c
@@ -20,6 +20,7 @@
 #include "err.h"
 #include "myssl.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 void addQueryFlagTests(
     char *whereStr,
@@ -103,7 +104,7 @@ int checkValidity(
         validWhereStr = validSrch->wherestr;
         validWhereStr[0] = 0;
         if (!CONFIG_RPKI_ALLOW_STALE_VALIDATION_CHAIN_get())
-            snprintf(validWhereStr, WHERESTR_SIZE, "valto>\"%s\"", now);
+            xsnprintf(validWhereStr, WHERESTR_SIZE, "valto>\"%s\"", now);
         free(now);
         addFlagTest(validWhereStr, SCM_FLAG_VALIDATED, 1,
                     !CONFIG_RPKI_ALLOW_STALE_VALIDATION_CHAIN_get());
@@ -118,10 +119,10 @@ int checkValidity(
         if (!CONFIG_RPKI_ALLOW_NO_MANIFEST_get())
         {
             int len = strlen(validWhereStr);
-            snprintf(&validWhereStr[len], WHERESTR_SIZE - len,
-                     " and (((flags%%%d)>=%d) or ((flags%%%d)<%d) or 
((flags%%%d)>=%d))",
-                     2 * SCM_FLAG_ONMAN, SCM_FLAG_ONMAN, 2 * SCM_FLAG_CA,
-                     SCM_FLAG_CA, 2 * SCM_FLAG_TRUSTED, SCM_FLAG_TRUSTED);
+            xsnprintf(&validWhereStr[len], WHERESTR_SIZE - len,
+                      " and (((flags%%%d)>=%d) or ((flags%%%d)<%d) or 
((flags%%%d)>=%d))",
+                      2 * SCM_FLAG_ONMAN, SCM_FLAG_ONMAN, 2 * SCM_FLAG_CA,
+                      SCM_FLAG_CA, 2 * SCM_FLAG_TRUSTED, SCM_FLAG_TRUSTED);
         }
         whereInsertPtr = &validWhereStr[strlen(validWhereStr)];
         nextSKI = (char *)validSrch->vec[0].valptr;
@@ -155,14 +156,14 @@ int checkValidity(
             firstTime = 0;
             if (ski)
             {
-                snprintf(whereInsertPtr, WHERESTR_SIZE - strlen(validWhereStr),
-                         " and ski=\"%s\"", ski);
+                xsnprintf(whereInsertPtr, WHERESTR_SIZE - 
strlen(validWhereStr),
+                          " and ski=\"%s\"", ski);
                 strncpy(prevSKI, ski, 128);
             }
             else
             {
-                snprintf(whereInsertPtr, WHERESTR_SIZE - strlen(validWhereStr),
-                         " and local_id=\"%d\"", localID);
+                xsnprintf(whereInsertPtr, WHERESTR_SIZE - 
strlen(validWhereStr),
+                          " and local_id=\"%d\"", localID);
                 prevSKI[0] = 0;
             }
         }
@@ -171,9 +172,9 @@ int checkValidity(
             char escaped_subject[2 * strlen(nextSubject) + 1];
             mysql_escape_string(escaped_subject, nextSubject,
                                 strlen(nextSubject));
-            snprintf(whereInsertPtr, WHERESTR_SIZE - strlen(validWhereStr),
-                     " and ski=\"%s\" and subject=\"%s\"", nextSKI,
-                     escaped_subject);
+            xsnprintf(whereInsertPtr, WHERESTR_SIZE - strlen(validWhereStr),
+                      " and ski=\"%s\" and subject=\"%s\"", nextSKI,
+                      escaped_subject);
             strncpy(prevSKI, nextSKI, 128);
         }
         parentsFound = 0;
@@ -188,8 +189,8 @@ int checkValidity(
         {                       // no parent cert
             if (!CONFIG_RPKI_ALLOW_STALE_VALIDATION_CHAIN_get())
                 return 0;
-            snprintf(anySrch->wherestr, WHERESTR_SIZE, "%s",
-                     whereInsertPtr + 5);
+            xsnprintf(anySrch->wherestr, WHERESTR_SIZE, "%s",
+                      whereInsertPtr + 5);
             status =
                 searchscm(connect, validTable, anySrch, NULL, registerParent,
                           SCM_SRCH_DOVALUE_ALWAYS, NULL);
@@ -215,8 +216,8 @@ static int pathnameDisplay(
 {
     (void)scmp;
     (void)connection;
-    snprintf(returnStr, MAX_RESULT_SZ, "%s/%s",
-             (char *)s->vec[idx1].valptr, (char *)s->vec[idx1 + 1].valptr);
+    xsnprintf(returnStr, MAX_RESULT_SZ, "%s/%s",
+              (char *)s->vec[idx1].valptr, (char *)s->vec[idx1 + 1].valptr);
     return 2;
 }
 
@@ -250,9 +251,9 @@ static int displaySNList(
             // XXX: there should be a better way to signal an error
             hexs = nomem;
         }
-        snprintf(&returnStr[strlen(returnStr)],
-                 MAX_RESULT_SZ - strlen(returnStr), "%s%s",
-                 (i == 0) ? "" : " ", hexs);
+        xsnprintf(&returnStr[strlen(returnStr)],
+                  MAX_RESULT_SZ - strlen(returnStr), "%s%s",
+                  (i == 0) ? "" : " ", hexs);
         if (hexs == nomem)
         {
             break;
@@ -371,7 +372,7 @@ static int display_ip_addrs(
     unsigned long roa_local_id =
         *((unsigned long *)(s->vec[idx1].valptr));
     char roa_local_id_str[24];
-    snprintf(roa_local_id_str, sizeof(roa_local_id_str), "%lu",
+    xsnprintf(roa_local_id_str, sizeof(roa_local_id_str), "%lu",
         roa_local_id);
 
     struct display_ip_addrs_context context;
@@ -443,7 +444,7 @@ static int display_ip_addrs(
         order);
     if (sta == ERR_SCM_TRUNCATED)
     {
-        snprintf(
+        xsnprintf(
             context.result + context.result_idx,
             MAX_RESULT_SZ - context.result_idx,
             "%s",
@@ -452,7 +453,7 @@ static int display_ip_addrs(
     else if (sta < 0)
     {
         // XXX: there should be a better way to signal an error
-        snprintf(
+        xsnprintf(
             context.result,
             MAX_RESULT_SZ,
             "error: %s (%d)",
@@ -467,7 +468,7 @@ static int display_ip_addrs(
     else if (context.result[0] == '\0')
     {
         // Indicate that there were no results
-        snprintf(context.result, MAX_RESULT_SZ, "%s", none_str);
+        xsnprintf(context.result, MAX_RESULT_SZ, "%s", none_str);
     }
 
     return 1;
@@ -484,9 +485,9 @@ static void addFlagIfSet(
 {
     if (flags & flag)
     {
-        snprintf(&returnStr[strlen(returnStr)],
-                 MAX_RESULT_SZ - strlen(returnStr), "%s%s",
-                 (returnStr[0] == 0) ? "" : " | ", str);
+        xsnprintf(&returnStr[strlen(returnStr)],
+                  MAX_RESULT_SZ - strlen(returnStr), "%s%s",
+                  (returnStr[0] == 0) ? "" : " | ", str);
     }
 }
 
@@ -498,9 +499,9 @@ static void addFlagIfUnset(
 {
     if (!(flags & flag))
     {
-        snprintf(&returnStr[strlen(returnStr)],
-                 MAX_RESULT_SZ - strlen(returnStr), "%s%s",
-                 (returnStr[0] == 0) ? "" : " | ", str);
+        xsnprintf(&returnStr[strlen(returnStr)],
+                  MAX_RESULT_SZ - strlen(returnStr), "%s%s",
+                  (returnStr[0] == 0) ? "" : " | ", str);
     }
 }
 
diff --git a/lib/rpki/rpcommon.c b/lib/rpki/rpcommon.c
index db67371..c814fe0 100644
--- a/lib/rpki/rpcommon.c
+++ b/lib/rpki/rpcommon.c
@@ -11,6 +11,7 @@
 #include <string.h>
 #include <util/logging.h>
 #include <util/path_compat.h>
+#include "util/stringutils.h"
 
 struct done_certs done_certs;
 
@@ -74,7 +75,7 @@ static char *translate_file(
         return NULL;
     }
 
-    snprintf(relative_path, relative_path_len, "%s/%s", from_dirname, to);
+    xsnprintf(relative_path, relative_path_len, "%s/%s", from_dirname, to);
 
     free(from_for_dirname);
 
@@ -593,8 +594,8 @@ static int getIPBlock(
                  touches(&iprangep[-1], iprangep,
                          (iprangep->typ == IPv4) ? 4 : 16)) >= 0)
             {
-                snprintf(errbuf, sizeof(errbuf),
-                         (!j) ? "Ranges touch " : "Ranges out of order ");
+                xsnprintf(errbuf, sizeof(errbuf),
+                          (!j) ? "Ranges touch " : "Ranges out of order ");
                 return ERR_SCM_BADSKIBLOCK;
             }
         }
@@ -616,26 +617,26 @@ int getSKIBlock(
     int ansr = ERR_SCM_BADSKIBLOCK;
     int val;
     if ((val = next_cmd(skibuf, siz, SKI)) < 0)
-        snprintf(errbuf, sizeof(errbuf), "Invalid IPv4 ");
+        xsnprintf(errbuf, sizeof(errbuf), "Invalid IPv4 ");
     else if (!val)
-        snprintf(errbuf, sizeof(errbuf), "Missing IPv4 ");
+        xsnprintf(errbuf, sizeof(errbuf), "Missing IPv4 ");
     else if (strcmp(skibuf, "IPv4\n"))
-        snprintf(errbuf, sizeof(errbuf), "Invalid IPv4 ");
+        xsnprintf(errbuf, sizeof(errbuf), "Invalid IPv4 ");
     else if (getIPBlock(SKI, IPv4, skibuf, siz) < 0)
     {
         if (!*errbuf)
-            snprintf(errbuf, sizeof(errbuf), "Bad/disordered IPv4 group ");
+            xsnprintf(errbuf, sizeof(errbuf), "Bad/disordered IPv4 group ");
     }
     else if (strcmp(skibuf, "IPv6\n"))
-        snprintf(errbuf, sizeof(errbuf), "Missing/invalid IPv6 ");
+        xsnprintf(errbuf, sizeof(errbuf), "Missing/invalid IPv6 ");
     else if (getIPBlock(SKI, IPv6, skibuf, siz) < 0)
-        snprintf(errbuf, sizeof(errbuf), "Bad/disordered IPv6 group ");
+        xsnprintf(errbuf, sizeof(errbuf), "Bad/disordered IPv6 group ");
     else if (strcmp(skibuf, "AS#\n"))
-        snprintf(errbuf, sizeof(errbuf), "Missing/invalid AS# ");
+        xsnprintf(errbuf, sizeof(errbuf), "Missing/invalid AS# ");
     else if (getIPBlock(SKI, ASNUM, skibuf, siz) < 0)
-        snprintf(errbuf, sizeof(errbuf), "Bad/disordered AS# group ");
+        xsnprintf(errbuf, sizeof(errbuf), "Bad/disordered AS# group ");
     else if (ruleranges.numranges == 0)
-        snprintf(errbuf, sizeof(errbuf), "Empty SKI block ");
+        xsnprintf(errbuf, sizeof(errbuf), "Empty SKI block ");
     else
     {
         ansr = 1;
@@ -651,13 +652,13 @@ static int parse_privatekey(
     char *cc;
     if (strncmp(skibuf, "PRIVATEKEYMETHOD", 16))
     {
-        snprintf(errbuf, sizeof(errbuf), "No private key method.");
+        xsnprintf(errbuf, sizeof(errbuf), "No private key method.");
         return ERR_SCM_BADSKIFILE;
     }
     for (cc = &skibuf[16]; *cc && *cc <= ' '; cc++);
     if (strncmp(cc, "Keyring", 7) || check_keyring(keyring, cc, 
file_being_parsed) < 0)
     {
-        snprintf(errbuf, sizeof(errbuf), "Invalid private key method.");
+        xsnprintf(errbuf, sizeof(errbuf), "Invalid private key method.");
         return ERR_SCM_BADSKIFILE;
     }
     return 0;
@@ -676,9 +677,9 @@ static int parse_topcert(
     {
         ansr = ERR_SCM_NORPCERT;
         if (val < 0)
-            snprintf(errbuf, sizeof(errbuf), "Error in top level certificate");
+            xsnprintf(errbuf, sizeof(errbuf), "Error in top level 
certificate");
         else
-            snprintf(errbuf, sizeof(errbuf), "No top level certificate.");
+            xsnprintf(errbuf, sizeof(errbuf), "No top level certificate.");
     }
     else
     {                           // get root cert
@@ -688,23 +689,23 @@ static int parse_topcert(
         c = translate_file(SKI_filename, c);
         if (!c)
         {
-            snprintf(errbuf, sizeof(errbuf),
-                     "Error translating root cert file name");
+            xsnprintf(errbuf, sizeof(errbuf),
+                      "Error translating root cert file name");
             ansr = ERR_SCM_NORPCERT;
         }
         else if (strlen(c) >= sizeof(myrootfullname) - 2)
         {
             ansr = ERR_SCM_NORPCERT;
-            snprintf(errbuf, sizeof(errbuf),
-                     "Top level certificate name too long");
+            xsnprintf(errbuf, sizeof(errbuf),
+                      "Top level certificate name too long");
         }
         else
         {
             strcpy(myrootfullname, c);
             if (get_casn_file(&myrootcert.self, myrootfullname, 0) < 0)
             {
-                snprintf(errbuf, sizeof(errbuf),
-                         "Invalid top level certificate: %s.", myrootfullname);
+                xsnprintf(errbuf, sizeof(errbuf),
+                          "Invalid top level certificate: %s.", 
myrootfullname);
                 ansr = ERR_SCM_NORPCERT;
             }
             else
@@ -767,22 +768,22 @@ static int parse_control_section(
         else
         {
             ansr = ERR_SCM_BADSKIFILE;
-            snprintf(errbuf, sizeof(errbuf), "Invalid control message: %s.\n",
-                     cc);
+            xsnprintf(errbuf, sizeof(errbuf), "Invalid control message: %s.\n",
+                      cc);
         }
         if (!ansr)
         {
             if ((val = next_cmd(skibuf, siz, SKI)) <= 0)
             {
                 c = NULL;
-                snprintf(errbuf, sizeof(errbuf), "Error in control section");
+                xsnprintf(errbuf, sizeof(errbuf), "Error in control section");
             }
         }
     }
     if (ansr == -1)
     {
-        snprintf(errbuf, sizeof(errbuf), "No/not TRUE or FALSE in %s.",
-                 skibuf);
+        xsnprintf(errbuf, sizeof(errbuf), "No/not TRUE or FALSE in %s.",
+                  skibuf);
         ansr = ERR_SCM_BADSKIFILE;
     }
     return ansr;
@@ -830,7 +831,7 @@ static int parse_Xcp(
     else if (nextword(cc))
     {
         ansr = ERR_SCM_BADSKIFILE;
-        snprintf(errbuf, sizeof(errbuf), "Invalid Xcp entry: %s.", skibuf);
+        xsnprintf(errbuf, sizeof(errbuf), "Invalid Xcp entry: %s.", skibuf);
     }
     else if (check_cp(cc) < 0)
         ansr = ERR_SCM_BADSKIFILE;
@@ -853,7 +854,7 @@ static int parse_tag_section(
         cc = nextword(skibuf);
         if (skibuf[3] != ' ')
         {
-            snprintf(errbuf, sizeof(errbuf), "Invalid line: %s.", skibuf);
+            xsnprintf(errbuf, sizeof(errbuf), "Invalid line: %s.", skibuf);
             ansr = ERR_SCM_BADSKIFILE;
             break;
         }
@@ -872,14 +873,14 @@ static int parse_tag_section(
         else
         {
             ansr = ERR_SCM_BADSKIFILE;
-            snprintf(errbuf, sizeof(errbuf), "Invalid TAG entry: %s.", cc);
+            xsnprintf(errbuf, sizeof(errbuf), "Invalid TAG entry: %s.", cc);
         }
         if (!ansr)
         {
             if ((val = next_cmd(skibuf, siz, SKI)) <= 0)
             {
                 ansr = ERR_SCM_BADSKIFILE;
-                snprintf(errbuf, sizeof(errbuf), "Error in TAG entries");
+                xsnprintf(errbuf, sizeof(errbuf), "Error in TAG entries");
             }
         }
     }
@@ -913,7 +914,7 @@ int parse_SKI_blocks(
     if ((ansr = next_cmd(skibuf, siz, SKI)) <= 0)
     {
         ansr = ERR_SCM_BADSKIFILE;
-        snprintf(errbuf, sizeof(errbuf), "No private key material");
+        xsnprintf(errbuf, sizeof(errbuf), "No private key material");
     }
     else
         ansr = parse_privatekey(keyring, skibuf, SKI_filename);
@@ -923,9 +924,9 @@ int parse_SKI_blocks(
     if (!ansr && (val = next_cmd(skibuf, siz, SKI)) <= 0)
     {
         if (val < 0)
-            snprintf(errbuf, sizeof(errbuf), "Error in control section");
+            xsnprintf(errbuf, sizeof(errbuf), "Error in control section");
         else
-            snprintf(errbuf, sizeof(errbuf), "No control section.");
+            xsnprintf(errbuf, sizeof(errbuf), "No control section.");
         ansr = ERR_SCM_BADSKIFILE;
     }
     // step 2
@@ -938,8 +939,8 @@ int parse_SKI_blocks(
     {
         if (!*errbuf && !strncmp(skibuf, "CONTROL ", 8))
         {
-            snprintf(errbuf, sizeof(errbuf),
-                     "CONTROL message out of order: %s", skibuf);
+            xsnprintf(errbuf, sizeof(errbuf),
+                      "CONTROL message out of order: %s", skibuf);
             ansr = ERR_SCM_BADSKIFILE;
         }
         else if (!ansr)
@@ -947,12 +948,12 @@ int parse_SKI_blocks(
             if (strncmp(skibuf, "SKI ", 4))
             {
                 ansr = ERR_SCM_BADSKIFILE;
-                snprintf(errbuf, sizeof(errbuf), "No SKI entry in file.");
+                xsnprintf(errbuf, sizeof(errbuf), "No SKI entry in file.");
             }
             else if (!(cc = nextword(skibuf)) || *cc < ' ')
             {
                 ansr = ERR_SCM_BADSKIFILE;
-                snprintf(errbuf, sizeof(errbuf), "Incomplete SKI entry.");
+                xsnprintf(errbuf, sizeof(errbuf), "Incomplete SKI entry.");
             }
         }
     }
diff --git a/lib/rpki/rpwork.c b/lib/rpki/rpwork.c
index 2e3928b..b6f1594 100644
--- a/lib/rpki/rpwork.c
+++ b/lib/rpki/rpwork.c
@@ -7,6 +7,7 @@
 #include <fcntl.h>
 #include "util/logging.h"
 #include "rpki-object/certificate.h"
+#include "util/stringutils.h"
 
 extern struct done_certs done_certs;
 
@@ -285,7 +286,7 @@ static struct Certificate *mk_paracert(
                                                         self, numpts++);
             if (!distp)
             {
-                snprintf(errbuf, sizeof(errbuf), "Too many CRLDP extensions");
+                xsnprintf(errbuf, sizeof(errbuf), "Too many CRLDP extensions");
                 return (struct Certificate *)0;
             }
             struct GeneralName *gennamep =
@@ -293,8 +294,8 @@ static struct Certificate *mk_paracert(
                                                   fullName.self, 0);
             if (!gennamep)
             {
-                snprintf(errbuf, sizeof(errbuf),
-                         "Too many general names in CRLDP extensions");
+                xsnprintf(errbuf, sizeof(errbuf),
+                          "Too many general names in CRLDP extensions");
                 return (struct Certificate *)0;
             }
             for (ept = pt; *ept > ' '; ept++);
@@ -340,7 +341,7 @@ static struct Certificate *mk_paracert(
        *akiExtp;                // new cert's aki
     if (!(skiExtp = find_extension(&myrootcert.toBeSigned.extensions, 
id_subjectKeyIdentifier, 0)))
     {
-        snprintf(errbuf, sizeof(errbuf), "Certificate has no SKI.");
+        xsnprintf(errbuf, sizeof(errbuf), "Certificate has no SKI.");
         return (struct Certificate *)0;
     }
     if (!(akiExtp = find_extension(&paracertp->toBeSigned.extensions, 
id_authKeyId, 0)))
@@ -354,7 +355,7 @@ static struct Certificate *mk_paracert(
         }
         else
         {
-            snprintf(errbuf, sizeof(errbuf), "Certificate has no AKI.");
+            xsnprintf(errbuf, sizeof(errbuf), "Certificate has no AKI.");
             return (struct Certificate *)0;
         }
     }
@@ -431,14 +432,14 @@ int get_CAcert(
         }
         if (!j)
         {
-            snprintf(errbuf, sizeof(errbuf),
-                     "No CA certificate found for SKI %s\n", ski);
+            xsnprintf(errbuf, sizeof(errbuf),
+                      "No CA certificate found for SKI %s\n", ski);
             return -1;
         }
         else if (j > 2 || (j == 2 && !have_para))
         {
-            snprintf(errbuf, sizeof(errbuf),
-                     "Found %d certificates for SKI %s\n", j, ski);
+            xsnprintf(errbuf, sizeof(errbuf),
+                      "Found %d certificates for SKI %s\n", j, ski);
             return -1;
         }
         get_casn_file(&certp->self, this_cert_ansrp->fullname, 0);
@@ -566,7 +567,7 @@ static int sign_cert(
     if (ansr)
     {
         ansr = ERR_SCM_SIGNINGERR;
-        snprintf(errbuf, sizeof(errbuf), "Error %s\n", msg);
+        xsnprintf(errbuf, sizeof(errbuf), "Error %s\n", msg);
         fflush(stderr);
     }
     return ansr;
@@ -1407,8 +1408,8 @@ static int process_control_block(
             if (conflict_test(run, done_certp))
             {
                 currskibuf[strlen(currskibuf) - 1] = 0; // trim CR
-                snprintf(errbuf, sizeof(errbuf), "in block %s at %s",
-                         currskibuf, skibuf);
+                xsnprintf(errbuf, sizeof(errbuf), "in block %s at %s",
+                          currskibuf, skibuf);
                 *skibuf = 0;
                 return ERR_SCM_USECONFLICT;
             }
@@ -1464,13 +1465,13 @@ static int process_control_blocks(
             for (cc = skip; *cc != '\n'; cc++);
             if (*cc == '\n')
                 *cc = 0;
-            snprintf(errbuf, sizeof(errbuf), "Invalid SKI: %s", skip);
+            xsnprintf(errbuf, sizeof(errbuf), "Invalid SKI: %s", skip);
             return ERR_SCM_BADSKIBLOCK;
         }
         *cc = 0;
         if ((ansr = get_CAcert(skip, &done_certp)) < 0)
         {
-            snprintf(errbuf, sizeof(errbuf), "No file for SKI %s.", skip);
+            xsnprintf(errbuf, sizeof(errbuf), "No file for SKI %s.", skip);
             return ansr;
         }
         ruleranges.numranges = 0;
@@ -1485,13 +1486,13 @@ static int process_control_blocks(
                 size_t errlen = strlen(errbuf);
                 if (errlen + 1 < sizeof(errbuf))
                 {
-                    snprintf(&errbuf[errlen], sizeof(errbuf) - errlen, "at %s",
-                             skibuf);
+                    xsnprintf(&errbuf[errlen], sizeof(errbuf) - errlen, "at 
%s",
+                              skibuf);
                 }
             }
             else
-                snprintf(errbuf, sizeof(errbuf), "Invalid prefix/range %s",
-                         skibuf);
+                xsnprintf(errbuf, sizeof(errbuf), "Invalid prefix/range %s",
+                          skibuf);
             return ansr;        // with error message in errbuf BADSKIBLOCK
         }                       // otherwise skibuf has another SKI line or
                                 // NULL
@@ -1581,8 +1582,8 @@ int read_SKI_blocks(
         locconp = conp;
         if (findorcreatedir(locscmp, locconp, Xrpdir, &XrpdirId) < 0)
         {
-            snprintf(errbuf, sizeof(errbuf), "Cannot find directory %s.",
-                     Xrpdir);
+            xsnprintf(errbuf, sizeof(errbuf), "Cannot find directory %s.",
+                      Xrpdir);
             ansr = ERR_SCM_BADSKIFILE;
         }
         else
diff --git a/lib/rpki/sqcon.c b/lib/rpki/sqcon.c
index c835c78..ccf70a4 100644
--- a/lib/rpki/sqcon.c
+++ b/lib/rpki/sqcon.c
@@ -15,6 +15,7 @@
 #include "diru.h"
 #include "err.h"
 #include "globals.h"
+#include "util/stringutils.h"
 
 
 /*
@@ -385,7 +386,7 @@ int createdbscm(
     mk = (char *)calloc(leen, sizeof(char));
     if (mk == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(mk, leen, "CREATE DATABASE %s;", dbname);
+    xsnprintf(mk, leen, "CREATE DATABASE %s;", dbname);
     sta = statementscm_no_data(conp, mk);
     free((void *)mk);
     return (sta);
@@ -410,7 +411,7 @@ int deletedbscm(
     mk = (char *)calloc(leen, sizeof(char));
     if (mk == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(mk, leen, "DROP DATABASE IF EXISTS %s;", dbname);
+    xsnprintf(mk, leen, "DROP DATABASE IF EXISTS %s;", dbname);
     sta = statementscm_no_data(conp, mk);
     free((void *)mk);
     return (sta);
@@ -435,8 +436,8 @@ static int createonetablescm(
     mk = (char *)calloc(leen, sizeof(char));
     if (mk == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(mk, leen, "CREATE TABLE %s ( %s ) ENGINE=InnoDB;",
-                   tabp->tabname, tabp->tstr);
+    xsnprintf(mk, leen, "CREATE TABLE %s ( %s ) ENGINE=InnoDB;",
+              tabp->tabname, tabp->tstr);
     sta = statementscm_no_data(conp, mk);
     free((void *)mk);
     return (sta);
@@ -464,7 +465,7 @@ int createalltablesscm(
     mk = (char *)calloc(leen, sizeof(char));
     if (mk == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(mk, leen, "USE %s;", scmp->db);
+    xsnprintf(mk, leen, "USE %s;", scmp->db);
     sta = statementscm_no_data(conp, mk);
     if (sta < 0)
         return (sta);
@@ -525,8 +526,8 @@ static int valcols(
         if (findcol(tabp, ptr) < 0)
         {
             if (conp->mystat.errmsg != NULL)
-                (void)snprintf(conp->mystat.errmsg, conp->mystat.emlen,
-                               "Invalid column %s", ptr);
+                xsnprintf(conp->mystat.errmsg, conp->mystat.emlen,
+                          "Invalid column %s", ptr);
             return (ERR_SCM_INVALCOL);
         }
     }
@@ -643,8 +644,8 @@ int insertscm(
     stmt = (char *)calloc(leen, sizeof(char));
     if (stmt == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(stmt, leen, "INSERT INTO %s (%s", tabp->tabname,
-                   arr->vec[0].column);
+    xsnprintf(stmt, leen, "INSERT INTO %s (%s", tabp->tabname,
+              arr->vec[0].column);
     for (i = 1; i < arr->nused; i++)
     {
         wsta = strwillfit(stmt, leen, wsta, ", ");
@@ -748,8 +749,8 @@ int getmaxidscm(
     sta = newhstmt(conp);
     if (!SQLOK(sta))
         return sta;
-    (void)snprintf(stmt, sizeof(stmt),
-                   "SELECT MAX(%s) FROM %s;", field, mtab->tabname);
+    xsnprintf(stmt, sizeof(stmt),
+              "SELECT MAX(%s) FROM %s;", field, mtab->tabname);
     sta = statementscm(conp, stmt);
     if (sta < 0)
         return (sta);
@@ -1121,7 +1122,7 @@ void addFlagTest(
      * or < 0x04 (in which case bit 0x04 is not set). 
      */
     int len = strlen(whereStr);
-    snprintf(&whereStr[len], WHERESTR_SIZE - len, "%s ((flags%%%d)%s%d)", 
needAnd ? " and" : "", 2 * flagVal    /* 2x 
+    xsnprintf(&whereStr[len], WHERESTR_SIZE - len, "%s ((flags%%%d)%s%d)", 
needAnd ? " and" : "", 2 * flagVal   /* 2x
                                                                                
                                  * since 
                                                                                
                                  * we 
                                                                                
                                  * are 
@@ -1131,7 +1132,7 @@ void addFlagTest(
                                                                                
                                  * this 
                                                                                
                                  * value 
                                                                                
                                  */ ,
-             isSet ? ">=" : "<", flagVal);
+              isSet ? ">=" : "<", flagVal);
 }
 
 /*
@@ -1324,7 +1325,7 @@ int searchorcreatescm(
     ins->vec[0].value = (char *)calloc(16, sizeof(char));
     if (ins->vec[0].value == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(ins->vec[0].value, 16, "%u", mid);
+    xsnprintf(ins->vec[0].value, 16, "%u", mid);
     sta = insertscm(conp, tabp, ins);
     free((void *)(ins->vec[0].value));
     if (sta < 0)
@@ -1372,7 +1373,7 @@ int deletescm(
     stmt = (char *)calloc(leen, sizeof(char));
     if (stmt == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(stmt, leen, "DELETE FROM %s", tabp->tabname);
+    xsnprintf(stmt, leen, "DELETE FROM %s", tabp->tabname);
     if (deld != NULL)
     {
         wsta = strwillfit(stmt, leen, wsta, " WHERE ");
@@ -1452,8 +1453,8 @@ int setflagsscm(
     stmt = (char *)calloc(leen, sizeof(char));
     if (stmt == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(stmt, leen, "UPDATE %s SET flags=%u WHERE ", tabp->tabname,
-                   flags);
+    xsnprintf(stmt, leen, "UPDATE %s SET flags=%u WHERE ", tabp->tabname,
+              flags);
     wsta = strwillfit(stmt, leen, wsta, where->vec[0].column);
     if (wsta >= 0)
         wsta = strwillfit(stmt, leen, wsta, "=\"");
@@ -1535,7 +1536,7 @@ char *hexify(
         *outptr++ = '0', left--;
     for (i = 0; i < bytelen; i++)
     {
-        (void)snprintf(outptr, left, "%2.2x", *inptr);
+        xsnprintf(outptr, left, "%2.2x", *inptr);
         outptr += 2;
         left -= 2;
         inptr++;
@@ -1612,9 +1613,9 @@ int updateblobscm(
     stmt = (char *)calloc(leen, sizeof(char));
     if (stmt == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(stmt, leen,
-                   "UPDATE %s SET sninuse=%u, snlist=%s WHERE local_id=%u;",
-                   tabp->tabname, sninuse, hexi, lid);
+    xsnprintf(stmt, leen,
+              "UPDATE %s SET sninuse=%u, snlist=%s WHERE local_id=%u;",
+              tabp->tabname, sninuse, hexi, lid);
     sta = statementscm_no_data(conp, stmt);
     free((void *)stmt);
     free((void *)hexi);
@@ -1659,9 +1660,9 @@ int updateranlastscm(
     default:
         return (ERR_SCM_INVALARG);
     }
-    (void)snprintf(stmt, sizeof(stmt),
-                   "UPDATE %s SET %s=\"%s\" WHERE local_id=1;", mtab->tabname,
-                   ent, now);
+    xsnprintf(stmt, sizeof(stmt),
+              "UPDATE %s SET %s=\"%s\" WHERE local_id=1;", mtab->tabname,
+              ent, now);
     sta = statementscm_no_data(conp, stmt);
     return (sta);
 }
diff --git a/lib/rpki/sqhl.c b/lib/rpki/sqhl.c
index 91fda49..ca1c7a7 100644
--- a/lib/rpki/sqhl.c
+++ b/lib/rpki/sqhl.c
@@ -27,6 +27,7 @@
 
 #include "cms/roa_utils.h"
 #include "util/logging.h"
+#include "util/stringutils.h"
 
 
 #define ADDCOL(a, b, c, d, e, f)  \
@@ -389,20 +390,19 @@ static int add_cert_internal(
             cols[idx++].value = escaped_strings[i];
         }
     }
-    (void)snprintf(flagn, sizeof(flagn), "%u", cf->flags);
+    xsnprintf(flagn, sizeof(flagn), "%u", cf->flags);
     cols[idx].column = "flags";
     cols[idx++].value = flagn;
-    (void)snprintf(lid, sizeof(lid), "%u", *cert_id);
+    xsnprintf(lid, sizeof(lid), "%u", *cert_id);
     cols[idx].column = "local_id";
     cols[idx++].value = lid;
-    (void)snprintf(did, sizeof(did), "%u", cf->dirid);
+    xsnprintf(did, sizeof(did), "%u", cf->dirid);
     cols[idx].column = "dir_id";
     cols[idx++].value = did;
     if (cf->ipblen > 0)
     {
         cols[idx].column = "ipblen";
-        (void)snprintf(blen, sizeof(blen), "%u", cf->ipblen);   /* byte length 
-                                                                 */
+        xsnprintf(blen, sizeof(blen), "%u", cf->ipblen);   /* byte length */
         cols[idx++].value = blen;
         cols[idx].column = "ipb";
         wptr = hexify(cf->ipblen, cf->ipb, HEXIFY_HAT);
@@ -487,16 +487,16 @@ static int add_crl_internal(
         }
     }
     memset(lid, 0, sizeof(lid));
-    (void)snprintf(flagn, sizeof(flagn), "%u", cf->flags);
+    xsnprintf(flagn, sizeof(flagn), "%u", cf->flags);
     cols[idx].column = "flags";
     cols[idx++].value = flagn;
-    (void)snprintf(lid, sizeof(lid), "%u", crl_id);
+    xsnprintf(lid, sizeof(lid), "%u", crl_id);
     cols[idx].column = "local_id";
     cols[idx++].value = lid;
-    (void)snprintf(did, sizeof(did), "%u", cf->dirid);
+    xsnprintf(did, sizeof(did), "%u", cf->dirid);
     cols[idx].column = "dir_id";
     cols[idx++].value = did;
-    (void)snprintf(csnlen, sizeof(csnlen), "%d", cf->snlen);
+    xsnprintf(csnlen, sizeof(csnlen), "%d", cf->snlen);
     cols[idx].column = "snlen";
     cols[idx++].value = csnlen;
     cols[idx].column = "sninuse";
@@ -562,8 +562,8 @@ static int get_cert_sigval(
         ADDCOL(sigsrch, "sigval", SQL_C_ULONG, sizeof(unsigned int), sta,
                SIGVAL_UNKNOWN);
     }
-    (void)snprintf(sigsrch->wherestr, WHERESTR_SIZE,
-                   "ski=\"%s\" and subject=\"%s\"", ski, subj);
+    xsnprintf(sigsrch->wherestr, WHERESTR_SIZE,
+              "ski=\"%s\" and subject=\"%s\"", ski, subj);
     // (void)printf("Wherestr = %s\n", sigsrch->wherestr);
     sta = searchscm(conp, theCertTable, sigsrch, NULL, ok,
                     SCM_SRCH_DOVALUE_ALWAYS, NULL);
@@ -597,7 +597,7 @@ static int get_roa_sigval(
         ADDCOL(sigsrch, "sigval", SQL_C_ULONG, sizeof(unsigned int), sta,
                SIGVAL_UNKNOWN);
     }
-    (void)snprintf(sigsrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", ski);
+    xsnprintf(sigsrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", ski);
     // (void)printf("Wherestr = %s\n", sigsrch->wherestr);
     sta = searchscm(conp, theROATable, sigsrch, NULL, ok,
                     SCM_SRCH_DOVALUE_ALWAYS, NULL);
@@ -654,9 +654,9 @@ static int set_cert_sigval(
         return ERR_SCM_NOSUCHTAB;
     char escaped_subj[2 * strlen(subj) + 1];
     mysql_escape_string(escaped_subj, subj, strlen(subj));
-    (void)snprintf(stmt, sizeof(stmt),
-                   "update %s set sigval=%d where ski=\"%s\" and 
subject=\"%s\";",
-                   theCertTable->tabname, valu, ski, escaped_subj);
+    xsnprintf(stmt, sizeof(stmt),
+              "update %s set sigval=%d where ski=\"%s\" and subject=\"%s\";",
+              theCertTable->tabname, valu, ski, escaped_subj);
     // (void)printf("SET: %s\n", stmt);
     sta = statementscm_no_data(conp, stmt);
     // (void)printf("Statementscn returns %d\n", sta);
@@ -675,9 +675,9 @@ static int set_roa_sigval(
         initTables(theSCMP);
     if (theROATable == NULL)
         return ERR_SCM_NOSUCHTAB;
-    (void)snprintf(stmt, sizeof(stmt),
-                   "update %s set sigval=%d where ski=\"%s\";",
-                   theROATable->tabname, valu, ski);
+    xsnprintf(stmt, sizeof(stmt),
+              "update %s set sigval=%d where ski=\"%s\";",
+              theROATable->tabname, valu, ski);
     // (void)printf("SET: %s\n", stmt);
     sta = statementscm_no_data(conp, stmt);
     // (void)printf("Statementscn returns %d\n", sta);
@@ -1009,8 +1009,8 @@ static int addCert2List(
     memset(this_ansrp->filename, 0, sizeof(this_ansrp->filename));
     strcpy(this_ansrp->filename, (char *)certSrch->vec[0].valptr);
     memset(this_ansrp->fullname, 0, sizeof(this_ansrp->fullname));
-    snprintf(this_ansrp->fullname, PATH_MAX, "%s/%s",
-             (char *)certSrch->vec[1].valptr, (char *)certSrch->vec[0].valptr);
+    xsnprintf(this_ansrp->fullname, PATH_MAX, "%s/%s",
+              (char *)certSrch->vec[1].valptr, (char 
*)certSrch->vec[0].valptr);
     memset(this_ansrp->issuer, 0, sizeof(this_ansrp->issuer));
     strcpy(this_ansrp->issuer, (char *)certSrch->vec[4].valptr);
     memset(this_ansrp->aki, 0, sizeof(this_ansrp->aki));
@@ -1066,11 +1066,11 @@ struct cert_answers *find_parent_cert(
     if (subject != NULL){
         char escaped [strlen(subject)*2+1];
         mysql_escape_string(escaped, subject, strlen(subject));
-        snprintf(certSrch->wherestr, WHERESTR_SIZE,
-                 "ski=\'%s\' and subject=\'%s\'", ski, escaped);
+        xsnprintf(certSrch->wherestr, WHERESTR_SIZE,
+                  "ski=\'%s\' and subject=\'%s\'", ski, escaped);
     }
     else
-        snprintf(certSrch->wherestr, WHERESTR_SIZE, "ski=\'%s\'", ski);
+        xsnprintf(certSrch->wherestr, WHERESTR_SIZE, "ski=\'%s\'", ski);
     addFlagTest(certSrch->wherestr, SCM_FLAG_VALIDATED, 1, 1);
     addFlagTest(certSrch->wherestr, SCM_FLAG_NOCHAIN, 0, 1);
     cert_answers.num_ansrs = 0;
@@ -1125,7 +1125,7 @@ static X509 *parent_cert(
     }
     else
         return NULL;
-    (void)snprintf(ofullname, PATH_MAX, "%s", cert_ansrp->fullname);
+    xsnprintf(ofullname, PATH_MAX, "%s", cert_ansrp->fullname);
     if (pathname != NULL)
         strncpy(*pathname, ofullname, PATH_MAX);
     if (flagsp)
@@ -1158,9 +1158,9 @@ struct cert_answers *find_cert_by_aKI(
     }
     sta = 0;
     if (ski)
-        snprintf(certSrch->wherestr, WHERESTR_SIZE, "ski=\'%s\'", ski);
+        xsnprintf(certSrch->wherestr, WHERESTR_SIZE, "ski=\'%s\'", ski);
     else
-        snprintf(certSrch->wherestr, WHERESTR_SIZE, "aki=\'%s\'", aki);
+        xsnprintf(certSrch->wherestr, WHERESTR_SIZE, "aki=\'%s\'", aki);
     addFlagTest(certSrch->wherestr, SCM_FLAG_VALIDATED, 1, 1);
     addFlagTest(certSrch->wherestr, SCM_FLAG_NOCHAIN, 0, 1);
     cert_answers.num_ansrs = 0;
@@ -1268,7 +1268,7 @@ static int cert_revoked(
     // and set isRevoked = 1 in the callback if sn is in snlist
     char escaped [strlen(issuer)*2+1];
     mysql_escape_string(escaped, issuer, strlen(issuer));
-    snprintf(revokedSrch->wherestr, WHERESTR_SIZE, "issuer=\"%s\"", escaped);
+    xsnprintf(revokedSrch->wherestr, WHERESTR_SIZE, "issuer=\"%s\"", escaped);
     addFlagTest(revokedSrch->wherestr, SCM_FLAG_VALIDATED, 1, 1);
     addFlagTest(revokedSrch->wherestr, SCM_FLAG_NOCHAIN, 0, 1);
     isRevoked = 0;
@@ -1562,8 +1562,8 @@ static int updateValidFlags(
     int flags = isValid ?
         ((prevFlags | SCM_FLAG_VALIDATED) & (~SCM_FLAG_NOCHAIN)) :
         (prevFlags | SCM_FLAG_NOCHAIN);
-    snprintf(stmt, sizeof(stmt), "update %s set flags=%d where local_id=%d;",
-             tabp->tabname, flags, id);
+    xsnprintf(stmt, sizeof(stmt), "update %s set flags=%d where local_id=%d;",
+              tabp->tabname, flags, id);
     return statementscm_no_data(conp, stmt);
 }
 
@@ -1574,8 +1574,8 @@ int set_cert_flag(
     unsigned int flags)
 {
     char stmt[150];
-    snprintf(stmt, sizeof(stmt), "update %s set flags=%d where local_id=%d;",
-             theCertTable->tabname, flags, id);
+    xsnprintf(stmt, sizeof(stmt), "update %s set flags=%d where local_id=%d;",
+              theCertTable->tabname, flags, id);
     return statementscm_no_data(conp, stmt);
 }
 
@@ -1632,8 +1632,8 @@ static int verifyChildCRL(
     if (!goodoids[0].lth)
         make_goodoids();
     // try verifying crl
-    snprintf(pathname, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
-             (char *)s->vec[1].valptr);
+    xsnprintf(pathname, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
+              (char *)s->vec[1].valptr);
     typ = infer_filetype(pathname);
     cf = crl2fields((char *)s->vec[1].valptr, pathname, typ,
                     &x, &sta, &crlsta, goodoids);
@@ -1680,8 +1680,8 @@ static int verifyChildROA(
     UNREFERENCED_PARAMETER(idx);
     CMS(&roa, (ushort) 0);
     // try verifying crl
-    snprintf(pathname, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
-             (char *)s->vec[1].valptr);
+    xsnprintf(pathname, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
+              (char *)s->vec[1].valptr);
     typ = infer_filetype(pathname);
     sta =
         roaFromFile(pathname, typ >= OT_PEM_OFFSET ? FMT_PEM : FMT_DER, 1,
@@ -1731,10 +1731,10 @@ static int handleUpdateMan(
     (void)s;
     (void)idx;
     updateManLid = *((unsigned int *)updateManSrch->vec[1].valptr);
-    snprintf(updateManPath, PATH_MAX, "%s/",
-             (char *)updateManSrch->vec[0].valptr);
-    snprintf(updateManHash, HASHSIZE, "%s",
-             (char *)updateManSrch->vec[2].valptr);
+    xsnprintf(updateManPath, PATH_MAX, "%s/",
+              (char *)updateManSrch->vec[0].valptr);
+    xsnprintf(updateManHash, HASHSIZE, "%s",
+              (char *)updateManSrch->vec[2].valptr);
     return 0;
 }
 
@@ -1795,8 +1795,8 @@ static int updateManifestObjs(
         else
             continue;
         mysql_escape_string(escaped_file, (char *)file, strlen((char *)file));
-        snprintf(updateManSrch->wherestr, WHERESTR_SIZE, "filename=\"%s\"",
-                 escaped_file);
+        xsnprintf(updateManSrch->wherestr, WHERESTR_SIZE, "filename=\"%s\"",
+                  escaped_file);
         addFlagTest(updateManSrch->wherestr, SCM_FLAG_ONMAN, 0, 1);
         updateManLid = 0;
         memset(updateManHash, 0, sizeof(updateManHash));
@@ -1805,7 +1805,7 @@ static int updateManifestObjs(
         if (!updateManLid)
             continue;
         len = strlen(updateManPath);
-        snprintf(updateManPath + len, PATH_MAX - len, "%s", file);
+        xsnprintf(updateManPath + len, PATH_MAX - len, "%s", file);
         fd = open(updateManPath, O_RDONLY);
         if (fd < 0)
             continue;
@@ -1842,17 +1842,17 @@ static int updateManifestObjs(
             // if hash okay, set ONMAN flag and optionally the hash if we just 
             // computed it
             if (gothash == 1)
-                snprintf(flagStmt, sizeof(flagStmt),
-                         "update %s set flags=flags+%d where local_id=%d;",
-                         tabp->tabname, SCM_FLAG_ONMAN, updateManLid);
+                xsnprintf(flagStmt, sizeof(flagStmt),
+                          "update %s set flags=flags+%d where local_id=%d;",
+                          tabp->tabname, SCM_FLAG_ONMAN, updateManLid);
             else
             {
                 char *h = hexify(sta, bytehash, HEXIFY_NO);
                 // (void)fprintf(stderr, "Updating hash of %s to %s\n", file,
                 // h);
-                snprintf(flagStmt, sizeof(flagStmt),
-                         "update %s set flags=flags+%d, hash=\"%s\" where 
local_id=%d;",
-                         tabp->tabname, SCM_FLAG_ONMAN, h, updateManLid);
+                xsnprintf(flagStmt, sizeof(flagStmt),
+                          "update %s set flags=flags+%d, hash=\"%s\" where 
local_id=%d;",
+                          tabp->tabname, SCM_FLAG_ONMAN, h, updateManLid);
                 free((void *)h);
             }
             statementscm_no_data(conp, flagStmt);
@@ -1864,8 +1864,8 @@ static int updateManifestObjs(
             // children
             if (tabp == theCertTable)
             {
-                snprintf(updateManSrch2->wherestr, WHERESTR_SIZE,
-                         "local_id=\"%d\"", updateManLid);
+                xsnprintf(updateManSrch2->wherestr, WHERESTR_SIZE,
+                          "local_id=\"%d\"", updateManLid);
                 searchscm(conp, tabp, updateManSrch2, NULL,
                           revoke_cert_and_children, SCM_SRCH_DOVALUE_ALWAYS,
                           NULL);
@@ -1896,8 +1896,8 @@ static int verifyChildManifest(
                            *((unsigned int *)(s->vec[0].valptr)),
                            *((unsigned int *)(s->vec[1].valptr)), 1);
     CMS(&cms, 0);
-    snprintf(outfull, PATH_MAX, "%s/%s", (char *)(s->vec[2].valptr),
-             (char *)(s->vec[3].valptr));
+    xsnprintf(outfull, PATH_MAX, "%s/%s", (char *)(s->vec[2].valptr),
+              (char *)(s->vec[3].valptr));
     sta = get_casn_file(&cms.self, outfull, 0);
     if (sta < 0)
     {
@@ -1967,7 +1967,7 @@ static int verifyChildCert(
 
     if (doVerify)
     {
-        snprintf(pathname, PATH_MAX, "%s/%s", data->dirname, data->filename);
+        xsnprintf(pathname, PATH_MAX, "%s/%s", data->dirname, data->filename);
         x = readCertFromFile(pathname, &sta);
         if (x == NULL)
             return ERR_SCM_X509;
@@ -1993,19 +1993,19 @@ static int verifyChildCert(
                sta, sta);
         ADDCOL(crlSrch, "flags", SQL_C_ULONG, sizeof(unsigned int), sta, sta);
     }
-    snprintf(crlSrch->wherestr, WHERESTR_SIZE,
-             "aki=\"%s\" and issuer=\"%s\"", data->ski, data->subject);
+    xsnprintf(crlSrch->wherestr, WHERESTR_SIZE,
+              "aki=\"%s\" and issuer=\"%s\"", data->ski, data->subject);
     addFlagTest(crlSrch->wherestr, SCM_FLAG_NOCHAIN, 1, 1);
     sta = searchscm(conp, theCRLTable, crlSrch, NULL, verifyChildCRL,
                     SCM_SRCH_DOVALUE_ALWAYS | SCM_SRCH_DO_JOIN, NULL);
 
     /* Check for associated GBRs */
-    snprintf(crlSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
+    xsnprintf(crlSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
     searchscm(conp, theGBRTable, crlSrch, NULL, verifyChildGhostbusters,
               SCM_SRCH_DOVALUE_ALWAYS | SCM_SRCH_DO_JOIN, NULL);
 
     /* Check for associated ROA */
-    snprintf(crlSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
+    xsnprintf(crlSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
     addFlagTest(crlSrch->wherestr, SCM_FLAG_NOCHAIN, 1, 1);
     sta = searchscm(conp, theROATable, crlSrch, NULL, verifyChildROA,
                     SCM_SRCH_DOVALUE_ALWAYS | SCM_SRCH_DO_JOIN, NULL);
@@ -2020,7 +2020,7 @@ static int verifyChildCert(
         ADDCOL(manSrch, "dirname", SQL_C_CHAR, DNAMESIZE, sta, sta);
         ADDCOL(manSrch, "filename", SQL_C_CHAR, FNAMESIZE, sta, sta);
     }
-    snprintf(manSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
+    xsnprintf(manSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
     sta = searchscm(conp, theManifestTable, manSrch, NULL, verifyChildManifest,
                     SCM_SRCH_DOVALUE_ALWAYS | SCM_SRCH_DO_JOIN, NULL);
     return 0;
@@ -2094,7 +2094,7 @@ static int countvalidparents(
     now = LocalTimeToDBTime(&sta);
     if (now == NULL)
         return (sta);
-    snprintf(ws, sizeof(ws), "valfrom < \"%s\" AND \"%s\" < valto", now, now);
+    xsnprintf(ws, sizeof(ws), "valfrom < \"%s\" AND \"%s\" < valto", now, now);
     free((void *)now);
     addFlagTest(ws, SCM_FLAG_VALIDATED, 1, 1);
     addFlagTest(ws, SCM_FLAG_NOCHAIN, 0, 1);
@@ -2251,7 +2251,7 @@ static int invalidateChildCert(
         ADDCOL(roaSrch, "ski", SQL_C_CHAR, SKISIZE, sta, sta);
         ADDCOL(roaSrch, "flags", SQL_C_ULONG, sizeof(unsigned int), sta, sta);
     }
-    snprintf(roaSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
+    xsnprintf(roaSrch->wherestr, WHERESTR_SIZE, "ski=\"%s\"", data->ski);
     addFlagTest(roaSrch->wherestr, SCM_FLAG_NOCHAIN, 0, 1);
 
     if (invalidateCRLSrch == NULL)
@@ -2266,8 +2266,8 @@ static int invalidateChildCert(
     }
     char escaped [strlen(data->subject)*2+1];
     mysql_escape_string(escaped, data->subject, strlen(data->subject));
-    snprintf(invalidateCRLSrch->wherestr, WHERESTR_SIZE,
-             "aki=\"%s\" AND issuer=\"%s\"", data->ski, escaped);
+    xsnprintf(invalidateCRLSrch->wherestr, WHERESTR_SIZE,
+              "aki=\"%s\" AND issuer=\"%s\"", data->ski, escaped);
     addFlagTest(invalidateCRLSrch->wherestr, SCM_FLAG_NOCHAIN, 0, 1);
 
 
@@ -2409,10 +2409,10 @@ static int verifyOrNotChildren(
             char escaped [strlen(currPropData->data[idx].subject)*2+1];
             mysql_escape_string(escaped, currPropData->data[idx].subject, 
strlen(currPropData->data[idx].subject));
 
-            snprintf(childrenSrch->wherestr, WHERESTR_SIZE,
-                     "aki=\"%s\" and ski<>\"%s\" and issuer=\"%s\"",
-                     currPropData->data[idx].ski, currPropData->data[idx].ski,
-                     escaped);
+            xsnprintf(childrenSrch->wherestr, WHERESTR_SIZE,
+                      "aki=\"%s\" and ski<>\"%s\" and issuer=\"%s\"",
+                      currPropData->data[idx].ski, currPropData->data[idx].ski,
+                      escaped);
             addFlagTest(childrenSrch->wherestr, SCM_FLAG_NOCHAIN, doVerify, 1);
         }
         if (!isRoot)
@@ -2448,8 +2448,8 @@ static int handleValidMan(
 {
     (void)conp;
     (void)idx;
-    snprintf(validManPath, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
-             (char *)s->vec[1].valptr);
+    xsnprintf(validManPath, PATH_MAX, "%s/%s", (char *)s->vec[0].valptr,
+              (char *)s->vec[1].valptr);
     return 0;
 }
 
@@ -2476,8 +2476,8 @@ int addStateToFlags(
         ADDCOL(validManSrch, "dirname", SQL_C_CHAR, DNAMESIZE, sta, sta);
         ADDCOL(validManSrch, "filename", SQL_C_CHAR, FNAMESIZE, sta, sta);
     }
-    snprintf(validManSrch->wherestr, WHERESTR_SIZE,
-             "files regexp binary \"%s\"", filename);
+    xsnprintf(validManSrch->wherestr, WHERESTR_SIZE,
+              "files regexp binary \"%s\"", filename);
     addFlagTest(validManSrch->wherestr, SCM_FLAG_VALIDATED, 1, 1);
     initTables(scmp);
     validManPath[0] = 0;
@@ -2813,8 +2813,8 @@ static int hexify_ski(
     for (i = 0; i < size; i++)
     {
         if (i)
-            snprintf(str++, 2, ":");
-        snprintf(str, 3, "%02X", tmp[i]);
+            xsnprintf(str++, 2, ":");
+        xsnprintf(str, 3, "%02X", tmp[i]);
         str += 2;
     }
     *str = 0;
@@ -3016,20 +3016,20 @@ static int add_roa_internal(
     // fill in insertion structure
     cols[idx].column = "filename";
     cols[idx++].value = outfile;
-    (void)snprintf(did, sizeof(did), "%u", dirid);
+    xsnprintf(did, sizeof(did), "%u", dirid);
     cols[idx].column = "dir_id";
     cols[idx++].value = did;
     cols[idx].column = "ski";
     cols[idx++].value = ski;
     cols[idx].column = "sig";
     cols[idx++].value = sig;
-    (void)snprintf(asn, sizeof(asn), "%" PRIu32, asid);
+    xsnprintf(asn, sizeof(asn), "%" PRIu32, asid);
     cols[idx].column = "asn";
     cols[idx++].value = asn;
-    (void)snprintf(flagn, sizeof(flagn), "%u", flags);
+    xsnprintf(flagn, sizeof(flagn), "%u", flags);
     cols[idx].column = "flags";
     cols[idx++].value = flagn;
-    (void)snprintf(lid, sizeof(lid), "%u", roa_id);
+    xsnprintf(lid, sizeof(lid), "%u", roa_id);
     cols[idx].column = "local_id";
     cols[idx++].value = lid;
     aone.vec = &cols[0];
@@ -3346,8 +3346,8 @@ int add_manifest(
     {
         int flth = read_casn(&fahp->file, file);
         file[flth] = 0;
-        snprintf(manFiles + manFilesLen, MANFILES_SIZE - manFilesLen,
-                 "%s%s", manFilesLen ? " " : "", file);
+        xsnprintf(manFiles + manFilesLen, MANFILES_SIZE - manFilesLen,
+                  "%s%s", manFilesLen ? " " : "", file);
         if (manFilesLen)
             manFilesLen++;
         manFilesLen += strlen((char *)file);
@@ -3438,7 +3438,7 @@ int add_manifest(
         lenbuf[20];
     cols[idx].column = "filename";
     cols[idx++].value = outfile;
-    (void)snprintf(did, sizeof(did), "%u", id);
+    xsnprintf(did, sizeof(did), "%u", id);
     cols[idx].column = "dir_id";
     cols[idx++].value = did;
     cols[idx].column = "ski";
@@ -3448,16 +3448,16 @@ int add_manifest(
     cols[idx].column = "next_upd";
     cols[idx++].value = nextUpdate;
     char flagn[24];
-    (void)snprintf(flagn, sizeof(flagn), "%u", flags);
+    xsnprintf(flagn, sizeof(flagn), "%u", flags);
     cols[idx].column = "flags";
     cols[idx++].value = flagn;
-    (void)snprintf(mid, sizeof(mid), "%u", man_id);
+    xsnprintf(mid, sizeof(mid), "%u", man_id);
     cols[idx].column = "local_id";
     cols[idx++].value = mid;
     cols[idx].column = "files";
     cols[idx++].value = manFiles;
     cols[idx].column = "fileslen";
-    (void)snprintf(lenbuf, sizeof(lenbuf), "%u", manFilesLen);
+    xsnprintf(lenbuf, sizeof(lenbuf), "%u", manFilesLen);
     cols[idx++].value = lenbuf;
     aone.vec = &cols[0];
     aone.ntot = 12;
@@ -3557,11 +3557,11 @@ int add_ghostbusters(
     }
 
     char dir_id_str[24];
-    snprintf(dir_id_str, sizeof(dir_id_str), "%u", id);
+    xsnprintf(dir_id_str, sizeof(dir_id_str), "%u", id);
     char local_id_str[24];
-    snprintf(local_id_str, sizeof(local_id_str), "%u", local_id);
+    xsnprintf(local_id_str, sizeof(local_id_str), "%u", local_id);
     char flags_str[24];
-    snprintf(flags_str, sizeof(flags_str), "%u", flags);
+    xsnprintf(flags_str, sizeof(flags_str), "%u", flags);
 
     scmkv cols[] = {
      {
@@ -4043,7 +4043,7 @@ int delete_object(
     dtwo[0].column = "filename";
     dtwo[0].value = outfile;
     dtwo[1].column = "dir_id";
-    (void)snprintf(did, sizeof(did), "%u", id);
+    xsnprintf(did, sizeof(did), "%u", id);
     dtwo[1].value = did;
     dwhere.vec = &dtwo[0];
     dwhere.ntot = 2;
@@ -4212,7 +4212,7 @@ int deletebylid(
     if (conp == NULL || conp->connected == 0 || tabp == NULL)
         return (ERR_SCM_INVALARG);
     where.column = "local_id";
-    (void)snprintf(mylid, sizeof(mylid), "%u", lid);
+    xsnprintf(mylid, sizeof(mylid), "%u", lid);
     where.value = mylid;
     lids.vec = &where;
     lids.ntot = 1;
@@ -4243,8 +4243,8 @@ static int certmaybeok(
     // ????????? instead test for this in select statement ????????
     if ((pflags & SCM_FLAG_NOTYET) == 0)
         return (0);
-    (void)snprintf(lid, sizeof(lid), "%u",
-                   *(unsigned int *)(s->vec[0].valptr));
+    xsnprintf(lid, sizeof(lid), "%u",
+              *(unsigned int *)(s->vec[0].valptr));
     one.column = "local_id";
     one.value = &lid[0];
     where.vec = &one;
@@ -4273,8 +4273,8 @@ static int certtoonew(
     int sta;
 
     UNREFERENCED_PARAMETER(idx);
-    (void)snprintf(lid, sizeof(lid), "%u",
-                   *(unsigned int *)(s->vec[0].valptr));
+    xsnprintf(lid, sizeof(lid), "%u",
+              *(unsigned int *)(s->vec[0].valptr));
     one.column = "local_id";
     one.value = &lid[0];
     where.vec = &one;
@@ -4349,16 +4349,16 @@ int certificate_validity(
     vok = (char *)calloc(48 + 2 * strlen(now), sizeof(char));
     if (vok == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(vok, 48 + 2 * strlen(now),
-                   "valfrom <= \"%s\" AND \"%s\" <= valto", now, now);
+    xsnprintf(vok, 48 + 2 * strlen(now),
+              "valfrom <= \"%s\" AND \"%s\" <= valto", now, now);
     vf = (char *)calloc(24 + strlen(now), sizeof(char));
     if (vf == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(vf, 24 + strlen(now), "\"%s\" < valfrom", now);
+    xsnprintf(vf, 24 + strlen(now), "\"%s\" < valfrom", now);
     vt = (char *)calloc(24 + strlen(now), sizeof(char));
     if (vt == NULL)
         return (ERR_SCM_NOMEM);
-    (void)snprintf(vt, 24 + strlen(now), "valto < \"%s\"", now);
+    xsnprintf(vt, 24 + strlen(now), "valto < \"%s\"", now);
     free((void *)now);
     // search for certificates that might now be valid
     // in order to use revoke_cert_and_children the first five
@@ -4454,7 +4454,7 @@ void startSyslog(
         logName = NULL;
     }                           /* previous logName */
     logName = (char *)calloc(6 + strlen(appName), sizeof(char));
-    snprintf(logName, 6 + strlen(appName), "RPKI %s", appName);
+    xsnprintf(logName, 6 + strlen(appName), "RPKI %s", appName);
     openlog(logName, LOG_PID, 0);
     syslog(LOG_NOTICE, "Application Started");
 }
-- 
2.4.5


------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
rpstir-devel mailing list
rpstir-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rpstir-devel

Reply via email to