From 8acd95e85e0da102fc48369fd237c634fe6066ae Mon Sep 17 00:00:00 2001 From: Noah Lokocz Date: Thu, 16 Mar 2023 11:54:55 +0000 Subject: Bug 1819958. Removed deprecated sprintf function and replaced with snprintf. r=djackson Differential Revision: https://phabricator.services.mozilla.com/D171859 --- cmd/bltest/blapitest.c | 44 +++++++++++++-------------- cmd/certutil/certutil.c | 4 +-- cmd/crmf-cgi/crmfcgi.c | 2 +- cmd/fipstest/fipstest.c | 12 ++++---- cmd/httpserv/httpserv.c | 11 +++---- cmd/lib/basicutil.c | 3 +- cmd/lib/secutil.c | 45 +++++++++++++-------------- cmd/modutil/install-ds.c | 4 +-- cmd/modutil/install.c | 2 +- cmd/mpitests/mpi-test.c | 6 ++-- cmd/nss-policy-check/nss-policy-check.c | 2 +- cmd/ocspclnt/ocspclnt.c | 2 +- cmd/pk12util/pk12util.c | 2 +- cmd/sdbthreadtst/sdbthreadtst.c | 4 +-- cmd/selfserv/selfserv.c | 8 ++--- cmd/signtool/certgen.c | 22 +++++++------- cmd/signtool/javascript.c | 2 +- cmd/signtool/sign.c | 8 ++--- cmd/signtool/util.c | 12 ++++---- cmd/signver/pk7print.c | 54 ++++++++++++++++----------------- cmd/ssltap/ssltap.c | 2 +- cmd/strsclnt/strsclnt.c | 4 --- cmd/vfychain/vfychain.c | 4 +-- coreconf/nsinstall/nsinstall.c | 21 +++++++------ coreconf/nsinstall/pathsub.c | 12 ++++---- lib/dbm/tests/lots.c | 6 ++-- lib/pki/tdcache.c | 6 ++-- lib/softoken/pkcs11.c | 6 ++-- lib/softoken/sftkdb.c | 8 ++--- lib/ssl/ssl3con.c | 6 ++-- lib/util/secasn1d.c | 24 ++++++++------- lib/util/secport.h | 1 + lib/zlib/gzwrite.c | 3 +- 33 files changed, 172 insertions(+), 180 deletions(-) diff --git a/cmd/bltest/blapitest.c b/cmd/bltest/blapitest.c index f9a2f0221..f0e3d3dff 100644 --- a/cmd/bltest/blapitest.c +++ b/cmd/bltest/blapitest.c @@ -3009,7 +3009,7 @@ get_params(PLArenaPool *arena, bltestParams *params, switch (mode) { case bltestAES_GCM: case bltestCHACHA20: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "aad", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "aad", j); load_file_data(arena, ¶ms->ask.aad, filename, bltestBinary); case bltestDES_CBC: case bltestDES_EDE_CBC: @@ -3023,7 +3023,7 @@ get_params(PLArenaPool *arena, bltestParams *params, #ifndef NSS_DISABLE_DEPRECATED_SEED case bltestSEED_CBC: #endif - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "iv", j); load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); case bltestDES_ECB: case bltestDES_EDE_ECB: @@ -3036,17 +3036,17 @@ get_params(PLArenaPool *arena, bltestParams *params, #ifndef NSS_DISABLE_DEPRECATED_SEED case bltestSEED_ECB: #endif - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); break; #ifdef NSS_SOFTOKEN_DOES_RC5 case bltestRC5_ECB: case bltestRC5_CBC: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "iv", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "iv", j); load_file_data(arena, ¶ms->sk.iv, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->sk.key, filename, bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "params", j); file = fopen(filename, "r"); if (!file) @@ -3070,59 +3070,59 @@ get_params(PLArenaPool *arena, bltestParams *params, break; #endif case bltestRSA_PSS: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); /* fall through */ case bltestRSA_OAEP: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "seed", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "seed", j); load_file_data(arena, ¶ms->asymk.cipherParams.rsa.seed, filename, bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "hash", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "hash", j); load_file_data(arena, &tempIO, filename, bltestBinary); params->asymk.cipherParams.rsa.hashAlg = mode_str_to_hash_alg(&tempIO.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "maskhash", j); load_file_data(arena, &tempIO, filename, bltestBinary); params->asymk.cipherParams.rsa.maskHashAlg = mode_str_to_hash_alg(&tempIO.buf); /* fall through */ case bltestRSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)rsakey_from_filedata(arena, ¶ms->asymk.key.buf); break; case bltestDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)dsakey_from_filedata(arena, ¶ms->asymk.key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "pqg", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.pqgdata, filename, bltestBase64Encoded); params->asymk.cipherParams.dsa.pqg = pqg_from_filedata(arena, ¶ms->asymk.cipherParams.dsa.pqgdata.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "keyseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.keyseed, filename, bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.dsa.sigseed, filename, bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; case bltestECDSA: - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "key", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "key", j); load_file_data(arena, ¶ms->asymk.key, filename, bltestBase64Encoded); params->asymk.privKey = (void *)eckey_from_filedata(arena, ¶ms->asymk.key.buf); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "sigseed", j); load_file_data(arena, ¶ms->asymk.cipherParams.ecdsa.sigseed, filename, bltestBase64Encoded); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, ¶ms->asymk.sig, filename, bltestBase64Encoded); break; case bltestMD2: @@ -3238,7 +3238,7 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, cipherInfo.mode = mode; params = &cipherInfo.params; /* get the number of tests in the directory */ - sprintf(filename, "%s/tests/%s/%s", testdir, modestr, "numtests"); + snprintf(filename, sizeof(filename), "%s/tests/%s/%s", testdir, modestr, "numtests"); if (ReadFileToItem(arena, &item, filename) != SECSuccess) { fprintf(stderr, "%s: Cannot read file %s.\n", progName, filename); rv = SECFailure; @@ -3254,12 +3254,12 @@ blapi_selftest(bltestCipherMode *modes, int numModes, int inoff, int outoff, numtests += (int)(item.data[j] - '0'); } for (j = 0; j < numtests; j++) { - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "plaintext", j); load_file_data(arena, &pt, filename, is_sigCipher(mode) ? bltestBase64Encoded : bltestBinary); - sprintf(filename, "%s/tests/%s/%s%d", testdir, modestr, + snprintf(filename, sizeof(filename), "%s/tests/%s/%s%d", testdir, modestr, "ciphertext", j); load_file_data(arena, &ct, filename, bltestBase64Encoded); diff --git a/cmd/certutil/certutil.c b/cmd/certutil/certutil.c index a984f7fc8..af72910f3 100644 --- a/cmd/certutil/certutil.c +++ b/cmd/certutil/certutil.c @@ -852,7 +852,7 @@ SECItemToHex(const SECItem *item, char *dst) unsigned char *src = item->data; unsigned int len = item->len; for (; len > 0; --len, dst += 2) { - sprintf(dst, "%02x", *src++); + snprintf(dst, 3, "%02x", *src++); } *dst = '\0'; } @@ -2344,7 +2344,7 @@ getObjectClass(CK_ULONG classType) if (classType >= CKO_NSS && classType <= CKO_NSS_BUILTIN_ROOT_LIST) { return objNSSClassArray[classType - CKO_NSS]; } - sprintf(buf, "0x%lx", classType); + snprintf(buf, sizeof(buf), "0x%lx", classType); return buf; } diff --git a/cmd/crmf-cgi/crmfcgi.c b/cmd/crmf-cgi/crmfcgi.c index 9f6174383..096a7fe9d 100644 --- a/cmd/crmf-cgi/crmfcgi.c +++ b/cmd/crmf-cgi/crmfcgi.c @@ -1007,7 +1007,7 @@ processChallengeResponse(CGIVarTable *varTable, const char *certRepContent) rv = ERROR_RETRIEVING_CLIENT_RESPONSE_TO_CHALLENGE; goto loser; } - sprintf(cgiChalVar, "chal%d", i + 1); + snprintf(cgiChalVar, sizeof(cgiChalVar), "chal%d", i + 1); formChalValue = CGITableFindValue(varTable, cgiChalVar); if (formChalValue == NULL) { rv = REQ_CGI_VAR_NOT_PRESENT; diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c index c9d1958b1..48ca78b54 100644 --- a/cmd/fipstest/fipstest.c +++ b/cmd/fipstest/fipstest.c @@ -589,7 +589,7 @@ tdea_mct_test(int mode, unsigned char *key, unsigned int numKeys, for (i = 0; i < 400; i++) { /* if i == 0 CV[0] = IV not necessary */ /* record the count and key values and plainText */ - sprintf(buf, "COUNT = %d\n", i); + snprintf(buf, sizeof(buf), "COUNT = %d\n", i); fputs(buf, resp); /* Output KEY1[i] */ fputs("KEY1 = ", resp); @@ -1511,7 +1511,7 @@ aes_ecb_mct(char *reqfn) } for (i = 0; i < 100; i++) { - sprintf(buf, "COUNT = %d\n", i); + snprintf(buf, sizeof(buf), "COUNT = %d\n", i); fputs(buf, aesresp); /* Output Key[i] */ fputs("KEY = ", aesresp); @@ -1609,7 +1609,7 @@ aes_ecb_mct(char *reqfn) } for (i = 0; i < 100; i++) { - sprintf(buf, "COUNT = %d\n", i); + snprintf(buf, sizeof(buf), "COUNT = %d\n", i); fputs(buf, aesresp); /* Output Key[i] */ fputs("KEY = ", aesresp); @@ -1808,7 +1808,7 @@ aes_cbc_mct(char *reqfn) } for (i = 0; i < 100; i++) { - sprintf(buf, "COUNT = %d\n", i); + snprintf(buf, sizeof(buf), "COUNT = %d\n", i); fputs(buf, aesresp); /* Output Key[i] */ fputs("KEY = ", aesresp); @@ -1920,7 +1920,7 @@ aes_cbc_mct(char *reqfn) } for (i = 0; i < 100; i++) { - sprintf(buf, "COUNT = %d\n", i); + snprintf(buf, sizeof(buf), "COUNT = %d\n", i); fputs(buf, aesresp); /* Output Key[i] */ fputs("KEY = ", aesresp); @@ -4662,7 +4662,7 @@ sha_mct_test(unsigned int MDLen, unsigned char *seed, FILE *resp) /* seed = MD_i */ memcpy(seed, MD_i, MDLen); - sprintf(buf, "COUNT = %d\n", j); + snprintf(buf, sizeof(buf), "COUNT = %d\n", j); fputs(buf, resp); /* output MD_i */ diff --git a/cmd/httpserv/httpserv.c b/cmd/httpserv/httpserv.c index c7277f3bd..b4e4736ff 100644 --- a/cmd/httpserv/httpserv.c +++ b/cmd/httpserv/httpserv.c @@ -37,9 +37,6 @@ #include "ocspti.h" #include "ocspi.h" -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif #ifndef PORT_Strstr #define PORT_Strstr strstr @@ -687,7 +684,7 @@ handle_connection( if (!request || !request->tbsRequest || !request->tbsRequest->requestList || !request->tbsRequest->requestList[0]) { - PORT_Sprintf(msgBuf, "Cannot decode OCSP request.\r\n"); + snprintf(msgBuf, sizeof(msgBuf), "Cannot decode OCSP request.\r\n"); iovs[numIOVs].iov_base = msgBuf; iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); @@ -781,7 +778,7 @@ handle_connection( singleResponses, &pwdata); if (!ocspResponse) { - PORT_Sprintf(msgBuf, "Failed to encode response\r\n"); + snprintf(msgBuf, sizeof(msgBuf), "Failed to encode response\r\n"); iovs[numIOVs].iov_base = msgBuf; iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); numIOVs++; @@ -818,14 +815,14 @@ handle_connection( iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); numIOVs++; } else if (reqLen <= 0) { /* hit eof */ - PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n", + snprintf(msgBuf, sizeof(msgBuf), "Get or Post incomplete after %d bytes.\r\n", bufDat); iovs[numIOVs].iov_base = msgBuf; iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); numIOVs++; } else if (reqLen < bufDat) { - PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n", + snprintf(msgBuf, sizeof(msgBuf), "Discarded %d characters.\r\n", bufDat - reqLen); iovs[numIOVs].iov_base = msgBuf; diff --git a/cmd/lib/basicutil.c b/cmd/lib/basicutil.c index 476475d90..3ccacd735 100644 --- a/cmd/lib/basicutil.c +++ b/cmd/lib/basicutil.c @@ -679,9 +679,8 @@ SECU_SECItemToHex(const SECItem *item, char *dst) unsigned char *src = item->data; unsigned int len = item->len; for (; len > 0; --len, dst += 2) { - sprintf(dst, "%02x", *src++); + snprintf(dst, 3, "%02x", *src++); } - *dst = '\0'; } } diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index d9270ed92..a290b8f7a 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -20,6 +20,7 @@ #include "secpkcs7.h" #include "secpkcs5.h" #include +#include #include #include #include @@ -232,13 +233,13 @@ SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg) switch (pwdata->source) { case PW_NONE: - sprintf(prompt, "Enter Password or Pin for \"%s\":", + snprintf(prompt, sizeof(prompt), "Enter Password or Pin for \"%s\":", PK11_GetTokenName(slot)); return SECU_GetPasswordString(NULL, prompt); case PW_FROMFILE: return SECU_FilePasswd(slot, retry, pwdata->data); case PW_EXTERNAL: - sprintf(prompt, + snprintf(prompt, sizeof(prompt), "Press Enter, then enter PIN for \"%s\" on external device.\n", PK11_GetTokenName(slot)); char *pw = SECU_GetPasswordString(NULL, prompt); @@ -436,7 +437,7 @@ SECU_DefaultSSLDir(void) if (strlen(dir) >= PR_ARRAY_SIZE(sslDir)) { return NULL; } - sprintf(sslDir, "%s", dir); + snprintf(sslDir, sizeof(sslDir), "%s", dir); if (sslDir[strlen(sslDir) - 1] == '/') sslDir[strlen(sslDir) - 1] = 0; @@ -450,9 +451,9 @@ SECU_AppendFilenameToDir(char *dir, char *filename) static char path[1000]; if (dir[strlen(dir) - 1] == '/') - sprintf(path, "%s%s", dir, filename); + snprintf(path, sizeof(path), "%s%s", dir, filename); else - sprintf(path, "%s/%s", dir, filename); + snprintf(path, sizeof(path), "%s/%s", dir, filename); return path; } @@ -473,11 +474,11 @@ SECU_ConfigDirectory(const char *base) home = ""; if (*home && home[strlen(home) - 1] == '/') - sprintf(buf, "%.900s%s", home, dir); + snprintf(buf, sizeof(buf), "%.900s%s", home, dir); else - sprintf(buf, "%.900s/%s", home, dir); + snprintf(buf, sizeof(buf), "%.900s/%s", home, dir); } else { - sprintf(buf, "%.900s", base); + snprintf(buf, sizeof(buf), "%.900s", base); if (buf[strlen(buf) - 1] == '/') buf[strlen(buf) - 1] = 0; } @@ -1419,7 +1420,7 @@ secu_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m, int level) if (attr->values != NULL) { i = 0; while ((value = attr->values[i++]) != NULL) { - sprintf(om, "Value (%d)%s", i, attr->encoded ? " (encoded)" : ""); + snprintf(om, sizeof(om), "Value (%d)%s", i, attr->encoded ? " (encoded)" : ""); if (attr->encoded || attr->typeTag == NULL) { SECU_PrintAny(out, value, om, level + 1); } else { @@ -2708,7 +2709,7 @@ secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, fprintf(out, "Authenticated Attributes:\n"); iv = 0; while ((attr = info->authAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%d)", iv); + snprintf(om, sizeof(om), "Attribute (%d)", iv); secu_PrintAttribute(out, attr, om, level + 2); } } @@ -2723,7 +2724,7 @@ secu_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, fprintf(out, "Unauthenticated Attributes:\n"); iv = 0; while ((attr = info->unAuthAttr[iv++]) != NULL) { - sprintf(om, "Attribute (%x)", iv); + snprintf(om, sizeof(om), "Attribute (%x)", iv); secu_PrintAttribute(out, attr, om, level + 2); } } @@ -2757,7 +2758,7 @@ SECU_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m, int level) if (crl->entries != NULL) { iv = 0; while ((entry = crl->entries[iv++]) != NULL) { - sprintf(om, "Entry %d (0x%x):\n", iv, iv); + snprintf(om, sizeof(om), "Entry %d (0x%x):\n", iv, iv); SECU_Indent(out, level + 1); fputs(om, out); SECU_PrintInteger(out, &(entry->serialNumber), "Serial Number", @@ -2796,7 +2797,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, fprintf(out, "Digest Algorithm List:\n"); iv = 0; while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); + snprintf(om, sizeof(om), "Digest Algorithm (%x)", iv); SECU_PrintAlgorithmID(out, digAlg, om, level + 2); } } @@ -2813,7 +2814,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, fprintf(out, "Certificate List:\n"); iv = 0; while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); + snprintf(om, sizeof(om), "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, (SECU_PPFunc)SECU_PrintCertificate); if (rv) @@ -2827,7 +2828,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, fprintf(out, "Signed Revocation Lists:\n"); iv = 0; while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); + snprintf(om, sizeof(om), "Signed Revocation List (%x)", iv); SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, @@ -2846,7 +2847,7 @@ secu_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src, fprintf(out, "Signer Information List:\n"); iv = 0; while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); + snprintf(om, sizeof(om), "Signer Information (%x)", iv); secu_PrintSignerInfo(out, sigInfo, om, level + 2); } } @@ -2876,7 +2877,7 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, fprintf(out, "Recipient Information List:\n"); iv = 0; while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); + snprintf(om, sizeof(om), "Recipient Information (%x)", iv); secu_PrintRecipientInfo(out, recInfo, om, level + 2); } } @@ -2913,7 +2914,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Recipient Information List:\n"); iv = 0; while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); + snprintf(om, sizeof(om), "Recipient Information (%x)", iv); secu_PrintRecipientInfo(out, recInfo, om, level + 2); } } @@ -2924,7 +2925,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Digest Algorithm List:\n"); iv = 0; while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); + snprintf(om, sizeof(om), "Digest Algorithm (%x)", iv); SECU_PrintAlgorithmID(out, digAlg, om, level + 2); } } @@ -2940,7 +2941,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Certificate List:\n"); iv = 0; while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); + snprintf(om, sizeof(om), "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, (SECU_PPFunc)SECU_PrintCertificate); if (rv) @@ -2954,7 +2955,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Signed Revocation Lists:\n"); iv = 0; while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); + snprintf(om, sizeof(om), "Signed Revocation List (%x)", iv); SECU_Indent(out, level + 2); fprintf(out, "%s:\n", om); SECU_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, @@ -2973,7 +2974,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Signer Information List:\n"); iv = 0; while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); + snprintf(om, sizeof(om), "Signer Information (%x)", iv); secu_PrintSignerInfo(out, sigInfo, om, level + 2); } } diff --git a/cmd/modutil/install-ds.c b/cmd/modutil/install-ds.c index b14c28a0a..d4ea73eda 100644 --- a/cmd/modutil/install-ds.c +++ b/cmd/modutil/install-ds.c @@ -620,11 +620,11 @@ Pk11Install_PlatformName_GetVerString(Pk11Install_PlatformName* _this) tmp[0] = '\0'; for (i = 0; i < _this->numDigits - 1; i++) { - sprintf(buf, "%s.", _this->verString[i]); + snprintf(buf, sizeof(buf), "%s.", _this->verString[i]); strcat(tmp, buf); } if (i < _this->numDigits) { - sprintf(buf, "%s", _this->verString[i]); + snprintf(buf, sizeof(buf), "%s", _this->verString[i]); strcat(tmp, buf); } diff --git a/cmd/modutil/install.c b/cmd/modutil/install.c index 4862cbc35..91bcca928 100644 --- a/cmd/modutil/install.c +++ b/cmd/modutil/install.c @@ -812,7 +812,7 @@ rm_dash_r(char *path) /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); + snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); if (rm_dash_r(filename)) { PR_CloseDir(dir); return -1; diff --git a/cmd/mpitests/mpi-test.c b/cmd/mpitests/mpi-test.c index 80c0f951a..cc045a17c 100644 --- a/cmd/mpitests/mpi-test.c +++ b/cmd/mpitests/mpi-test.c @@ -958,7 +958,7 @@ test_div_d(void) ++err; } - sprintf(g_intbuf, ZS_DIGIT_FMT, r); + snprintf(g_intbuf, sizeof(g_intbuf), ZS_DIGIT_FMT, r); if (strcmp(g_intbuf, r_mp3d6) != 0) { reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp3d6); @@ -974,7 +974,7 @@ test_div_d(void) ++err; } - sprintf(g_intbuf, ZS_DIGIT_FMT, r); + snprintf(g_intbuf, sizeof(g_intbuf), ZS_DIGIT_FMT, r); if (strcmp(g_intbuf, r_mp9c16) != 0) { reason("error: computed r = %s, expected %s\n", g_intbuf, r_mp9c16); @@ -1192,7 +1192,7 @@ test_mod_d(void) mp_init(&a); mp_read_radix(&a, mp5, 16); IFOK(mp_mod_d(&a, md5, &r)); - sprintf(g_intbuf, ZS_DIGIT_FMT, r); + snprintf(g_intbuf, sizeof(g_intbuf), ZS_DIGIT_FMT, r); mp_clear(&a); if (strcmp(g_intbuf, r_mp5d5) != 0) { diff --git a/cmd/nss-policy-check/nss-policy-check.c b/cmd/nss-policy-check/nss-policy-check.c index acf2125b5..0a77d7c7a 100644 --- a/cmd/nss-policy-check/nss-policy-check.c +++ b/cmd/nss-policy-check/nss-policy-check.c @@ -220,7 +220,7 @@ breakout: PORT_Strcat(flags, ",policyCheckValue"); } - sprintf(moduleSpec, + snprintf(moduleSpec, sizeof(moduleSpec), "name=\"Policy File\" " "parameters=\"configdir='sql:%s' " "secmod='%s' " diff --git a/cmd/ocspclnt/ocspclnt.c b/cmd/ocspclnt/ocspclnt.c index 359dbc217..69d48b498 100644 --- a/cmd/ocspclnt/ocspclnt.c +++ b/cmd/ocspclnt/ocspclnt.c @@ -553,7 +553,7 @@ print_raw_certificates(FILE *out_file, SECItem **raw_certs, int level) fprintf(out_file, "Certificate List:\n"); while ((raw_cert = raw_certs[i++]) != NULL) { - sprintf(cert_label, "Certificate (%d)", i); + snprintf(cert_label, sizeof(cert_label), "Certificate (%d)", i); (void)SECU_PrintSignedData(out_file, raw_cert, cert_label, level + 1, (SECU_PPFunc)SECU_PrintCertificate); } diff --git a/cmd/pk12util/pk12util.c b/cmd/pk12util/pk12util.c index 073ee5771..9b88cf0da 100644 --- a/cmd/pk12util/pk12util.c +++ b/cmd/pk12util/pk12util.c @@ -805,7 +805,7 @@ P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, if (dumpRawFile) { PRFileDesc *fd; char fileName[20]; - sprintf(fileName, "file%04d.der", ++fileCounter); + snprintf(fileName, sizeof(fileName), "file%04d.der", ++fileCounter); fd = PR_Open(fileName, PR_CREATE_FILE | PR_RDWR | PR_TRUNCATE, 0600); diff --git a/cmd/sdbthreadtst/sdbthreadtst.c b/cmd/sdbthreadtst/sdbthreadtst.c index 49f53a1e1..6ea429a9e 100644 --- a/cmd/sdbthreadtst/sdbthreadtst.c +++ b/cmd/sdbthreadtst/sdbthreadtst.c @@ -154,11 +154,11 @@ main(int argc, char **argv) usage(prog, NULL); break; default: - sprintf(buf, "unknown option %c", arg[1]); + snprintf(buf, sizeof(buf), "unknown option %c", arg[1]); usage(prog, buf); } } else { - sprintf(buf, "unknown argument %s", arg); + snprintf(buf, sizeof(buf), "unknown argument %s", arg); usage(prog, buf); } } diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index 6df990e52..e41bbe3a8 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -44,10 +44,6 @@ #include "ocsp.h" #include "nssb64.h" -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - #ifndef PORT_Strstr #define PORT_Strstr strstr #endif @@ -1535,14 +1531,14 @@ handle_connection(PRFileDesc *tcp_sock, PRFileDesc *model_sock) } } } else if (reqLen <= 0) { /* hit eof */ - PORT_Sprintf(msgBuf, "Get or Post incomplete after %d bytes.\r\n", + snprintf(msgBuf, sizeof(msgBuf), "Get or Post incomplete after %d bytes.\r\n", bufDat); iovs[numIOVs].iov_base = msgBuf; iovs[numIOVs].iov_len = PORT_Strlen(msgBuf); numIOVs++; } else if (reqLen < bufDat) { - PORT_Sprintf(msgBuf, "Discarded %d characters.\r\n", + snprintf(msgBuf, sizeof(msgBuf), "Discarded %d characters.\r\n", bufDat - reqLen); iovs[numIOVs].iov_base = msgBuf; diff --git a/cmd/signtool/certgen.c b/cmd/signtool/certgen.c index e095a01fb..442b0d616 100644 --- a/cmd/signtool/certgen.c +++ b/cmd/signtool/certgen.c @@ -129,7 +129,7 @@ GetSubjectFromUser(unsigned long serial) } cp = chop(buf); if (*cp == '\0') { - sprintf(common_name_buf, "%s (%lu)", DEFAULT_COMMON_NAME, + snprintf(common_name_buf, sizeof(common_name_buf), "%s (%lu)", DEFAULT_COMMON_NAME, serial); cp = common_name_buf; } @@ -137,7 +137,7 @@ GetSubjectFromUser(unsigned long serial) if (!common_name) { out_of_memory(); } - sprintf(common_name, "CN=%s, ", cp); + snprintf(common_name, strlen(cp) + 6, "CN=%s, ", cp); subjectlen += strlen(common_name); #ifdef VERBOSE_PROMPTS @@ -157,7 +157,7 @@ GetSubjectFromUser(unsigned long serial) if (!org) { out_of_memory(); } - sprintf(org, "O=%s, ", cp); + snprintf(org, strlen(cp) + 5, "O=%s, ", cp); subjectlen += strlen(org); } @@ -178,7 +178,7 @@ GetSubjectFromUser(unsigned long serial) if (!orgunit) { out_of_memory(); } - sprintf(orgunit, "OU=%s, ", cp); + snprintf(orgunit, strlen(cp) + 6, "OU=%s, ", cp); subjectlen += strlen(orgunit); } @@ -198,7 +198,7 @@ GetSubjectFromUser(unsigned long serial) if (!state) { out_of_memory(); } - sprintf(state, "ST=%s, ", cp); + snprintf(state, strlen(cp) + 6, "ST=%s, ", cp); subjectlen += strlen(state); } @@ -221,7 +221,7 @@ GetSubjectFromUser(unsigned long serial) if (!country) { out_of_memory(); } - sprintf(country, "C=%s, ", cp); + snprintf(country, strlen(cp) + 5, "C=%s, ", cp); subjectlen += strlen(country); } @@ -241,7 +241,7 @@ GetSubjectFromUser(unsigned long serial) if (!uid) { out_of_memory(); } - sprintf(uid, "UID=%s, ", cp); + snprintf(uid, strlen(cp) + 7, "UID=%s, ", cp); subjectlen += strlen(uid); } @@ -261,7 +261,7 @@ GetSubjectFromUser(unsigned long serial) if (!email) { out_of_memory(); } - sprintf(email, "E=%s,", cp); + snprintf(email,strlen(cp) + 5, "E=%s,", cp); subjectlen += strlen(email); } @@ -272,7 +272,7 @@ GetSubjectFromUser(unsigned long serial) out_of_memory(); } - sprintf(subject, "%s%s%s%s%s%s%s", + snprintf(subject, subjectlen, "%s%s%s%s%s%s%s", common_name ? common_name : "", org ? org : "", orgunit ? orgunit : "", @@ -662,7 +662,7 @@ output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db) if (!filename) out_of_memory(); - sprintf(filename, "%s.raw", DEFAULT_X509_BASENAME); + snprintf(filename, strlen(DEFAULT_X509_BASENAME) + 8,"%s.raw", DEFAULT_X509_BASENAME); if ((out = fopen(filename, "wb")) == NULL) { PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename); @@ -691,7 +691,7 @@ output_ca_cert(CERTCertificate *cert, CERTCertDBHandle *db) /* and the cooked */ - sprintf(filename, "%s.cacert", DEFAULT_X509_BASENAME); + snprintf(filename,strlen(DEFAULT_X509_BASENAME) + 8, "%s.cacert", DEFAULT_X509_BASENAME); if ((out = fopen(filename, "wb")) == NULL) { PR_fprintf(errorFD, "%s: Can't open %s output file\n", PROGRAM_NAME, filename); diff --git a/cmd/signtool/javascript.c b/cmd/signtool/javascript.c index 87894b74a..f843e4f38 100644 --- a/cmd/signtool/javascript.c +++ b/cmd/signtool/javascript.c @@ -105,7 +105,7 @@ javascript_fn(char *relpath, char *basedir, char *reldir, char *filename, void * if (PL_strcaserstr(reldir, ".arc") == reldir + strlen(reldir) - 4) return 0; - sprintf(fullname, "%s/%s", basedir, relpath); + snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); return extract_js(fullname); } diff --git a/cmd/signtool/sign.c b/cmd/signtool/sign.c index 534530947..168bb1b9e 100644 --- a/cmd/signtool/sign.c +++ b/cmd/signtool/sign.c @@ -279,8 +279,8 @@ create_pk7(char *dir, char *keyName, int *keyType) *keyType = jar_find_key_type(cert); file_ext = (*keyType == dsaKey) ? "dsa" : "rsa"; - sprintf(sf_file, "%s/META-INF/%s.sf", dir, base); - sprintf(pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext); + snprintf(sf_file, sizeof(sf_file), "%s/META-INF/%s.sf", dir, base); + snprintf(pk7_file, sizeof(pk7_file), "%s/META-INF/%s.%s", dir, base, file_ext); if ((in = fopen(sf_file, "rb")) == NULL) { PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME, @@ -368,7 +368,7 @@ manifesto(char *dirname, char *install_script, PRBool recurse) exit(ERRX); } - sprintf(metadir, "%s/META-INF", dirname); + snprintf(metadir, sizeof(metadir), "%s/META-INF", dirname); strcpy(sfname, metadir); @@ -494,7 +494,7 @@ manifesto_fn(char *relpath, char *basedir, char *reldir, char *filename, void *a return 0; } - sprintf(fullname, "%s/%s", basedir, relpath); + snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); fprintf(mf, "\n"); diff --git a/cmd/signtool/util.c b/cmd/signtool/util.c index a2637a74e..54de0f2dd 100644 --- a/cmd/signtool/util.c +++ b/cmd/signtool/util.c @@ -137,7 +137,7 @@ rm_dash_r(char *path) /* Recursively delete all entries in the directory */ while ((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) { - sprintf(filename, "%s/%s", path, entry->name); + snprintf(filename, sizeof(filename), "%s/%s", path, entry->name); if (rm_dash_r(filename)) { PR_CloseDir(dir); return -1; @@ -648,7 +648,7 @@ secErrorString(long code) c = "untrusted issuer"; break; default: - sprintf(errstring, "security error %ld", code); + snprintf(errstring, sizeof(errstring), "security error %ld", code); c = errstring; break; } @@ -932,7 +932,7 @@ get_default_cert_dir(void) home = PR_GetEnvSecure("HOME"); if (home && *home) { - sprintf(db, "%s/.netscape", home); + snprintf(db, sizeof(db), "%s/.netscape", home); cd = db; } #endif @@ -945,7 +945,7 @@ get_default_cert_dir(void) home = PR_GetEnvSecure("JAR_HOME"); if (home && *home) { - sprintf(db, "%s/cert7.db", home); + snprintf(db, sizeof(db), "%s/cert7.db", home); if ((fp = fopen(db, "r")) != NULL) { fclose(fp); @@ -958,7 +958,7 @@ get_default_cert_dir(void) if (cd == NULL) { home = "c:/Program Files/Netscape/Navigator"; - sprintf(db, "%s/cert7.db", home); + snprintf(db, sizeof(db), "%s/cert7.db", home); if ((fp = fopen(db, "r")) != NULL) { fclose(fp); @@ -972,7 +972,7 @@ get_default_cert_dir(void) if (cd == NULL) { home = "."; - sprintf(db, "%s/cert7.db", home); + snprintf(db, sizeof(db), "%s/cert7.db", home); if ((fp = fopen(db, "r")) != NULL) { fclose(fp); diff --git a/cmd/signver/pk7print.c b/cmd/signver/pk7print.c index 9ebf92088..d8dbe09a7 100644 --- a/cmd/signver/pk7print.c +++ b/cmd/signver/pk7print.c @@ -156,7 +156,7 @@ sv_PrintAttribute(FILE *out, SEC_PKCS7Attribute *attr, char *m) if (attr->values != NULL) { i = 0; while ((value = attr->values[i]) != NULL) { - sprintf(om, "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); + snprintf(om, sizeof(om), "%svalue[%d]=%s", m, i++, attr->encoded ? "(encoded)" : ""); if (attr->encoded || attr->typeTag == NULL) { sv_PrintAsHex(out, value, om); } else { @@ -263,7 +263,7 @@ sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m) fprintf(out, "%sauthenticatedAttributes=%d\n", m, iv); iv = 0; while ((attr = info->authAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); + snprintf(mm, sizeof(mm), "%sattribute[%d].", m, iv++); sv_PrintAttribute(out, attr, mm); } } @@ -283,7 +283,7 @@ sv_PrintSignerInfo(FILE *out, SEC_PKCS7SignerInfo *info, char *m) fprintf(out, "%sunauthenticatedAttributes=%d\n", m, iv); iv = 0; while ((attr = info->unAuthAttr[iv]) != NULL) { - sprintf(mm, "%sattribute[%d].", m, iv++); + snprintf(mm, sizeof(mm), "%sattribute[%d].", m, iv++); sv_PrintAttribute(out, attr, mm); } } @@ -337,7 +337,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, int rv; char mm[200]; - sprintf(mm, "%s.publicKeyAlgorithm=", msg); + snprintf(mm, sizeof(mm), "%s.publicKeyAlgorithm=", msg); sv_PrintAlgorithmID(out, &i->algorithm, mm); DER_ConvertBitString(&i->subjectPublicKey); @@ -349,7 +349,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, &i->subjectPublicKey); if (rv) return rv; - sprintf(mm, "%s.rsaPublicKey.", msg); + snprintf(mm, sizeof(mm), "%s.rsaPublicKey.", msg); sv_PrintRSAPublicKey(out, &pk, mm); break; case SEC_OID_ANSIX9_DSA_SIGNATURE: @@ -366,7 +366,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, if (rv) return rv; #endif - sprintf(mm, "%s.dsaPublicKey.", msg); + snprintf(mm, sizeof(mm), "%s.dsaPublicKey.", msg); sv_PrintDSAPublicKey(out, &pk, mm); break; case SEC_OID_ANSIX962_EC_PUBLIC_KEY: @@ -378,7 +378,7 @@ sv_PrintSubjectPublicKeyInfo(FILE *out, PLArenaPool *arena, &i->subjectPublicKey); if (rv) return rv; - sprintf(mm, "%s.ecdsaPublicKey.", msg); + snprintf(mm, sizeof(mm), "%s.ecdsaPublicKey.", msg); sv_PrintECDSAPublicKey(out, &pk, mm); break; default: @@ -478,11 +478,11 @@ sv_PrintCRLInfo(FILE *out, CERTCrl *crl, char *m) sv_PrintInteger(out, &(entry->serialNumber), "serialNumber="); fprintf(out, "%sentry[%d].", m, iv); sv_PrintTime(out, &(entry->revocationDate), "revocationDate="); - sprintf(om, "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); + snprintf(om, sizeof(om), "%sentry[%d].signedCRLEntriesExtensions.", m, iv++); sv_PrintExtensions(out, entry->extensions, om); } } - sprintf(om, "%ssignedCRLEntriesExtensions.", m); + snprintf(om, sizeof(om), "%ssignedCRLEntriesExtensions.", m); sv_PrintExtensions(out, crl->extensions, om); } @@ -514,23 +514,23 @@ sv_PrintCertificate(FILE *out, SECItem *der, char *m, int level) /* Pretty print it out */ iv = DER_GetInteger(&c->version); fprintf(out, "%sversion=%d (0x%x)\n", m, iv + 1, iv); - sprintf(mm, "%sserialNumber=", m); + snprintf(mm, sizeof(mm), "%sserialNumber=", m); sv_PrintInteger(out, &c->serialNumber, mm); - sprintf(mm, "%ssignatureAlgorithm=", m); + snprintf(mm, sizeof(mm), "%ssignatureAlgorithm=", m); sv_PrintAlgorithmID(out, &c->signature, mm); - sprintf(mm, "%sissuerName=", m); + snprintf(mm, sizeof(mm), "%sissuerName=", m); sv_PrintName(out, &c->issuer, mm); - sprintf(mm, "%svalidity.", m); + snprintf(mm, sizeof(mm), "%svalidity.", m); sv_PrintValidity(out, &c->validity, mm); - sprintf(mm, "%ssubject=", m); + snprintf(mm, sizeof(mm), "%ssubject=", m); sv_PrintName(out, &c->subject, mm); - sprintf(mm, "%ssubjectPublicKeyInfo", m); + snprintf(mm, sizeof(mm), "%ssubjectPublicKeyInfo", m); rv = sv_PrintSubjectPublicKeyInfo(out, arena, &c->subjectPublicKeyInfo, mm); if (rv) { PORT_FreeArena(arena, PR_FALSE); return rv; } - sprintf(mm, "%ssignedExtensions.", m); + snprintf(mm, sizeof(mm), "%ssignedExtensions.", m); sv_PrintExtensions(out, c->extensions, mm); PORT_FreeArena(arena, PR_FALSE); @@ -604,7 +604,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) fprintf(out, "pkcs7.digestAlgorithmListLength=%d\n", iv); iv = 0; while ((digAlg = src->digestAlgorithms[iv]) != NULL) { - sprintf(om, "pkcs7.digestAlgorithm[%d]=", iv++); + snprintf(om, sizeof(om), "pkcs7.digestAlgorithm[%d]=", iv++); sv_PrintAlgorithmID(out, digAlg, om); } } @@ -624,7 +624,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) iv = 0; while ((aCert = src->rawCerts[iv]) != NULL) { - sprintf(om, "certificate[%d].", iv++); + snprintf(om, sizeof(om), "certificate[%d].", iv++); rv = sv_PrintSignedData(out, aCert, om, sv_PrintCertificate); if (rv) return rv; @@ -639,14 +639,14 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) fprintf(out, "pkcs7.signedRevocationLists=%d\n", iv); iv = 0; while ((aCrl = src->crls[iv]) != NULL) { - sprintf(om, "signedRevocationList[%d].", iv); + snprintf(om, sizeof(om), "signedRevocationList[%d].", iv); fprintf(out, "%s", om); sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, "signatureAlgorithm="); DER_ConvertBitString(&aCrl->signatureWrap.signature); fprintf(out, "%s", om); sv_PrintAsHex(out, &aCrl->signatureWrap.signature, "signature="); - sprintf(om, "certificateRevocationList[%d].", iv); + snprintf(om, sizeof(om), "certificateRevocationList[%d].", iv); sv_PrintCRLInfo(out, &aCrl->crl, om); iv++; } @@ -660,7 +660,7 @@ sv_PrintPKCS7Signed(FILE *out, SEC_PKCS7SignedData *src) fprintf(out, "pkcs7.signerInformationListLength=%d\n", iv); iv = 0; while ((sigInfo = src->signerInfos[iv]) != NULL) { - sprintf(om, "signerInformation[%d].", iv++); + snprintf(om, sizeof(om), "signerInformation[%d].", iv++); sv_PrintSignerInfo(out, sigInfo, om); } } @@ -690,7 +690,7 @@ secu_PrintPKCS7Enveloped(FILE *out, SEC_PKCS7EnvelopedData *src, fprintf(out, "Recipient Information List:\n"); iv = 0; while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); + snprintf(om, sizeof(om), "Recipient Information (%x)", iv); secu_PrintRecipientInfo(out, recInfo, om, level + 2); } } @@ -725,7 +725,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Recipient Information List:\n"); iv = 0; while ((recInfo = src->recipientInfos[iv++]) != NULL) { - sprintf(om, "Recipient Information (%x)", iv); + snprintf(om, sizeof(om), "Recipient Information (%x)", iv); secu_PrintRecipientInfo(out, recInfo, om, level + 2); } } @@ -735,7 +735,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, secu_Indent(out, level + 1); fprintf(out, "Digest Algorithm List:\n"); iv = 0; while ((digAlg = src->digestAlgorithms[iv++]) != NULL) { - sprintf(om, "Digest Algorithm (%x)", iv); + snprintf(om, sizeof(om), "Digest Algorithm (%x)", iv); sv_PrintAlgorithmID(out, digAlg, om); } } @@ -748,7 +748,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, secu_Indent(out, level + 1); fprintf(out, "Certificate List:\n"); iv = 0; while ((aCert = src->rawCerts[iv++]) != NULL) { - sprintf(om, "Certificate (%x)", iv); + snprintf(om, sizeof(om), "Certificate (%x)", iv); rv = SECU_PrintSignedData(out, aCert, om, level + 2, SECU_PrintCertificate); if (rv) @@ -762,7 +762,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Signed Revocation Lists:\n"); iv = 0; while ((aCrl = src->crls[iv++]) != NULL) { - sprintf(om, "Signed Revocation List (%x)", iv); + snprintf(om, sizeof(om), "Signed Revocation List (%x)", iv); secu_Indent(out, level + 2); fprintf(out, "%s:\n", om); sv_PrintAlgorithmID(out, &aCrl->signatureWrap.signatureAlgorithm, "Signature Algorithm"); @@ -780,7 +780,7 @@ secu_PrintPKCS7SignedAndEnveloped(FILE *out, fprintf(out, "Signer Information List:\n"); iv = 0; while ((sigInfo = src->signerInfos[iv++]) != NULL) { - sprintf(om, "Signer Information (%x)", iv); + snprintf(om, sizeof(om), "Signer Information (%x)", iv); secu_PrintSignerInfo(out, sigInfo, om, level + 2); } } diff --git a/cmd/ssltap/ssltap.c b/cmd/ssltap/ssltap.c index 01fa81fe1..0a9ec11ee 100644 --- a/cmd/ssltap/ssltap.c +++ b/cmd/ssltap/ssltap.c @@ -827,7 +827,7 @@ helloExtensionNameString(int ex_num) ex_name = "renegotiation_info"; break; default: - sprintf(buf, "%d", ex_num); + snprintf(buf, sizeof(buf), "%d", ex_num); ex_name = (const char *)buf; break; } diff --git a/cmd/strsclnt/strsclnt.c b/cmd/strsclnt/strsclnt.c index c09c837c3..54f843d82 100644 --- a/cmd/strsclnt/strsclnt.c +++ b/cmd/strsclnt/strsclnt.c @@ -28,10 +28,6 @@ #include "nss.h" #include "ssl.h" -#ifndef PORT_Sprintf -#define PORT_Sprintf sprintf -#endif - #ifndef PORT_Strstr #define PORT_Strstr strstr #endif diff --git a/cmd/vfychain/vfychain.c b/cmd/vfychain/vfychain.c index c01cdd08e..e61071814 100644 --- a/cmd/vfychain/vfychain.c +++ b/cmd/vfychain/vfychain.c @@ -92,7 +92,7 @@ Usage(const char *progName) } /************************************************************************** -** +** ** Error and information routines. ** **************************************************************************/ @@ -789,7 +789,7 @@ breakout: if (verbose) { for (node = CERT_LIST_HEAD(builtChain); !CERT_LIST_END(node, builtChain); node = CERT_LIST_NEXT(node), count++) { - sprintf(buff, "Certificate %d Subject", count + 1); + snprintf(buff, sizeof(buff), "Certificate %d Subject", count + 1); SECU_PrintName(stdout, &node->cert->subject, buff, 0); } } diff --git a/coreconf/nsinstall/nsinstall.c b/coreconf/nsinstall/nsinstall.c index 952c4e418..da5379759 100644 --- a/coreconf/nsinstall/nsinstall.c +++ b/coreconf/nsinstall/nsinstall.c @@ -84,8 +84,8 @@ mkdirs(char *path, mode_t mode) char * cp; int rv; struct stat sb; - - if (!path || !path[0]) + + if (!path || !path[0]) fail("Null pointer or empty string passed to mkdirs()"); while (*path == '/' && path[1] == '/') path++; @@ -103,7 +103,7 @@ mkdirs(char *path, mode_t mode) if (errno != EEXIST) fail("mkdirs cannot make %s", path); fprintf(stderr, "directory creation race: %s\n", path); - if (!stat(path, &sb) && S_ISDIR(sb.st_mode)) + if (!stat(path, &sb) && S_ISDIR(sb.st_mode)) rv = 0; } return rv; @@ -116,7 +116,7 @@ touid(char *owner) uid_t uid; char *cp; - if (!owner || !owner[0]) + if (!owner || !owner[0]) fail("Null pointer or empty string passed to touid()"); pw = getpwnam(owner); if (pw) @@ -134,7 +134,7 @@ togid(char *group) gid_t gid; char *cp; - if (!group || !group[0]) + if (!group || !group[0]) fail("Null pointer or empty string passed to togid()"); gr = getgrnam(group); if (gr) @@ -255,8 +255,9 @@ main(int argc, char **argv) len = strlen(name); base = xbasename(name); bnlen = strlen(base); - toname = (char*)xmalloc(tdlen + 1 + bnlen + 1); - sprintf(toname, "%s/%s", todir, base); + size_t toname_len = tdlen + 1 + bnlen + 1; + toname = (char*)xmalloc(toname_len); + snprintf(toname, toname_len, "%s/%s", todir, base); retry: exists = (lstat(toname, &tosb) == 0); @@ -270,7 +271,7 @@ retry: } if (!exists && mkdir(toname, mode) < 0) { /* we probably have two nsinstall programs in a race here. */ - if (errno == EEXIST && !stat(toname, &sb) && + if (errno == EEXIST && !stat(toname, &sb) && S_ISDIR(sb.st_mode)) { fprintf(stderr, "directory creation race: %s\n", toname); goto retry; @@ -288,7 +289,7 @@ retry: /* -L implies -l and prefixes names with a $cwd arg. */ len += lplen + 1; linkname = (char*)xmalloc(len + 1); - sprintf(linkname, "%s/%s", linkprefix, name); + snprintf(linkname, len+1, "%s/%s", linkprefix, name); } else if (dorelsymlink) { /* Symlink the relative path from todir to source name. */ linkname = (char*)xmalloc(PATH_MAX); @@ -344,7 +345,7 @@ retry: fromfd = open(name, O_RDONLY); if (fromfd < 0 || fstat(fromfd, &sb) < 0) fail("cannot access %s", name); - if (exists && + if (exists && (!S_ISREG(tosb.st_mode) || access(toname, W_OK) < 0)) { int rmrv; rmrv = (S_ISDIR(tosb.st_mode) ? rmdir : unlink)(toname); diff --git a/coreconf/nsinstall/pathsub.c b/coreconf/nsinstall/pathsub.c index c31a946f0..95fa67912 100644 --- a/coreconf/nsinstall/pathsub.c +++ b/coreconf/nsinstall/pathsub.c @@ -48,7 +48,7 @@ fail(char *format, ...) fprintf(stderr, ": %s", strerror(errno)); #endif } - + putc('\n', stderr); abort(); exit(1); @@ -123,7 +123,7 @@ xmalloc(size_t size) char * xstrdup(char *s) { - if (!s || !s[0]) + if (!s || !s[0]) fail("Null pointer or empty string passed to xstrdup()"); return strcpy((char*)xmalloc(strlen(s) + 1), s); } @@ -133,7 +133,7 @@ xbasename(char *path) { char *cp; - if (!path || !path[0]) + if (!path || !path[0]) fail("Null pointer or empty string passed to xbasename()"); while ((cp = strrchr(path, '/')) && cp[1] == '\0') *cp = '\0'; @@ -144,7 +144,7 @@ xbasename(char *path) void xchdir(char *dir) { - if (!dir || !dir[0]) + if (!dir || !dir[0]) fail("Null pointer or empty string passed to xchdir()"); if (chdir(dir) < 0) fail("cannot change directory to %s", dir); @@ -181,7 +181,7 @@ relatepaths(char *from, char *to, char *outpath) len += 3; } while ((cp = getcomponent(cp, buf)) != 0) { - sprintf(outpath + len, "%s/", buf); + snprintf(outpath + len, PATH_MAX - len, "%s/", buf); len += strlen(outpath + len); } } @@ -228,7 +228,7 @@ diagnosePath(const char * path) struct stat sb; char buf[BUFSIZ]; - if (!path || !path[0]) + if (!path || !path[0]) fail("Null pointer or empty string passed to mkdirs()"); myPath = strdup(path); if (!myPath) diff --git a/lib/dbm/tests/lots.c b/lib/dbm/tests/lots.c index 91bba4965..4a12884ba 100644 --- a/lib/dbm/tests/lots.c +++ b/lib/dbm/tests/lots.c @@ -139,7 +139,7 @@ MakeSmallKey(int32 num) rv.data = data_string; - sprintf(data_string, "%ld", (long)num); + snprintf(data_string, sizeof(data_string), "%ld", (long)num); rv.size = strlen(data_string); return (&rv); @@ -192,7 +192,7 @@ VerifyData(DBT *data, int32 num, key_type_enum key_type) size_t size; int32 *int32_array; - /* The first int32 is count + /* The first int32 is count * The other n entries should * all equal num */ @@ -357,7 +357,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) #endif #if 0 /* only do this if your really analy checking the puts */ - + /* make sure we can still get it */ status = (*database->get)(database, key, &tmp_data, 0); diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c index d4cb6f093..8738ded9a 100644 --- a/lib/pki/tdcache.c +++ b/lib/pki/tdcache.c @@ -41,13 +41,13 @@ log_item_dump(const char *msg, NSSItem *it) char buf[33]; int i, j; for (i = 0; i < 10 && i < it->size; i++) { - sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[i]); + snprintf(&buf[2 * i], sizeof(buf)-2*i, "%02X", ((PRUint8 *)it->data)[i]); } if (it->size > 10) { - sprintf(&buf[2 * i], ".."); + snprintf(&buf[2 * i], sizeof(buf)-2*i, ".."); i += 1; for (j = it->size - 1; i <= 16 && j > 10; i++, j--) { - sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[j]); + snprintf(&buf[2 * i], sizeof(buf)-2*i, "%02X", ((PRUint8 *)it->data)[j]); } } PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg, buf)); diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index ab71e60cc..e9dc09acf 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -1714,7 +1714,7 @@ sftk_handleObject(SFTKObject *object, SFTKSession *session) * token objects and will have a token object handle assigned to * them by a call to sftk_mkHandle in the handler for each object * class, invoked below. - * + * * It may be helpful to note/remember that * sftk_narrowToXxxObject uses sftk_isToken, * sftk_isToken examines the sign bit of the object's handle, but @@ -2568,7 +2568,7 @@ sftk_getDefTokName(CK_SLOT_ID slotID) default: break; } - sprintf(buf, "NSS Application Token %08x ", (unsigned int)slotID); + snprintf(buf, sizeof(buf), "NSS Application Token %08x ", (unsigned int)slotID); return buf; } @@ -2587,7 +2587,7 @@ sftk_getDefSlotName(CK_SLOT_ID slotID) default: break; } - sprintf(buf, + snprintf(buf, sizeof(buf), "NSS Application Slot %08x ", (unsigned int)slotID); return buf; diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c index bd6e41aa8..90d49304d 100644 --- a/lib/softoken/sftkdb.c +++ b/lib/softoken/sftkdb.c @@ -255,7 +255,7 @@ sftkdb_getRawAttributeSignature(SFTKDBHandle *handle, SDB *db, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -280,7 +280,7 @@ sftkdb_DestroyAttributeSignature(SFTKDBHandle *handle, SDB *db, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -306,7 +306,7 @@ sftkdb_PutAttributeSignature(SFTKDBHandle *handle, SDB *keyTarget, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -2325,7 +2325,7 @@ sftkdb_updateIntegrity(PLArenaPool *arena, SFTKDBHandle *handle, crv = sftkdb_getRawAttributeSignature(handle, source, sourceID, type, &signature); if (crv != CKR_OK) { - /* old databases don't have signature IDs because they are + /* old databases don't have signature IDs because they are * 3DES encrypted. Since we know not to look for integrity * for 3DES records it's OK not to find one here. A new record * will be created when we reencrypt using AES CBC */ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index a2618e00c..ef883b725 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -497,7 +497,7 @@ ssl3_DecodeHandshakeType(int msgType) rv = "key_update (24)"; break; default: - sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType); + snprintf(line, sizeof(line), "*UNKNOWN* handshake type! (%d)", msgType); rv = line; } return rv; @@ -526,7 +526,7 @@ ssl3_DecodeContentType(int msgType) rv = "ack (26)"; break; default: - sprintf(line, "*UNKNOWN* record type! (%d)", msgType); + snprintf(line, sizeof(line), "*UNKNOWN* record type! (%d)", msgType); rv = line; } return rv; @@ -11067,7 +11067,7 @@ get_fake_cert(SECItem *pCertItem, int *pIndex) *pIndex = -1; return SECSuccess; } - sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension); + snprintf(cfn, sizeof(cfn), "%s/%08d%s", testdir, fileNum, extension); cf = PR_Open(cfn, PR_RDONLY, 0); if (!cf) { goto loser; diff --git a/lib/util/secasn1d.c b/lib/util/secasn1d.c index 01f1c6e5c..e503c6b1c 100644 --- a/lib/util/secasn1d.c +++ b/lib/util/secasn1d.c @@ -149,7 +149,7 @@ static const char *const flag_names[] = { }; static int /* bool */ -formatKind(unsigned long kind, char *buf) +formatKind(unsigned long kind, char *buf, int space_in_buffer) { int i; unsigned long k = kind & SEC_ASN1_TAGNUM_MASK; @@ -158,30 +158,30 @@ formatKind(unsigned long kind, char *buf) buf[0] = 0; if ((kind & SEC_ASN1_CLASS_MASK) != SEC_ASN1_UNIVERSAL) { - sprintf(buf, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6]); buf += strlen(buf); } if (kind & SEC_ASN1_METHOD_MASK) { - sprintf(buf, " %s", method_names[1]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", method_names[1]); buf += strlen(buf); } if ((kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) { if (k || !notag) { - sprintf(buf, " %s", type_names[k]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", type_names[k]); if ((k == SEC_ASN1_SET || k == SEC_ASN1_SEQUENCE) && (kind & SEC_ASN1_GROUP)) { buf += strlen(buf); - sprintf(buf, "_OF"); + space_in_buffer -= snprintf(buf, space_in_buffer, "_OF"); } } } else { - sprintf(buf, " [%lu]", k); + space_in_buffer -= snprintf(buf, space_in_buffer, " [%lu]", k); } buf += strlen(buf); for (k = kind >> 8, i = 0; k; k >>= 1, ++i) { if (k & 1) { - sprintf(buf, " %s", flag_names[i]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", flag_names[i]); buf += strlen(buf); } } @@ -751,8 +751,9 @@ sec_asn1d_parse_identifier(sec_asn1d_state *state, byte = (unsigned char)*buf; #ifdef DEBUG_ASN1D_STATES { - char kindBuf[256]; - formatKind(byte, kindBuf); + int bufsize = 256; + char kindBuf[bufsize]; + formatKind(byte, kindBuf, bufsize); printf("Found tag %02x %s\n", byte, kindBuf); } #endif @@ -2731,7 +2732,8 @@ static void dump_states(SEC_ASN1DecoderContext *cx) { sec_asn1d_state *state; - char kindBuf[256]; + int bufsize = 256; + char kindBuf[bufsize]; for (state = cx->current; state->parent; state = state->parent) { ; @@ -2743,7 +2745,7 @@ dump_states(SEC_ASN1DecoderContext *cx) printf(" "); } - i = formatKind(state->theTemplate->kind, kindBuf); + i = formatKind(state->theTemplate->kind, kindBuf, bufsize); printf("%s: tmpl kind %s", (state == cx->current) ? "STATE" : "State", kindBuf); diff --git a/lib/util/secport.h b/lib/util/secport.h index fc1e1f538..c4d9b8183 100644 --- a/lib/util/secport.h +++ b/lib/util/secport.h @@ -197,6 +197,7 @@ SEC_END_PROTOS #define PORT_Strstr strstr #define PORT_Strtok strtok + #define PORT_Tolower tolower typedef PRBool(PR_CALLBACK *PORTCharConversionWSwapFunc)(PRBool toUnicode, diff --git a/lib/zlib/gzwrite.c b/lib/zlib/gzwrite.c index eb8a0e589..67a82b11e 100644 --- a/lib/zlib/gzwrite.c +++ b/lib/zlib/gzwrite.c @@ -526,8 +526,7 @@ int ZEXPORTVA gzprintf(file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, if (next[len] == 0) break; # else - len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, - a12, a13, a14, a15, a16, a17, a18, a19, a20); + len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); # endif #else # ifdef HAS_snprintf_void -- cgit v1.2.1