From 8acd95e85e0da102fc48369fd237c634fe6066ae Mon Sep 17 00:00:00 2001 From: Noah Lokocz Date: Thu, 16 Mar 2023 11:54:55 +0000 Subject: Bug 1819958. Removed deprecated sprintf function and replaced with snprintf. r=djackson Differential Revision: https://phabricator.services.mozilla.com/D171859 --- lib/dbm/tests/lots.c | 6 +++--- lib/pki/tdcache.c | 6 +++--- lib/softoken/pkcs11.c | 6 +++--- lib/softoken/sftkdb.c | 8 ++++---- lib/ssl/ssl3con.c | 6 +++--- lib/util/secasn1d.c | 24 +++++++++++++----------- lib/util/secport.h | 1 + lib/zlib/gzwrite.c | 3 +-- 8 files changed, 31 insertions(+), 29 deletions(-) (limited to 'lib') diff --git a/lib/dbm/tests/lots.c b/lib/dbm/tests/lots.c index 91bba4965..4a12884ba 100644 --- a/lib/dbm/tests/lots.c +++ b/lib/dbm/tests/lots.c @@ -139,7 +139,7 @@ MakeSmallKey(int32 num) rv.data = data_string; - sprintf(data_string, "%ld", (long)num); + snprintf(data_string, sizeof(data_string), "%ld", (long)num); rv.size = strlen(data_string); return (&rv); @@ -192,7 +192,7 @@ VerifyData(DBT *data, int32 num, key_type_enum key_type) size_t size; int32 *int32_array; - /* The first int32 is count + /* The first int32 is count * The other n entries should * all equal num */ @@ -357,7 +357,7 @@ AddOrDelRange(int32 low, int32 high, int action, key_type_enum key_type) #endif #if 0 /* only do this if your really analy checking the puts */ - + /* make sure we can still get it */ status = (*database->get)(database, key, &tmp_data, 0); diff --git a/lib/pki/tdcache.c b/lib/pki/tdcache.c index d4cb6f093..8738ded9a 100644 --- a/lib/pki/tdcache.c +++ b/lib/pki/tdcache.c @@ -41,13 +41,13 @@ log_item_dump(const char *msg, NSSItem *it) char buf[33]; int i, j; for (i = 0; i < 10 && i < it->size; i++) { - sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[i]); + snprintf(&buf[2 * i], sizeof(buf)-2*i, "%02X", ((PRUint8 *)it->data)[i]); } if (it->size > 10) { - sprintf(&buf[2 * i], ".."); + snprintf(&buf[2 * i], sizeof(buf)-2*i, ".."); i += 1; for (j = it->size - 1; i <= 16 && j > 10; i++, j--) { - sprintf(&buf[2 * i], "%02X", ((PRUint8 *)it->data)[j]); + snprintf(&buf[2 * i], sizeof(buf)-2*i, "%02X", ((PRUint8 *)it->data)[j]); } } PR_LOG(s_log, PR_LOG_DEBUG, ("%s: %s", msg, buf)); diff --git a/lib/softoken/pkcs11.c b/lib/softoken/pkcs11.c index ab71e60cc..e9dc09acf 100644 --- a/lib/softoken/pkcs11.c +++ b/lib/softoken/pkcs11.c @@ -1714,7 +1714,7 @@ sftk_handleObject(SFTKObject *object, SFTKSession *session) * token objects and will have a token object handle assigned to * them by a call to sftk_mkHandle in the handler for each object * class, invoked below. - * + * * It may be helpful to note/remember that * sftk_narrowToXxxObject uses sftk_isToken, * sftk_isToken examines the sign bit of the object's handle, but @@ -2568,7 +2568,7 @@ sftk_getDefTokName(CK_SLOT_ID slotID) default: break; } - sprintf(buf, "NSS Application Token %08x ", (unsigned int)slotID); + snprintf(buf, sizeof(buf), "NSS Application Token %08x ", (unsigned int)slotID); return buf; } @@ -2587,7 +2587,7 @@ sftk_getDefSlotName(CK_SLOT_ID slotID) default: break; } - sprintf(buf, + snprintf(buf, sizeof(buf), "NSS Application Slot %08x ", (unsigned int)slotID); return buf; diff --git a/lib/softoken/sftkdb.c b/lib/softoken/sftkdb.c index bd6e41aa8..90d49304d 100644 --- a/lib/softoken/sftkdb.c +++ b/lib/softoken/sftkdb.c @@ -255,7 +255,7 @@ sftkdb_getRawAttributeSignature(SFTKDBHandle *handle, SDB *db, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -280,7 +280,7 @@ sftkdb_DestroyAttributeSignature(SFTKDBHandle *handle, SDB *db, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -306,7 +306,7 @@ sftkdb_PutAttributeSignature(SFTKDBHandle *handle, SDB *keyTarget, char id[30]; CK_RV crv; - sprintf(id, SFTKDB_META_SIG_TEMPLATE, + snprintf(id, sizeof(id), SFTKDB_META_SIG_TEMPLATE, sftkdb_TypeString(handle), (unsigned int)objectID, (unsigned int)type); @@ -2325,7 +2325,7 @@ sftkdb_updateIntegrity(PLArenaPool *arena, SFTKDBHandle *handle, crv = sftkdb_getRawAttributeSignature(handle, source, sourceID, type, &signature); if (crv != CKR_OK) { - /* old databases don't have signature IDs because they are + /* old databases don't have signature IDs because they are * 3DES encrypted. Since we know not to look for integrity * for 3DES records it's OK not to find one here. A new record * will be created when we reencrypt using AES CBC */ diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index a2618e00c..ef883b725 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -497,7 +497,7 @@ ssl3_DecodeHandshakeType(int msgType) rv = "key_update (24)"; break; default: - sprintf(line, "*UNKNOWN* handshake type! (%d)", msgType); + snprintf(line, sizeof(line), "*UNKNOWN* handshake type! (%d)", msgType); rv = line; } return rv; @@ -526,7 +526,7 @@ ssl3_DecodeContentType(int msgType) rv = "ack (26)"; break; default: - sprintf(line, "*UNKNOWN* record type! (%d)", msgType); + snprintf(line, sizeof(line), "*UNKNOWN* record type! (%d)", msgType); rv = line; } return rv; @@ -11067,7 +11067,7 @@ get_fake_cert(SECItem *pCertItem, int *pIndex) *pIndex = -1; return SECSuccess; } - sprintf(cfn, "%s/%08d%s", testdir, fileNum, extension); + snprintf(cfn, sizeof(cfn), "%s/%08d%s", testdir, fileNum, extension); cf = PR_Open(cfn, PR_RDONLY, 0); if (!cf) { goto loser; diff --git a/lib/util/secasn1d.c b/lib/util/secasn1d.c index 01f1c6e5c..e503c6b1c 100644 --- a/lib/util/secasn1d.c +++ b/lib/util/secasn1d.c @@ -149,7 +149,7 @@ static const char *const flag_names[] = { }; static int /* bool */ -formatKind(unsigned long kind, char *buf) +formatKind(unsigned long kind, char *buf, int space_in_buffer) { int i; unsigned long k = kind & SEC_ASN1_TAGNUM_MASK; @@ -158,30 +158,30 @@ formatKind(unsigned long kind, char *buf) buf[0] = 0; if ((kind & SEC_ASN1_CLASS_MASK) != SEC_ASN1_UNIVERSAL) { - sprintf(buf, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6]); buf += strlen(buf); } if (kind & SEC_ASN1_METHOD_MASK) { - sprintf(buf, " %s", method_names[1]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", method_names[1]); buf += strlen(buf); } if ((kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) { if (k || !notag) { - sprintf(buf, " %s", type_names[k]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", type_names[k]); if ((k == SEC_ASN1_SET || k == SEC_ASN1_SEQUENCE) && (kind & SEC_ASN1_GROUP)) { buf += strlen(buf); - sprintf(buf, "_OF"); + space_in_buffer -= snprintf(buf, space_in_buffer, "_OF"); } } } else { - sprintf(buf, " [%lu]", k); + space_in_buffer -= snprintf(buf, space_in_buffer, " [%lu]", k); } buf += strlen(buf); for (k = kind >> 8, i = 0; k; k >>= 1, ++i) { if (k & 1) { - sprintf(buf, " %s", flag_names[i]); + space_in_buffer -= snprintf(buf, space_in_buffer, " %s", flag_names[i]); buf += strlen(buf); } } @@ -751,8 +751,9 @@ sec_asn1d_parse_identifier(sec_asn1d_state *state, byte = (unsigned char)*buf; #ifdef DEBUG_ASN1D_STATES { - char kindBuf[256]; - formatKind(byte, kindBuf); + int bufsize = 256; + char kindBuf[bufsize]; + formatKind(byte, kindBuf, bufsize); printf("Found tag %02x %s\n", byte, kindBuf); } #endif @@ -2731,7 +2732,8 @@ static void dump_states(SEC_ASN1DecoderContext *cx) { sec_asn1d_state *state; - char kindBuf[256]; + int bufsize = 256; + char kindBuf[bufsize]; for (state = cx->current; state->parent; state = state->parent) { ; @@ -2743,7 +2745,7 @@ dump_states(SEC_ASN1DecoderContext *cx) printf(" "); } - i = formatKind(state->theTemplate->kind, kindBuf); + i = formatKind(state->theTemplate->kind, kindBuf, bufsize); printf("%s: tmpl kind %s", (state == cx->current) ? "STATE" : "State", kindBuf); diff --git a/lib/util/secport.h b/lib/util/secport.h index fc1e1f538..c4d9b8183 100644 --- a/lib/util/secport.h +++ b/lib/util/secport.h @@ -197,6 +197,7 @@ SEC_END_PROTOS #define PORT_Strstr strstr #define PORT_Strtok strtok + #define PORT_Tolower tolower typedef PRBool(PR_CALLBACK *PORTCharConversionWSwapFunc)(PRBool toUnicode, diff --git a/lib/zlib/gzwrite.c b/lib/zlib/gzwrite.c index eb8a0e589..67a82b11e 100644 --- a/lib/zlib/gzwrite.c +++ b/lib/zlib/gzwrite.c @@ -526,8 +526,7 @@ int ZEXPORTVA gzprintf(file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, if (next[len] == 0) break; # else - len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, - a12, a13, a14, a15, a16, a17, a18, a19, a20); + len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20); # endif #else # ifdef HAS_snprintf_void -- cgit v1.2.1