From a83d91548b782b31428f3a231780f425aa81c05b Mon Sep 17 00:00:00 2001 From: Hakan Olsson Date: Thu, 3 Apr 2003 15:12:46 +0000 Subject: str{cat,cpy}/sprintf cleanup. markus@, deraadt@ ok --- lib/libcrypto/asn1/a_time.c | 10 ++++++---- lib/libcrypto/asn1/t_pkey.c | 4 ++-- lib/libcrypto/bio/bss_file.c | 10 +++++----- lib/libcrypto/err/err.c | 2 +- lib/libcrypto/evp/evp_pbe.c | 2 +- lib/libcrypto/evp/evp_pkey.c | 2 +- lib/libcrypto/mem_dbg.c | 12 +++++++----- lib/libcrypto/pem/pem_lib.c | 14 ++++++++------ lib/libcrypto/rand/randfile.c | 2 +- 9 files changed, 32 insertions(+), 26 deletions(-) (limited to 'lib/libcrypto') diff --git a/lib/libcrypto/asn1/a_time.c b/lib/libcrypto/asn1/a_time.c index 27ddd30899b..f8fdfb5975e 100644 --- a/lib/libcrypto/asn1/a_time.c +++ b/lib/libcrypto/asn1/a_time.c @@ -125,6 +125,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE { ASN1_GENERALIZEDTIME *ret; char *str; + int newlen; if (!ASN1_TIME_check(t)) return NULL; @@ -145,14 +146,15 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZE } /* grow the string */ - if (!ASN1_STRING_set(ret, NULL, t->length + 2)) + newlen = t->length + 2; + if (!ASN1_STRING_set(ret, NULL, newlen)) return NULL; str = (char *)ret->data; /* Work out the century and prepend */ - if (t->data[0] >= '5') strcpy(str, "19"); - else strcpy(str, "20"); + if (t->data[0] >= '5') strlcpy(str, "19", newlen); + else strlcpy(str, "20", newlen); - strcat(str, (char *)t->data); + strlcat(str, (char *)t->data, newlen); return ret; } diff --git a/lib/libcrypto/asn1/t_pkey.c b/lib/libcrypto/asn1/t_pkey.c index 2d46914cb18..b3f83640121 100644 --- a/lib/libcrypto/asn1/t_pkey.c +++ b/lib/libcrypto/asn1/t_pkey.c @@ -143,9 +143,9 @@ int RSA_print(BIO *bp, const RSA *x, int off) } if (x->d == NULL) - sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); + snprintf(str,sizeof str,"Modulus (%d bit):",BN_num_bits(x->n)); else - strcpy(str,"modulus:"); + strlcpy(str,"modulus:",sizeof str); if (!print(bp,str,x->n,m,off)) goto err; s=(x->d == NULL)?"Exponent:":"publicExponent:"; if (!print(bp,s,x->e,m,off)) goto err; diff --git a/lib/libcrypto/bio/bss_file.c b/lib/libcrypto/bio/bss_file.c index 826b361fa22..18e7bb86e60 100644 --- a/lib/libcrypto/bio/bss_file.c +++ b/lib/libcrypto/bio/bss_file.c @@ -232,15 +232,15 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - strcpy(p,"a+"); - else strcpy(p,"a"); + strlcpy(p,"a+",sizeof p); + else strlcpy(p,"a",sizeof p); } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - strcpy(p,"r+"); + strlcpy(p,"r+",sizeof p); else if (num & BIO_FP_WRITE) - strcpy(p,"w"); + strlcpy(p,"w",sizeof p); else if (num & BIO_FP_READ) - strcpy(p,"r"); + strlcpy(p,"r",sizeof p); else { BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); diff --git a/lib/libcrypto/err/err.c b/lib/libcrypto/err/err.c index 5abe44e6d57..9b532d1f4ca 100644 --- a/lib/libcrypto/err/err.c +++ b/lib/libcrypto/err/err.c @@ -1023,7 +1023,7 @@ void ERR_add_error_data(int num, ...) else str=p; } - strcat(str,a); + strlcat(str,a,s+1); } } ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); diff --git a/lib/libcrypto/evp/evp_pbe.c b/lib/libcrypto/evp/evp_pbe.c index bcd4d29f858..4234cd76849 100644 --- a/lib/libcrypto/evp/evp_pbe.c +++ b/lib/libcrypto/evp/evp_pbe.c @@ -87,7 +87,7 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, if (i == -1) { char obj_tmp[80]; EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) strcpy (obj_tmp, "NULL"); + if (!pbe_obj) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); ERR_add_error_data(2, "TYPE=", obj_tmp); return 0; diff --git a/lib/libcrypto/evp/evp_pkey.c b/lib/libcrypto/evp/evp_pkey.c index 34b5b1d21cc..30b6fbb03dd 100644 --- a/lib/libcrypto/evp/evp_pkey.c +++ b/lib/libcrypto/evp/evp_pkey.c @@ -210,7 +210,7 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) #endif default: EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - if (!a->algorithm) strcpy (obj_tmp, "NULL"); + if (!a->algorithm) strlcpy (obj_tmp, "NULL", sizeof obj_tmp); else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); ERR_add_error_data(2, "TYPE=", obj_tmp); EVP_PKEY_free (pkey); diff --git a/lib/libcrypto/mem_dbg.c b/lib/libcrypto/mem_dbg.c index 0beb3b36d15..ea94eee6f4d 100644 --- a/lib/libcrypto/mem_dbg.c +++ b/lib/libcrypto/mem_dbg.c @@ -585,6 +585,8 @@ static void print_leak(const MEM *m, MEM_LEAK *l) struct tm *lcl = NULL; unsigned long ti; +#define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf)) + if(m->addr == (char *)l->bio) return; @@ -592,22 +594,22 @@ static void print_leak(const MEM *m, MEM_LEAK *l) { lcl = localtime(&m->time); - sprintf(bufp, "[%02d:%02d:%02d] ", + snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ", lcl->tm_hour,lcl->tm_min,lcl->tm_sec); bufp += strlen(bufp); } - sprintf(bufp, "%5lu file=%s, line=%d, ", + snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ", m->order,m->file,m->line); bufp += strlen(bufp); if (options & V_CRYPTO_MDEBUG_THREAD) { - sprintf(bufp, "thread=%lu, ", m->thread); + snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread); bufp += strlen(bufp); } - sprintf(bufp, "number=%d, address=%08lX\n", + snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n", m->num,(unsigned long)m->addr); bufp += strlen(bufp); @@ -682,7 +684,7 @@ void CRYPTO_mem_leaks(BIO *b) (char *)&ml); if (ml.chunks != 0) { - sprintf(buf,"%ld bytes leaked in %d chunks\n", + snprintf(buf,sizeof buf,"%ld bytes leaked in %d chunks\n", ml.bytes,ml.chunks); BIO_puts(b,buf); } diff --git a/lib/libcrypto/pem/pem_lib.c b/lib/libcrypto/pem/pem_lib.c index a8db6ffbf5c..50f5733654a 100644 --- a/lib/libcrypto/pem/pem_lib.c +++ b/lib/libcrypto/pem/pem_lib.c @@ -131,9 +131,9 @@ void PEM_proc_type(char *buf, int type) else str="BAD-TYPE"; - strcat(buf,"Proc-Type: 4,"); - strcat(buf,str); - strcat(buf,"\n"); + strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE); + strlcat(buf,str,PEM_BUFSIZE); + strlcat(buf,"\n",PEM_BUFSIZE); } void PEM_dek_info(char *buf, const char *type, int len, char *str) @@ -142,10 +142,12 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) long i; int j; - strcat(buf,"DEK-Info: "); - strcat(buf,type); - strcat(buf,","); + strlcat(buf,"DEK-Info: ",PEM_BUFSIZE); + strlcat(buf,type,PEM_BUFSIZE); + strlcat(buf,",",PEM_BUFSIZE); j=strlen(buf); + if (j + (len * 2) + 1 > PEM_BUFSIZE) + return; for (i=0; i>4)&0x0f]; diff --git a/lib/libcrypto/rand/randfile.c b/lib/libcrypto/rand/randfile.c index 215c2616eb1..311dd27a7b2 100644 --- a/lib/libcrypto/rand/randfile.c +++ b/lib/libcrypto/rand/randfile.c @@ -242,7 +242,7 @@ const char *RAND_file_name(char *buf, size_t size) { strlcpy(buf,s,size); #ifndef OPENSSL_SYS_VMS - strcat(buf,"/"); + strlcat(buf,"/",size); #endif strlcat(buf,RFILE,size); ok = 1; -- cgit v1.2.3