diff options
author | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
---|---|---|
committer | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
commit | 982e80577dd08945aa2345ebe35e3f50eef9eb48 (patch) | |
tree | e21ff4cbfbcb4097c6cc444d68ddd9a3fd37837f /sys/dev/hfa | |
parent | 707b8f68aa118c7396f2a2633751e32477d9ed08 (diff) | |
download | FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.zip FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.tar.gz |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
Diffstat (limited to 'sys/dev/hfa')
-rw-r--r-- | sys/dev/hfa/fore_command.c | 7 | ||||
-rw-r--r-- | sys/dev/hfa/fore_if.c | 7 | ||||
-rw-r--r-- | sys/dev/hfa/fore_init.c | 7 | ||||
-rw-r--r-- | sys/dev/hfa/fore_load.c | 10 |
4 files changed, 18 insertions, 13 deletions
diff --git a/sys/dev/hfa/fore_command.c b/sys/dev/hfa/fore_command.c index c2ed628..d8e0e9d 100644 --- a/sys/dev/hfa/fore_command.c +++ b/sys/dev/hfa/fore_command.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: fore_command.c,v 1.2 1998/09/17 09:34:58 phk Exp $ + * @(#) $Id: fore_command.c,v 1.3 1998/10/31 20:06:52 phk Exp $ * */ @@ -38,7 +38,7 @@ #include <dev/hfa/fore_include.h> #ifndef lint -__RCSID("@(#) $Id: fore_command.c,v 1.2 1998/09/17 09:34:58 phk Exp $"); +__RCSID("@(#) $Id: fore_command.c,v 1.3 1998/10/31 20:06:52 phk Exp $"); #endif /* @@ -341,7 +341,8 @@ fore_cmd_drain(fup) sizeof(struct mac_addr)); fup->fu_config.ac_macaddr = fup->fu_pif.pif_macaddr; - sprintf(fup->fu_config.ac_hard_vers, + snprintf(fup->fu_config.ac_hard_vers, + sizeof(fup->fu_config.ac_hard_vers), "%ld.%ld.%ld", (fp->pr_hwver >> 16) & 0xff, (fp->pr_hwver >> 8) & 0xff, diff --git a/sys/dev/hfa/fore_if.c b/sys/dev/hfa/fore_if.c index 9c8a82d..479e7e6 100644 --- a/sys/dev/hfa/fore_if.c +++ b/sys/dev/hfa/fore_if.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: fore_if.c,v 1.1 1998/09/15 08:22:55 phk Exp $ + * @(#) $Id: fore_if.c,v 1.2 1998/10/31 20:06:52 phk Exp $ * */ @@ -38,7 +38,7 @@ #include <dev/hfa/fore_include.h> #ifndef lint -__RCSID("@(#) $Id: fore_if.c,v 1.1 1998/09/15 08:22:55 phk Exp $"); +__RCSID("@(#) $Id: fore_if.c,v 1.2 1998/10/31 20:06:52 phk Exp $"); #endif @@ -85,7 +85,8 @@ fore_atm_ioctl(code, data, arg) fup = (Fore_unit *)pip; if ( pip == NULL ) return ( ENXIO ); - sprintf ( ifname, "%s%d", pip->pif_name, pip->pif_unit ); + snprintf ( ifname, sizeof(ifname), + "%s%d", pip->pif_name, pip->pif_unit ); /* * Cast response structure onto user's buffer diff --git a/sys/dev/hfa/fore_init.c b/sys/dev/hfa/fore_init.c index eade984..7c1ee96 100644 --- a/sys/dev/hfa/fore_init.c +++ b/sys/dev/hfa/fore_init.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: fore_init.c,v 1.2 1998/09/17 09:34:59 phk Exp $ + * @(#) $Id: fore_init.c,v 1.3 1998/10/31 20:06:53 phk Exp $ * */ @@ -38,7 +38,7 @@ #include <dev/hfa/fore_include.h> #ifndef lint -__RCSID("@(#) $Id: fore_init.c,v 1.2 1998/09/17 09:34:59 phk Exp $"); +__RCSID("@(#) $Id: fore_init.c,v 1.3 1998/10/31 20:06:53 phk Exp $"); #endif @@ -122,7 +122,8 @@ fore_initialize(fup) errmsg = "unsupported microcode version"; goto failed; } - sprintf(fup->fu_config.ac_firm_vers, "%ld.%ld.%ld", + snprintf(fup->fu_config.ac_firm_vers, + sizeof(fup->fu_config.ac_firm_vers), "%ld.%ld.%ld", (vers >> 16) & 0xff, (vers >> 8) & 0xff, vers & 0xff); #ifdef notdef diff --git a/sys/dev/hfa/fore_load.c b/sys/dev/hfa/fore_load.c index 1d5735d..96c59be 100644 --- a/sys/dev/hfa/fore_load.c +++ b/sys/dev/hfa/fore_load.c @@ -23,7 +23,7 @@ * Copies of this Software may be made, however, the above copyright * notice must be reproduced on all copies. * - * @(#) $Id: fore_load.c,v 1.2 1998/09/17 09:34:59 phk Exp $ + * @(#) $Id: fore_load.c,v 1.3 1998/10/31 20:06:53 phk Exp $ * */ @@ -38,7 +38,7 @@ #include <dev/hfa/fore_include.h> #ifndef lint -__RCSID("@(#) $Id: fore_load.c,v 1.2 1998/09/17 09:34:59 phk Exp $"); +__RCSID("@(#) $Id: fore_load.c,v 1.3 1998/10/31 20:06:53 phk Exp $"); #endif @@ -726,10 +726,12 @@ fore_attach(devinfo_p) val = getprop ( devinfo_p->devi_nodeid, "hw-version", -1 ); } if (val != -1) { - sprintf(fcp->ac_hard_vers, "%d.%d.%d", + snprintf(fcp->ac_hard_vers, + sizeof(fcp->ac_hard_vers), "%d.%d.%d", (val >> 16) & 0xff, (val >> 8) & 0xff, val & 0xff); } else - sprintf(fcp->ac_hard_vers, "Unknown"); + snprintf(fcp->ac_hard_vers, + sizeof(fcp->ac_hard_vers), "Unknown"); val = getprop ( devinfo_p->devi_nodeid, "serialnumber", -1 ); if ( val != -1 ) |