diff options
| author | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
|---|---|---|
| committer | archie <archie@FreeBSD.org> | 1998-12-04 22:54:57 +0000 |
| commit | 982e80577dd08945aa2345ebe35e3f50eef9eb48 (patch) | |
| tree | e21ff4cbfbcb4097c6cc444d68ddd9a3fd37837f /sys/miscfs | |
| parent | 707b8f68aa118c7396f2a2633751e32477d9ed08 (diff) | |
| download | FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.zip FreeBSD-src-982e80577dd08945aa2345ebe35e3f50eef9eb48.tar.gz | |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
Diffstat (limited to 'sys/miscfs')
| -rw-r--r-- | sys/miscfs/kernfs/kernfs_vnops.c | 8 | ||||
| -rw-r--r-- | sys/miscfs/procfs/procfs_map.c | 5 | ||||
| -rw-r--r-- | sys/miscfs/procfs/procfs_vnops.c | 6 |
3 files changed, 10 insertions, 9 deletions
diff --git a/sys/miscfs/kernfs/kernfs_vnops.c b/sys/miscfs/kernfs/kernfs_vnops.c index 4280ef1..c08bdd3 100644 --- a/sys/miscfs/kernfs/kernfs_vnops.c +++ b/sys/miscfs/kernfs/kernfs_vnops.c @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)kernfs_vnops.c 8.15 (Berkeley) 5/21/95 - * $Id: kernfs_vnops.c,v 1.34 1998/06/25 16:54:18 dt Exp $ + * $Id: kernfs_vnops.c,v 1.35 1998/07/30 17:40:45 bde Exp $ */ /* @@ -133,13 +133,13 @@ kernfs_xread(kt, buf, len, lenp) case KTT_TIME: { struct timeval tv; microtime(&tv); - sprintf(buf, "%ld %ld\n", tv.tv_sec, tv.tv_usec); + snprintf(buf, len, "%ld %ld\n", tv.tv_sec, tv.tv_usec); break; } case KTT_INT: { int *ip = kt->kt_data; - sprintf(buf, "%d\n", *ip); + snprintf(buf, len, "%d\n", *ip); break; } @@ -181,7 +181,7 @@ kernfs_xread(kt, buf, len, lenp) } case KTT_AVENRUN: - sprintf(buf, "%lu %lu %lu %ld\n", + snprintf(buf, len, "%lu %lu %lu %ld\n", (u_long)averunnable.ldavg[0], (u_long)averunnable.ldavg[1], (u_long)averunnable.ldavg[2], averunnable.fscale); break; diff --git a/sys/miscfs/procfs/procfs_map.c b/sys/miscfs/procfs/procfs_map.c index 1a865e6..4dae10a 100644 --- a/sys/miscfs/procfs/procfs_map.c +++ b/sys/miscfs/procfs/procfs_map.c @@ -36,7 +36,7 @@ * * @(#)procfs_status.c 8.3 (Berkeley) 2/17/94 * - * $Id: procfs_map.c,v 1.16 1998/02/06 12:13:41 eivind Exp $ + * $Id: procfs_map.c,v 1.17 1998/04/29 04:28:22 dyson Exp $ */ #include <sys/param.h> @@ -153,7 +153,8 @@ case OBJT_DEVICE: * format: * start, end, resident, private resident, cow, access, type. */ - sprintf(mebuffer, "0x%x 0x%x %d %d %d %s%s%s %d %d 0x%x %s %s %s\n", + snprintf(mebuffer, sizeof(mebuffer), + "0x%x 0x%x %d %d %d %s%s%s %d %d 0x%x %s %s %s\n", entry->start, entry->end, resident, privateresident, id, (entry->protection & VM_PROT_READ)?"r":"-", diff --git a/sys/miscfs/procfs/procfs_vnops.c b/sys/miscfs/procfs/procfs_vnops.c index 8a6230e..6879b08 100644 --- a/sys/miscfs/procfs/procfs_vnops.c +++ b/sys/miscfs/procfs/procfs_vnops.c @@ -36,7 +36,7 @@ * * @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95 * - * $Id: procfs_vnops.c,v 1.60 1998/06/25 16:54:41 dt Exp $ + * $Id: procfs_vnops.c,v 1.61 1998/07/11 07:45:46 bde Exp $ */ /* @@ -528,7 +528,7 @@ procfs_getattr(ap) vap->va_uid = 0; vap->va_gid = 0; vap->va_size = vap->va_bytes = - sprintf(buf, "%ld", (long)curproc->p_pid); + snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid); break; } @@ -944,7 +944,7 @@ procfs_readlink(ap) if (VTOPFS(ap->a_vp)->pfs_fileno != PROCFS_FILENO(0, Pcurproc)) return (EINVAL); - len = sprintf(buf, "%ld", (long)curproc->p_pid); + len = snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid); return (uiomove((caddr_t)buf, len, ap->a_uio)); } |
