From 982e80577dd08945aa2345ebe35e3f50eef9eb48 Mon Sep 17 00:00:00 2001 From: archie Date: Fri, 4 Dec 1998 22:54:57 +0000 Subject: Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc. These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer. Reviewed by: Bruce Evans Reviewed by: Matthew Dillon Reviewed by: Mike Spengler --- sys/vm/vm_zone.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sys/vm') diff --git a/sys/vm/vm_zone.c b/sys/vm/vm_zone.c index 910c621..3c52819 100644 --- a/sys/vm/vm_zone.c +++ b/sys/vm/vm_zone.c @@ -11,7 +11,7 @@ * 2. Absolutely no warranty of function or purpose is made by the author * John S. Dyson. * - * $Id: vm_zone.c,v 1.22 1998/10/09 00:24:49 jdp Exp $ + * $Id: vm_zone.c,v 1.23 1998/10/31 17:21:31 peter Exp $ */ #include @@ -388,7 +388,8 @@ sysctl_vm_zone SYSCTL_HANDLER_ARGS char tmpbuf[128]; char tmpname[14]; - sprintf(tmpbuf, "\nITEM SIZE LIMIT USED FREE REQUESTS\n"); + snprintf(tmpbuf, sizeof(tmpbuf), + "\nITEM SIZE LIMIT USED FREE REQUESTS\n"); error = SYSCTL_OUT(req, tmpbuf, strlen(tmpbuf)); if (error) return (error); @@ -413,7 +414,7 @@ sysctl_vm_zone SYSCTL_HANDLER_ARGS tmpbuf[0] = '\n'; } - sprintf(tmpbuf + offset, + snprintf(tmpbuf + offset, sizeof(tmpbuf) - offset, "%s %6.6u, %8.8u, %6.6u, %6.6u, %8.8u\n", tmpname, curzone->zsize, curzone->zmax, (curzone->ztotal - curzone->zfreecnt), -- cgit v1.1