* Fix for chrony.spec on SuSE (Paul Elliot)
* Fix handling of initstepslew if no servers are listed (John Hasler)
* Fix install rule in Makefile if chronyd is in use (Juliusz Chroboczek)
+* Replace sprintf by snprintf to remove risk of buffer overrun (John Hasler)
New in version 1.19
===================
Changes to support 64 bit machines (i.e. those where
sizeof(unsigned long) > 4)
Bug fix to initstepslew directive
+ Fix to remove potential buffer overrun errors.
Liam Hatton <me@liamhatton.com>
Advice on configuring for Linux on PPC
Version control information
===========================
-$Header: /cvs/src/chrony/README,v 1.29 2003/09/19 22:48:26 richard Exp $
+$Header: /cvs/src/chrony/README,v 1.30 2003/09/21 23:11:06 richard Exp $
vim:tw=72
/*
- $Header: /cvs/src/chrony/client.c,v 1.66 2003/01/20 22:52:07 richard Exp $
+ $Header: /cvs/src/chrony/client.c,v 1.67 2003/09/21 23:11:06 richard Exp $
=======================================================================
stm = *gmtime(&t);
- sprintf(buffer, "%2d%s%02d %02d:%02d:%02d",
+ snprintf(buffer, sizeof(buffer),
+ "%2d%s%02d %02d:%02d:%02d",
stm.tm_mday, months[stm.tm_mon], stm.tm_year % 100,
stm.tm_hour, stm.tm_min, stm.tm_sec);
b = (ip>>16) & 0xff;
c = (ip>> 8) & 0xff;
d = (ip>> 0) & 0xff;
- sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d);
+ snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
return result;
}
hostname_buf[25] = 0;
if (no_dns) {
- sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr));
+ snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
} else {
dns_lookup = DNS_IPAddress2Name(ip_addr);
strncpy(hostname_buf, dns_lookup, 25);
hostname_buf[25] = 0;
if (no_dns) {
- sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip_addr));
+ snprintf(hostname_buf, sizeof(hostname_buf), "%s", UTI_IPToDottedQuad(ip_addr));
} else {
dns_lookup = DNS_IPAddress2Name(ip_addr);
strncpy(hostname_buf, dns_lookup, 25);
last_cmd_hit_ago = ntohl(reply.data.client_accesses.clients[j].last_cmd_hit_ago);
if (no_dns) {
- sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip));
+ snprintf(hostname_buf, sizeof(hostname_buf),
+ "%s", UTI_IPToDottedQuad(ip));
} else {
dns_lookup = DNS_IPAddress2Name(ip);
hostname_buf[25] = 0;
last_cmd_hit_ago = ntohl(reply.data.client_accesses_by_index.clients[j].last_cmd_hit_ago);
if (no_dns) {
- sprintf(hostname_buf, "%s", UTI_IPToDottedQuad(ip));
+ snprintf(hostname_buf, sizeof(hostname_buf),
+ "%s", UTI_IPToDottedQuad(ip));
} else {
dns_lookup = DNS_IPAddress2Name(ip);
hostname_buf[25] = 0;
/*
- $Header: /cvs/src/chrony/conf.c,v 1.43 2003/09/19 22:44:06 richard Exp $
+ $Header: /cvs/src/chrony/conf.c,v 1.44 2003/09/21 23:11:06 richard Exp $
=======================================================================
/* ================================================== */
-#define HOSTNAME_LEN 255
-#define SHOSTNAME_LEN "255"
+#define HOSTNAME_LEN 2047
+#define SHOSTNAME_LEN "2047"
static void
parse_initstepslew(const char *line)
/* ================================================== */
-#define BUFLEN 127
-#define SBUFLEN "127"
+#define BUFLEN 2047
+#define SBUFLEN "2047"
static void
parse_mailonchange(const char *line)
/*
- $Header: /cvs/src/chrony/logging.c,v 1.13 2003/03/24 23:35:43 richard Exp $
+ $Header: /cvs/src/chrony/logging.c,v 1.14 2003/09/21 23:11:06 richard Exp $
=======================================================================
char buf[2048];
va_list other_args;
va_start(other_args, format);
- vsprintf(buf, format, other_args);
+ vsnprintf(buf, sizeof(buf), format, other_args);
va_end(other_args);
#ifdef WINNT
if (logfile) {
char buf[2048];
va_list other_args;
va_start(other_args, format);
- vsprintf(buf, format, other_args);
+ vsnprintf(buf, sizeof(buf), format, other_args);
va_end(other_args);
#ifdef WINNT
/*
- $Header: /cvs/src/chrony/nameserv.c,v 1.13 2002/02/28 23:27:11 richard Exp $
+ $Header: /cvs/src/chrony/nameserv.c,v 1.14 2003/09/21 23:11:06 richard Exp $
=======================================================================
b = (ip_addr >> 16) & 0xff;
c = (ip_addr >> 8) & 0xff;
d = (ip_addr) & 0xff;
- sprintf(buffer, "%u.%u.%u.%u", a, b, c, d);
+ snprintf(buffer, sizeof(buffer), "%u.%u.%u.%u", a, b, c, d);
return buffer;
} else {
return host->h_name;
/*
- $Header: /cvs/src/chrony/reference.c,v 1.40 2003/03/24 23:35:43 richard Exp $
+ $Header: /cvs/src/chrony/reference.c,v 1.41 2003/09/21 23:11:06 richard Exp $
=======================================================================
if (do_mail_change &&
(abs_offset > mail_change_threshold)) {
- sprintf(buffer, "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user);
+ snprintf(buffer, sizeof(buffer), "%s %." S_MAX_USER_LEN "s", MAIL_PROGRAM, mail_change_user);
p = popen(buffer, "w");
if (p) {
if (gethostname(host, sizeof(host)) < 0) {
/*
- $Header: /cvs/src/chrony/sources.c,v 1.31 2003/03/24 23:35:43 richard Exp $
+ $Header: /cvs/src/chrony/sources.c,v 1.32 2003/09/21 23:11:06 richard Exp $
=======================================================================
SRC_DumpSources(void)
{
FILE *out;
- int direc_len;
+ int direc_len, file_len;
char *filename;
unsigned int a, b, c, d;
int i;
direc = CNF_GetDumpDir();
direc_len = strlen(direc);
- filename = MallocArray(char, direc_len+24); /* a bit of slack */
+ file_len = direc_len + 24;
+ filename = MallocArray(char, file_len); /* a bit of slack */
if (mkdir_and_parents(direc)) {
for (i=0; i<n_sources; i++) {
a = (sources[i]->ref_id) >> 24;
c = ((sources[i]->ref_id) >> 8) & 0xff;
d = ((sources[i]->ref_id)) & 0xff;
- sprintf(filename, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
+ snprintf(filename, file_len-1, "%s/%d.%d.%d.%d.dat", direc, a, b, c, d);
out = fopen(filename, "w");
if (!out) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
unsigned int a, b, c, d;
int i;
char *dumpdir;
- int dumpdirlen;
+ int dumpdirlen, filelen;
for (i=0; i<n_sources; i++) {
a = (sources[i]->ref_id) >> 24;
dumpdir = CNF_GetDumpDir();
dumpdirlen = strlen(dumpdir);
- filename = MallocArray(char, dumpdirlen+24);
- sprintf(filename, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d);
+ filelen = dumpdirlen + 24;
+ filename = MallocArray(char, filelen);
+ snprintf(filename, filelen-1, "%s/%d.%d.%d.%d.dat", dumpdir, a, b, c, d);
in = fopen(filename, "r");
if (!in) {
LOG(LOGS_WARN, LOGF_Sources, "Could not open dump file %s", filename);
/*
- $Header: /cvs/src/chrony/util.c,v 1.19 2003/03/24 23:35:43 richard Exp $
+ $Header: /cvs/src/chrony/util.c,v 1.20 2003/09/21 23:11:06 richard Exp $
=======================================================================
stm = *gmtime((time_t *) &(tv->tv_sec));
strftime(buffer, sizeof(buffer), "%a %x %X", &stm);
result = NEXT_BUFFER;
- sprintf(result, "%s.%06ld", buffer, (unsigned long)(tv->tv_usec));
+ snprintf(result, sizeof(buffer), "%s.%06ld", buffer, (unsigned long)(tv->tv_usec));
return result;
}
c = (ip>> 8) & 0xff;
d = (ip>> 0) & 0xff;
result = NEXT_BUFFER;
- sprintf(result, "%ld.%ld.%ld.%ld", a, b, c, d);
+ snprintf(result, sizeof(result), "%ld.%ld.%ld.%ld", a, b, c, d);
return result;
}
projects / thirdparty / chrony.git / commitdiff
