From: Juergen Perlinger Date: Tue, 6 Apr 2010 17:08:47 +0000 (+0200) Subject: fix format string warnings (64-bit); avoid (m)syslog format string attacks X-Git-Tag: NTP_4_2_7P24~2^2~5^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c02a06e2f6da5f7e4c6883d1780982dc23a34308;p=thirdparty%2Fntp.git fix format string warnings (64-bit); avoid (m)syslog format string attacks bk: 4bbb6a9fTKndeJTmserGeo5Lit4FHw --- diff --git a/ntpd/ntp_config.c b/ntpd/ntp_config.c index 80198694b..baf891593 100644 --- a/ntpd/ntp_config.c +++ b/ntpd/ntp_config.c @@ -2840,8 +2840,8 @@ config_phone( sys_phone[i++] = estrdup(*s); else msyslog(LOG_INFO, - "phone: Number of phone entries exceeds %d. Ignoring phone %s...", - COUNTOF(sys_phone) - 1, *s); + "phone: Number of phone entries exceeds %lu. Ignoring phone %s...", + (u_long)(COUNTOF(sys_phone) - 1), *s); s = next_node(s); } @@ -2998,8 +2998,8 @@ config_ttl( sys_ttl[i++] = (u_char)*curr_ttl; else msyslog(LOG_INFO, - "ttl: Number of TTL entries exceeds %d. Ignoring TTL %d...", - COUNTOF(sys_ttl), *curr_ttl); + "ttl: Number of TTL entries exceeds %lu. Ignoring TTL %d...", + (u_long)COUNTOF(sys_ttl), *curr_ttl); curr_ttl = next_node(curr_ttl); } diff --git a/ntpd/ntp_control.c b/ntpd/ntp_control.c index 67c12f134..14baee287 100644 --- a/ntpd/ntp_control.c +++ b/ntpd/ntp_control.c @@ -3627,7 +3627,7 @@ report_event( " %s", str); } NLOG(NLOG_SYSEVENT) - msyslog(LOG_INFO, statstr); + msyslog(LOG_INFO, "%s", statstr); } else { /* @@ -3659,7 +3659,7 @@ report_event( " %s", str); } NLOG(NLOG_PEEREVENT) - msyslog(LOG_INFO, statstr); + msyslog(LOG_INFO, "%s", statstr); } record_proto_stats(statstr); #if DEBUG diff --git a/ntpd/ntp_intres.c b/ntpd/ntp_intres.c index b1808cce9..8e88b9352 100644 --- a/ntpd/ntp_intres.c +++ b/ntpd/ntp_intres.c @@ -640,8 +640,8 @@ blocking_getnameinfo( host = alloca(octets); if (NULL == host) { msyslog(LOG_ERR, - "blocking_getnameinfo unable to allocate %d octets on stack", - octets); + "blocking_getnameinfo unable to allocate %lu octets on stack", + (u_long)octets); exit(1); } #endif @@ -671,9 +671,9 @@ blocking_getnameinfo( resp = emalloc(resp_octets); gni_resp = (void *)((char *)resp + sizeof(*resp)); - DPRINTF(2, ("blocking_getnameinfo given addr %s flags 0x%x hostlen %d servlen %d\n", + DPRINTF(2, ("blocking_getnameinfo given addr %s flags 0x%x hostlen %lu servlen %lu\n", stoa(&gni_req->socku), gni_req->flags, - gni_req->hostoctets, gni_req->servoctets)); + (u_long)gni_req->hostoctets, (u_long)gni_req->servoctets)); gni_resp->retcode = getnameinfo(&gni_req->socku.sa, SOCKLEN(&gni_req->socku), diff --git a/ntpd/ntp_request.c b/ntpd/ntp_request.c index c04b4f815..419d417e2 100644 --- a/ntpd/ntp_request.c +++ b/ntpd/ntp_request.c @@ -584,25 +584,25 @@ process_private( */ if (!INFO_IS_AUTH(inpkt->auth_seq) || !info_auth_keyid || ntohl(tailinpkt->keyid) != info_auth_keyid) { - DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %u\n", + DPRINTF(5, ("failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n", INFO_IS_AUTH(inpkt->auth_seq), info_auth_keyid, - ntohl(tailinpkt->keyid), mac_len)); + ntohl(tailinpkt->keyid), (u_long)mac_len)); #ifdef DEBUG msyslog(LOG_DEBUG, - "process_private: failed auth %d info_auth_keyid %u pkt keyid %u maclen %u\n", + "process_private: failed auth %d info_auth_keyid %u pkt keyid %u maclen %lu\n", INFO_IS_AUTH(inpkt->auth_seq), info_auth_keyid, - ntohl(tailinpkt->keyid), mac_len); + ntohl(tailinpkt->keyid), (u_long)mac_len); #endif req_ack(srcadr, inter, inpkt, INFO_ERR_AUTH); return; } if (recv_len > REQ_LEN_NOMAC + MAX_MAC_LEN) { - DPRINTF(5, ("bad pkt length %d\n", recv_len)); + DPRINTF(5, ("bad pkt length %lu\n", (u_long)recv_len)); msyslog(LOG_ERR, - "process_private: bad pkt length %d", - recv_len); + "process_private: bad pkt length %lu", + (u_long)recv_len); req_ack(srcadr, inter, inpkt, INFO_ERR_FMT); return; } diff --git a/ntpd/ntp_scanner.c b/ntpd/ntp_scanner.c index f9bc1ff63..9f1752399 100644 --- a/ntpd/ntp_scanner.c +++ b/ntpd/ntp_scanner.c @@ -358,7 +358,7 @@ is_special( int ch ) { - return (int)strchr(special_chars, ch); + return strchr(special_chars, ch) != NULL; } @@ -643,8 +643,8 @@ normal_return: lex_too_long: yytext[min(sizeof(yytext) - 1, 50)] = 0; msyslog(LOG_ERR, - "configuration item on line %d longer than limit of %d, began with '%s'", - ip_file->line_no, sizeof(yytext) - 1, yytext); + "configuration item on line %d longer than limit of %lu, began with '%s'", + ip_file->line_no, (u_long)(sizeof(yytext) - 1), yytext); /* * If we hit the length limit reading the startup configuration diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c index c4995ec84..a627061ce 100644 --- a/ntpd/ntpd.c +++ b/ntpd/ntpd.c @@ -358,7 +358,7 @@ change_logfile( octets += 1; /* NUL terminator */ abs_fname = emalloc(octets); snprintf(abs_fname, octets, "%.*s%c%s", - cd_octets, curdir, DIR_SEP, + (u_int)cd_octets, curdir, DIR_SEP, syslog_fname); } else #endif @@ -1368,7 +1368,7 @@ library_fatal_error(const char *file, int line, const char *format, msyslog(LOG_ERR, "%s:%d: fatal error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); - msyslog(LOG_ERR, errbuf); + msyslog(LOG_ERR, "%s", errbuf); msyslog(LOG_ERR, "exiting (due to fatal error in library)"); #if defined(DEBUG) && defined(SYS_WINNT) @@ -1395,7 +1395,7 @@ library_unexpected_error(const char *file, int line, const char *format, msyslog(LOG_ERR, "%s:%d: unexpected error:", file, line); vsnprintf(errbuf, sizeof(errbuf), format, args); - msyslog(LOG_ERR, errbuf); + msyslog(LOG_ERR, "%s", errbuf); if (++unexpected_error_cnt == MAX_UNEXPECTED_ERRORS) { diff --git a/ntpd/refclock_acts.c b/ntpd/refclock_acts.c index 71923ce51..c9cc5962b 100644 --- a/ntpd/refclock_acts.c +++ b/ntpd/refclock_acts.c @@ -362,8 +362,8 @@ acts_message( up = (struct actsunit *)pp->unitptr; #ifdef DEBUG ioctl(pp->io.fd, TIOCMGET, (char *)&modem); - snprintf(tbuf, sizeof(tbuf), "acts: %04x (%d %d) %d %s", modem, - up->state, up->timer, strlen(pp->a_lastcode), + snprintf(tbuf, sizeof(tbuf), "acts: %04x (%d %d) %lu %s", modem, + up->state, up->timer, (u_long)strlen(pp->a_lastcode), pp->a_lastcode); if (debug) printf("%s\n", tbuf); diff --git a/ntpd/work_fork.c b/ntpd/work_fork.c index 87e271760..82d922209 100644 --- a/ntpd/work_fork.c +++ b/ntpd/work_fork.c @@ -189,8 +189,8 @@ receive_blocking_req_internal( DPRINTF(1, ("parent closed request pipe\n")); else if (rc != sizeof(hdr)) msyslog(LOG_ERR, - "receive_blocking_req_internal: short header read %d of %d\n", - rc, sizeof(hdr)); + "receive_blocking_req_internal: short header read %d of %lu\n", + rc, (u_long)sizeof(hdr)); else { NTP_INSIST(sizeof(hdr) < hdr.octets && hdr.octets < 4 * 1024); req = emalloc(hdr.octets); @@ -205,8 +205,8 @@ receive_blocking_req_internal( "receive_blocking_req_internal: pipe data read %m\n"); else if (rc != hdr.octets - sizeof(hdr)) msyslog(LOG_ERR, - "receive_blocking_req_internal: short read %d of %d\n", - rc, hdr.octets - sizeof(hdr)); + "receive_blocking_req_internal: short read %d of %lu\n", + rc, (u_long)(hdr.octets - sizeof(hdr))); else if (BLOCKING_REQ_MAGIC != req->magic_sig) msyslog(LOG_ERR, "receive_blocking_req_internal: packet header mismatch (0x%x)", @@ -266,8 +266,8 @@ receive_blocking_resp_internal( if (rc < 0) DPRINTF(1, ("receive_blocking_resp_internal: pipe read %m\n")); else if (rc != sizeof(hdr)) - DPRINTF(1, ("receive_blocking_resp_internal: short header read %d of %d\n", - rc, sizeof(hdr))); + DPRINTF(1, ("receive_blocking_resp_internal: short header read %d of %lu\n", + rc, (u_long)sizeof(hdr))); else if (BLOCKING_RESP_MAGIC != hdr.magic_sig) DPRINTF(1, ("receive_blocking_resp_internal: header mismatch (0x%x)\n", hdr.magic_sig)); @@ -283,8 +283,8 @@ receive_blocking_resp_internal( if (rc < 0) DPRINTF(1, ("receive_blocking_resp_internal: pipe data read %m\n")); else if (rc < hdr.octets - sizeof(hdr)) - DPRINTF(1, ("receive_blocking_resp_internal: short read %d of %d\n", - rc, hdr.octets - sizeof(hdr))); + DPRINTF(1, ("receive_blocking_resp_internal: short read %d of %lu\n", + rc, (u_long)(hdr.octets - sizeof(hdr)))); else return resp; } diff --git a/ntpdc/ntpdc.c b/ntpdc/ntpdc.c index 1a802691c..f5db2b462 100644 --- a/ntpdc/ntpdc.c +++ b/ntpdc/ntpdc.c @@ -803,8 +803,8 @@ getresponse( if ((size_t)datasize > (n-RESP_HEADER_SIZE)) { if (debug) printf( - "Received items %d, size %d (total %d), data in packet is %d\n", - items, size, datasize, n-RESP_HEADER_SIZE); + "Received items %d, size %d (total %d), data in packet is %lu\n", + items, size, datasize, (u_long)(n-RESP_HEADER_SIZE)); goto again; } @@ -992,9 +992,9 @@ sendrequest( return 1; } else if (maclen != (info_auth_hashlen + sizeof(keyid_t))) { fprintf(stderr, - "%d octet MAC, %u expected with %u octet digest\n", - maclen, (info_auth_hashlen + sizeof(keyid_t)), - info_auth_hashlen); + "%d octet MAC, %lu expected with %lu octet digest\n", + maclen, (u_long)(info_auth_hashlen + sizeof(keyid_t)), + (u_long)info_auth_hashlen); return 1; } return sendpkt(&qpkt, reqsize + maclen); @@ -1797,9 +1797,9 @@ keytype( int key_type; if (!pcmd->nargs) { - fprintf(fp, "keytype is %s with %u octet digests\n", + fprintf(fp, "keytype is %s with %lu octet digests\n", keytype_name(info_auth_keytype), - info_auth_hashlen); + (u_long)info_auth_hashlen); return; } diff --git a/sntp/log.c b/sntp/log.c index ec3c5388b..69d788135 100644 --- a/sntp/log.c +++ b/sntp/log.c @@ -31,7 +31,7 @@ void log_msg(char *message, char type) { break; } - syslog(type, message); + syslog(type, "%s", message); } } @@ -47,7 +47,7 @@ void debug_msg(char *message) { #ifdef LOG_PERROR | LOG_PERROR #endif - | LOG_CONS, message); + | LOG_CONS, "%s", message); } }