- (djm) Avoid bad and unportable sprintf usage in compat code

2001-09-25 22:21:52 +10:00 · 2001-09-25 22:21:52 +10:00 · 5f4b10088f
--- a/3
+++ b/3
@ -2,6 +2,7 @@
 - (djm) Pull in auth-krb5.c from OpenBSD CVS. NB. it is not currently used.
 - (djm) Sync $sysconfdir/moduli
 - (djm) Add AC_SYS_LARGEFILE configure test
+ - (djm) Avoid bad and unportable sprintf usage in compat code

 20010923
 - (bal) updated ssh.c to mirror minor getopts 'extern int' formating done
@ -6568,4 +6569,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1562 2001/09/25 06:39:35 djm Exp $
+$Id: ChangeLog,v 1.1563 2001/09/25 12:21:52 djm Exp $
--- a/openbsd-compat/inet_ntop.c
+++ b/openbsd-compat/inet_ntop.c
@ -104,7 +104,8 @@ inet_ntop4(src, dst, size)
 	static const char fmt[] = "%u.%u.%u.%u";
 	char tmp[sizeof "255.255.255.255"];

-	if (sprintf(tmp, fmt, src[0], src[1], src[2], src[3]) > size) {
+	if (snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2],
+	    src[3]) > size) {
 		errno = ENOSPC;
 		return (NULL);
 	}
@ -190,7 +191,8 @@ inet_ntop6(src, dst, size)
 			tp += strlen(tp);
 			break;
 		}
-		tp += sprintf(tp, "%x", words[i]);
+		snprintf(tp, sizeof(tmp - (tp - tmp)), "%x", words[i]);
+		tp += strlen(tp);
 	}
 	/* Was it a trailing run of 0x00's? */
 	if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ))