Use snprintf instead of strcpy/strcat in many places

ticket: 6200
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20912 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 16 insertions, 0 deletions

diff --git a/src/include/k5-platform.h b/src/include/k5-platform.h
index 4a2b1ae..279d6fd 100644
--- a/src/include/k5-platform.h
+++ b/src/include/k5-platform.h
@@ -920,6 +920,22 @@ extern int asprintf(char **, const char *, ...)
 
 #endif /* have vasprintf and prototype? */
 
+/* Return true if the snprintf return value RESULT reflects a buffer
+   overflow for the buffer size SIZE.
+
+   We cast the result to unsigned int for two reasons.  First, old
+   implementations of snprintf (such as the one in Solaris 9 and
+   prior) return -1 on a buffer overflow.  Casting the result to -1
+   will convert that value to UINT_MAX, which should compare larger
+   than any reasonable buffer size.  Second, comparing signed and
+   unsigned integers will generate warnings with some compilers, and
+   can have unpredictable results, particularly when the relative
+   widths of the types is not known (size_t may be the same width as
+   int or larger).
+*/
+#define SNPRINTF_OVERFLOW(result, size) \
+    ((unsigned int)(result) >= (size_t)(size))
+
 #ifndef HAVE_MKSTEMP
 extern int krb5int_mkstemp(char *);
 #define mkstemp krb5int_mkstemp