diff options
author | Ken Raeburn <raeburn@mit.edu> | 2007-07-12 23:33:25 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2007-07-12 23:33:25 +0000 |
commit | 52571d9201c7bef4dc5ebdf14a41db1f7baddc8e (patch) | |
tree | 9f108e05e8881ea19954b4959fdca96d47daa615 /src/lib/kadm5 | |
parent | 57913ccc175061dd41e98914d50eda56dd9685c0 (diff) | |
download | krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.zip krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.gz krb5-52571d9201c7bef4dc5ebdf14a41db1f7baddc8e.tar.bz2 |
Avoid use of unchecked sprintf in libraries. Use asprintf if the
output buffer is allocated according to the size of data to be
written, or snprintf otherwise.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/kadm5')
-rw-r--r-- | src/lib/kadm5/alt_prof.c | 21 | ||||
-rw-r--r-- | src/lib/kadm5/chpass_util.c | 60 | ||||
-rw-r--r-- | src/lib/kadm5/clnt/client_init.c | 48 | ||||
-rw-r--r-- | src/lib/kadm5/logger.c | 14 | ||||
-rw-r--r-- | src/lib/kadm5/srv/server_kdb.c | 7 |
5 files changed, 72 insertions, 78 deletions
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index 5567b0c..6802090 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -468,20 +468,17 @@ krb5_error_code kadm5_get_config_params(context, use_kdc_config, * admin database name and lockfile are now always derived from dbname */ if (params.mask & KADM5_CONFIG_DBNAME) { - params.admin_dbname = (char *) malloc(strlen(params.dbname) + 7); - if (params.admin_dbname) { - sprintf(params.admin_dbname, "%s.kadm5", params.dbname); - params.mask |= KADM5_CONFIG_ADBNAME; - } + if (asprintf(¶ms.admin_dbname, "%s.kadm5", params.dbname) > 0) + params.mask |= KADM5_CONFIG_ADBNAME; + else + params.admin_dbname = NULL; } if (params.mask & KADM5_CONFIG_ADBNAME) { - params.admin_lockfile = (char *) malloc(strlen(params.admin_dbname) - + 6); - if (params.admin_lockfile) { - sprintf(params.admin_lockfile, "%s.lock", params.admin_dbname); - params.mask |= KADM5_CONFIG_ADB_LOCKFILE; - } + if (asprintf(¶ms.admin_lockfile, "%s.lock", params.admin_dbname) > 0) + params.mask |= KADM5_CONFIG_ADB_LOCKFILE; + else + params.admin_lockfile = NULL; } /* Get the value for the admin (policy) database lock file*/ @@ -816,7 +813,7 @@ kadm5_get_admin_service_name(krb5_context ctx, ret = ENOMEM; goto err_params; } - sprintf(admin_name, "kadmin/%s", hp->h_name); + snprintf(admin_name, maxlen, "kadmin/%s", hp->h_name); err_params: kadm5_free_config_params(ctx, ¶ms_out); diff --git a/src/lib/kadm5/chpass_util.c b/src/lib/kadm5/chpass_util.c index dc6ebb6..8f6f8c5 100644 --- a/src/lib/kadm5/chpass_util.c +++ b/src/lib/kadm5/chpass_util.c @@ -139,12 +139,13 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, if ((code != KADM5_PASS_Q_TOOSHORT) && (code != KADM5_PASS_REUSE) &&(code != KADM5_PASS_Q_CLASS) && (code != KADM5_PASS_Q_DICT) && (code != KADM5_PASS_TOOSOON)) { - /* Can't get more info for other errors */ - sprintf(buffer, "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); - return(code); + /* Can't get more info for other errors */ + snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); + snprintf(msg_ret, msg_len, "%s\n%s\n", + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + buffer); + return(code); } /* Ok, we have a password quality error. Return a good message */ @@ -200,31 +201,31 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, code2 = kadm5_get_policy(lhandle, princ_ent.policy, &policy_ent); if (code2 != 0) { - sprintf(msg_ret, "%s %s\n%s %s\n\n%s\n ", error_message(code2), - string_text(CHPASS_UTIL_GET_POLICY_INFO), - error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), - string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - return(code); + snprintf(msg_ret, msg_len, "%s %s\n%s %s\n\n%s\n ", error_message(code2), + string_text(CHPASS_UTIL_GET_POLICY_INFO), + error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE), + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED)); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + return(code); } if (code == KADM5_PASS_Q_TOOSHORT) { - sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), - policy_ent.pw_min_length); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - (void) kadm5_free_policy_ent(lhandle, &policy_ent); - return(code); + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SHORT), + policy_ent.pw_min_length); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + (void) kadm5_free_policy_ent(lhandle, &policy_ent); + return(code); } /* Can't get more info for other errors */ if (code == KADM5_PASS_Q_CLASS) { - sprintf(msg_ret, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), - policy_ent.pw_min_classes); - (void) kadm5_free_principal_ent(lhandle, &princ_ent); - (void) kadm5_free_policy_ent(lhandle, &policy_ent); - return(code); + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_TOO_FEW_CLASSES), + policy_ent.pw_min_classes); + (void) kadm5_free_principal_ent(lhandle, &princ_ent); + (void) kadm5_free_policy_ent(lhandle, &policy_ent); + return(code); } if (code == KADM5_PASS_TOOSOON) { @@ -237,18 +238,19 @@ kadm5_ret_t _kadm5_chpass_principal_util(void *server_handle, if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') *ptr = '\0'; - sprintf(msg_ret, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), - time_string); + snprintf(msg_ret, msg_len, string_text(CHPASS_UTIL_PASSWORD_TOO_SOON), + time_string); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); } /* We should never get here, but just in case ... */ - sprintf(buffer, "%s %s", error_message(code), - string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); - sprintf(msg_ret, "%s\n%s\n", string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), - buffer); + snprintf(buffer, sizeof(buffer), "%s %s", error_message(code), + string_text(CHPASS_UTIL_WHILE_TRYING_TO_CHANGE)); + snprintf(msg_ret, msg_len, "%s\n%s\n", + string_text(CHPASS_UTIL_PASSWORD_NOT_CHANGED), + buffer); (void) kadm5_free_principal_ent(lhandle, &princ_ent); (void) kadm5_free_policy_ent(lhandle, &policy_ent); return(code); diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index 92cb715..bdef3e2 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -405,23 +405,21 @@ kadm5_get_init_creds(kadm5_server_handle_t handle, if (init_type == INIT_CREDS) { ccache = ccache_in; - handle->cache_name = (char *) - malloc(strlen(krb5_cc_get_type(handle->context, ccache)) + - strlen(krb5_cc_get_name(handle->context, ccache)) + 2); - if (handle->cache_name == NULL) { - code = ENOMEM; - goto error; + if (asprintf(&handle->cache_name, "%s:%s", + krb5_cc_get_type(handle->context, ccache), + krb5_cc_get_name(handle->context, ccache)) < 0) { + handle->cache_name = NULL; + code = ENOMEM; + goto error; } - sprintf(handle->cache_name, "%s:%s", - krb5_cc_get_type(handle->context, ccache), - krb5_cc_get_name(handle->context, ccache)); } else { static int counter = 0; - handle->cache_name = malloc(sizeof("MEMORY:kadm5_") - + 3*sizeof(counter)); - sprintf(handle->cache_name, "MEMORY:kadm5_%u", counter++); - + if (asprintf(&handle->cache_name, "MEMORY:kadm5_%u", counter++) < 0) { + handle->cache_name = NULL; + code = ENOMEM; + goto error; + } code = krb5_cc_resolve(handle->context, handle->cache_name, &ccache); if (code) @@ -477,6 +475,7 @@ kadm5_gic_iter(kadm5_server_handle_t handle, krb5_keytab kt; krb5_get_init_creds_opt opt; krb5_creds mcreds, outcreds; + int n; ctx = handle->context; kt = NULL; @@ -487,20 +486,17 @@ kadm5_gic_iter(kadm5_server_handle_t handle, code = ENOMEM; if (realm) { - if ((strlen(svcname) + strlen(realm) + 1) >= full_svcname_len) - goto error; - sprintf(full_svcname, "%s@%s", svcname, realm); + n = snprintf(full_svcname, full_svcname_len, "%s@%s", + svcname, realm); + if (n < 0 || n >= full_svcname_len) + goto error; } else { - /* krb5_princ_realm(client) is not null terminated */ - if ((strlen(svcname) + krb5_princ_realm(ctx, client)->length + 1) - >= full_svcname_len) - goto error; - - strcpy(full_svcname, svcname); - strcat(full_svcname, "@"); - strncat(full_svcname, - krb5_princ_realm(ctx, client)->data, - krb5_princ_realm(ctx, client)->length); + /* krb5_princ_realm(client) is not null terminated */ + n = snprintf(full_svcname, full_svcname_len, "%s@%.*s", + svcname, krb5_princ_realm(ctx, client)->length, + krb5_princ_realm(ctx, client)->data); + if (n < 0 || n >= full_svcname_len) + goto error; } if (init_type != INIT_CREDS) diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index 86abf48..dabb399 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -189,7 +189,7 @@ klog_com_err_proc(const char *whoami, long int code, const char *format, va_list char *syslogp; /* Make the header */ - sprintf(outbuf, "%s: ", whoami); + snprintf(outbuf, sizeof(outbuf), "%s: ", whoami); /* * Squirrel away address after header for syslog since syslog makes * a header @@ -844,13 +844,13 @@ klog_vsyslog(int priority, const char *format, va_list arglist) cp += 15; #endif /* HAVE_STRFTIME */ #ifdef VERBOSE_LOGS - sprintf(cp, " %s %s[%ld](%s): ", - log_control.log_hostname ? log_control.log_hostname : "", - log_control.log_whoami ? log_control.log_whoami : "", - (long) getpid(), - severity2string(priority)); + snprintf(cp, sizeof(outbuf) - (cp-outbuf), " %s %s[%ld](%s): ", + log_control.log_hostname ? log_control.log_hostname : "", + log_control.log_whoami ? log_control.log_whoami : "", + (long) getpid(), + severity2string(priority)); #else - sprintf(cp, " "); + snprintf(cp, sizeof(outbuf) - (cp-outbuf), " "); #endif syslogp = &outbuf[strlen(outbuf)]; diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 6392ef1..700b53a 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -113,11 +113,10 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) realm = r; } - if ((hist_name = (char *) malloc(strlen(KADM5_HIST_PRINCIPAL) + - strlen(realm) + 2)) == NULL) + if (asprintf(&hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm) < 0) { + hist_name = NULL; goto done; - - (void) sprintf(hist_name, "%s@%s", KADM5_HIST_PRINCIPAL, realm); + } if ((ret = krb5_parse_name(handle->context, hist_name, &hist_princ))) goto done; |