From nobody Tue Dec 21 23:35:22 2021 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 3D8B81900B1A; Tue, 21 Dec 2021 23:35:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JJXrB4NGNz3pHs; Tue, 21 Dec 2021 23:35:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 5F95A12C77; Tue, 21 Dec 2021 23:35:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BLNZMXC049581; Tue, 21 Dec 2021 23:35:22 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BLNZMP9049580; Tue, 21 Dec 2021 23:35:22 GMT (envelope-from git) Date: Tue, 21 Dec 2021 23:35:22 GMT Message-Id: <202112212335.1BLNZMP9049580@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Cy Schubert Subject: git: ef04e3d5a3fa - stable/13 - ipfilter: Replace sprintf with range checking version (snprintf) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: cy X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: ef04e3d5a3facf8ee1d73bf60d1490e5e8939d4b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1640129722; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4P7dhAywlDiERLLPmxIKVZ3rFWwj2fmOSAuYnKZSgaw=; b=xwi51DQGrz06cEM1AM/jXC3HNGUmoXUZ+JfdJhC7DNsjgANxAaEnh8myw7DgIkV/JI4utz M6W/1QwQoFSJ8x7Dc1b57m/e1OCFSwXRnr7VLBdNi3AkWCsgQ/Erb9ZodIIbMgbwT942TL 9cPJkMqaQBsovmQX+sNSwrVdBjiswS0W51ZlyFajoVr7tGTOVsuNIuryUVH0FE/HeIPihA w7Y3cnhRm00l67K0SUGH7l501D7geY3hE5/nwHCl6NbvEQKrjhXRZZQG2ax3h94/jku05Q Z2sGD+HqtaOAzsC67TiuFFlC1LL1dJBg3r5Cwoei3JsKV8nFsBtWnOar6ibb2Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1640129722; a=rsa-sha256; cv=none; b=GCZ2d6VB4TfSxi9wyxaGSqg/0mGTyLq7OyKWgePMgk+loVsDqwg38XuieDAe9VOwy2HJWQ 50nQ2LmYtOGNv937skgCcvGalzHK5fhn6zjEjXGgQ5E0BVNTvvHSEo8nJ6YbM4Is/TvSHU APyYw0lmm23Td2yE5XBpR/Y67wCDQohx1dUwIzaLpx1orNr5RMdSH6g1FtVZ+2aWHeL0Ge ciNSWcC98q1P1XIH1sLtBmFF+652sTzDvvJ2zCl7kpMIY9IgEsQqeJ67R2BV1XTOqptXTa 8jn5OmIS5iu0t4IrS1qmJULAXWDzBIAJdS+xpYx+gFRhoo6c5ah2mssW/6SzMw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=ef04e3d5a3facf8ee1d73bf60d1490e5e8939d4b commit ef04e3d5a3facf8ee1d73bf60d1490e5e8939d4b Author: Cy Schubert AuthorDate: 2021-12-13 21:24:17 +0000 Commit: Cy Schubert CommitDate: 2021-12-21 23:34:40 +0000 ipfilter: Replace sprintf with range checking version (snprintf) (cherry picked from commit 8f945ad25f3193b4a204a12d58b186f1932d3659) --- sys/contrib/ipfilter/netinet/fil.c | 6 +++--- sys/contrib/ipfilter/netinet/ip_ftp_pxy.c | 21 +++++++++++---------- sys/contrib/ipfilter/netinet/ip_htable.c | 2 +- sys/contrib/ipfilter/netinet/ip_irc_pxy.c | 2 +- sys/contrib/ipfilter/netinet/ip_lookup.c | 2 +- sys/contrib/ipfilter/netinet/ip_pool.c | 4 ++-- sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c | 6 +++--- sys/contrib/ipfilter/netinet/radix_ipf.c | 8 ++++---- 8 files changed, 26 insertions(+), 25 deletions(-) diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c index 983cb5214606..7e86c58cd3b6 100644 --- a/sys/contrib/ipfilter/netinet/fil.c +++ b/sys/contrib/ipfilter/netinet/fil.c @@ -4305,7 +4305,7 @@ ipf_getstat(softc, fiop, rev) fiop->f_features = ipf_features; #ifdef IPFILTER_COMPAT - sprintf(fiop->f_version, "IP Filter: v%d.%d.%d", + snprintf(fiop->f_version, sizeof(friostat.f_version), "IP Filter: v%d.%d.%d", (rev / 1000000) % 100, (rev / 10000) % 100, (rev / 100) % 100); @@ -5611,7 +5611,7 @@ ipf_grpmapinit(softc, fr) char name[FR_GROUPLEN]; iphtable_t *iph; - (void) sprintf(name, "%d", fr->fr_arg); + (void) snprintf(name, sizeof(name), "%d", fr->fr_arg); iph = ipf_lookup_find_htable(softc, IPL_LOGIPF, name); if (iph == NULL) { IPFERROR(38); @@ -6168,7 +6168,7 @@ ipf_getifname(ifp, buffer) unit = ifp->if_unit; space = LIFNAMSIZ - (s - buffer); if ((space > 0) && (unit >= 0)) { - (void) sprintf(temp, "%d", unit); + (void) snprintf(temp, sizeof(name), "%d", unit); (void) strncpy(s, temp, space); } # endif diff --git a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c index 9783d2dd39a7..9dcfca35de24 100644 --- a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c @@ -403,7 +403,7 @@ ipf_p_ftp_port(softf, fin, ip, nat, ftp, dlen) a4 = a1 & 0xff; a1 >>= 24; olen = s - f->ftps_rptr; - (void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n", + (void) snprintf(newbuf, sizeof(newbuf), "%s %u,%u,%u,%u,%u,%u\r\n", "PORT", a1, a2, a3, a4, a5, a6); nlen = strlen(newbuf); @@ -828,7 +828,7 @@ ipf_p_ftp_pasv(softf, fin, ip, nat, ftp, dlen) a4 = a1 & 0xff; a1 >>= 24; - (void) sprintf(newbuf, "%s %s%u,%u,%u,%u,%u,%u%s\r\n", + (void) snprintf(newbuf, sizeof(newbuf), "%s %s%u,%u,%u,%u,%u,%u%s\r\n", "227 Entering Passive Mode", brackets[0], a1, a2, a3, a4, a5, a6, brackets[1]); return ipf_p_ftp_pasvreply(softf, fin, ip, nat, ftp, (a5 << 8 | a6), @@ -1837,7 +1837,7 @@ ipf_p_ftp_eprt4(softf, fin, ip, nat, ftp, dlen) * sense to preserve whatever character is being used by the systems * involved in the communication. */ - (void) sprintf(newbuf, "%s %c1%c%u.%u.%u.%u%c%u%c\r\n", + (void) snprintf(newbuf, sizeof(newbuf), "%s %c1%c%u.%u.%u.%u%c%u%c\r\n", "EPRT", delim, delim, a1, a2, a3, a4, delim, port, delim); @@ -1938,7 +1938,7 @@ ipf_p_ftp_epsv(softf, fin, ip, nat, ftp, dlen) } s += 2; - (void) sprintf(newbuf, "%s (|||%u|)\r\n", + (void) snprintf(newbuf, sizeof(newbuf), "%s (|||%u|)\r\n", "229 Entering Extended Passive Mode", ap); return ipf_p_ftp_pasvreply(softf, fin, ip, nat, ftp, (u_int)ap, @@ -2084,24 +2084,25 @@ ipf_p_ftp_eprt6(softf, fin, ip, nat, ftp, dlen) */ s = newbuf; left = sizeof(newbuf); - (void) sprintf(s, "EPRT %c2%c", delim, delim); + (void) snprintf(s, left, "EPRT %c2%c", delim, delim); s += strlen(s); a = ntohl(a6->i6[0]); - sprintf(s, "%x:%x:", a >> 16, a & 0xffff); + snprintf(s, left, "%x:%x:", a >> 16, a & 0xffff); + left -= strlen(s); s += strlen(s); a = ntohl(a6->i6[1]); - sprintf(s, "%x:%x:", a >> 16, a & 0xffff); + snprintf(s, left, "%x:%x:", a >> 16, a & 0xffff); left -= strlen(s); s += strlen(s); a = ntohl(a6->i6[2]); - sprintf(s, "%x:%x:", a >> 16, a & 0xffff); + snprintf(s, left,"%x:%x:", a >> 16, a & 0xffff); left -= strlen(s); s += strlen(s); a = ntohl(a6->i6[3]); - sprintf(s, "%x:%x", a >> 16, a & 0xffff); + snprintf(s, left, "%x:%x", a >> 16, a & 0xffff); left -= strlen(s); s += strlen(s); - sprintf(s, "|%d|\r\n", port); + snprintf(s, left, "|%d|\r\n", port); nlen = strlen(newbuf); inc = nlen - olen; if ((inc + fin->fin_plen) > 65535) { diff --git a/sys/contrib/ipfilter/netinet/ip_htable.c b/sys/contrib/ipfilter/netinet/ip_htable.c index db65c8652be4..d1c20448f9ec 100644 --- a/sys/contrib/ipfilter/netinet/ip_htable.c +++ b/sys/contrib/ipfilter/netinet/ip_htable.c @@ -325,7 +325,7 @@ ipf_htable_create(softc, arg, op) i = IPHASH_ANON; do { i++; - (void)sprintf(name, "%u", i); + (void)snprintf(name, sizeof(name), "%u", i); for (oiph = softh->ipf_htables[unit + 1]; oiph != NULL; oiph = oiph->iph_next) if (strncmp(oiph->iph_name, name, diff --git a/sys/contrib/ipfilter/netinet/ip_irc_pxy.c b/sys/contrib/ipfilter/netinet/ip_irc_pxy.c index a233d24b9a87..cedc55c081d1 100644 --- a/sys/contrib/ipfilter/netinet/ip_irc_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_irc_pxy.c @@ -310,7 +310,7 @@ ipf_p_irc_send(fin, nat) i++; (void) strncpy(newbuf, ctcpbuf, i); /* DO NOT change these! */ - (void) sprintf(newbuf, "%u %u\001\r\n", a1, a5); + (void) snprintf(newbuf, sizeof(newbuf), "%u %u\001\r\n", a1, a5); nlen = strlen(newbuf); inc = nlen - olen; diff --git a/sys/contrib/ipfilter/netinet/ip_lookup.c b/sys/contrib/ipfilter/netinet/ip_lookup.c index 931d91f4e5f2..1a92093080b1 100644 --- a/sys/contrib/ipfilter/netinet/ip_lookup.c +++ b/sys/contrib/ipfilter/netinet/ip_lookup.c @@ -845,7 +845,7 @@ ipf_lookup_res_num(softc, unit, type, number, funcptr) { char name[FR_GROUPLEN]; - (void) sprintf(name, "%u", number); + (void) snprintf(name, sizeof(name), "%u", number); return ipf_lookup_res_name(softc, unit, type, name, funcptr); } diff --git a/sys/contrib/ipfilter/netinet/ip_pool.c b/sys/contrib/ipfilter/netinet/ip_pool.c index a890fdf455fc..bb026fb40b3e 100644 --- a/sys/contrib/ipfilter/netinet/ip_pool.c +++ b/sys/contrib/ipfilter/netinet/ip_pool.c @@ -982,13 +982,13 @@ ipf_pool_create(softc, softp, op) h->ipo_flags |= IPOOL_ANON; poolnum = LOOKUP_ANON; - (void)sprintf(name, "%x", poolnum); + (void)snprintf(name, sizeof(name), "%x", poolnum); for (p = softp->ipf_pool_list[unit + 1]; p != NULL; ) { if (strncmp(name, p->ipo_name, sizeof(p->ipo_name)) == 0) { poolnum++; - (void)sprintf(name, "%x", poolnum); + (void)snprintf(name, sizeof(name), "%x", poolnum); p = softp->ipf_pool_list[unit + 1]; } else p = p->ipo_next; diff --git a/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c b/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c index 88e300b0625f..1b283ab76b97 100644 --- a/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c +++ b/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c @@ -789,7 +789,7 @@ ipf_p_rpcb_modreq(fin, nat, rm, m, off) /* Form new string. */ bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */ - (void) sprintf(uaddr, + (void) snprintf(uaddr, sizeof(uaddr), "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff, i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff); len = strlen(uaddr); @@ -1322,7 +1322,7 @@ ipf_p_rpcb_modv3(fin, nat, rm, m, off) /* Form new string. */ bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */ - (void) sprintf(uaddr, + (void) snprintf(uaddr, sizeof(uaddr), "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff, i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff); len = strlen(uaddr); @@ -1398,7 +1398,7 @@ ipf_p_rpcb_modv4(fin, nat, rm, m, off) /* Form new string. */ bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */ - (void) sprintf(uaddr, + (void) snprintf(uaddr, sizeof(uaddr), "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff, i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff); diff --git a/sys/contrib/ipfilter/netinet/radix_ipf.c b/sys/contrib/ipfilter/netinet/radix_ipf.c index 9dc606bb8a11..02e73de54c6a 100644 --- a/sys/contrib/ipfilter/netinet/radix_ipf.c +++ b/sys/contrib/ipfilter/netinet/radix_ipf.c @@ -1421,11 +1421,11 @@ add_addr(rnh, n, item) stp->next = myst_top; myst_top = stp; #ifdef RDX_DEBUG - (void) sprintf(rn[0].name, "_BORN.0"); - (void) sprintf(rn[1].name, "_BORN.1"); + (void) snprintf(rn[0].name, sizeof(ipf_rdx_node.name), "_BORN.0"); + (void) snprintf(rn[1].name, sizeof(ipf_rdx_node.name), "_BORN.1"); rn = ipf_rx_addroute(rnh, &stp->dst, &stp->mask, stp->nodes); - (void) sprintf(rn[0].name, "%d_NODE.0", item); - (void) sprintf(rn[1].name, "%d_NODE.1", item); + (void) snprintf(rn[0].name, sizeof(ipf_rdx_node.name), "%d_NODE.0", item); + (void) snprintf(rn[1].name, sizeof(ipf_rdx_node.name), "%d_NODE.1", item); printf("ADD %d/%d %s/%s\n", n, item, rn[0].name, rn[1].name); #endif nodecount++;