diff -ruN util/Class2Params.c++.orig util/Class2Params.c++ --- util/Class2Params.c++.orig Sun Jun 13 00:41:19 1999 +++ util/Class2Params.c++ Mon Jun 12 21:52:43 2000 @@ -59,14 +59,15 @@ } static char* -addParam(char* cp, u_int v) +addParam(char* cp, u_int v, int *maxn) { if (v != (u_int)-1) { - sprintf(cp, ",%u", v); - while (*cp != '\0') cp++; + snprintf(cp, *maxn, ",%u", v); + while (*cp != '\0') { cp++; (*maxn)++; } } else { *cp++ = ','; *cp = '\0'; + (*maxn)++; } return (cp); } @@ -76,18 +77,19 @@ { char buf[1024]; char* cp = buf; + int n = sizeof(buf); if (vr != (u_int) -1) { - sprintf(cp, "%u", vr); - while (*cp != '\0') cp++; + snprintf(cp, n, "%u", vr); + while (*cp != '\0') { cp++; n--; } } - cp = addParam(cp, br); - cp = addParam(cp, wd); - cp = addParam(cp, ln); - cp = addParam(cp, df); - cp = addParam(cp, ec); - cp = addParam(cp, bf); - cp = addParam(cp, st); + cp = addParam(cp, br, &n); + cp = addParam(cp, wd, &n); + cp = addParam(cp, ln, &n); + cp = addParam(cp, df, &n); + cp = addParam(cp, ec, &n); + cp = addParam(cp, bf, &n); + cp = addParam(cp, st, &n); return fxStr(buf); } diff -ruN util/FaxClient.c++.orig util/FaxClient.c++ --- util/FaxClient.c++.orig Thu Jun 17 04:05:38 1999 +++ util/FaxClient.c++ Mon Jun 12 21:52:43 2000 @@ -623,7 +623,7 @@ traceServer("-> ADMIN XXXX"); } else { char buf[128]; - sprintf(buf, "-> %s", fmt); + snprintf(buf, sizeof(buf), "-> %s", fmt); vtraceServer(buf, ap); } } diff -ruN util/PageSize.c++.orig util/PageSize.c++ --- util/PageSize.c++.orig Sun Jun 13 00:41:23 1999 +++ util/PageSize.c++ Mon Jun 12 21:52:43 2000 @@ -72,7 +72,7 @@ PageSizeInfo::readPageInfoFile() { char file[1024]; - sprintf(file, "%s/%s", FAX_LIBDATA, FAX_PAGESIZES); + snprintf(file, sizeof(file), "%s/%s", FAX_LIBDATA, FAX_PAGESIZES); PageInfoArray* info = new PageInfoArray; FILE* fp = fopen(file, "r"); u_int lineno = 0; diff -ruN util/SNPPClient.c++.orig util/SNPPClient.c++ --- util/SNPPClient.c++.orig Sun Jun 13 00:41:24 1999 +++ util/SNPPClient.c++ Mon Jun 12 21:52:43 2000 @@ -638,7 +638,7 @@ traceServer("-> LOGI XXXX"); else { char buf[128]; - sprintf(buf, "-> %s", fmt); + snprintf(buf, sizeof(buf), "-> %s", fmt); vtraceServer(buf, ap); } } diff -ruN util/StackBuffer.c++.orig util/StackBuffer.c++ --- util/StackBuffer.c++.orig Fri Jan 1 20:12:43 1999 +++ util/StackBuffer.c++ Mon Jun 12 21:52:44 2000 @@ -105,7 +105,7 @@ fxStackBuffer::vput(const char* fmt, va_list ap) { char buf[8*1024]; - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); put(buf); } diff -ruN util/Str.c++.orig util/Str.c++ --- util/Str.c++.orig Sun Jun 13 00:41:25 1999 +++ util/Str.c++ Mon Jun 12 21:52:44 2000 @@ -91,7 +91,7 @@ { char buffer[NUMBUFSIZE]; if (!format) format = "%d"; - sprintf(buffer,format,a); + snprintf(buffer,sizeof(buffer),format,a); slength = strlen(buffer) + 1; data = (char*) malloc(slength); memcpy(data,buffer,slength); @@ -101,7 +101,7 @@ { char buffer[NUMBUFSIZE]; if (!format) format = "%ld"; - sprintf(buffer,format,a); + snprintf(buffer,sizeof(buffer),format,a); slength = strlen(buffer) + 1; data = (char*) malloc(slength); memcpy(data,buffer,slength); @@ -111,7 +111,7 @@ { char buffer[NUMBUFSIZE]; if (!format) format = "%g"; - sprintf(buffer,format,a); + snprintf(buffer,sizeof(buffer),format,a); slength = strlen(buffer) + 1; fxAssert(slength>1, "Str::Str(float): bogus conversion"); data = (char*) malloc(slength); @@ -122,7 +122,7 @@ { char buffer[NUMBUFSIZE]; if (!format) format = "%lg"; - sprintf(buffer,format,a); + snprintf(buffer,sizeof(buffer),format,a); slength = strlen(buffer) + 1; fxAssert(slength>1, "Str::Str(double): bogus conversion"); data = (char*) malloc(slength); // XXX assume slength>1 @@ -141,7 +141,7 @@ char buf[4096]; va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); va_end(ap); return fxStr(buf); } @@ -150,7 +150,7 @@ fxStr::vformat(const char* fmt, va_list ap) { char buf[4096]; - vsprintf(buf, fmt, ap); + vsnprintf(buf, sizeof(buf), fmt, ap); return fxStr(buf); } diff -ruN util/Str.h.orig util/Str.h --- util/Str.h.orig Sun Jun 13 00:41:25 1999 +++ util/Str.h Mon Jun 12 21:52:44 2000 @@ -93,8 +93,8 @@ fxStr(const fxTempStr&); ~fxStr(); - static fxStr format(const char* fmt ...); // sprintf sort of - static fxStr vformat(const char* fmt, va_list ap); // vsprintf sort of + static fxStr format(const char* fmt ...); // snprintf sort of + static fxStr vformat(const char* fmt, va_list ap); // vsnprintf sort of static fxStr null; // null string for general use ///////////////////////////////////////////////////// u_long hash() const; diff -ruN util/faxadduser.c.orig util/faxadduser.c --- util/faxadduser.c.orig Wed Aug 11 04:59:28 1999 +++ util/faxadduser.c Mon Jun 12 21:52:44 2000 @@ -81,7 +81,7 @@ } hf = fopen(hostfile, "a+"); if (hf == NULL) { - sprintf(buff, "Error - cannot open hosts file: %s", hostfile); + snprintf(buff, sizeof(buff), "Error - cannot open hosts file: %s", hostfile); perror(buff); return 0; } diff -ruN util/faxconfig.c.orig util/faxconfig.c --- util/faxconfig.c.orig Fri Jan 1 20:04:28 1999 +++ util/faxconfig.c Mon Jun 12 21:52:45 2000 @@ -81,12 +81,12 @@ } if (devid != NULL) { if (devid[0] == FAX_FIFO[0]) - strcpy(fifoname, devid); + strlcpy(fifoname, devid, sizeof(fifoname)); else - sprintf(fifoname, "%s.%.*s", FAX_FIFO, + snprintf(fifoname, sizeof(fifoname), "%s.%.*s", FAX_FIFO, sizeof (fifoname) - sizeof (FAX_FIFO), devid); } else - strcpy(fifoname, FAX_FIFO); + strlcpy(fifoname, FAX_FIFO, sizeof(fifoname)); for (cp = fifoname; cp = strchr(cp, '/'); *cp++ = '_') ; if (chdir(spooldir) < 0) @@ -99,6 +99,8 @@ do { int quote; char *cmd; + int len; + if (argc - optind < 2) fatal("Missing value for \"%s\" parameter.\n", argv[optind]); @@ -109,12 +111,13 @@ quote = (*cp != '\0'); } else quote = 1; - cmd = malloc(strlen(argv[optind])+strlen(argv[optind+1])+10); + len = strlen(argv[optind])+strlen(argv[optind+1])+10; + cmd = malloc(len); if (quote) - sprintf(cmd, "C%s%s:\"%s\"", + snprintf(cmd, len, "C%s%s:\"%s\"", isQueuer ? ":" : "", argv[optind], argv[optind+1]); else - sprintf(cmd, "C%s%s:%s", + snprintf(cmd, len, "C%s%s:%s", isQueuer ? ":" : "", argv[optind], argv[optind+1]); if (write(fifo, cmd, strlen(cmd)) != strlen(cmd)) fatal("%s: FIFO write failed for command (%s)", diff -ruN util/faxdeluser.c.orig util/faxdeluser.c --- util/faxdeluser.c.orig Thu Aug 5 02:46:06 1999 +++ util/faxdeluser.c Mon Jun 12 21:52:45 2000 @@ -64,14 +64,14 @@ } } if ((hf = fopen(hostfile, "r+")) == NULL) { - sprintf(buff, "Error - cannot open file: %s", hostfile); + snprintf(buff, sizeof(buff), "Error - cannot open file: %s", hostfile); perror(buff); return 0; } - sprintf(newhostfile, "%s.%i", hostfile, (int)getpid()); + snprintf(newhostfile, sizeof(newhostfile), "%s.%i", hostfile, (int)getpid()); fd = open(newhostfile, O_CREAT | O_EXCL | O_WRONLY, S_IRUSR | S_IWUSR); if (fd == -1) { - sprintf(buff, "Error cannot open file %s", newhostfile); + snprintf(buff, sizeof(buff), "Error cannot open file %s", newhostfile); perror(buff); return 0; } @@ -87,7 +87,7 @@ } if (!skip) { if (write(fd, buff, strlen(buff)) == -1) { - sprintf(buff, "Error writing to file %s", newhostfile); + snprintf(buff, sizeof(buff), "Error writing to file %s", newhostfile); perror(buff); return 0; } diff -ruN util/faxmodem.c.orig util/faxmodem.c --- util/faxmodem.c.orig Fri Jan 1 20:04:28 1999 +++ util/faxmodem.c Mon Jun 12 21:52:45 2000 @@ -243,9 +243,9 @@ if (optind != argc-1) fatal("Missing modem device.\nusage: %s %s modem", argv[0], usage); if (strncmp(argv[optind], _PATH_DEV, strlen(_PATH_DEV)) == 0) - strcpy(devname, argv[optind]+strlen(_PATH_DEV)); + strlcpy(devname, argv[optind]+strlen(_PATH_DEV), sizeof(devname)); else - strcpy(devname, argv[optind]); + strlcpy(devname, argv[optind], sizeof(devname)); for (cp = devname; cp = strchr(cp, '/'); *cp++ = '_') ; if (chdir(spooldir) < 0) @@ -254,9 +254,10 @@ if (fifo < 0) fatal("%s: open: %s", FAX_FIFO, strerror(errno)); if (priority != -1) - sprintf(cmd, "+%s:R%c%08x:%x", devname, canpoll, caps, priority); + snprintf(cmd, sizeof(cmd), "+%s:R%c%08x:%x", devname, canpoll, caps, + priority); else - sprintf(cmd, "+%s:R%c%08x", devname, canpoll, caps); + snprintf(cmd, sizeof(cmd), "+%s:R%c%08x", devname, canpoll, caps); if (write(fifo, cmd, strlen(cmd)) != strlen(cmd)) fatal("%s: FIFO write failed for command (%s)", argv[0], strerror(errno)); diff -ruN util/faxmsg.c.orig util/faxmsg.c --- util/faxmsg.c.orig Fri Jan 1 20:04:28 1999 +++ util/faxmsg.c Mon Jun 12 21:52:45 2000 @@ -108,12 +108,12 @@ } if (optind == argc-1) { if (argv[optind][0] == FAX_FIFO[0]) - strcpy(fifoname, argv[optind]); + strlcpy(fifoname, argv[optind], sizeof(fifoname)); else - sprintf(fifoname, "%s.%.*s", FAX_FIFO, + snprintf(fifoname, sizeof(fifoname), "%s.%.*s", FAX_FIFO, sizeof (fifoname) - sizeof (FAX_FIFO), argv[optind]); } else if (!modemRequired) { - strcpy(fifoname, FAX_FIFO); + strlcpy(fifoname, FAX_FIFO, sizeof(fifoname)); } else fatal("usage: %s %s", argv[0], usage); for (cp = fifoname; cp = strchr(cp, '/'); *cp++ = '_') @@ -123,7 +123,7 @@ fifo = open(fifoname, O_WRONLY|O_NDELAY); if (fifo < 0) fatal("%s: open: %s", fifoname, strerror(errno)); - sprintf(cmd, cmdfmt, arg); + snprintf(cmd, sizeof(cmd), cmdfmt, arg); if (write(fifo, cmd, strlen(cmd)) != strlen(cmd)) fatal("FIFO write failed for command (%s)", strerror(errno)); (void) close(fifo); diff -ruN util/faxstate.c.orig util/faxstate.c --- util/faxstate.c.orig Fri Jan 1 20:04:28 1999 +++ util/faxstate.c Mon Jun 12 21:52:46 2000 @@ -113,7 +113,7 @@ } if (optind != argc-1) fatal("Bad option `%c'; usage: %s %s modem", c, argv[0], usage); - strcpy(devid, argv[optind]); + strlcpy(devid, argv[optind], sizeof(devid)); for (cp = devid; cp = strchr(cp, '/'); *cp++ = '_') ; if (chdir(spooldir) < 0) @@ -126,16 +126,16 @@ fifo = open(FAX_FIFO, O_WRONLY|O_NDELAY); if (fifo < 0) fatal("%s: open: %s", FAX_FIFO, strerror(errno)); - sprintf(cmd, "+%s:%s", devid, arg); + snprintf(cmd, sizeof(cmd), "+%s:%s", devid, arg); if (write(fifo, cmd, strlen(cmd)) != strlen(cmd)) fatal("FIFO write failed for command (%s)", strerror(errno)); } else { - sprintf(fifoname, "%s.%.*s", FAX_FIFO, + snprintf(fifoname, sizeof(fifoname), "%s.%.*s", FAX_FIFO, sizeof (fifoname) - sizeof (FAX_FIFO), devid); fifo = open(fifoname, O_WRONLY|O_NDELAY); if (fifo < 0) fatal("%s: open: %s", fifoname, strerror(errno)); - sprintf(cmd, "S%s", arg); + snprintf(cmd, sizeof(cmd), "S%s", arg); if (write(fifo, cmd, strlen(cmd)) != strlen(cmd)) fatal("FIFO write failed for command (%s)", strerror(errno)); }