ipfilter: Replace sprintf with range checking version (snprintf)

MFC after: 1 week
raweden · Dec 14, 2021 · 8f945ad · 8f945ad
1 parent e263821
commit 8f945ad
Show file tree

Hide file tree

Showing 8 changed files with 26 additions and 25 deletions.
diff --git a/sys/contrib/ipfilter/netinet/fil.c b/sys/contrib/ipfilter/netinet/fil.c
@@ -4305,7 +4305,7 @@ ipf_getstat(softc, fiop, rev)
 	fiop->f_features = ipf_features;
 
 #ifdef IPFILTER_COMPAT
-	sprintf(fiop->f_version, "IP Filter: v%d.%d.%d",
+	snprintf(fiop->f_version, sizeof(friostat.f_version), "IP Filter: v%d.%d.%d",
 		(rev / 1000000) % 100,
 		(rev / 10000) % 100,
 		(rev / 100) % 100);
@@ -5611,7 +5611,7 @@ ipf_grpmapinit(softc, fr)
 	char name[FR_GROUPLEN];
 	iphtable_t *iph;
 
-	(void) sprintf(name, "%d", fr->fr_arg);
+	(void) snprintf(name, sizeof(name), "%d", fr->fr_arg);
 	iph = ipf_lookup_find_htable(softc, IPL_LOGIPF, name);
 	if (iph == NULL) {
 		IPFERROR(38);
@@ -6168,7 +6168,7 @@ ipf_getifname(ifp, buffer)
 	unit = ifp->if_unit;
 	space = LIFNAMSIZ - (s - buffer);
 	if ((space > 0) && (unit >= 0)) {
-		(void) sprintf(temp, "%d", unit);
+		(void) snprintf(temp, sizeof(name), "%d", unit);
 		(void) strncpy(s, temp, space);
 	}
 # endif

diff --git a/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c b/sys/contrib/ipfilter/netinet/ip_ftp_pxy.c
@@ -403,7 +403,7 @@ ipf_p_ftp_port(softf, fin, ip, nat, ftp, dlen)
 	a4 = a1 & 0xff;
 	a1 >>= 24;
 	olen = s - f->ftps_rptr;
-	(void) sprintf(newbuf, "%s %u,%u,%u,%u,%u,%u\r\n",
+	(void) snprintf(newbuf, sizeof(newbuf), "%s %u,%u,%u,%u,%u,%u\r\n",
 		       "PORT", a1, a2, a3, a4, a5, a6);
 
 	nlen = strlen(newbuf);
@@ -828,7 +828,7 @@ ipf_p_ftp_pasv(softf, fin, ip, nat, ftp, dlen)
 	a4 = a1 & 0xff;
 	a1 >>= 24;
 
-	(void) sprintf(newbuf, "%s %s%u,%u,%u,%u,%u,%u%s\r\n",
+	(void) snprintf(newbuf, sizeof(newbuf), "%s %s%u,%u,%u,%u,%u,%u%s\r\n",
 		"227 Entering Passive Mode", brackets[0], a1, a2, a3, a4,
 		a5, a6, brackets[1]);
 	return ipf_p_ftp_pasvreply(softf, fin, ip, nat, ftp, (a5 << 8 | a6),
@@ -1837,7 +1837,7 @@ ipf_p_ftp_eprt4(softf, fin, ip, nat, ftp, dlen)
 	 * sense to preserve whatever character is being used by the systems
 	 * involved in the communication.
 	 */
-	(void) sprintf(newbuf, "%s %c1%c%u.%u.%u.%u%c%u%c\r\n",
+	(void) snprintf(newbuf, sizeof(newbuf), "%s %c1%c%u.%u.%u.%u%c%u%c\r\n",
 		       "EPRT", delim, delim, a1, a2, a3, a4, delim, port,
 			delim);
 
@@ -1938,7 +1938,7 @@ ipf_p_ftp_epsv(softf, fin, ip, nat, ftp, dlen)
 	}
 	s += 2;
 
-	(void) sprintf(newbuf, "%s (|||%u|)\r\n",
+	(void) snprintf(newbuf, sizeof(newbuf), "%s (|||%u|)\r\n",
 		       "229 Entering Extended Passive Mode", ap);
 
 	return ipf_p_ftp_pasvreply(softf, fin, ip, nat, ftp, (u_int)ap,
@@ -2084,24 +2084,25 @@ ipf_p_ftp_eprt6(softf, fin, ip, nat, ftp, dlen)
 	 */
 	s = newbuf;
 	left = sizeof(newbuf);
-	(void) sprintf(s, "EPRT %c2%c", delim, delim);
+	(void) snprintf(s, left, "EPRT %c2%c", delim, delim);
 	s += strlen(s);
 	a = ntohl(a6->i6[0]);
-	sprintf(s, "%x:%x:", a >> 16, a & 0xffff);
+	snprintf(s, left, "%x:%x:", a >> 16, a & 0xffff);
+	left -= strlen(s);
 	s += strlen(s);
 	a = ntohl(a6->i6[1]);
-	sprintf(s, "%x:%x:", a >> 16, a & 0xffff);
+	snprintf(s, left, "%x:%x:", a >> 16, a & 0xffff);
 	left -= strlen(s);
 	s += strlen(s);
 	a = ntohl(a6->i6[2]);
-	sprintf(s, "%x:%x:", a >> 16, a & 0xffff);
+	snprintf(s,  left,"%x:%x:", a >> 16, a & 0xffff);
 	left -= strlen(s);
 	s += strlen(s);
 	a = ntohl(a6->i6[3]);
-	sprintf(s, "%x:%x", a >> 16, a & 0xffff);
+	snprintf(s, left, "%x:%x", a >> 16, a & 0xffff);
 	left -= strlen(s);
 	s += strlen(s);
-	sprintf(s, "|%d|\r\n", port);
+	snprintf(s, left, "|%d|\r\n", port);
 	nlen = strlen(newbuf);
 	inc = nlen - olen;
 	if ((inc + fin->fin_plen) > 65535) {

diff --git a/sys/contrib/ipfilter/netinet/ip_htable.c b/sys/contrib/ipfilter/netinet/ip_htable.c
@@ -325,7 +325,7 @@ ipf_htable_create(softc, arg, op)
 		i = IPHASH_ANON;
 		do {
 			i++;
-			(void)sprintf(name, "%u", i);
+			(void)snprintf(name, sizeof(name), "%u", i);
 			for (oiph = softh->ipf_htables[unit + 1]; oiph != NULL;
 			     oiph = oiph->iph_next)
 				if (strncmp(oiph->iph_name, name,

diff --git a/sys/contrib/ipfilter/netinet/ip_irc_pxy.c b/sys/contrib/ipfilter/netinet/ip_irc_pxy.c
@@ -310,7 +310,7 @@ ipf_p_irc_send(fin, nat)
 	i++;
 	(void) strncpy(newbuf, ctcpbuf, i);
 	/* DO NOT change these! */
-	(void) sprintf(newbuf, "%u %u\001\r\n", a1, a5);
+	(void) snprintf(newbuf, sizeof(newbuf), "%u %u\001\r\n", a1, a5);
 
 	nlen = strlen(newbuf);
 	inc = nlen - olen;

diff --git a/sys/contrib/ipfilter/netinet/ip_lookup.c b/sys/contrib/ipfilter/netinet/ip_lookup.c
@@ -845,7 +845,7 @@ ipf_lookup_res_num(softc, unit, type, number, funcptr)
 {
 	char name[FR_GROUPLEN];
 
-	(void) sprintf(name, "%u", number);
+	(void) snprintf(name, sizeof(name), "%u", number);
 
 	return ipf_lookup_res_name(softc, unit, type, name, funcptr);
 }

diff --git a/sys/contrib/ipfilter/netinet/ip_pool.c b/sys/contrib/ipfilter/netinet/ip_pool.c
@@ -982,13 +982,13 @@ ipf_pool_create(softc, softp, op)
 		h->ipo_flags |= IPOOL_ANON;
 		poolnum = LOOKUP_ANON;
 
-		(void)sprintf(name, "%x", poolnum);
+		(void)snprintf(name, sizeof(name), "%x", poolnum);
 
 		for (p = softp->ipf_pool_list[unit + 1]; p != NULL; ) {
 			if (strncmp(name, p->ipo_name,
 				    sizeof(p->ipo_name)) == 0) {
 				poolnum++;
-				(void)sprintf(name, "%x", poolnum);
+				(void)snprintf(name, sizeof(name), "%x", poolnum);
 				p = softp->ipf_pool_list[unit + 1];
 			} else
 				p = p->ipo_next;

diff --git a/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c b/sys/contrib/ipfilter/netinet/ip_rpcb_pxy.c
@@ -789,7 +789,7 @@ ipf_p_rpcb_modreq(fin, nat, rm, m, off)
 
 	/* Form new string. */
 	bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */
-	(void) sprintf(uaddr,
+	(void) snprintf(uaddr, sizeof(uaddr),
 		       "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff,
 		       i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff);
 	len = strlen(uaddr);
@@ -1322,7 +1322,7 @@ ipf_p_rpcb_modv3(fin, nat, rm, m, off)
 
 	/* Form new string. */
 	bzero(uaddr, sizeof(uaddr)); /* Just in case we need padding. */
-	(void) sprintf(uaddr,
+	(void) snprintf(uaddr, sizeof(uaddr),
 		       "%u.%u.%u.%u.%u.%u", i[0] & 0xff, i[1] & 0xff,
 		       i[2] & 0xff, i[3] & 0xff, p[0] & 0xff, p[1] & 0xff);
 	len = strlen(uaddr);
@@ -1398,7 +1398,7 @@ ipf_p_rpcb_modv4(fin, nat, rm, m, off)
 		/* Form new string. */
 		bzero(uaddr, sizeof(uaddr)); /* Just in case we need
 						padding. */
-		(void) sprintf(uaddr,
+		(void) snprintf(uaddr, sizeof(uaddr),
 			       "%u.%u.%u.%u.%u.%u", i[0] & 0xff,
 			       i[1] & 0xff, i[2] & 0xff, i[3] & 0xff,
 			       p[0] & 0xff, p[1] & 0xff);

diff --git a/sys/contrib/ipfilter/netinet/radix_ipf.c b/sys/contrib/ipfilter/netinet/radix_ipf.c
@@ -1421,11 +1421,11 @@ add_addr(rnh, n, item)
 	stp->next = myst_top;
 	myst_top = stp;
 #ifdef RDX_DEBUG
-	(void) sprintf(rn[0].name, "_BORN.0");
-	(void) sprintf(rn[1].name, "_BORN.1");
+	(void) snprintf(rn[0].name, sizeof(ipf_rdx_node.name), "_BORN.0");
+	(void) snprintf(rn[1].name, sizeof(ipf_rdx_node.name), "_BORN.1");
 	rn = ipf_rx_addroute(rnh, &stp->dst, &stp->mask, stp->nodes);
-	(void) sprintf(rn[0].name, "%d_NODE.0", item);
-	(void) sprintf(rn[1].name, "%d_NODE.1", item);
+	(void) snprintf(rn[0].name, sizeof(ipf_rdx_node.name), "%d_NODE.0", item);
+	(void) snprintf(rn[1].name, sizeof(ipf_rdx_node.name), "%d_NODE.1", item);
 	printf("ADD %d/%d %s/%s\n", n, item, rn[0].name, rn[1].name);
 #endif
 	nodecount++;