summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorderaadt <>2003-04-04 06:55:14 +0000
committerderaadt <>2003-04-04 06:55:14 +0000
commit51cfbad8720d74250fd6d37c8986e1b47d588f8d (patch)
treeefd63fdaa844daff89f7dbc260f5d81e0eb91b82
parentbb3ab39eadbb997785927b2f22f09cde22fdf9ff (diff)
downloadopenbsd-51cfbad8720d74250fd6d37c8986e1b47d588f8d.tar.gz
openbsd-51cfbad8720d74250fd6d37c8986e1b47d588f8d.tar.bz2
openbsd-51cfbad8720d74250fd6d37c8986e1b47d588f8d.zip
more strcpy & sprintf murder; ho ok
Diffstat
-rw-r--r--src/lib/libcrypto/cversion.c6
-rw-r--r--src/lib/libssl/src/apps/ca.c10
-rw-r--r--src/lib/libssl/src/apps/dgst.c5
-rw-r--r--src/lib/libssl/src/apps/enc.c2
-rw-r--r--src/lib/libssl/src/apps/openssl.c6
-rw-r--r--src/lib/libssl/src/apps/pkcs12.c4
-rw-r--r--src/lib/libssl/src/apps/req.c38
-rw-r--r--src/lib/libssl/src/apps/s_socket.c2
-rw-r--r--src/lib/libssl/src/apps/s_time.c6
-rw-r--r--src/lib/libssl/src/apps/x509.c4
-rw-r--r--src/lib/libssl/src/crypto/cversion.c6
11 files changed, 45 insertions, 44 deletions
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c
index f7a1b7a4f0..56471fa74c 100644
--- a/src/lib/libcrypto/cversion.c
+++ b/src/lib/libcrypto/cversion.c
@@ -74,7 +74,7 @@ const char *SSLeay_version(int t)
74#ifdef DATE 74#ifdef DATE
75 static char buf[sizeof(DATE)+11]; 75 static char buf[sizeof(DATE)+11];
76 76
77 sprintf(buf,"built on: %s",DATE); 77 snprintf(buf,sizeof buf,"built on: %s",DATE);
78 return(buf); 78 return(buf);
79#else 79#else
80 return("built on: date not available"); 80 return("built on: date not available");
@@ -85,7 +85,7 @@ const char *SSLeay_version(int t)
85#ifdef CFLAGS 85#ifdef CFLAGS
86 static char buf[sizeof(CFLAGS)+11]; 86 static char buf[sizeof(CFLAGS)+11];
87 87
88 sprintf(buf,"compiler: %s",CFLAGS); 88 snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
89 return(buf); 89 return(buf);
90#else 90#else
91 return("compiler: information not available"); 91 return("compiler: information not available");
@@ -96,7 +96,7 @@ const char *SSLeay_version(int t)
96#ifdef PLATFORM 96#ifdef PLATFORM
97 static char buf[sizeof(PLATFORM)+11]; 97 static char buf[sizeof(PLATFORM)+11];
98 98
99 sprintf(buf,"platform: %s", PLATFORM); 99 snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
100 return(buf); 100 return(buf);
101#else 101#else
102 return("platform: information not available"); 102 return("platform: information not available");
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 2d57fb490c..204974eeea 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -2933,16 +2933,16 @@ char *make_revocation_str(int rev_type, char *rev_arg)
2933 2933
2934 if (!str) return NULL; 2934 if (!str) return NULL;
2935 2935
2936 strcpy(str, (char *)revtm->data); 2936 strlcpy(str, (char *)revtm->data, i);
2937 if (reason) 2937 if (reason)
2938 { 2938 {
2939 strcat(str, ","); 2939 strlcat(str, ",", i);
2940 strcat(str, reason); 2940 strlcat(str, reason, i);
2941 } 2941 }
2942 if (other) 2942 if (other)
2943 { 2943 {
2944 strcat(str, ","); 2944 strlcat(str, ",", i);
2945 strcat(str, other); 2945 strlcat(str, other, i);
2946 } 2946 }
2947 ASN1_UTCTIME_free(revtm); 2947 ASN1_UTCTIME_free(revtm);
2948 return str; 2948 return str;
diff --git a/src/lib/libssl/src/apps/dgst.c b/src/lib/libssl/src/apps/dgst.c
index 7f612caf23..18bdd56c62 100644
--- a/src/lib/libssl/src/apps/dgst.c
+++ b/src/lib/libssl/src/apps/dgst.c
@@ -338,8 +338,9 @@ int MAIN(int argc, char **argv)
338 } 338 }
339 if(!out_bin) 339 if(!out_bin)
340 { 340 {
341 tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5); 341 size_t len = strlen(name)+strlen(argv[i])+5;
342 sprintf(tmp,"%s(%s)= ",name,argv[i]); 342 tmp=tofree=OPENSSL_malloc(len);
343 snprintf(tmp,len,"%s(%s)= ",name,argv[i]);
343 } 344 }
344 else 345 else
345 tmp=""; 346 tmp="";
diff --git a/src/lib/libssl/src/apps/enc.c b/src/lib/libssl/src/apps/enc.c
index 1ba2ea2f68..cb2fa59db9 100644
--- a/src/lib/libssl/src/apps/enc.c
+++ b/src/lib/libssl/src/apps/enc.c
@@ -363,7 +363,7 @@ bad:
363 { 363 {
364 char buf[200]; 364 char buf[200];
365 365
366 sprintf(buf,"enter %s %s password:", 366 snprintf(buf,sizeof buf,"enter %s %s password:",
367 OBJ_nid2ln(EVP_CIPHER_nid(cipher)), 367 OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
368 (enc)?"encryption":"decryption"); 368 (enc)?"encryption":"decryption");
369 strbuf[0]='\0'; 369 strbuf[0]='\0';
diff --git a/src/lib/libssl/src/apps/openssl.c b/src/lib/libssl/src/apps/openssl.c
index 1c4a4291aa..811b305622 100644
--- a/src/lib/libssl/src/apps/openssl.c
+++ b/src/lib/libssl/src/apps/openssl.c
@@ -262,11 +262,11 @@ int main(int Argc, char *Argv[])
262 p=getenv("SSLEAY_CONF"); 262 p=getenv("SSLEAY_CONF");
263 if (p == NULL) 263 if (p == NULL)
264 { 264 {
265 strcpy(config_name,X509_get_default_cert_area()); 265 strlcpy(config_name,X509_get_default_cert_area(),sizeof config_name);
266#ifndef OPENSSL_SYS_VMS 266#ifndef OPENSSL_SYS_VMS
267 strcat(config_name,"/"); 267 strlcat(config_name,"/",sizeof config_name);
268#endif 268#endif
269 strcat(config_name,OPENSSL_CONF); 269 strlcat(config_name,OPENSSL_CONF,sizeof config_name);
270 p=config_name; 270 p=config_name;
271 } 271 }
272 272
diff --git a/src/lib/libssl/src/apps/pkcs12.c b/src/lib/libssl/src/apps/pkcs12.c
index 1697f6157f..a438bc6c84 100644
--- a/src/lib/libssl/src/apps/pkcs12.c
+++ b/src/lib/libssl/src/apps/pkcs12.c
@@ -549,7 +549,7 @@ int MAIN(int argc, char **argv)
549 BIO_printf (bio_err, "Can't read Password\n"); 549 BIO_printf (bio_err, "Can't read Password\n");
550 goto export_end; 550 goto export_end;
551 } 551 }
552 if (!twopass) strcpy(macpass, pass); 552 if (!twopass) strlcpy(macpass, pass, sizeof macpass);
553 /* Turn certbags into encrypted authsafe */ 553 /* Turn certbags into encrypted authsafe */
554 authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0, 554 authsafe = PKCS12_pack_p7encdata(cert_pbe, cpass, -1, NULL, 0,
555 iter, bags); 555 iter, bags);
@@ -650,7 +650,7 @@ int MAIN(int argc, char **argv)
650 CRYPTO_pop_info(); 650 CRYPTO_pop_info();
651#endif 651#endif
652 652
653 if (!twopass) strcpy(macpass, pass); 653 if (!twopass) strlcpy(macpass, pass, sizeof macpass);
654 654
655 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1); 655 if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
656 if(macver) { 656 if(macver) {
diff --git a/src/lib/libssl/src/apps/req.c b/src/lib/libssl/src/apps/req.c
index a3c1e0b4c4..c53752335b 100644
--- a/src/lib/libssl/src/apps/req.c
+++ b/src/lib/libssl/src/apps/req.c
@@ -471,11 +471,11 @@ bad:
471 p=getenv("SSLEAY_CONF"); 471 p=getenv("SSLEAY_CONF");
472 if (p == NULL) 472 if (p == NULL)
473 { 473 {
474 strcpy(config_name,X509_get_default_cert_area()); 474 strlcpy(config_name,X509_get_default_cert_area(),sizeof config_name);
475#ifndef OPENSSL_SYS_VMS 475#ifndef OPENSSL_SYS_VMS
476 strcat(config_name,"/"); 476 strlcat(config_name,"/",sizeof config_name);
477#endif 477#endif
478 strcat(config_name,OPENSSL_CONF); 478 strlcat(config_name,OPENSSL_CONF,sizeof config_name);
479 p=config_name; 479 p=config_name;
480 } 480 }
481 default_config_file=p; 481 default_config_file=p;
@@ -1218,25 +1218,25 @@ start: for (;;)
1218 } 1218 }
1219 /* If OBJ not recognised ignore it */ 1219 /* If OBJ not recognised ignore it */
1220 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start; 1220 if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
1221 sprintf(buf,"%s_default",v->name); 1221 snprintf(buf,sizeof buf,"%s_default",v->name);
1222 if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) 1222 if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1223 { 1223 {
1224 ERR_clear_error(); 1224 ERR_clear_error();
1225 def=""; 1225 def="";
1226 } 1226 }
1227 1227
1228 sprintf(buf,"%s_value",v->name); 1228 snprintf(buf,sizeof buf,"%s_value",v->name);
1229 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL) 1229 if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
1230 { 1230 {
1231 ERR_clear_error(); 1231 ERR_clear_error();
1232 value=NULL; 1232 value=NULL;
1233 } 1233 }
1234 1234
1235 sprintf(buf,"%s_min",v->name); 1235 snprintf(buf,sizeof buf,"%s_min",v->name);
1236 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min)) 1236 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
1237 n_min = -1; 1237 n_min = -1;
1238 1238
1239 sprintf(buf,"%s_max",v->name); 1239 snprintf(buf,sizeof buf,"%s_max",v->name);
1240 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max)) 1240 if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
1241 n_max = -1; 1241 n_max = -1;
1242 1242
@@ -1271,7 +1271,7 @@ start2: for (;;)
1271 if ((nid=OBJ_txt2nid(type)) == NID_undef) 1271 if ((nid=OBJ_txt2nid(type)) == NID_undef)
1272 goto start2; 1272 goto start2;
1273 1273
1274 sprintf(buf,"%s_default",type); 1274 snprintf(buf,sizeof buf,"%s_default",type);
1275 if ((def=NCONF_get_string(req_conf,attr_sect,buf)) 1275 if ((def=NCONF_get_string(req_conf,attr_sect,buf))
1276 == NULL) 1276 == NULL)
1277 { 1277 {
@@ -1280,7 +1280,7 @@ start2: for (;;)
1280 } 1280 }
1281 1281
1282 1282
1283 sprintf(buf,"%s_value",type); 1283 snprintf(buf,sizeof buf,"%s_value",type);
1284 if ((value=NCONF_get_string(req_conf,attr_sect,buf)) 1284 if ((value=NCONF_get_string(req_conf,attr_sect,buf))
1285 == NULL) 1285 == NULL)
1286 { 1286 {
@@ -1288,11 +1288,11 @@ start2: for (;;)
1288 value=NULL; 1288 value=NULL;
1289 } 1289 }
1290 1290
1291 sprintf(buf,"%s_min",type); 1291 snprintf(buf,sizeof buf,"%s_min",type);
1292 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min)) 1292 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
1293 n_min = -1; 1293 n_min = -1;
1294 1294
1295 sprintf(buf,"%s_max",type); 1295 snprintf(buf,sizeof buf,"%s_max",type);
1296 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max)) 1296 if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
1297 n_max = -1; 1297 n_max = -1;
1298 1298
@@ -1374,8 +1374,8 @@ start:
1374 (void)BIO_flush(bio_err); 1374 (void)BIO_flush(bio_err);
1375 if(value != NULL) 1375 if(value != NULL)
1376 { 1376 {
1377 strcpy(buf,value); 1377 strlcpy(buf,value,sizeof buf);
1378 strcat(buf,"\n"); 1378 strlcat(buf,"\n",sizeof buf);
1379 BIO_printf(bio_err,"%s\n",value); 1379 BIO_printf(bio_err,"%s\n",value);
1380 } 1380 }
1381 else 1381 else
@@ -1397,8 +1397,8 @@ start:
1397 { 1397 {
1398 if ((def == NULL) || (def[0] == '\0')) 1398 if ((def == NULL) || (def[0] == '\0'))
1399 return(1); 1399 return(1);
1400 strcpy(buf,def); 1400 strlcpy(buf,def,sizeof buf);
1401 strcat(buf,"\n"); 1401 strlcat(buf,"\n",sizeof buf);
1402 } 1402 }
1403 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1403 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
1404 1404
@@ -1432,8 +1432,8 @@ start:
1432 (void)BIO_flush(bio_err); 1432 (void)BIO_flush(bio_err);
1433 if (value != NULL) 1433 if (value != NULL)
1434 { 1434 {
1435 strcpy(buf,value); 1435 strlcpy(buf,value,sizeof buf);
1436 strcat(buf,"\n"); 1436 strlcat(buf,"\n",sizeof buf);
1437 BIO_printf(bio_err,"%s\n",value); 1437 BIO_printf(bio_err,"%s\n",value);
1438 } 1438 }
1439 else 1439 else
@@ -1455,8 +1455,8 @@ start:
1455 { 1455 {
1456 if ((def == NULL) || (def[0] == '\0')) 1456 if ((def == NULL) || (def[0] == '\0'))
1457 return(1); 1457 return(1);
1458 strcpy(buf,def); 1458 strlcpy(buf,def,sizeof buf);
1459 strcat(buf,"\n"); 1459 strlcat(buf,"\n",sizeof buf);
1460 } 1460 }
1461 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1); 1461 else if ((buf[0] == '.') && (buf[1] == '\n')) return(1);
1462 1462
diff --git a/src/lib/libssl/src/apps/s_socket.c b/src/lib/libssl/src/apps/s_socket.c
index bd499d020c..17e087d4da 100644
--- a/src/lib/libssl/src/apps/s_socket.c
+++ b/src/lib/libssl/src/apps/s_socket.c
@@ -381,7 +381,7 @@ redoit:
381 perror("OPENSSL_malloc"); 381 perror("OPENSSL_malloc");
382 return(0); 382 return(0);
383 } 383 }
384 strcpy(*host,h1->h_name); 384 strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
385 385
386 h2=GetHostByName(*host); 386 h2=GetHostByName(*host);
387 if (h2 == NULL) 387 if (h2 == NULL)
diff --git a/src/lib/libssl/src/apps/s_time.c b/src/lib/libssl/src/apps/s_time.c
index 752158460a..7ba5b4293c 100644
--- a/src/lib/libssl/src/apps/s_time.c
+++ b/src/lib/libssl/src/apps/s_time.c
@@ -495,7 +495,7 @@ int MAIN(int argc, char **argv)
495 495
496 if (s_www_path != NULL) 496 if (s_www_path != NULL)
497 { 497 {
498 sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 498 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
499 SSL_write(scon,buf,strlen(buf)); 499 SSL_write(scon,buf,strlen(buf));
500 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 500 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
501 bytes_read+=i; 501 bytes_read+=i;
@@ -550,7 +550,7 @@ next:
550 550
551 if (s_www_path != NULL) 551 if (s_www_path != NULL)
552 { 552 {
553 sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 553 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
554 SSL_write(scon,buf,strlen(buf)); 554 SSL_write(scon,buf,strlen(buf));
555 while (SSL_read(scon,buf,sizeof(buf)) > 0) 555 while (SSL_read(scon,buf,sizeof(buf)) > 0)
556 ; 556 ;
@@ -588,7 +588,7 @@ next:
588 588
589 if (s_www_path) 589 if (s_www_path)
590 { 590 {
591 sprintf(buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path); 591 snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
592 SSL_write(scon,buf,strlen(buf)); 592 SSL_write(scon,buf,strlen(buf));
593 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0) 593 while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
594 bytes_read+=i; 594 bytes_read+=i;
diff --git a/src/lib/libssl/src/apps/x509.c b/src/lib/libssl/src/apps/x509.c
index 5a41c389ee..3ff4b62481 100644
--- a/src/lib/libssl/src/apps/x509.c
+++ b/src/lib/libssl/src/apps/x509.c
@@ -1033,7 +1033,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
1033 if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; } 1033 if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
1034 if (serialfile == NULL) 1034 if (serialfile == NULL)
1035 { 1035 {
1036 strcpy(buf,CAfile); 1036 strlcpy(buf,CAfile,sizeof buf);
1037 for (p=buf; *p; p++) 1037 for (p=buf; *p; p++)
1038 if (*p == '.') 1038 if (*p == '.')
1039 { 1039 {
@@ -1043,7 +1043,7 @@ static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
1043 strcat(buf,POSTFIX); 1043 strcat(buf,POSTFIX);
1044 } 1044 }
1045 else 1045 else
1046 strcpy(buf,serialfile); 1046 strlcpy(buf,serialfile,sizeof buf);
1047 serial=BN_new(); 1047 serial=BN_new();
1048 bs=ASN1_INTEGER_new(); 1048 bs=ASN1_INTEGER_new();
1049 if ((serial == NULL) || (bs == NULL)) 1049 if ((serial == NULL) || (bs == NULL))
diff --git a/src/lib/libssl/src/crypto/cversion.c b/src/lib/libssl/src/crypto/cversion.c
index f7a1b7a4f0..56471fa74c 100644
--- a/src/lib/libssl/src/crypto/cversion.c
+++ b/src/lib/libssl/src/crypto/cversion.c
@@ -74,7 +74,7 @@ const char *SSLeay_version(int t)
74#ifdef DATE 74#ifdef DATE
75 static char buf[sizeof(DATE)+11]; 75 static char buf[sizeof(DATE)+11];
76 76
77 sprintf(buf,"built on: %s",DATE); 77 snprintf(buf,sizeof buf,"built on: %s",DATE);
78 return(buf); 78 return(buf);
79#else 79#else
80 return("built on: date not available"); 80 return("built on: date not available");
@@ -85,7 +85,7 @@ const char *SSLeay_version(int t)
85#ifdef CFLAGS 85#ifdef CFLAGS
86 static char buf[sizeof(CFLAGS)+11]; 86 static char buf[sizeof(CFLAGS)+11];
87 87
88 sprintf(buf,"compiler: %s",CFLAGS); 88 snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
89 return(buf); 89 return(buf);
90#else 90#else
91 return("compiler: information not available"); 91 return("compiler: information not available");
@@ -96,7 +96,7 @@ const char *SSLeay_version(int t)
96#ifdef PLATFORM 96#ifdef PLATFORM
97 static char buf[sizeof(PLATFORM)+11]; 97 static char buf[sizeof(PLATFORM)+11];
98 98
99 sprintf(buf,"platform: %s", PLATFORM); 99 snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
100 return(buf); 100 return(buf);
101#else 101#else
102 return("platform: information not available"); 102 return("platform: information not available");
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 01:00:47 +0000