CVS commit: src/usr.bin/netstat

Sat, 05 Oct 2019 17:28:53 -0700 

Module Name:    src
Committed By:   mrg
Date:           Sun Oct  6 00:27:50 UTC 2019

Modified Files:
        src/usr.bin/netstat: mroute.c

Log Message:
sprintf() -> snprintf(), and adjust a buffer size to avoid any
potential for overflow.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/usr.bin/netstat/mroute.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/netstat/mroute.c
diff -u src/usr.bin/netstat/mroute.c:1.25 src/usr.bin/netstat/mroute.c:1.26
--- src/usr.bin/netstat/mroute.c:1.25	Thu Nov  6 21:30:09 2014
+++ src/usr.bin/netstat/mroute.c	Sun Oct  6 00:27:50 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: mroute.c,v 1.25 2014/11/06 21:30:09 christos Exp $	*/
+/*	$NetBSD: mroute.c,v 1.26 2019/10/06 00:27:50 mrg Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993
@@ -76,7 +76,7 @@
 #if 0
 static char sccsid[] = "from: @(#)mroute.c	8.1 (Berkeley) 6/6/93";
 #else
-__RCSID("$NetBSD: mroute.c,v 1.25 2014/11/06 21:30:09 christos Exp $");
+__RCSID("$NetBSD: mroute.c,v 1.26 2019/10/06 00:27:50 mrg Exp $");
 #endif
 #endif /* not lint */
 
@@ -269,7 +269,7 @@ mroutepr(u_long mrpaddr, u_long mfchasht
 static void
 print_bw_meter(struct bw_meter *bw_meter, int *banner_printed)
 {
-	char s0[256], s1[256], s2[256], s3[256];
+	char s0[256*3], s1[256], s2[256], s3[256];
 	struct timeval now, end, delta;
 
 	gettimeofday(&now, NULL);
@@ -286,37 +286,37 @@ print_bw_meter(struct bw_meter *bw_meter
 
 	/* The measured values */
 	if (bw_meter->bm_flags & BW_METER_UNIT_PACKETS)
-		sprintf(s1, "%llu", (unsigned long long)bw_meter->bm_measured.b_packets);
+		snprintf(s1, sizeof s1, "%llu", (unsigned long long)bw_meter->bm_measured.b_packets);
 	else
-		sprintf(s1, "?");
+		snprintf(s1, sizeof s1, "?");
 	if (bw_meter->bm_flags & BW_METER_UNIT_BYTES)
-		sprintf(s2, "%llu", (unsigned long long)bw_meter->bm_measured.b_bytes);
+		snprintf(s2, sizeof s2, "%llu", (unsigned long long)bw_meter->bm_measured.b_bytes);
 	else
-		sprintf(s2, "?");
-	sprintf(s0, "%lld.%ld|%s|%s",
+		snprintf(s2, sizeof s2, "?");
+	snprintf(s0, sizeof s0, "%lld.%ld|%s|%s",
 		(long long)bw_meter->bm_start_time.tv_sec,
 		(long)bw_meter->bm_start_time.tv_usec,
 		s1, s2);
 	printf("  %-30s", s0);
 
 	/* The type of entry */
-	sprintf(s0, "%s", "?");
+	snprintf(s0, sizeof s0, "%s", "?");
 	if (bw_meter->bm_flags & BW_METER_GEQ)
-		sprintf(s0, "%s", ">=");
+		snprintf(s0, sizeof s0, "%s", ">=");
 	else if (bw_meter->bm_flags & BW_METER_LEQ)
-		sprintf(s0, "%s", "<=");
+		snprintf(s0, sizeof s0, "%s", "<=");
 	printf("  %-3s", s0);
 
 	/* The threshold values */
 	if (bw_meter->bm_flags & BW_METER_UNIT_PACKETS)
-		sprintf(s1, "%llu", (unsigned long long)bw_meter->bm_threshold.b_packets);
+		snprintf(s1, sizeof s1, "%llu", (unsigned long long)bw_meter->bm_threshold.b_packets);
 	else
-		sprintf(s1, "?");
+		snprintf(s1, sizeof s1, "?");
 	if (bw_meter->bm_flags & BW_METER_UNIT_BYTES)
-		sprintf(s2, "%llu", (unsigned long long)bw_meter->bm_threshold.b_bytes);
+		snprintf(s2, sizeof s2, "%llu", (unsigned long long)bw_meter->bm_threshold.b_bytes);
 	else
-		sprintf(s2, "?");
-	sprintf(s0, "%lld.%ld|%s|%s",
+		snprintf(s2, sizeof s2, "?");
+	snprintf(s0, sizeof s0, "%lld.%ld|%s|%s",
 		(long long)bw_meter->bm_threshold.b_time.tv_sec,
 		(long)bw_meter->bm_threshold.b_time.tv_usec,
 		s1, s2);
@@ -327,12 +327,12 @@ print_bw_meter(struct bw_meter *bw_meter
 		 &bw_meter->bm_threshold.b_time, &end);
 	if (timercmp(&now, &end, <=)) {
 		timersub(&end, &now, &delta);
-		sprintf(s3, "%lld.%ld",
+		snprintf(s3, sizeof s3, "%lld.%ld",
 		    (long long)delta.tv_sec, (long)delta.tv_usec);
 	} else {
 		/* Negative time */
 		timersub(&now, &end, &delta);
-		sprintf(s3, "-%lld.%ld",
+		snprintf(s3, sizeof s3, "-%lld.%ld",
 		    (long long)delta.tv_sec, (long)delta.tv_usec);
 	}
 	printf(" %s", s3);

Reply via email to