- deraadt@cvs.openbsd.org 2001/02/08 14:38:54
[scp.c]
memory leak fix, and snprintf throughout
diff --git a/scp.c b/scp.c
index 26d4c2d..14d8a8a 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.53 2001/02/04 23:56:22 deraadt Exp $");
+RCSID("$OpenBSD: scp.c,v 1.55 2001/02/08 14:38:54 deraadt Exp $");
#include "xmalloc.h"
#include "atomicio.h"
@@ -326,7 +326,8 @@
remin = remout = -1;
/* Command to be executed on remote system using "ssh". */
- (void) sprintf(cmd, "scp%s%s%s%s", verbose_mode ? " -v" : "",
+ (void) snprintf(cmd, sizeof cmd, "scp%s%s%s%s",
+ verbose_mode ? " -v" : "",
iamrecursive ? " -r" : "", pflag ? " -p" : "",
targetshouldbedirectory ? " -d" : "");
@@ -397,16 +398,18 @@
suser = pwd->pw_name;
else if (!okname(suser))
continue;
- sprintf(bp,
- "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'",
+ snprintf(bp, len,
+ "%s%s -x -o'FallBackToRsh no' -n "
+ "-l %s %s %s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
suser, host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
} else {
host = cleanhostname(argv[i]);
- sprintf(bp,
- "exec %s%s -x -o'FallBackToRsh no' -n %s %s %s '%s%s%s:%s'",
+ snprintf(bp, len,
+ "exec %s%s -x -o'FallBackToRsh no' -n %s "
+ "%s %s '%s%s%s:%s'",
ssh_program, verbose_mode ? " -v" : "",
host, cmd, src,
tuser ? tuser : "", tuser ? "@" : "",
@@ -420,7 +423,7 @@
if (remin == -1) {
len = strlen(targ) + CMDNEEDS + 20;
bp = xmalloc(len);
- (void) sprintf(bp, "%s -t %s", cmd, targ);
+ (void) snprintf(bp, len, "%s -t %s", cmd, targ);
host = cleanhostname(thost);
if (do_cmd(host, tuser, bp, &remin,
&remout, argc) < 0)
@@ -447,7 +450,7 @@
len = strlen(_PATH_CP) + strlen(argv[i]) +
strlen(argv[argc - 1]) + 20;
bp = xmalloc(len);
- (void) sprintf(bp, "exec %s%s%s %s %s", _PATH_CP,
+ (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
iamrecursive ? " -r" : "", pflag ? " -p" : "",
argv[i], argv[argc - 1]);
if (verbose_mode)
@@ -474,7 +477,7 @@
host = cleanhostname(host);
len = strlen(src) + CMDNEEDS + 20;
bp = xmalloc(len);
- (void) sprintf(bp, "%s -f %s", cmd, src);
+ (void) snprintf(bp, len, "%s -f %s", cmd, src);
if (do_cmd(host, suser, bp, &remin, &remout, argc) < 0) {
(void) xfree(bp);
++errs;
@@ -531,7 +534,7 @@
* Make it compatible with possible future
* versions expecting microseconds.
*/
- (void) sprintf(buf, "T%lu 0 %lu 0\n",
+ (void) snprintf(buf, sizeof buf, "T%lu 0 %lu 0\n",
(u_long) stb.st_mtime,
(u_long) stb.st_atime);
(void) atomicio(write, remout, buf, strlen(buf));
@@ -539,7 +542,7 @@
goto next;
}
#define FILEMODEMASK (S_ISUID|S_ISGID|S_IRWXU|S_IRWXG|S_IRWXO)
- sprintf(buf, "C%04o %lu %s\n",
+ snprintf(buf, sizeof buf, "C%04o %lu %s\n",
(u_int) (stb.st_mode & FILEMODEMASK),
(u_long) stb.st_size, last);
if (verbose_mode) {
@@ -608,7 +611,7 @@
else
last++;
if (pflag) {
- (void) sprintf(path, "T%lu 0 %lu 0\n",
+ (void) snprintf(path, sizeof(path), "T%lu 0 %lu 0\n",
(u_long) statp->st_mtime,
(u_long) statp->st_atime);
(void) atomicio(write, remout, path, strlen(path));
@@ -617,7 +620,7 @@
return;
}
}
- (void) sprintf(path, "D%04o %d %.1024s\n",
+ (void) snprintf(path, sizeof path, "D%04o %d %.1024s\n",
(u_int) (statp->st_mode & FILEMODEMASK), 0, last);
if (verbose_mode)
fprintf(stderr, "Entering directory: %s", path);
@@ -635,7 +638,7 @@
run_err("%s/%s: name too long", name, dp->d_name);
continue;
}
- (void) sprintf(path, "%s/%s", name, dp->d_name);
+ (void) snprintf(path, sizeof path, "%s/%s", name, dp->d_name);
vect[0] = path;
source(1, vect);
}
@@ -765,9 +768,13 @@
size_t need;
need = strlen(targ) + strlen(cp) + 250;
- if (need > cursize)
+ if (need > cursize) {
+ if (namebuf)
+ xfree(namebuf);
namebuf = xmalloc(need);
- (void) sprintf(namebuf, "%s%s%s", targ,
+ cursize = need;
+ }
+ (void) snprintf(namebuf, need, "%s%s%s", targ,
*targ ? "/" : "", cp);
np = namebuf;
} else