From 2127f26023a9be443e05b592b35c77b454ba8f77 Mon Sep 17 00:00:00 2001 From: Archie Cobbs Date: Fri, 4 Dec 1998 22:54:57 +0000 Subject: Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc. These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer. Reviewed by: Bruce Evans Reviewed by: Matthew Dillon Reviewed by: Mike Spengler --- sys/netipx/ipx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'sys/netipx/ipx.c') diff --git a/sys/netipx/ipx.c b/sys/netipx/ipx.c index ab2f42aa48b34..752c2dc02d1e0 100644 --- a/sys/netipx/ipx.c +++ b/sys/netipx/ipx.c @@ -33,7 +33,7 @@ * * @(#)ipx.c * - * $Id: ipx.c,v 1.11 1997/06/26 19:35:42 jhay Exp $ + * $Id: ipx.c,v 1.12 1998/06/07 17:12:18 dfr Exp $ */ #include @@ -359,7 +359,7 @@ register struct ipx_addr *addr; net = "*"; else { q = work.x_net.c_net; - sprintf(cnet, "%x%x%x%x", + snprintf(cnet, sizeof(cnet), "%x%x%x%x", q[0], q[1], q[2], q[3]); for (p = cnet; *p == '0' && p < cnet + 8; p++) continue; @@ -372,7 +372,7 @@ register struct ipx_addr *addr; host = "*"; else { q = work.x_host.c_host; - sprintf(chost, "%x%x%x%x%x%x", + snprintf(chost, sizeof(chost), "%x%x%x%x%x%x", q[0], q[1], q[2], q[3], q[4], q[5]); for (p = chost; *p == '0' && p < chost + 12; p++) continue; @@ -382,9 +382,9 @@ register struct ipx_addr *addr; if (port) { if (strcmp(host, "*") == 0) { host = ""; - sprintf(cport, "%x", port); + snprintf(cport, sizeof(cport), "%x", port); } else - sprintf(cport, ".%x", port); + snprintf(cport, sizeof(cport), ".%x", port); } else *cport = 0; -- cgit v1.2.3