1 $OpenBSD: patch-src_avl_avl_c,v 1.4 2005/04/19 20:23:44 sturm Exp $
2 --- src/avl/avl.c.orig Mon Jul 5 22:44:13 2004
3 +++ src/avl/avl.c Tue Apr 19 22:18:54 2005
4 @@ -35,6 +35,7 @@
5
6 #include <stdio.h>
7 #include <stdlib.h>
8 +#include <string.h>
9
10 #include "avl.h"
11
12 @@ -1063,9 +1064,11 @@ typedef struct _link_node {
13 static char balance_chars[3] = {'\\', '-', '/'};
14
15 static int
16 -default_key_printer (char * buffer, void * key)
17 +default_key_printer (char * buffer, size_t size, void * key)
18 {
19 - return sprintf (buffer, "%p", key);
20 + snprintf (buffer, size, "%p", key);
21 +
22 + return strlen(buffer);
23 }
24
25 /*
26 @@ -1108,8 +1111,8 @@ print_node (avl_key_printer_fun_type key
27 link_node * link)
28 {
29 char buffer[256];
30 - unsigned int width;
31 - width = key_printer (buffer, node->key);
32 + size_t width;
33 + width = key_printer (buffer, sizeof(buffer), node->key);
34
35 if (node->right) {
36 link_node here;
37 $OpenBSD: patch-src_avl_avl_h,v 1.1 2005/04/19 20:07:11 sturm Exp $
38 --- src/avl/avl.h.orig Sun Apr 17 02:44:39 2005
39 +++ src/avl/avl.h Sun Apr 17 02:45:06 2005
40 @@ -55,7 +55,7 @@ typedef int (*avl_key_compare_fun_type)
41 typedef int (*avl_iter_fun_type) (void * key, void * iter_arg);
42 typedef int (*avl_iter_index_fun_type) (unsigned long index, void * key, void * iter_arg);
43 typedef int (*avl_free_key_fun_type) (void * key);
44 -typedef int (*avl_key_printer_fun_type) (char *, void *);
45 +typedef int (*avl_key_printer_fun_type) (char *, size_t, void *);
46
47 /*
48 * <compare_fun> and <compare_arg> let us associate a particular compare
49 $OpenBSD: patch-src_shout_c,v 1.1 2005/04/19 20:07:11 sturm Exp $
50 --- src/shout.c.orig Sun Apr 17 12:25:25 2005
51 +++ src/shout.c Sun Apr 17 12:51:32 2005
52 @@ -489,7 +489,7 @@ int shout_set_mount(shout_t *self, const
53 if (!(self->mount = malloc(len)))
54 return self->error = SHOUTERR_MALLOC;
55
56 - sprintf (self->mount, "%s%s", mount[0] == '/' ? "" : "/", mount);
57 + snprintf (self->mount, len, "%s%s", mount[0] == '/' ? "" : "/", mount);
58
59 return self->error = SHOUTERR_SUCCESS;
60 }
61 @@ -1145,6 +1145,7 @@ static char *http_basic_authorization(sh
62 {
63 char *out, *in;
64 int len;
65 + int ret;
66
67 if (!self || !self->user || !self->password)
68 return NULL;
69 @@ -1152,7 +1153,11 @@ static char *http_basic_authorization(sh
70 len = strlen(self->user) + strlen(self->password) + 2;
71 if (!(in = malloc(len)))
72 return NULL;
73 - sprintf(in, "%s:%s", self->user, self->password);
74 + ret = snprintf(in, len, "%s:%s", self->user, self->password);
75 + if (ret == -1 || ret >= len) {
76 + free(in);
77 + return NULL;
78 + }
79 out = _shout_util_base64_encode(in);
80 free(in);
81
82 @@ -1161,10 +1166,15 @@ static char *http_basic_authorization(sh
83 free(out);
84 return NULL;
85 }
86 - sprintf(in, "Authorization: Basic %s\r\n", out);
87 - free(out);
88 -
89 - return in;
90 + ret = snprintf(in, len, "Authorization: Basic %s\r\n", out);
91 + if (ret == -1 || ret >= len) {
92 + free(in);
93 + free(out);
94 + return NULL;
95 + } else {
96 + free(out);
97 + return in;
98 + }
99 }
100
101 static int parse_response(shout_t *self)
102 $OpenBSD: patch-src_util_c,v 1.2 2005/08/22 23:25:39 pvalchev Exp $
103 --- src/util.c.orig Sun Mar 21 05:03:34 2004
104 +++ src/util.c Fri Aug 19 21:04:04 2005
105 @@ -254,6 +254,7 @@ char *_shout_util_dict_urlencode(util_di
106 char *res, *tmp;
107 char *enc;
108 int start = 1;
109 + size_t buflen;
110
111 for (res = NULL; dict; dict = dict->next) {
112 /* encode key */
113 @@ -265,21 +266,39 @@ char *_shout_util_dict_urlencode(util_di
114 return NULL;
115 }
116 if (start) {
117 - if (!(res = malloc(strlen(enc) + 1))) {
118 + int ret;
119 +
120 + buflen = strlen(enc) + 1;
121 + if ((res = malloc(buflen)) == NULL) {
122 free(enc);
123 return NULL;
124 }
125 - sprintf(res, "%s", enc);
126 + ret = snprintf(res, buflen, "%s", enc);
127 + if (ret == -1 || ret >= buflen) {
128 + free(enc);
129 + free(res);
130 + return NULL;
131 + }
132 free(enc);
133 start = 0;
134 } else {
135 - if (!(tmp = realloc(res, strlen(res) + strlen(enc) + 2))) {
136 + buflen = strlen(res) + strlen(enc) + 2;
137 + if ((tmp = realloc(res, buflen)) == NULL) {
138 free(enc);
139 free(res);
140 return NULL;
141 - } else
142 + } else {
143 + int ret;
144 +
145 res = tmp;
146 - sprintf(res + strlen(res), "%c%s", delim, enc);
147 + ret = snprintf(res + strlen(res), buflen - strlen(res),
148 + "%c%s", delim, enc);
149 + if (ret == -1 || ret >= buflen - strlen(res)) {
150 + free(enc);
151 + free(res);
152 + return NULL;
153 + }
154 + }
155 free(enc);
156 }
157
158 @@ -291,14 +310,25 @@ char *_shout_util_dict_urlencode(util_di
159 return NULL;
160 }
161
162 - if (!(tmp = realloc(res, strlen(res) + strlen(enc) + 2))) {
163 + buflen = strlen(res) + strlen(enc) + 2;
164 + if ((tmp = realloc(res, buflen)) == NULL) {
165 free(enc);
166 free(res);
167 return NULL;
168 - } else
169 + } else {
170 + int ret;
171 + size_t reslen;
172 res = tmp;
173 - sprintf(res + strlen(res), "=%s", enc);
174 - free(enc);
175 + reslen = strlen(res);
176 + ret = snprintf(res + reslen, buflen - reslen, "=%s", enc);
177 + if (ret == -1 || ret >= buflen - reslen) {
178 + free(enc);
179 + free(res);
180 + return NULL;
181 + }
182 + free(enc);
183 + enc = NULL;
184 + }
185 }
186
187 return res;
|