diff options
author | Michael R Sweet <michael.r.sweet@gmail.com> | 2020-10-17 22:55:54 -0400 |
---|---|---|
committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2020-10-17 22:55:54 -0400 |
commit | fbcea2903fa618036823ad044aa541d0abfe242b (patch) | |
tree | e11a06f09c2a011ac2efe7e1455c08c29ace286b | |
parent | 8b5777b6f62d91a21f31c7458a64ad51b0c06aba (diff) |
Eliminate a bunch of sprintf usage (all looked safe, but I'm puzzled why these
were still there - I did a sweep many years ago...)
-rw-r--r-- | backend/ipp.c | 5 | ||||
-rw-r--r-- | backend/network.c | 2 | ||||
-rw-r--r-- | backend/usb-unix.c | 20 | ||||
-rw-r--r-- | berkeley/lpr.c | 3 | ||||
-rw-r--r-- | cgi-bin/admin.c | 4 | ||||
-rw-r--r-- | cgi-bin/classes.c | 6 | ||||
-rw-r--r-- | cgi-bin/ipp-var.c | 10 | ||||
-rw-r--r-- | cgi-bin/printers.c | 6 | ||||
-rw-r--r-- | cgi-bin/template.c | 8 | ||||
-rw-r--r-- | cups/ipp-support.c | 4 | ||||
-rw-r--r-- | cups/ppd-mark.c | 2 | ||||
-rw-r--r-- | cups/snprintf.c | 6 | ||||
-rw-r--r-- | locale/checkpo.c | 2 | ||||
-rw-r--r-- | scheduler/client.c | 3 | ||||
-rw-r--r-- | scheduler/conf.c | 2 | ||||
-rw-r--r-- | scheduler/cups-lpd.c | 2 | ||||
-rw-r--r-- | scheduler/ipp.c | 13 | ||||
-rw-r--r-- | scheduler/job.c | 2 | ||||
-rw-r--r-- | systemv/cancel.c | 2 | ||||
-rw-r--r-- | systemv/lp.c | 12 | ||||
-rw-r--r-- | tools/ippeveprinter.c | 10 |
21 files changed, 55 insertions, 69 deletions
diff --git a/backend/ipp.c b/backend/ipp.c index 3f3e1867d..35c0711c0 100644 --- a/backend/ipp.c +++ b/backend/ipp.c @@ -3116,11 +3116,10 @@ report_printer_state(ipp_t *ipp) /* I - IPP response */ if (*ptr < ' ' && *ptr > 0 && *ptr != '\t') { /* - * Substitute "<XX>" for the control character; sprintf is safe because - * we always leave 6 chars free at the end... + * Substitute "<XX>" for the control character... */ - sprintf(valptr, "<%02X>", *ptr); + snprintf(valptr, sizeof(value) - (size_t)(valptr - value), "<%02X>", *ptr); valptr += 4; } else diff --git a/backend/network.c b/backend/network.c index 5af0a8eea..f7ee2fbbe 100644 --- a/backend/network.c +++ b/backend/network.c @@ -258,7 +258,7 @@ backendNetworkSideCB( i < packet.object_value.string.num_bytes && dataptr < (data + sizeof(data) - 3); i ++, dataptr += 2) - sprintf(dataptr, "%02X", packet.object_value.string.bytes[i]); + snprintf(dataptr, sizeof(data) - (size_t)(dataptr - data), "%02X", packet.object_value.string.bytes[i]); datalen += (int)strlen(dataptr); break; diff --git a/backend/usb-unix.c b/backend/usb-unix.c index 81e20c524..d256a813b 100644 --- a/backend/usb-unix.c +++ b/backend/usb-unix.c @@ -214,21 +214,21 @@ list_devices(void) * for USB printer devices. We get the honor of trying them all... */ - sprintf(device, "/dev/usblp%d", i); + snprintf(device, sizeof(device), "/dev/usblp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0) { if (errno != ENOENT) continue; - sprintf(device, "/dev/usb/lp%d", i); + snprintf(device, sizeof(device), "/dev/usb/lp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0) { if (errno != ENOENT) continue; - sprintf(device, "/dev/usb/usblp%d", i); + snprintf(device, sizeof(device), "/dev/usb/usblp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0) continue; @@ -258,7 +258,7 @@ list_devices(void) for (i = 0; i < 8; i ++) { - sprintf(device, "/dev/usb/printer%d", i); + snprintf(device, sizeof(device), "/dev/usb/printer%d", i); if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0) { @@ -278,11 +278,11 @@ list_devices(void) for (i = 0; i < 8; i ++) { - sprintf(device, "/dev/ulpt%d", i); + snprintf(device, sizeof(device), "/dev/ulpt%d", i); if (!access(device, 0)) printf("direct usb:%s \"Unknown\" \"USB Printer #%d\"\n", device, i + 1); - sprintf(device, "/dev/unlpt%d", i); + snprintf(device, sizeof(device), "/dev/unlpt%d", i); if (!access(device, 0)) printf("direct usb:%s \"Unknown\" \"USB Printer #%d (no reset)\"\n", device, i + 1); } @@ -344,15 +344,15 @@ open_device(const char *uri, /* I - Device URI */ * for USB printer devices. We get the honor of trying them all... */ - sprintf(device, "/dev/usblp%d", i); + snprintf(device, sizeof(device), "/dev/usblp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT) { - sprintf(device, "/dev/usb/lp%d", i); + snprintf(device, sizeof(device), "/dev/usb/lp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT) { - sprintf(device, "/dev/usb/usblp%d", i); + snprintf(device, sizeof(device), "/dev/usb/usblp%d", i); if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT) continue; @@ -440,7 +440,7 @@ open_device(const char *uri, /* I - Device URI */ { for (i = 0, busy = 0; i < 8; i ++) { - sprintf(device, "/dev/usb/printer%d", i); + snprintf(device, sizeof(device), "/dev/usb/printer%d", i); if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0) backendGetDeviceID(fd, device_id, sizeof(device_id), diff --git a/berkeley/lpr.c b/berkeley/lpr.c index a8f78b881..12c40a1db 100644 --- a/berkeley/lpr.c +++ b/berkeley/lpr.c @@ -266,8 +266,7 @@ main(int argc, /* I - Number of command-line arguments */ return (1); } - sprintf(buffer, "%d", num_copies); - num_options = cupsAddOption("copies", buffer, num_options, &options); + num_options = cupsAddIntegerOption("copies", num_copies, num_options, &options); break; case 'C' : /* Class */ diff --git a/cgi-bin/admin.c b/cgi-bin/admin.c index 1683f987b..c6489389f 100644 --- a/cgi-bin/admin.c +++ b/cgi-bin/admin.c @@ -208,7 +208,7 @@ main(void) * bytes left in the array... */ - sprintf(ptr, "%%%02X", *url & 255); + snprintf(ptr, sizeof(encoded) - (size_t)(ptr - encoded), "%%%02X", *url & 255); ptr += 3; } else @@ -871,7 +871,7 @@ do_am_printer(http_t *http, /* I - HTTP connection */ break; else { - sprintf(baudrate, "%d", baudrates[i]); + snprintf(baudrate, sizeof(baudrate), "%d", baudrates[i]); cgiSetArray("BAUDRATES", i, baudrate); } diff --git a/cgi-bin/classes.c b/cgi-bin/classes.c index 78ef08e22..718604ab2 100644 --- a/cgi-bin/classes.c +++ b/cgi-bin/classes.c @@ -362,7 +362,7 @@ show_all_classes(http_t *http, /* I - Connection to server */ if (first < 0) first = 0; - sprintf(val, "%d", count); + snprintf(val, sizeof(val), "%d", count); cgiSetVariable("TOTAL", val); for (i = 0, pclass = (ipp_attribute_t *)cupsArrayIndex(classes, first); @@ -378,13 +378,13 @@ show_all_classes(http_t *http, /* I - Connection to server */ if (first > 0) { - sprintf(val, "%d", first - CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first - CUPS_PAGE_MAX); cgiSetVariable("PREV", val); } if ((first + CUPS_PAGE_MAX) < count) { - sprintf(val, "%d", first + CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first + CUPS_PAGE_MAX); cgiSetVariable("NEXT", val); } diff --git a/cgi-bin/ipp-var.c b/cgi-bin/ipp-var.c index 8c5a5616d..443f920a5 100644 --- a/cgi-bin/ipp-var.c +++ b/cgi-bin/ipp-var.c @@ -224,7 +224,7 @@ cgiGetIPPObjects(ipp_t *response, /* I - IPP response */ char buf[255]; /* Number buffer */ - sprintf(buf, "%d", attr->values[i].integer); + snprintf(buf, sizeof(buf), "%d", attr->values[i].integer); if (cgiDoSearch(search, buf)) add = 1; @@ -291,7 +291,7 @@ cgiMoveJobs(http_t *http, /* I - Connection to server */ char temp[255]; /* Temporary string */ - sprintf(temp, "%d", job_id); + snprintf(temp, sizeof(temp), "%d", job_id); cgiSetVariable("JOB_ID", temp); } @@ -1441,7 +1441,7 @@ cgiShowJobs(http_t *http, /* I - Connection to server */ cgiSetVariable("SECTION", section); - sprintf(val, "%d", count); + snprintf(val, sizeof(val), "%d", count); cgiSetVariable("TOTAL", val); if (which_jobs) @@ -1469,13 +1469,13 @@ cgiShowJobs(http_t *http, /* I - Connection to server */ if (first > 0) { - sprintf(val, "%d", first - CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first - CUPS_PAGE_MAX); cgiSetVariable("PREV", val); } if ((first + CUPS_PAGE_MAX) < count) { - sprintf(val, "%d", first + CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first + CUPS_PAGE_MAX); cgiSetVariable("NEXT", val); } diff --git a/cgi-bin/printers.c b/cgi-bin/printers.c index bbc153e3b..2a33b6832 100644 --- a/cgi-bin/printers.c +++ b/cgi-bin/printers.c @@ -379,7 +379,7 @@ show_all_printers(http_t *http, /* I - Connection to server */ if (first < 0) first = 0; - sprintf(val, "%d", count); + snprintf(val, sizeof(val), "%d", count); cgiSetVariable("TOTAL", val); for (i = 0, printer = (ipp_attribute_t *)cupsArrayIndex(printers, first); @@ -395,13 +395,13 @@ show_all_printers(http_t *http, /* I - Connection to server */ if (first > 0) { - sprintf(val, "%d", first - CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first - CUPS_PAGE_MAX); cgiSetVariable("PREV", val); } if ((first + CUPS_PAGE_MAX) < count) { - sprintf(val, "%d", first + CUPS_PAGE_MAX); + snprintf(val, sizeof(val), "%d", first + CUPS_PAGE_MAX); cgiSetVariable("NEXT", val); } diff --git a/cgi-bin/template.c b/cgi-bin/template.c index 1972b4ae2..0b785b2f6 100644 --- a/cgi-bin/template.c +++ b/cgi-bin/template.c @@ -307,9 +307,9 @@ cgi_copy(FILE *out, /* I - Output file */ */ if (name[1]) - sprintf(outval, "%d", cgiGetSize(name + 1)); + snprintf(outval, sizeof(outval), "%d", cgiGetSize(name + 1)); else - sprintf(outval, "%d", element + 1); + snprintf(outval, sizeof(outval), "%d", element + 1); outptr = outval; } @@ -457,7 +457,7 @@ cgi_copy(FILE *out, /* I - Output file */ continue; else if (ch == '#') { - sprintf(s, "%d", element + 1); + snprintf(s, sizeof(compare) - (size_t)(s - compare), "%d", element + 1); s += strlen(s); } else if (ch == '{') @@ -473,7 +473,7 @@ cgi_copy(FILE *out, /* I - Output file */ *innerptr = '\0'; if (innername[0] == '#') - sprintf(s, "%d", cgiGetSize(innername + 1)); + snprintf(s, sizeof(compare) - (size_t)(s - compare), "%d", cgiGetSize(innername + 1)); else if ((innerptr = strrchr(innername, '-')) != NULL && isdigit(innerptr[1] & 255)) { diff --git a/cups/ipp-support.c b/cups/ipp-support.c index bfb9dff09..d9e900649 100644 --- a/cups/ipp-support.c +++ b/cups/ipp-support.c @@ -2262,7 +2262,7 @@ ippErrorString(ipp_status_t error) /* I - Error status */ * No, build an "0xxxxx" error string... */ - sprintf(cg->ipp_unknown, "0x%04x", error); + snprintf(cg->ipp_unknown, sizeof(cg->ipp_unknown), "0x%04x", error); return (cg->ipp_unknown); } @@ -2339,7 +2339,7 @@ ippOpString(ipp_op_t op) /* I - Operation ID */ * No, build an "0xxxxx" operation string... */ - sprintf(cg->ipp_unknown, "0x%04x", op); + snprintf(cg->ipp_unknown, sizeof(cg->ipp_unknown), "0x%04x", op); return (cg->ipp_unknown); } diff --git a/cups/ppd-mark.c b/cups/ppd-mark.c index 7ec0df473..25797b376 100644 --- a/cups/ppd-mark.c +++ b/cups/ppd-mark.c @@ -307,7 +307,7 @@ cupsMarkOptions( * Look it up in the PPD file... */ - sprintf(s, "%d", j); + snprintf(s, sizeof(s), "%d", j); if ((attr = ppdFindAttr(ppd, "cupsIPPFinishings", s)) == NULL) continue; diff --git a/cups/snprintf.c b/cups/snprintf.c index 49652e2c4..a4d17b5be 100644 --- a/cups/snprintf.c +++ b/cups/snprintf.c @@ -171,7 +171,7 @@ _cups_vsnprintf(char *buffer, /* O - Output buffer */ if ((width + 2) > sizeof(temp)) break; - sprintf(temp, tformat, va_arg(ap, double)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, double)); templen = strlen(temp); bytes += (int)templen; @@ -202,7 +202,7 @@ _cups_vsnprintf(char *buffer, /* O - Output buffer */ if ((width + 2) > sizeof(temp)) break; - sprintf(temp, tformat, va_arg(ap, int)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, int)); templen = strlen(temp); bytes += (int)templen; @@ -226,7 +226,7 @@ _cups_vsnprintf(char *buffer, /* O - Output buffer */ if ((width + 2) > sizeof(temp)) break; - sprintf(temp, tformat, va_arg(ap, void *)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *)); templen = strlen(temp); bytes += (int)templen; diff --git a/locale/checkpo.c b/locale/checkpo.c index 7a644f548..2e926d3d4 100644 --- a/locale/checkpo.c +++ b/locale/checkpo.c @@ -321,7 +321,7 @@ abbreviate(const char *s, /* I - String to abbreviate */ if (bufsize < 4) break; - sprintf(bufptr, "\\%03o", *s); + snprintf(bufptr, bufsize, "\\%03o", *s); bufptr += 4; bufsize -= 4; } diff --git a/scheduler/client.c b/scheduler/client.c index c2ee8f12a..621394436 100644 --- a/scheduler/client.c +++ b/scheduler/client.c @@ -3471,8 +3471,7 @@ pipe_command(cupsd_client_t *con, /* I - Client connection */ } else { - sprintf(content_length, "CONTENT_LENGTH=" CUPS_LLFMT, - CUPS_LLCAST con->bytes); + snprintf(content_length, sizeof(content_length), "CONTENT_LENGTH=" CUPS_LLFMT, CUPS_LLCAST con->bytes); snprintf(content_type, sizeof(content_type), "CONTENT_TYPE=%s", httpGetField(con->http, HTTP_FIELD_CONTENT_TYPE)); diff --git a/scheduler/conf.c b/scheduler/conf.c index bb6049b2c..a1ef7230d 100644 --- a/scheduler/conf.c +++ b/scheduler/conf.c @@ -1742,7 +1742,7 @@ get_address(const char *value, /* I - Value string */ * Use the default port... */ - sprintf(defpname, "%d", defport); + snprintf(defpname, sizeof(defpname), "%d", defport); portname = defpname; hostname = buffer; } diff --git a/scheduler/cups-lpd.c b/scheduler/cups-lpd.c index 0da3d0c06..7b1dc4834 100644 --- a/scheduler/cups-lpd.c +++ b/scheduler/cups-lpd.c @@ -1268,7 +1268,7 @@ remove_jobs(const char *dest, /* I - Destination */ request = ippNewRequest(IPP_OP_CANCEL_JOB); - sprintf(uri, "ipp://localhost/jobs/%d", id); + snprintf(uri, sizeof(uri), "ipp://localhost/jobs/%d", id); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, diff --git a/scheduler/ipp.c b/scheduler/ipp.c index 2fe3bf25c..0c44d7d4a 100644 --- a/scheduler/ipp.c +++ b/scheduler/ipp.c @@ -10866,17 +10866,13 @@ set_printer_defaults( case IPP_TAG_INTEGER : case IPP_TAG_ENUM : - sprintf(value, "%d", attr->values[0].integer); - printer->num_options = cupsAddOption(name, value, - printer->num_options, - &(printer->options)); + printer->num_options = cupsAddIntegerOption(name, attr->values[0].integer, printer->num_options, &(printer->options)); cupsdLogMessage(CUPSD_LOG_DEBUG, "Setting %s to %s...", attr->name, value); break; case IPP_TAG_RANGE : - sprintf(value, "%d-%d", attr->values[0].range.lower, - attr->values[0].range.upper); + snprintf(value, sizeof(value), "%d-%d", attr->values[0].range.lower, attr->values[0].range.upper); printer->num_options = cupsAddOption(name, value, printer->num_options, &(printer->options)); @@ -10885,10 +10881,7 @@ set_printer_defaults( break; case IPP_TAG_RESOLUTION : - sprintf(value, "%dx%d%s", attr->values[0].resolution.xres, - attr->values[0].resolution.yres, - attr->values[0].resolution.units == IPP_RES_PER_INCH ? - "dpi" : "dpcm"); + snprintf(value, sizeof(value), "%dx%d%s", attr->values[0].resolution.xres, attr->values[0].resolution.yres, attr->values[0].resolution.units == IPP_RES_PER_INCH ? "dpi" : "dpcm"); printer->num_options = cupsAddOption(name, value, printer->num_options, &(printer->options)); diff --git a/scheduler/job.c b/scheduler/job.c index e20e7c563..17b341834 100644 --- a/scheduler/job.c +++ b/scheduler/job.c @@ -893,7 +893,7 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */ goto abort_job; } - sprintf(jobid, "%d", job->id); + snprintf(jobid, sizeof(jobid), "%d", job->id); argv[0] = job->printer->name; argv[1] = jobid; diff --git a/systemv/cancel.c b/systemv/cancel.c index c85a86e0c..bcd638cc4 100644 --- a/systemv/cancel.c +++ b/systemv/cancel.c @@ -274,7 +274,7 @@ main(int argc, /* I - Number of command-line arguments */ } else { - sprintf(uri, "ipp://localhost/jobs/%d", job_id); + snprintf(uri, sizeof(uri), "ipp://localhost/jobs/%d", job_id); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); } diff --git a/systemv/lp.c b/systemv/lp.c index d918b4b14..fd818a56d 100644 --- a/systemv/lp.c +++ b/systemv/lp.c @@ -286,9 +286,7 @@ main(int argc, /* I - Number of command-line arguments */ return (1); } - sprintf(buffer, "%d", num_copies); - num_options = cupsAddOption("copies", buffer, num_options, - &options); + num_options = cupsAddIntegerOption("copies", num_copies, num_options, &options); break; case 'o' : /* Option */ @@ -348,9 +346,7 @@ main(int argc, /* I - Number of command-line arguments */ return (1); } - sprintf(buffer, "%d", priority); - num_options = cupsAddOption("job-priority", buffer, num_options, - &options); + num_options = cupsAddIntegerOption("job-priority", priority, num_options, &options); break; case 's' : /* Silent */ @@ -666,7 +662,7 @@ restart_job(const char *command, /* I - Command name */ request = ippNewRequest(IPP_RESTART_JOB); - sprintf(uri, "ipp://localhost/jobs/%d", job_id); + snprintf(uri, sizeof(uri), "ipp://localhost/jobs/%d", job_id); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); @@ -714,7 +710,7 @@ set_job_attrs( request = ippNewRequest(IPP_SET_JOB_ATTRIBUTES); - sprintf(uri, "ipp://localhost/jobs/%d", job_id); + snprintf(uri, sizeof(uri), "ipp://localhost/jobs/%d", job_id); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); diff --git a/tools/ippeveprinter.c b/tools/ippeveprinter.c index 5467c13b5..7a71f0c62 100644 --- a/tools/ippeveprinter.c +++ b/tools/ippeveprinter.c @@ -3069,7 +3069,7 @@ html_printf(ippeve_client_t *client, /* I - Client */ if ((size_t)(width + 2) > sizeof(temp)) break; - sprintf(temp, tformat, va_arg(ap, double)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, double)); httpWrite2(client->http, temp, strlen(temp)); break; @@ -3087,13 +3087,13 @@ html_printf(ippeve_client_t *client, /* I - Client */ # ifdef HAVE_LONG_LONG if (size == 'L') - sprintf(temp, tformat, va_arg(ap, long long)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, long long)); else # endif /* HAVE_LONG_LONG */ if (size == 'l') - sprintf(temp, tformat, va_arg(ap, long)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, long)); else - sprintf(temp, tformat, va_arg(ap, int)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, int)); httpWrite2(client->http, temp, strlen(temp)); break; @@ -3102,7 +3102,7 @@ html_printf(ippeve_client_t *client, /* I - Client */ if ((size_t)(width + 2) > sizeof(temp)) break; - sprintf(temp, tformat, va_arg(ap, void *)); + snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *)); httpWrite2(client->http, temp, strlen(temp)); break; |