Fix more sprintf calls.

diff --git a/cde/lib/csa/convert4-5.c b/cde/lib/csa/convert4-5.c
index 27a08bf816e2ab842b407444e896304d94c7b616..dfca086dbf5887e4906417faee2e29ec558b31a8 100644 (file)
--- a/cde/lib/csa/convert4-5.c
+++ b/cde/lib/csa/convert4-5.c
@@ -144,12 +144,12 @@ _DtCm_appt4_to_attrs(
                ptr2 = (ptr1 ? strchr(ptr1, '.') : NULL);
 
                if (ptr1) {
-                       sprintf(buf, "%d:%s%s%s", a4->appt_id.key, calname,
+                       snprintf(buf, sizeof buf, "%d:%s%s%s", a4->appt_id.key, calname,
                                (ptr2 == NULL ? "." : ""),
                                (ptr2 == NULL ? _DtCmGetLocalDomain(ptr1+1) :
                                ""));
                } else {
-                       sprintf(buf, "%d:%s@%s", a4->appt_id.key, calname,
+                       snprintf(buf, sizeof buf, "%d:%s@%s", a4->appt_id.key, calname,
                                _DtCmGetHostAtDomain());
                }
                opq.size = strlen(buf);
@@ -450,43 +450,44 @@ _RepeatInfoToRule(Appt_4 *a4, cms_attribute_value **attrval)
 
        switch (a4->period.period) {
        case daily_4:
-               sprintf(buf, "D1 #%d ", duration);
+               snprintf(buf, sizeof buf, "D1 #%d ", duration);
                break;
        case weekly_4:
-               sprintf(buf, "W1 #%d ", duration);
+               snprintf(buf, sizeof buf, "W1 #%d ", duration);
                break;
        case biweekly_4:
-               sprintf(buf, "W2 #%d ", duration);
+               snprintf(buf, sizeof buf, "W2 #%d ", duration);
                break;
        case monthly_4:
-               sprintf(buf, "MD1 #%d ", duration);
+               snprintf(buf, sizeof buf, "MD1 #%d ", duration);
                break;
        case yearly_4:
-               sprintf(buf, "YM1 #%d ", duration);
+               snprintf(buf, sizeof buf, "YM1 #%d ", duration);
                break;
        case nthWeekday_4:
-               sprintf(buf, "MP1 #%d ", duration);
+               snprintf(buf, sizeof buf, "MP1 #%d ", duration);
                break;
        case everyNthDay_4:
-               sprintf(buf, "D%d #%d ", a4->period.nth, duration);
+               snprintf(buf, sizeof buf, "D%d #%d ", a4->period.nth, duration);
                break;
        case everyNthWeek_4:
-               sprintf(buf, "W%d #%d ", a4->period.nth, duration);
+               snprintf(buf, sizeof buf, "W%d #%d ", a4->period.nth, duration);
                break;
        case everyNthMonth_4:
-               sprintf(buf, "MD%d #%d ", a4->period.nth, duration);
+               snprintf(buf, sizeof buf, "MD%d #%d ", a4->period.nth, duration);
                break;
        case monThruFri_4:
-               sprintf(buf, "W1 MO TU WE TH FR #%d ", duration);
+               snprintf(buf, sizeof buf, "W1 MO TU WE TH FR #%d ", duration);
                break;
        case monWedFri_4:
-               sprintf(buf, "W1 MO WE FR #%d ", duration);
+               snprintf(buf, sizeof buf, "W1 MO WE FR #%d ", duration);
                break;
        case tueThur_4:
-               sprintf(buf, "W1 TU TH #%d ", duration);
+               snprintf(buf, sizeof buf, "W1 TU TH #%d ", duration);
                break;
        case daysOfWeek_4:
-               sprintf(buf, "W1 #%d ", duration);
+               snprintf(buf, sizeof buf, "W1 #%d ", duration);
+               /* XXX strcat is unsafe here */
                if (a4->period.nth & 0x1) strcat(buf, "SU ");
                if (a4->period.nth & 0x2) strcat(buf, "MO ");
                if (a4->period.nth & 0x4) strcat(buf, "TU ");

diff --git a/cde/lib/csa/iso8601.c b/cde/lib/csa/iso8601.c
index 5893f33ff2c563eb7951daa2c64f00e2694723f0..ef7a55cce2edc1d6263b6447c8e71460a8b21248 100644 (file)
--- a/cde/lib/csa/iso8601.c
+++ b/cde/lib/csa/iso8601.c
@@ -44,7 +44,7 @@ set_timezone(char *tzname)
         if (tzname==NULL)
                system("unset TZ\n");
         else {
-                sprintf(tzenv, "TZ=%s", tzname);
+                snprintf(tzenv, sizeof tzenv, "TZ=%s", tzname);
                 (void) putenv(tzenv);
                 tzset();
         }

diff --git a/cde/lib/csa/laccess.c b/cde/lib/csa/laccess.c
index 2aea1a6117b21686dbf4a42fcdbe00734760aedb..631f38d96341cf299c74b51f37be25ed0ec911be 100644 (file)
--- a/cde/lib/csa/laccess.c
+++ b/cde/lib/csa/laccess.c
@@ -124,7 +124,7 @@ _DtCmIsSameUser(char *user1, char *user2)
        /* assume user2=user@host[.domain] */
        if (str1 == NULL) {
                str1 = strchr(user1, '@');
-               sprintf(buf, "%s.%s", ++str1, domain);
+               snprintf(buf, sizeof buf, "%s.%s", ++str1, domain);
                str1 = buf;
        } else {
                str1 = strchr(user1, '@');

diff --git a/cde/lib/csa/lutil.c b/cde/lib/csa/lutil.c
index 78a9edc8fa6b64c300e2029dd15049a6db9105d0..2794832315d5c7586e52ba5673e0a2ef5eb7a420 100644 (file)
--- a/cde/lib/csa/lutil.c
+++ b/cde/lib/csa/lutil.c
@@ -115,7 +115,7 @@ _DtCmGetLocalDomain(char *hostname)
                ptr = domain;
                if (hostname == NULL) hostname = _DtCmGetLocalHost();
                while (1) {
-                       sprintf(buf, "%s.%s", hostname, ptr);
+                       snprintf(buf, sizeof buf, "%s.%s", hostname, ptr);
                        if ((cl = clnt_create(buf, 100068, 5, "udp")) == NULL) {
                                ptr = strchr(ptr, '.');
                                if (ptr)
@@ -145,9 +145,10 @@ _DtCmGetHostAtDomain()
 
                host = _DtCmGetLocalHost();
                if (strchr(host, '.') == NULL)
-                       sprintf(hostname, "%s.%s", host,
+                       snprintf(hostname, BUFSIZ, "%s.%s", host,
                                _DtCmGetLocalDomain(host));
                else
+                       /* XXX strcpy unsafe here */
                        strcpy(hostname, host);
        }
 

diff --git a/cde/lib/csa/rpccalls.c b/cde/lib/csa/rpccalls.c
index a23d067b124b8339b29f8698cbbe9c3f491ce902..30ac82e814c417213fdf9e27a209cc548a8bb95b 100644 (file)
--- a/cde/lib/csa/rpccalls.c
+++ b/cde/lib/csa/rpccalls.c
@@ -1451,7 +1451,7 @@ _GetV4UserAccess(Calendar *cal, cms_access_entry *alist)
                return (CSA_SUCCESS);
        }
 
-       sprintf(buf, "%s@%s", user, localhost);
+       snprintf(buf, sizeof buf, "%s@%s", user, localhost);
        for (; alist != NULL; alist = alist->next) {
                if (strcasecmp(alist->user, "world") == 0)
                        worldaccess = alist->rights;