From 1d935059fbc8197654210d92d48b83cfa75ee18e Mon Sep 17 00:00:00 2001
From: Marc Balmer <marc@msys.ch>
Date: Thu, 9 Aug 2012 07:38:39 +0200
Subject: [PATCH] Fix more sprintf calls.

---
 cde/lib/csa/convert4-5.c | 31 ++++++++++++++++---------------
 cde/lib/csa/iso8601.c    |  2 +-
 cde/lib/csa/laccess.c    |  2 +-
 cde/lib/csa/lutil.c      |  5 +++--
 cde/lib/csa/rpccalls.c   |  2 +-
 5 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/cde/lib/csa/convert4-5.c b/cde/lib/csa/convert4-5.c
index 27a08bf8..dfca086d 100644
--- a/cde/lib/csa/convert4-5.c
+++ b/cde/lib/csa/convert4-5.c
@@ -144,12 +144,12 @@ _DtCm_appt4_to_attrs(
 		ptr2 = (ptr1 ? strchr(ptr1, '.') : NULL);
 
 		if (ptr1) {
-			sprintf(buf, "%d:%s%s%s", a4->appt_id.key, calname,
+			snprintf(buf, sizeof buf, "%d:%s%s%s", a4->appt_id.key, calname,
 				(ptr2 == NULL ? "." : ""),
 				(ptr2 == NULL ? _DtCmGetLocalDomain(ptr1+1) :
 				""));
 		} else {
-			sprintf(buf, "%d:%s@%s", a4->appt_id.key, calname,
+			snprintf(buf, sizeof buf, "%d:%s@%s", a4->appt_id.key, calname,
 				_DtCmGetHostAtDomain());
 		}
 		opq.size = strlen(buf);
@@ -450,43 +450,44 @@ _RepeatInfoToRule(Appt_4 *a4, cms_attribute_value **attrval)
 
 	switch (a4->period.period) {
 	case daily_4:
-		sprintf(buf, "D1 #%d ", duration);
+		snprintf(buf, sizeof buf, "D1 #%d ", duration);
 		break;
 	case weekly_4:
-		sprintf(buf, "W1 #%d ", duration);
+		snprintf(buf, sizeof buf, "W1 #%d ", duration);
 		break;
 	case biweekly_4:
-		sprintf(buf, "W2 #%d ", duration);
+		snprintf(buf, sizeof buf, "W2 #%d ", duration);
 		break;
 	case monthly_4:
-		sprintf(buf, "MD1 #%d ", duration);
+		snprintf(buf, sizeof buf, "MD1 #%d ", duration);
 		break;
 	case yearly_4:
-		sprintf(buf, "YM1 #%d ", duration);
+		snprintf(buf, sizeof buf, "YM1 #%d ", duration);
 		break;
 	case nthWeekday_4:
-		sprintf(buf, "MP1 #%d ", duration);
+		snprintf(buf, sizeof buf, "MP1 #%d ", duration);
 		break;
 	case everyNthDay_4:
-		sprintf(buf, "D%d #%d ", a4->period.nth, duration);
+		snprintf(buf, sizeof buf, "D%d #%d ", a4->period.nth, duration);
 		break;
 	case everyNthWeek_4:
-		sprintf(buf, "W%d #%d ", a4->period.nth, duration);
+		snprintf(buf, sizeof buf, "W%d #%d ", a4->period.nth, duration);
 		break;
 	case everyNthMonth_4:
-		sprintf(buf, "MD%d #%d ", a4->period.nth, duration);
+		snprintf(buf, sizeof buf, "MD%d #%d ", a4->period.nth, duration);
 		break;
 	case monThruFri_4:
-		sprintf(buf, "W1 MO TU WE TH FR #%d ", duration);
+		snprintf(buf, sizeof buf, "W1 MO TU WE TH FR #%d ", duration);
 		break;
 	case monWedFri_4:
-		sprintf(buf, "W1 MO WE FR #%d ", duration);
+		snprintf(buf, sizeof buf, "W1 MO WE FR #%d ", duration);
 		break;
 	case tueThur_4:
-		sprintf(buf, "W1 TU TH #%d ", duration);
+		snprintf(buf, sizeof buf, "W1 TU TH #%d ", duration);
 		break;
 	case daysOfWeek_4:
-		sprintf(buf, "W1 #%d ", duration);
+		snprintf(buf, sizeof buf, "W1 #%d ", duration);
+		/* XXX strcat is unsafe here */
 		if (a4->period.nth & 0x1) strcat(buf, "SU ");
 		if (a4->period.nth & 0x2) strcat(buf, "MO ");
 		if (a4->period.nth & 0x4) strcat(buf, "TU ");
diff --git a/cde/lib/csa/iso8601.c b/cde/lib/csa/iso8601.c
index 5893f33f..ef7a55cc 100644
--- a/cde/lib/csa/iso8601.c
+++ b/cde/lib/csa/iso8601.c
@@ -44,7 +44,7 @@ set_timezone(char *tzname)
         if (tzname==NULL)
 		system("unset TZ\n");
         else {
-                sprintf(tzenv, "TZ=%s", tzname);
+                snprintf(tzenv, sizeof tzenv, "TZ=%s", tzname);
                 (void) putenv(tzenv);
                 tzset();
         }
diff --git a/cde/lib/csa/laccess.c b/cde/lib/csa/laccess.c
index 2aea1a61..631f38d9 100644
--- a/cde/lib/csa/laccess.c
+++ b/cde/lib/csa/laccess.c
@@ -124,7 +124,7 @@ _DtCmIsSameUser(char *user1, char *user2)
 	/* assume user2=user@host[.domain] */
 	if (str1 == NULL) {
 		str1 = strchr(user1, '@');
-		sprintf(buf, "%s.%s", ++str1, domain);
+		snprintf(buf, sizeof buf, "%s.%s", ++str1, domain);
 		str1 = buf;
 	} else {
 		str1 = strchr(user1, '@');
diff --git a/cde/lib/csa/lutil.c b/cde/lib/csa/lutil.c
index 78a9edc8..27948323 100644
--- a/cde/lib/csa/lutil.c
+++ b/cde/lib/csa/lutil.c
@@ -115,7 +115,7 @@ _DtCmGetLocalDomain(char *hostname)
 		ptr = domain;
 		if (hostname == NULL) hostname = _DtCmGetLocalHost();
 		while (1) {
-			sprintf(buf, "%s.%s", hostname, ptr);
+			snprintf(buf, sizeof buf, "%s.%s", hostname, ptr);
 			if ((cl = clnt_create(buf, 100068, 5, "udp")) == NULL) {
 				ptr = strchr(ptr, '.');
 				if (ptr)
@@ -145,9 +145,10 @@ _DtCmGetHostAtDomain()
 
 		host = _DtCmGetLocalHost();
 		if (strchr(host, '.') == NULL)
-			sprintf(hostname, "%s.%s", host,
+			snprintf(hostname, BUFSIZ, "%s.%s", host,
 				_DtCmGetLocalDomain(host));
 		else
+			/* XXX strcpy unsafe here */
 			strcpy(hostname, host);
 	}
 
diff --git a/cde/lib/csa/rpccalls.c b/cde/lib/csa/rpccalls.c
index a23d067b..30ac82e8 100644
--- a/cde/lib/csa/rpccalls.c
+++ b/cde/lib/csa/rpccalls.c
@@ -1451,7 +1451,7 @@ _GetV4UserAccess(Calendar *cal, cms_access_entry *alist)
 		return (CSA_SUCCESS);
 	}
 
-	sprintf(buf, "%s@%s", user, localhost);
+	snprintf(buf, sizeof buf, "%s@%s", user, localhost);
 	for (; alist != NULL; alist = alist->next) {
 		if (strcasecmp(alist->user, "world") == 0)
 			worldaccess = alist->rights;
-- 
2.25.1