Updated conserver/cutil.c and conserver/group.c to use snprintf( ) vi… #92
Conversation
…ce sprintf( ) to prevent buffer overflows. Signed-off-by: Anthony Gialluca <agialluc@redhat.com>
conserver/cutil.c
Outdated
| { | ||
| char buf[1024]; | ||
| sprintf(buf, "CONSFILE-%s-%lu-%d.w", progname, | ||
| snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname, |
There was a problem hiding this comment.
| snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname, | |
| snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.w", progname, |
But if things are crashing here, we know that buf isn't large enough. Given what is written here (and below), that seems unlikely? Probably something else is going on.
There was a problem hiding this comment.
This is an excellent recommendation. It makes it much cleaner. With respect to what size buf should be, I am open to what is recommended.
conserver/group.c
Outdated
| return telopts[o]; | ||
| else { | ||
| sprintf(opt, "%d", o); | ||
| snprintf(opt, 128, "%d", o); |
There was a problem hiding this comment.
| snprintf(opt, 128, "%d", o); | |
| snprintf(opt, sizeof(opt), "%d", o); |
There was a problem hiding this comment.
Again I very much agree with what you are doing, this is an excellent recommendation.
….c with recommended code change. Signed-off-by: Anthony Gialluca <agialluc@redhat.com>
|
I should note, for the record, this may not be the root cause, but is just my suspicion. Regardless, I do think snprintf( ) calls are an improvement. |
robohack
left a comment
robohack
left a comment
There was a problem hiding this comment.
I don't think these changes will solve any crash -- in cutil.c they are in debug code and anyway the supplied buffer should always be much bigger than any possible expansion of the format string; and in group.c an integer will never be printed as more than 127 decimal digits (unless ints are 420 bits or more).
|
I was a beautiful theory while it lasted. Please feel free to abandon this merge as necessary. |
3 participants
Updated conserver/cutil.c and conserver/group.c to use snprintf( ) vice sprintf( ) to prevent buffer overflows.
This code change should be carefully checked. I am not normally a coder.