diff options
Diffstat (limited to 'slirp')
-rw-r--r-- | slirp/misc.c | 5 | ||||
-rw-r--r-- | slirp/slirp.c | 2 | ||||
-rw-r--r-- | slirp/tcp_subr.c | 44 | ||||
-rw-r--r-- | slirp/tftp.c | 7 |
4 files changed, 34 insertions, 24 deletions
diff --git a/slirp/misc.c b/slirp/misc.c index 337f8a8574..032a1f7b1f 100644 --- a/slirp/misc.c +++ b/slirp/misc.c @@ -417,8 +417,9 @@ fork_exec(struct socket *so, const char *ex, int do_pty) { char buff[256]; - sprintf(buff, "Error: execvp of %s failed: %s\n", - argv[0], strerror(errno)); + snprintf(buff, sizeof(buff), + "Error: execvp of %s failed: %s\n", + argv[0], strerror(errno)); write(2, buff, strlen(buff)+1); } close(0); close(1); close(2); /* XXX */ diff --git a/slirp/slirp.c b/slirp/slirp.c index 158fd7dbd6..a975b3e359 100644 --- a/slirp/slirp.c +++ b/slirp/slirp.c @@ -84,7 +84,7 @@ static int get_dns_addr(struct in_addr *pdns_addr) static int get_dns_addr(struct in_addr *pdns_addr) { char buff[512]; - char buff2[256]; + char buff2[257]; FILE *f; int found = 0; struct in_addr tmp_addr; diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c index ba1296d4bb..ec423b763a 100644 --- a/slirp/tcp_subr.c +++ b/slirp/tcp_subr.c @@ -629,7 +629,7 @@ tcp_emu(so, m) struct mbuf *m; { u_int n1, n2, n3, n4, n5, n6; - char buff[256]; + char buff[257]; u_int32_t laddr; u_int lport; char *bptr; @@ -673,7 +673,9 @@ tcp_emu(so, m) } } } - so_rcv->sb_cc = sprintf(so_rcv->sb_data, "%d,%d\r\n", n1, n2); + so_rcv->sb_cc = snprintf(so_rcv->sb_data, + so_rcv->sb_datalen, + "%d,%d\r\n", n1, n2); so_rcv->sb_rptr = so_rcv->sb_data; so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc; } @@ -1007,8 +1009,9 @@ do_prompt: n4 = (laddr & 0xff); m->m_len = bptr - m->m_data; /* Adjust length */ - m->m_len += sprintf(bptr,"ORT %d,%d,%d,%d,%d,%d\r\n%s", - n1, n2, n3, n4, n5, n6, x==7?buff:""); + m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len, + "ORT %d,%d,%d,%d,%d,%d\r\n%s", + n1, n2, n3, n4, n5, n6, x==7?buff:""); return 1; } else if ((bptr = (char *)strstr(m->m_data, "27 Entering")) != NULL) { /* @@ -1038,8 +1041,9 @@ do_prompt: n4 = (laddr & 0xff); m->m_len = bptr - m->m_data; /* Adjust length */ - m->m_len += sprintf(bptr,"27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s", - n1, n2, n3, n4, n5, n6, x==7?buff:""); + m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len, + "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s", + n1, n2, n3, n4, n5, n6, x==7?buff:""); return 1; } @@ -1062,7 +1066,8 @@ do_prompt: } if (m->m_data[m->m_len-1] == '\0' && lport != 0 && (so = solisten(0, so->so_laddr.s_addr, htons(lport), SS_FACCEPTONCE)) != NULL) - m->m_len = sprintf(m->m_data, "%d", ntohs(so->so_fport))+1; + m->m_len = snprintf(m->m_data, m->m_hdr.mh_size, "%d", + ntohs(so->so_fport)) + 1; return 1; case EMU_IRC: @@ -1079,25 +1084,28 @@ do_prompt: return 1; m->m_len = bptr - m->m_data; /* Adjust length */ - m->m_len += sprintf(bptr, "DCC CHAT chat %lu %u%c\n", - (unsigned long)ntohl(so->so_faddr.s_addr), - ntohs(so->so_fport), 1); + m->m_len += snprintf(bptr, m->m_hdr.mh_size, + "DCC CHAT chat %lu %u%c\n", + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), 1); } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) { if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL) return 1; m->m_len = bptr - m->m_data; /* Adjust length */ - m->m_len += sprintf(bptr, "DCC SEND %s %lu %u %u%c\n", - buff, (unsigned long)ntohl(so->so_faddr.s_addr), - ntohs(so->so_fport), n1, 1); + m->m_len += snprintf(bptr, m->m_hdr.mh_size, + "DCC SEND %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) { if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL) return 1; m->m_len = bptr - m->m_data; /* Adjust length */ - m->m_len += sprintf(bptr, "DCC MOVE %s %lu %u %u%c\n", - buff, (unsigned long)ntohl(so->so_faddr.s_addr), - ntohs(so->so_fport), n1, 1); + m->m_len += snprintf(bptr, m->m_hdr.mh_size, + "DCC MOVE %s %lu %u %u%c\n", buff, + (unsigned long)ntohl(so->so_faddr.s_addr), + ntohs(so->so_fport), n1, 1); } return 1; @@ -1285,8 +1293,8 @@ tcp_ctl(so) /* FALLTHROUGH */ case CTL_ALIAS: - sb->sb_cc = sprintf(sb->sb_wptr, - "Error: No application configured.\r\n"); + sb->sb_cc = snprintf(sb->sb_wptr, sb->sb_datalen - (sb->sb_wptr - sb->sb_data), + "Error: No application configured.\r\n"); sb->sb_wptr += sb->sb_cc; return(0); diff --git a/slirp/tftp.c b/slirp/tftp.c index 562ae8953d..8c0126866a 100644 --- a/slirp/tftp.c +++ b/slirp/tftp.c @@ -23,6 +23,7 @@ */ #include <slirp.h> +#include "qemu-common.h" // for pstrcpy struct tftp_session { int in_use; @@ -148,8 +149,8 @@ static int tftp_send_oack(struct tftp_session *spt, m->m_data += sizeof(struct udpiphdr); tp->tp_op = htons(TFTP_OACK); - n += sprintf(tp->x.tp_buf + n, "%s", key) + 1; - n += sprintf(tp->x.tp_buf + n, "%u", value) + 1; + n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", key) + 1; + n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", value) + 1; saddr.sin_addr = recv_tp->ip.ip_dst; saddr.sin_port = recv_tp->udp.uh_dport; @@ -189,7 +190,7 @@ static int tftp_send_error(struct tftp_session *spt, tp->tp_op = htons(TFTP_ERROR); tp->x.tp_error.tp_error_code = htons(errorcode); - strcpy(tp->x.tp_error.tp_msg, msg); + pstrcpy(tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg); saddr.sin_addr = recv_tp->ip.ip_dst; saddr.sin_port = recv_tp->udp.uh_dport; |