aboutsummaryrefslogtreecommitdiff
path: root/slirp
diff options
context:
space:
mode:
Diffstat (limited to 'slirp')
-rw-r--r--slirp/misc.c5
-rw-r--r--slirp/slirp.c2
-rw-r--r--slirp/tcp_subr.c44
-rw-r--r--slirp/tftp.c7
4 files changed, 34 insertions, 24 deletions
diff --git a/slirp/misc.c b/slirp/misc.c
index 337f8a8574..032a1f7b1f 100644
--- a/slirp/misc.c
+++ b/slirp/misc.c
@@ -417,8 +417,9 @@ fork_exec(struct socket *so, const char *ex, int do_pty)
{
char buff[256];
- sprintf(buff, "Error: execvp of %s failed: %s\n",
- argv[0], strerror(errno));
+ snprintf(buff, sizeof(buff),
+ "Error: execvp of %s failed: %s\n",
+ argv[0], strerror(errno));
write(2, buff, strlen(buff)+1);
}
close(0); close(1); close(2); /* XXX */
diff --git a/slirp/slirp.c b/slirp/slirp.c
index 158fd7dbd6..a975b3e359 100644
--- a/slirp/slirp.c
+++ b/slirp/slirp.c
@@ -84,7 +84,7 @@ static int get_dns_addr(struct in_addr *pdns_addr)
static int get_dns_addr(struct in_addr *pdns_addr)
{
char buff[512];
- char buff2[256];
+ char buff2[257];
FILE *f;
int found = 0;
struct in_addr tmp_addr;
diff --git a/slirp/tcp_subr.c b/slirp/tcp_subr.c
index ba1296d4bb..ec423b763a 100644
--- a/slirp/tcp_subr.c
+++ b/slirp/tcp_subr.c
@@ -629,7 +629,7 @@ tcp_emu(so, m)
struct mbuf *m;
{
u_int n1, n2, n3, n4, n5, n6;
- char buff[256];
+ char buff[257];
u_int32_t laddr;
u_int lport;
char *bptr;
@@ -673,7 +673,9 @@ tcp_emu(so, m)
}
}
}
- so_rcv->sb_cc = sprintf(so_rcv->sb_data, "%d,%d\r\n", n1, n2);
+ so_rcv->sb_cc = snprintf(so_rcv->sb_data,
+ so_rcv->sb_datalen,
+ "%d,%d\r\n", n1, n2);
so_rcv->sb_rptr = so_rcv->sb_data;
so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
}
@@ -1007,8 +1009,9 @@ do_prompt:
n4 = (laddr & 0xff);
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr,"ORT %d,%d,%d,%d,%d,%d\r\n%s",
- n1, n2, n3, n4, n5, n6, x==7?buff:"");
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
+ "ORT %d,%d,%d,%d,%d,%d\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
return 1;
} else if ((bptr = (char *)strstr(m->m_data, "27 Entering")) != NULL) {
/*
@@ -1038,8 +1041,9 @@ do_prompt:
n4 = (laddr & 0xff);
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr,"27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
- n1, n2, n3, n4, n5, n6, x==7?buff:"");
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
+ "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
return 1;
}
@@ -1062,7 +1066,8 @@ do_prompt:
}
if (m->m_data[m->m_len-1] == '\0' && lport != 0 &&
(so = solisten(0, so->so_laddr.s_addr, htons(lport), SS_FACCEPTONCE)) != NULL)
- m->m_len = sprintf(m->m_data, "%d", ntohs(so->so_fport))+1;
+ m->m_len = snprintf(m->m_data, m->m_hdr.mh_size, "%d",
+ ntohs(so->so_fport)) + 1;
return 1;
case EMU_IRC:
@@ -1079,25 +1084,28 @@ do_prompt:
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC CHAT chat %lu %u%c\n",
- (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC CHAT chat %lu %u%c\n",
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), 1);
} else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC SEND %s %lu %u %u%c\n",
- buff, (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), n1, 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC SEND %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
} else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC MOVE %s %lu %u %u%c\n",
- buff, (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), n1, 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC MOVE %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
}
return 1;
@@ -1285,8 +1293,8 @@ tcp_ctl(so)
/* FALLTHROUGH */
case CTL_ALIAS:
- sb->sb_cc = sprintf(sb->sb_wptr,
- "Error: No application configured.\r\n");
+ sb->sb_cc = snprintf(sb->sb_wptr, sb->sb_datalen - (sb->sb_wptr - sb->sb_data),
+ "Error: No application configured.\r\n");
sb->sb_wptr += sb->sb_cc;
return(0);
diff --git a/slirp/tftp.c b/slirp/tftp.c
index 562ae8953d..8c0126866a 100644
--- a/slirp/tftp.c
+++ b/slirp/tftp.c
@@ -23,6 +23,7 @@
*/
#include <slirp.h>
+#include "qemu-common.h" // for pstrcpy
struct tftp_session {
int in_use;
@@ -148,8 +149,8 @@ static int tftp_send_oack(struct tftp_session *spt,
m->m_data += sizeof(struct udpiphdr);
tp->tp_op = htons(TFTP_OACK);
- n += sprintf(tp->x.tp_buf + n, "%s", key) + 1;
- n += sprintf(tp->x.tp_buf + n, "%u", value) + 1;
+ n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", key) + 1;
+ n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", value) + 1;
saddr.sin_addr = recv_tp->ip.ip_dst;
saddr.sin_port = recv_tp->udp.uh_dport;
@@ -189,7 +190,7 @@ static int tftp_send_error(struct tftp_session *spt,
tp->tp_op = htons(TFTP_ERROR);
tp->x.tp_error.tp_error_code = htons(errorcode);
- strcpy(tp->x.tp_error.tp_msg, msg);
+ pstrcpy(tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg);
saddr.sin_addr = recv_tp->ip.ip_dst;
saddr.sin_port = recv_tp->udp.uh_dport;