From 5a8b68153124c3a9224f0b6993df9de9c6c54541 Mon Sep 17 00:00:00 2001
From: Michael Meffie <mmeffie@sinenomine.net>
Date: Thu, 22 Feb 2018 13:23:18 -0500
Subject: [PATCH] venus: convert fs.c to safer string functions

Convert string handling to safer functions to avoid buffer overflows.

Change-Id: Ibb4f18d78724d87a002e2b0458cba2cceee8670c
Reviewed-on: https://gerrit.openafs.org/12923
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
---
 src/venus/fs.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/venus/fs.c b/src/venus/fs.c
index ef9d4db..39f266a 100644
--- a/src/venus/fs.c
+++ b/src/venus/fs.c
@@ -767,17 +767,17 @@ AclToString(struct Acl *acl)
     struct AclEntry *tp;
 
     if (acl->dfs)
-	sprintf(dfsstring, " dfs:%d %s", acl->dfs, acl->cell);
+	snprintf(dfsstring, sizeof(dfsstring), " dfs:%d %s", acl->dfs, acl->cell);
     else
 	dfsstring[0] = '\0';
-    sprintf(mydata, "%d%s\n%d\n", acl->nplus, dfsstring, acl->nminus);
+    snprintf(mydata, sizeof(mydata), "%d%s\n%d\n", acl->nplus, dfsstring, acl->nminus);
     for (tp = acl->pluslist; tp; tp = tp->next) {
-	sprintf(tstring, "%s %d\n", tp->name, tp->rights);
-	strcat(mydata, tstring);
+	snprintf(tstring, sizeof(tstring), "%s %d\n", tp->name, tp->rights);
+	strlcat(mydata, tstring, sizeof(mydata));
     }
     for (tp = acl->minuslist; tp; tp = tp->next) {
-	sprintf(tstring, "%s %d\n", tp->name, tp->rights);
-	strcat(mydata, tstring);
+	snprintf(tstring, sizeof(tstring), "%s %d\n", tp->name, tp->rights);
+	strlcat(mydata, tstring, sizeof(mydata));
     }
     return mydata;
 }
@@ -2402,7 +2402,7 @@ ListCellsCmd(struct cmd_syndesc *as, void *arock)
 		name = hostutil_GetNameByINet(addr);
 	    } else {
 		addr = ntohl(addr);
-		sprintf(tbuffer, "%d.%d.%d.%d", (addr >> 24) & 0xff,
+		snprintf(tbuffer, sizeof(tbuffer), "%d.%d.%d.%d", (addr >> 24) & 0xff,
 			(addr >> 16) & 0xff, (addr >> 8) & 0xff, addr & 0xff);
 		name = tbuffer;
 	    }
@@ -3343,7 +3343,7 @@ GetPrefCmd(struct cmd_syndesc *as, void *arock)
 		name = hostutil_GetNameByINet(out->servers[i].server.s_addr);
 	    } else {
 		addr = ntohl(out->servers[i].server.s_addr);
-		sprintf(tbuffer, "%d.%d.%d.%d", (addr >> 24) & 0xff,
+		snprintf(tbuffer, sizeof(tbuffer), "%d.%d.%d.%d", (addr >> 24) & 0xff,
 			(addr >> 16) & 0xff, (addr >> 8) & 0xff, addr & 0xff);
 		name = tbuffer;
 	    }
@@ -4054,9 +4054,9 @@ GetClientAddrsCmd(struct cmd_syndesc *as, void *arock)
 	    out = (struct sprefinfo *)blob.out;
 	    for (i = 0; i < out->num_servers; i++) {
 		afs_int32 addr;
-		char tbuffer[32];
+		char tbuffer[20];
 		addr = ntohl(out->servers[i].server.s_addr);
-		sprintf(tbuffer, "%d.%d.%d.%d", (addr >> 24) & 0xff,
+		snprintf(tbuffer, sizeof(tbuffer), "%d.%d.%d.%d", (addr >> 24) & 0xff,
 			(addr >> 16) & 0xff, (addr >> 8) & 0xff, addr & 0xff);
 		printf("%-50s\n", tbuffer);
 	    }
-- 
1.9.4