Author: Roberto Lumbreras Description: Use snprintf instead of sprintf --- slirp-1.0.17.old/src/main.c 2010-07-04 19:06:12.450054039 +0200 +++ slirp-1.0.17/src/main.c 2010-07-04 20:14:45.386052502 +0200 @@ -1029,7 +1029,7 @@ sleep(1); if (read(fd, buff, 256) < 0) { /* Nuke both connections */ - sprintf(buff, "0 Connection timed out"); + snprintf(buff, sizeof(buff), "0 Connection timed out"); write(fd, buff, strlen(buff)+1); slirp_socket_wait = curtime; close(fd); @@ -1041,7 +1041,7 @@ if (sscanf(buff, "%d %d %256s", &unit, &pid, device) == 3) { if (unit >= MAX_INTERFACES || unit < 0) { - sprintf(buff, "0 Unit out of range (must be between 0 and %d, inclusive)", MAX_INTERFACES-1); + snprintf(buff, sizeof(buff), "0 Unit out of range (must be between 0 and %d, inclusive)", MAX_INTERFACES-1); write(fd, buff, strlen(buff)+1); slirp_socket_wait = curtime; close(fd); @@ -1052,7 +1052,7 @@ * (pid is invalid) */ if (slirp_socket_passwd) { if (strcmp(slirp_socket_passwd, device) != 0) { - sprintf(buff, "0 Incorrect password"); + snprintf(buff, sizeof(buff), "0 Incorrect password"); write(fd, buff, strlen(buff)+1); slirp_socket_wait = curtime; close(fd); @@ -1076,7 +1076,7 @@ * failure, 1 for exit, and message is printed */ if (ttyp) { - sprintf(buff, "0 Unit already attached"); + snprintf(buff, sizeof(buff), "0 Unit already attached"); write(fd, buff, strlen(buff)+1); slirp_socket_wait = curtime; close(fd); @@ -1090,7 +1090,7 @@ strcpy(buff2, "PPP"); else #endif - sprintf(buff2, "SLIP, MTU %d, MRU %d", if_mtu, if_mru); + snprintf(buff2, sizeof(buff2), "SLIP, MTU %d, MRU %d", if_mtu, if_mru); #ifndef FULL_BOLT snprintf(buff, sizeof(buff), "1 Attached as unit %d, device %s\r\n\r\n[talking %s, %d baud]\r\n\r\nSLiRP Ready ...", @@ -1111,7 +1111,7 @@ ttyp->fd = fd; } } else { - sprintf(buff, "0 %s", strerror(errno)); + snprintf(buff, sizeof(buff), "0 %s", strerror(errno)); write(fd, buff, strlen(buff)+1); slirp_socket_wait = curtime; close(fd); --- slirp-1.0.17.old/src/misc.c 2010-07-04 19:06:12.450054039 +0200 +++ slirp-1.0.17/src/misc.c 2010-07-04 20:16:16.570051667 +0200 @@ -403,7 +403,7 @@ { char buff[256]; - sprintf(buff, "Error: execvp of %s failed: %s\n", + snprintf(buff, sizeof(buff), "Error: execvp of %s failed: %s\n", argv[0], strerror(errno)); write(2, buff, strlen(buff)+1); } @@ -490,7 +490,7 @@ if (connect(s, (struct sockaddr *)&sock_un, sizeof(sock_un.sun_family) + sizeof(sock_un.sun_path)) != 0) slirp_exit(1); - sprintf(buff, "kill none:%d", slirp_socket_unit); + snprintf(buff, sizeof(buff), "kill none:%d", slirp_socket_unit); write(s, buff, strlen(buff)+1); } #endif @@ -917,7 +917,7 @@ /* Ooops, failed, let's tell the user why */ - sprintf(buff, "Error: execlp of %s failed: %s\n", + snprintf(buff, sizeof(buff), "Error: execlp of %s failed: %s\n", "rsh", strerror(errno)); write(2, buff, strlen(buff)+1); close(0); close(1); close(2); /* XXX */ --- slirp-1.0.17.old/src/options.c 2004-09-07 03:50:02.000000000 +0200 +++ slirp-1.0.17/src/options.c 2010-07-04 20:18:52.234051775 +0200 @@ -695,7 +695,7 @@ lprint("Valid commands:\r\n"); while (cfg[i].command) { if (count >= 2) { - sprintf(str, "\r\n"); + snprintf(str, sizeof(str), "\r\n"); count = 0; } else { count++; --- slirp-1.0.17.old/src/ttys.c 2010-07-04 20:06:27.334052741 +0200 +++ slirp-1.0.17/src/ttys.c 2010-07-04 20:17:30.550049218 +0200 @@ -94,9 +94,9 @@ /* Config the new tty */ if ((bptr = (char *)getenv("HOME"))) - sprintf(buff, "%s/.slirprc-%d", bptr, unit); + snprintf(buff, sizeof(buff), "%s/.slirprc-%d", bptr, unit); else - sprintf(buff, ".slirprc-%d", unit); + snprintf(buff, sizeof(buff), ".slirprc-%d", unit); config(buff, ttyp->unit); return ttyp;