Convert a bunch of sprintf to snprintf calls

This batch is the straightforward set - others are more complex and
need more analysis to determine right size to pass.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>

5 files changed, 11 insertions, 10 deletions

diff --git a/os/connection.c b/os/connection.c
index 957b928dd..c5fc5a07e 100644
--- a/os/connection.c
+++ b/os/connection.c
@@ -386,7 +386,7 @@ CreateWellKnownSockets(void)
 
     FD_ZERO (&WellKnownConnections);
 
-    sprintf (port, "%d", atoi (display));
+    snprintf (port, sizeof(port), "%d", atoi (display));
 
     if ((_XSERVTransMakeAllCOTSServerListeners (port, &partial,
 	&ListenTransCount, &ListenTransConns) >= 0) &&
@@ -1266,7 +1266,7 @@ void ListenOnOpenFD(int fd, int noxauth) {
         strcpy(port, display_env);
     } else {
         /* Just some default so things don't break and die. */
-        sprintf(port, ":%d", atoi(display));
+        snprintf(port, sizeof(port), ":%d", atoi(display));
     }
 
     /* Make our XtransConnInfo
diff --git a/os/osinit.c b/os/osinit.c
index 45d202def..acea682ce 100644
--- a/os/osinit.c
+++ b/os/osinit.c
@@ -213,7 +213,7 @@ OsInit(void)
 	    FILE *err;
 
 	    if (strlen (display) + strlen (ADMPATH) + 1 < sizeof fname)
-		sprintf (fname, ADMPATH, display);
+		snprintf (fname, sizeof(fname), ADMPATH, display);
 	    else
 		strcpy (fname, devnull);
 	    /*
diff --git a/os/rpcauth.c b/os/rpcauth.c
index ad6ebf986..989a49a06 100644
--- a/os/rpcauth.c
+++ b/os/rpcauth.c
@@ -137,13 +137,14 @@ SecureRPCCheck (unsigned short data_length, const char *data,
     } else {
 	fullname = authdes_ezdecode(data, data_length);
 	if (fullname == (char *)0) {
-	    sprintf(rpc_error, "Unable to authenticate secure RPC client (why=%d)", why);
+	    snprintf(rpc_error, sizeof(rpc_error),
+		     "Unable to authenticate secure RPC client (why=%d)", why);
 	    *reason = rpc_error;
 	} else {
 	    if (ForEachHostInFamily (FamilyNetname, CheckNetName, fullname))
 		return rpc_id;
-	    sprintf(rpc_error, "Principal \"%s\" is not authorized to connect",
-			fullname);
+	    snprintf(rpc_error, sizeof(rpc_error),
+		     "Principal \"%s\" is not authorized to connect", fullname);
 	    *reason = rpc_error;
 	}
     }
diff --git a/os/utils.c b/os/utils.c
index 1c75dfce4..c828f01d9 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -258,7 +258,7 @@ LockServer(void)
    */
   tmppath = LOCK_DIR;
 
-  sprintf(port, "%d", atoi(display));
+  snprintf(port, sizeof(port), "%d", atoi(display));
   len = strlen(LOCK_PREFIX) > strlen(LOCK_TMP_PREFIX) ? strlen(LOCK_PREFIX) :
 						strlen(LOCK_TMP_PREFIX);
   len += strlen(tmppath) + strlen(port) + strlen(LOCK_SUFFIX) + 1;
@@ -295,7 +295,7 @@ LockServer(void)
   }
   if (lfd < 0)
     FatalError("Could not create lock file in %s\n", tmp);
-  (void) sprintf(pid_str, "%10ld\n", (long)getpid());
+  snprintf(pid_str, sizeof(pid_str), "%10ld\n", (long)getpid());
   (void) write(lfd, pid_str, 11);
   (void) fchmod(lfd, 0444);
   (void) close(lfd);
diff --git a/os/xdmcp.c b/os/xdmcp.c
index f5331e1b9..46440718c 100644
--- a/os/xdmcp.c
+++ b/os/xdmcp.c
@@ -1489,7 +1489,7 @@ get_addr_by_name(
     if (port == 0) {
 	pport = NULL;
     } else if (port > 0 && port < 65535) {
-	sprintf(portstr, "%d", port);
+	snprintf(portstr, sizeof(portstr), "%d", port);
     } else {
 	FatalError("Xserver: port out of range: %d\n", port);
     }
@@ -1612,7 +1612,7 @@ get_mcast_options(int argc, char **argv, int i)
     }
 
     if (xdm_udp_port > 0 && xdm_udp_port < 65535) {
-	sprintf(portstr, "%d", xdm_udp_port);
+	snprintf(portstr, sizeof(portstr), "%d", xdm_udp_port);
     } else {
 	FatalError("Xserver: port out of range: %d\n", xdm_udp_port);
     }