sprintf -> snprintf/asprintf conversions

Signed-off-by: Alan Coopersmith <alan.coopersmith@sun.com>

12 files changed, 98 insertions, 50 deletions

diff --git a/auth.c b/auth.c
index e47a714..e73c969 100644
--- a/auth.c
+++ b/auth.c
@@ -314,7 +314,7 @@ MakeServerAuthFile (struct display *d, FILE ** file)
 	    strcpy (d->authFile, d->clientAuthFile);
 	else
 	{
-	    sprintf (d->authFile, "%s/%s", authDir, authdir1);
+	    snprintf (d->authFile, len, "%s/%s", authDir, authdir1);
 	    r = stat(d->authFile, &statb);
 	    if (r == 0) {
 		if (statb.st_uid != 0)
@@ -330,15 +330,16 @@ MakeServerAuthFile (struct display *d, FILE ** file)
 		    return FALSE;
 		}
 	    }
-	    sprintf (d->authFile, "%s/%s/%s", authDir, authdir1, authdir2);
+	    snprintf (d->authFile, len, "%s/%s/%s",
+		      authDir, authdir1, authdir2);
 	    r = mkdir(d->authFile, 0700);
 	    if (r < 0  &&  errno != EEXIST) {
 		free (d->authFile);
 		d->authFile = NULL;
 		return FALSE;
 	    }
-	    sprintf (d->authFile, "%s/%s/%s/A%s-XXXXXX",
-		     authDir, authdir1, authdir2, cleanname);
+	    snprintf (d->authFile, len, "%s/%s/%s/A%s-XXXXXX",
+		      authDir, authdir1, authdir2, cleanname);
 #ifdef HAS_MKSTEMP
 	    fd = mkstemp (d->authFile);
 	    if (fd < 0) {
diff --git a/choose.c b/choose.c
index f313d8c..e97e0d2 100644
--- a/choose.c
+++ b/choose.c
@@ -101,10 +101,14 @@ ARRAY8ToDottedDecimal (
     char	*buf,
     int		buflen)
 {
-    if (a->length != 4  ||  buflen < 20)
+    int outlen;
+    if (a->length != 4)
 	return 0;
-    sprintf(buf, "%d.%d.%d.%d",
-	    a->data[0], a->data[1], a->data[2], a->data[3]);
+    outlen = snprintf(buf, buflen, "%d.%d.%d.%d",
+		      a->data[0], a->data[1], a->data[2], a->data[3]);
+    if (outlen >= buflen) {
+	return 0;
+    }
     return 1;
 }
 
@@ -529,7 +533,7 @@ RunChooser (struct display *d)
     strcpy (buf, "-clientaddress ");
     if (FormatARRAY8 (&d->clientAddr, buf + strlen (buf), sizeof (buf) - strlen (buf)))
 	args = parseArgs (args, buf);
-    sprintf (buf, "-connectionType %d", d->connectionType);
+    snprintf (buf, sizeof(buf), "-connectionType %d", d->connectionType);
     args = parseArgs (args, buf);
     ForEachChooserHost (&d->clientAddr, d->connectionType, AddChooserHost,
 			(char *) &args);
diff --git a/chooser.c b/chooser.c
index 82be96b..a2bd998 100644
--- a/chooser.c
+++ b/chooser.c
@@ -413,14 +413,15 @@ AddHostname (ARRAY8Ptr hostname, ARRAY8Ptr status, struct sockaddr *addr, int wi
     fulllen = hostname->length;
     if (fulllen < 30)
 	fulllen = 30;
-    new->fullname = malloc (fulllen + status->length + 10);
+    fulllen += status->length + 10;
+    new->fullname = malloc (fulllen);
     if (!new->fullname)
     {
 	new->fullname = "Unknown";
     }
     else
     {
-	sprintf (new->fullname, "%-30.*s %*.*s",
+	snprintf(new->fullname, fulllen, "%-30.*s %*.*s",
 		 hostname->length, hostname->data,
 		 status->length, status->length, status->data);
     }
@@ -715,7 +716,7 @@ RegisterHostname (char *name)
 	    struct addrinfo *ai, *nai, hints;
 	    bzero(&hints,sizeof(hints));
 	    hints.ai_socktype = SOCK_DGRAM;
-	    sprintf(sport, "%d", XDM_UDP_PORT);
+	    snprintf(sport, sizeof(sport), "%d", XDM_UDP_PORT);
 	    if (getaddrinfo(name, sport, &hints, &ai) == 0) {
 		for (nai = ai ; nai != NULL ; nai = nai->ai_next) {
 		    if ((nai->ai_family == AF_INET) || 
diff --git a/configure.ac b/configure.ac
index b4770df..7b35ab9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -84,7 +84,7 @@ if test "x$HAS_SETUSERCONTEXT" = "xyes" ; then
 		[Define to 1 if you have the 'setusercontext' function.])
 fi
 
-AC_CHECK_FUNCS([daemon sigaction openlog])
+AC_CHECK_FUNCS([daemon sigaction openlog asprintf])
 AC_CHECK_HEADERS([grp.h syslog.h])
 AC_TYPE_SIGNAL
 
diff --git a/dm.c b/dm.c
index de2c6eb..3a71e83 100644
--- a/dm.c
+++ b/dm.c
@@ -634,8 +634,6 @@ SetWindowPath(struct display *d)
 	const char *windowpath;
 	char *newwindowpath;
 	unsigned long num;
-	char nums[10];
-	int numn;
 
 	prop = XInternAtom(d->dpy, "XFree86_VT", False);
 	if (prop == None) {
@@ -680,13 +678,10 @@ SetWindowPath(struct display *d)
 	}
 	XFree(buf);
 	windowpath = getenv("WINDOWPATH");
-	numn = snprintf(nums, sizeof(nums), "%lu", num);
 	if (!windowpath) {
-		newwindowpath = malloc(numn + 1);
-		sprintf(newwindowpath, "%s", nums);
+		asprintf(&newwindowpath, "%lu", num);
 	} else {
-		newwindowpath = malloc(strlen(windowpath) + 1 + numn + 1);
-		sprintf(newwindowpath, "%s:%s", windowpath, nums);
+		asprintf(&newwindowpath, "%s:%lu", windowpath, num);
 	}
 	if (d->windowPath)
 		free(d->windowPath);
diff --git a/dm.h b/dm.h
index 08b064a..70fdaf0 100644
--- a/dm.h
+++ b/dm.h
@@ -44,6 +44,7 @@ from The Open Group.
 
 #include <X11/Xos.h>
 #include <X11/Xfuncs.h>
+#include <X11/Xfuncproto.h>
 #include <X11/Xmd.h>
 #include <X11/Xauth.h>
 #include <X11/Intrinsic.h>
@@ -453,6 +454,11 @@ extern void CloseListenSockets (void);
 extern void ProcessListenSockets (fd_set *readmask);
 
 /* in util.c */
+#ifndef HAVE_ASPRINTF
+# define asprintf Asprintf
+extern int Asprintf(char ** ret, const char *restrict format, ...)
+    _X_ATTRIBUTE_PRINTF(2,3);
+#endif
 extern char *localHostname (void);
 extern char **parseArgs (char **argv, char *string);
 extern char **setEnv (char **e, char *name, char *value);
diff --git a/greeter/verify.c b/greeter/verify.c
index 1f87219..f50341b 100644
--- a/greeter/verify.c
+++ b/greeter/verify.c
@@ -411,7 +411,8 @@ Verify (struct display *d, struct greet_info *greet, struct verify_info *verify)
 			Debug ("Can't get Kerberos realm.\n");
 		} else {
 
-		    sprintf(krbtkfile, "%s.%s", TKT_ROOT, d->name);
+		    snprintf(krbtkfile, sizeof(krbktfile), "%s.%s",
+			     TKT_ROOT, d->name);
 		    krb_set_tkt_string(krbtkfile);
 		    unlink(krbtkfile);
            
diff --git a/policy.c b/policy.c
index ad5671f..75978a2 100644
--- a/policy.c
+++ b/policy.c
@@ -130,7 +130,8 @@ Willing (
     
     ret = AcceptableDisplayAddress (addr, connectionType, type);
     if (!ret)
-	sprintf (statusBuf, "Display not authorized to connect");
+	snprintf (statusBuf, sizeof(statusBuf),
+		  "Display not authorized to connect");
     else
     {
         if (*willing)
@@ -144,14 +145,16 @@ Willing (
 		if (s && strlen(statusBuf) > 0)
 			statusBuf[strlen(statusBuf)-1] = 0; /* chop newline */
 		else
-			snprintf (statusBuf, sizeof(statusBuf), "Willing, but %s failed",willing);
+			snprintf (statusBuf, sizeof(statusBuf),
+				  "Willing, but %s failed", willing);
 	    }
 	    else
-	        snprintf (statusBuf, sizeof(statusBuf), "Willing, but %s failed",willing);
+	        snprintf (statusBuf, sizeof(statusBuf),
+			  "Willing, but %s failed", willing);
 	    if (fd) pclose(fd);
 	}
 	else
-	    sprintf (statusBuf, "Willing to manage");
+	    snprintf (statusBuf, sizeof(statusBuf), "Willing to manage");
     }
     status->length = strlen (statusBuf);
     status->data = (CARD8Ptr) malloc (status->length);
diff --git a/server.c b/server.c
index 4e71fcc..3d326ad 100644
--- a/server.c
+++ b/server.c
@@ -88,7 +88,7 @@ StartServerOnce (struct display *d)
 	DestroyWellKnownSockets();
 #endif
 	if (d->authFile) {
-	    sprintf (arg, "-auth %s", d->authFile);
+	    snprintf (arg, sizeof(arg), "-auth %s", d->authFile);
 	    argv = parseArgs (argv, arg);
 	}
 	if (!argv) {
diff --git a/streams.c b/streams.c
index 5f1af99..5d987e7 100644
--- a/streams.c
+++ b/streams.c
@@ -82,7 +82,7 @@ CreateWellKnownSockets (void)
     RegisterCloseOnFork (xdmcpFd);
 
     service.h_host = HOST_SELF;
-    sprintf(bindbuf, "%d", request_port);
+    snprintf(bindbuf, sizeof(bindbuf), "%d", request_port);
     service.h_serv = bindbuf;
     netdir_getbyname(nconf, &service, &servaddrs);
     freenetconfigent(nconf);
diff --git a/util.c b/util.c
index 72d6688..fdbb1a2 100644
--- a/util.c
+++ b/util.c
@@ -54,6 +54,41 @@ from The Open Group.
 #endif
 #endif
 
+#ifndef HAVE_ASPRINTF
+# include <stdarg.h>
+/* Allocating sprintf found in many newer libc's
+ * Since xdm is single threaded, assumes arguments don't change
+ * between initial length calculation and copy to result buffer.
+ */
+int
+Asprintf(char ** ret, const char *restrict format, ...)
+{
+    va_list ap;
+    int len;
+    char buf[256];
+
+    va_start(ap, format);
+    len = vsnprintf(buf, sizeof(buf), format, ap);
+    if (len >= 0) {
+	*ret = malloc(len + 1);
+	if (*ret) {
+	    if (len < sizeof(buf)) {
+		memcpy(*ret, buf, len + 1);
+	    } else {
+		vsnprintf(*ret, len + 1, format, ap);
+	    }
+	} else {
+	    len = -1;
+	}
+    } else {
+	*ret = NULL;
+    }
+    va_end(ap);
+
+    return len;
+}
+#endif /* !HAVE_ASPRINTF */
+
 void
 printEnv (char **e)
 {
@@ -66,12 +101,12 @@ makeEnv (char *name, char *value)
 {
 	char	*result;
 
-	result = malloc ((unsigned) (strlen (name) + strlen (value) + 2));
+	asprintf(&result, "%s=%s", name, value);
+
 	if (!result) {
 		LogOutOfMem ("makeEnv");
 		return NULL;
 	}
-	sprintf (result, "%s=%s", name, value);
 	return result;
 }
 
diff --git a/xdmcp.c b/xdmcp.c
index eab43dd..f2463e7 100644
--- a/xdmcp.c
+++ b/xdmcp.c
@@ -575,12 +575,11 @@ NetworkAddressToName(
 	    {
 		if (!strcmp (localhost, hostname))
 		{
-		    if (!getString (name, 10)) {
+		    if (asprintf(&name, ":%d", displayNumber) < 0) {
 			if (ai)
 			    freeaddrinfo(ai);
 			return NULL;
 		    }
-		    sprintf (name, ":%d", displayNumber);
 		}
 		else
 		{
@@ -605,12 +604,12 @@ NetworkAddressToName(
 			}
 		    }
 
-		    if (!getString (name, strlen (hostname) + 10)) {
+		    if (asprintf (&name, "%s:%d",
+				  hostname, displayNumber) < 0) {
 			if (ai)
 			    freeaddrinfo(ai);
 			return NULL;
 		    }
-		    sprintf (name, "%s:%d", hostname, displayNumber);
 		}
 	    }
 	    else
@@ -636,7 +635,7 @@ NetworkAddressToName(
 			freeaddrinfo(ai);
 		    return NULL;
 		} 
-		sprintf(name + strlen(name), ":%d", displayNumber);
+		snprintf(name + strlen(name), 10, ":%d", displayNumber);
 	    }
 	    if (ai)
 		freeaddrinfo(ai);
@@ -670,9 +669,9 @@ NetworkAddressToName(
 	    {
 		if (!strcmp (localhost, hostent->h_name))
 		{
-		    if (!getString (name, 10))
-			return 0;
-		    sprintf (name, ":%d", displayNumber);
+		    if (asprintf(&name, ":%d", displayNumber) < 0) {
+			return NULL;
+		    }
 		}
 		else
 		{
@@ -697,20 +696,23 @@ NetworkAddressToName(
 			}
 		    }
 
-		    if (!getString (name, strlen (hostent->h_name) + 10))
-			return 0;
-		    sprintf (name, "%s:%d", hostent->h_name, displayNumber);
+		    if (asprintf(&name, "%s:%d",
+				 hostent->h_name, displayNumber) < 0) {
+			return NULL;
+		    }
 		}
 	    }
 	    else
 	    {
-		if (!getString (name, 25))
-		    return 0;
 		if (multiHomed)
 		    data = (CARD8 *) &((struct sockaddr_in *)originalAddress)->
 				sin_addr.s_addr;
-		sprintf(name, "%d.%d.%d.%d:%d",
-			data[0], data[1], data[2], data[3], displayNumber);
+
+		if (asprintf(&name, "%d.%d.%d.%d:%d",
+			     data[0], data[1], data[2], data[3],
+			     displayNumber) < 0)) {
+		    return NULL;
+		}
 	    }
 	    return name;
 	}
@@ -1305,8 +1307,8 @@ send_failed (
     XdmcpHeader	header;
     ARRAY8	status;
 
-    sprintf (buf, "Session %ld failed for display %.100s: %.100s",
-	     (long) sessionID, name, reason);
+    snprintf (buf, sizeof(buf), "Session %ld failed for display %.100s: %s",
+	      (long) sessionID, name, reason);
     Debug ("Send failed %ld %s\n", (long) sessionID, buf);
     status.length = strlen (buf);
     status.data = (CARD8Ptr) buf;
@@ -1468,11 +1470,11 @@ NetworkAddressToHostname (
 		inet_ntop(af_type, connectionAddress->data, 
 		  	  dotted, sizeof(dotted));
 #else
-		sprintf(dotted, "%d.%d.%d.%d",
-			connectionAddress->data[0],
-			connectionAddress->data[1],
-			connectionAddress->data[2],
-			connectionAddress->data[3]);
+		snprintf(dotted, sizeof(dotted), "%d.%d.%d.%d",
+			 connectionAddress->data[0],
+			 connectionAddress->data[1],
+			 connectionAddress->data[2],
+			 connectionAddress->data[3]);
 #endif
 		local_name = dotted;
 		LogError ("Cannot convert Internet address %s to host name\n",