[sr #107546] Incorrect use of snprintf

Jeffrey Walton INVALID.NOREPLY at gnu.org
Fri Nov 26 11:39:11 CET 2010


URL:
  <http://savannah.gnu.org/support/?107546>

                 Summary: Incorrect use of snprintf
                 Project: GnuTLS
            Submitted by: noloader
            Submitted on: Fri 26 Nov 2010 10:39:10 AM GMT
                Category: None
                Priority: 5 - Normal
                Severity: 3 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: GNU/Linux

    _______________________________________________________

Details:

The following list calls to snprintf which do not check for a return value.

On failure, snprintf returns -1. On truncation, the return value is >=
destination buffer size (the return value does not include the NULL).

Perhaps something similar to:

int written = snprintf(buffer, size, ....);
if(written == -1) { /* handle error */ }
if(written >= size) { /* handle truncation */ }
...

===== lib/opencdk/keydb.c =====
59: if (snprintf (fname, len, fmt, file) <= 0)
===== lib/pakchois/pakchois.c =====
208: snprintf (path, sizeof path, "%s/%s%s%s", dir,
509: snprintf (buf, sizeof buf,
527: snprintf (buf, sizeof buf,
===== lib/pkcs11.c =====
1351: snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer),
1353: snprintf (obj->info.token, sizeof (obj->info.token), "%s",
tinfo->label);
1354: snprintf (obj->info.model, sizeof (obj->info.model), "%s",
tinfo->model);
1355: snprintf (obj->info.serial, sizeof (obj->info.serial), "%s",
1358: snprintf (obj->info.lib_manufacturer, sizeof
(obj->info.lib_manufacturer),
1360: snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s",
1362: snprintf (obj->info.lib_version, sizeof (obj->info.lib_version),
"%u.%u",
1863: snprintf (find_data->info.lib_version,
2927: snprintf (version, sizeof (version), "%u.%u",
===== lib/x509/crq.c =====
306: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
308: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
350: snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
450: snprintf (name, sizeof (name), "%s", root);
461: snprintf (name, sizeof (name), "%s.?LAST.type", root);
470: snprintf (name, sizeof (name), "%s.?LAST.values", root);
479: snprintf (name, sizeof (name), "%s.?LAST.values.?LAST", root);
501: snprintf (name, sizeof (name), "%s.?%u", root, indx);
533: snprintf (name, sizeof (name), "%s.?%u", root, k);
1190: snprintf (name, sizeof (name),
1245: snprintf (name, sizeof (name),
1347: snprintf (name, sizeof (name), "?%u.extnID", indx + 1);
1367: snprintf (name, sizeof (name), "?%u.critical", indx + 1);
1478: snprintf (name, sizeof (name), "?%u.extnValue", indx + 1);
2129: snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
===== lib/x509/extensions.c =====
59: snprintf (name, sizeof (name), "%s.?%u", root, k);
210: snprintf (name, sizeof (name), "%s.?%u", root, k);
314: snprintf (name, sizeof (name), "%s", root);
326: snprintf (name, sizeof (name), "%s.?LAST.extnID", root);
328: snprintf (name, sizeof (name), "?LAST.extnID");
343: snprintf (name, sizeof (name), "%s.?LAST.critical", root);
345: snprintf (name, sizeof (name), "?LAST.critical");
355: snprintf (name, sizeof (name), "%s.?LAST.extnValue", root);
357: snprintf (name, sizeof (name), "?LAST.extnValue");
381: snprintf (name, sizeof (name), "%s.?%u", root, indx);
383: snprintf (name, sizeof (name), "?%u", indx);
431: snprintf (name, sizeof (name), "%s.?%u", root, k);
433: snprintf (name, sizeof (name), "?%u", k);
===== lib/x509/pkcs7.c =====
307: snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
695: snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
768: snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
1005: snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
===== lib/x509/dn.c =====
128: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
131: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
156: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
159: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
371: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
374: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
400: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
403: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
540: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
543: snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
569: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
572: snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
===== lib/x509/pkcs12.c =====
395: snprintf (root, sizeof (root), "?%u.bagId", i + 1);
419: snprintf (root, sizeof (root), "?%u.bagValue", i + 1);
446: snprintf (root, sizeof (root), "?%u.bagAttributes", i + 1);
463: snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
615: snprintf (root2, sizeof (root2), "?%u.contentType", indx + 1);
636: snprintf (root2, sizeof (root2), "?%u.content", indx + 1);
===== lib/x509/crl.c =====
510: snprintf (serial_name, sizeof (serial_name),
512: snprintf (date_name, sizeof (date_name),
936: snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID",
951: snprintf (name, sizeof (name),
"tbsCertList.crlExtensions.?%u.critical",
1009: snprintf (name, sizeof (name),
"tbsCertList.crlExtensions.?%u.extnValue",
===== lib/x509/x509.c =====
928: snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
930: snprintf (nptr, sizeof (nptr), "?%u", seq);
987: snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
990: snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
1763: snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
1778: snprintf (name, sizeof (name),
"tbsCertificate.extensions.?%u.critical",
1834: snprintf (name, sizeof (name),
"tbsCertificate.extensions.?%u.extnValue",
2026: snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
2034: snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
2045: snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
2872: snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/support/?107546>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/





More information about the Gnutls-devel mailing list