diff -ru sbin/atm.orig/atm/atm.c sbin/atm/atm/atm.c --- sbin/atm.orig/atm/atm.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm.c 2004-10-28 14:39:07.852585225 -0300 @@ -297,8 +297,8 @@ * See if this command has subcommands */ if (cmdp->func == NULL) { - strcat(prefix, cmdp->name); - strcat(prefix, " "); + strlcat(prefix, cmdp->name, sizeof(prefix)); + strlcat(prefix, " ", sizeof(prefix)); return(do_cmd((struct cmd *)cmdp->help, argc, argv)); } @@ -387,7 +387,7 @@ * Build ioctl request */ aar.acr_opcode = AIOCS_CFG_ATT; - strncpy(aar.acr_att_intf, argv[0], sizeof(aar.acr_att_intf)); + strlcpy(aar.acr_att_intf, argv[0], sizeof(aar.acr_att_intf)); aar.acr_att_proto = prp->p_id; /* @@ -469,7 +469,7 @@ * Build ioctl request */ adr.acr_opcode = AIOCS_CFG_DET; - strncpy(adr.acr_det_intf, argv[0], sizeof(adr.acr_det_intf)); + strlcpy(adr.acr_det_intf, argv[0], sizeof(adr.acr_det_intf)); /* * Tell the kernel to do the detach @@ -529,6 +529,7 @@ char *cp; long v; int buf_len, s; + size_t intif_len; /* * Initialize opcode and flags @@ -540,12 +541,11 @@ * Validate interface name and issue an information * request IOCTL for the interface */ - if (strlen(argv[0]) > sizeof(apr.aar_pvc_intf) - 1) { + intif_len = strlcpy(air.air_int_intf, argv[0], sizeof(air.air_int_intf)); + if (intif_len >= sizeof(air.air_int_intf)) { fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - UM_ZERO(air.air_int_intf, sizeof(air.air_int_intf)); - strcpy(air.air_int_intf, argv[0]); buf_len = sizeof(struct air_int_rsp); air.air_opcode = AIOCS_INF_INT; buf_len = do_info_ioctl(&air, buf_len); @@ -567,7 +567,7 @@ exit(1); } int_info = (struct air_int_rsp *) air.air_buf_addr; - strcpy(apr.aar_pvc_intf, argv[0]); + strlcpy(apr.aar_pvc_intf, argv[0], sizeof(apr.aar_pvc_intf)); argc--; argv++; /* @@ -720,7 +720,7 @@ */ if (argc == 3) { check_netif_name(argv[0]); - strcpy(apr.aar_arp_intf, argv[0]); + strlcpy(apr.aar_arp_intf, argv[0], sizeof(apr.aar_arp_intf)); argc--; argv++; } @@ -880,7 +880,7 @@ fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(apr->adr_pvc_intf, argv[0]); + strlcpy(apr->adr_pvc_intf, argv[0], sizeof(apr->adr_pvc_intf)); argc--; argv++; /* @@ -975,7 +975,7 @@ */ if (argc == 2) { check_netif_name(argv[0]); - strcpy(apr.adr_arp_intf, argv[0]); + strlcpy(apr.adr_arp_intf, argv[0], sizeof(apr.adr_arp_intf)); argc--; argv++; } diff -ru sbin/atm.orig/atm/atm_eni.c sbin/atm/atm/atm_eni.c --- sbin/atm.orig/atm/atm_eni.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_eni.c 2004-10-28 14:39:07.856584553 -0300 @@ -150,7 +150,7 @@ */ UM_ZERO(&air, sizeof(air)); air.air_opcode = AIOCS_INF_VST; - strcpy(air.air_vinfo_intf, intf); + strlcpy(air.air_vinfo_intf, intf, sizeof(air.air_vinfo_intf)); buf_len = do_info_ioctl(&air, sizeof(struct air_vinfo_rsp) + 1024); if (buf_len < 0) { fprintf(stderr, "%s: ", prog); diff -ru sbin/atm.orig/atm/atm_fore200.c sbin/atm/atm/atm_fore200.c --- sbin/atm.orig/atm/atm_fore200.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_fore200.c 2004-10-28 14:39:07.861583714 -0300 @@ -168,7 +168,7 @@ */ UM_ZERO(&air, sizeof(air)); air.air_opcode = AIOCS_INF_CFG; - strcpy(air.air_cfg_intf, intf); + strlcpy(air.air_cfg_intf, intf, sizeof(air.air_cfg_intf)); buf_len = do_info_ioctl(&air, sizeof(struct air_cfg_rsp)); if (buf_len < 0) { fprintf(stderr, "%s: ", prog); @@ -194,7 +194,7 @@ */ UM_ZERO(&air, sizeof(air)); air.air_opcode = AIOCS_INF_VST; - strcpy(air.air_vinfo_intf, intf); + strlcpy(air.air_vinfo_intf, intf, sizeof(air.air_vinfo_intf)); buf_len = do_info_ioctl(&air, sizeof(struct air_vinfo_rsp) + 1024); if (buf_len < 0) { fprintf(stderr, "%s: ", prog); diff -ru sbin/atm.orig/atm/atm_inet.c sbin/atm/atm/atm_inet.c --- sbin/atm.orig/atm/atm_inet.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_inet.c 2004-10-28 14:39:07.866582874 -0300 @@ -85,10 +85,12 @@ * Yet more validation */ if (argc != 2) { - strcpy(nhelp, cmdp->help); + strlcpy(nhelp, cmdp->help, sizeof(nhelp)); cp = strstr(nhelp, ""); - if (cp) - strcpy(cp, "ip {dyn|}"); + if (cp) { + strlcpy(cp, "ip {dyn|}", + sizeof(nhelp) - strlen(nhelp)); + } fprintf(stderr, "%s: Invalid number of arguments:\n", prog); fprintf(stderr, "\tformat is: %s%s %s\n", @@ -124,7 +126,7 @@ intp->anp_intf); exit(1); } - strcpy(app->aar_pvc_intf, argv[0]); + strlcpy(app->aar_pvc_intf, argv[0], sizeof(app->aar_pvc_intf)); argc--; argv++; /* diff -ru sbin/atm.orig/atm/atm_print.c sbin/atm/atm/atm_print.c --- sbin/atm.orig/atm/atm_print.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_print.c 2004-10-28 14:43:23.520644990 -0300 @@ -286,10 +286,10 @@ */ UM_ZERO(flags, sizeof(flags)); if (ai->aap_flags & ARPF_VALID) { - strcat(flags, "V"); + strlcat(flags, "V", sizeof(flags)); } if (ai->aap_flags & ARPF_REFRESH) { - strcat(flags, "R"); + strlcat(flags, "R", sizeof(flags)); } /* @@ -309,9 +309,9 @@ */ UM_ZERO(age, sizeof(age)); if (!(ai->aap_flags & ARPF_VALID)) { - strcpy(age, "-"); + strlcpy(age, "-", sizeof(age)); } else { - sprintf(age, "%d", ai->aap_age); + snprintf(age, sizeof(age), "%d", ai->aap_age); } /* @@ -502,17 +502,16 @@ /* * Get the range of NIFs on the physical interface */ - UM_ZERO(nif_names, sizeof(nif_names)); if (strlen(ni->anp_nif_pref) == 0) { - strcpy(nif_names, "-"); + strlcpy(nif_names, "-", sizeof(nif_names)); } else { - strcpy(nif_names, ni->anp_nif_pref); - strcat(nif_names, "0"); + snprintf(nif_names, sizeof(nif_names), "%s0", ni->anp_nif_pref); if (ni->anp_nif_cnt > 1) { - strcat(nif_names, " - "); - strcat(nif_names, ni->anp_nif_pref); - sprintf(&nif_names[strlen(nif_names)], "%d", - ni->anp_nif_cnt-1); + strlcat(nif_names, " - ", sizeof(nif_names)); + strlcat(nif_names, ni->anp_nif_pref, sizeof(nif_names)); + snprintf(&nif_names[strlen(nif_names)], + sizeof(nif_names) - strlen(nif_names), "%d", + ni->anp_nif_cnt-1); } } @@ -565,9 +564,10 @@ * Format the VPI/VCI */ if (ai->aip_vpi == 0 && ai->aip_vci == 0) { - strcpy(vpi_vci, " - -"); + strlcpy(vpi_vci, " - -", sizeof(vpi_vci)); } else { - sprintf(vpi_vci, "%3d %5d", ai->aip_vpi, ai->aip_vci); + snprintf(vpi_vci, sizeof(vpi_vci), "%3d %5d", + ai->aip_vpi, ai->aip_vci); } /* @@ -575,19 +575,19 @@ */ UM_ZERO(flags, sizeof(flags)); if (ai->aip_flags & IVF_PVC) { - strcat(flags, "P"); + strlcat(flags, "P", sizeof(flags)); } if (ai->aip_flags & IVF_SVC) { - strcat(flags, "S"); + strlcat(flags, "S", sizeof(flags)); } if (ai->aip_flags & IVF_LLC) { - strcat(flags, "L"); + strlcat(flags, "L", sizeof(flags)); } if (ai->aip_flags & IVF_MAPOK) { - strcat(flags, "M"); + strlcat(flags, "M", sizeof(flags)); } if (ai->aip_flags & IVF_NOIDLE) { - strcat(flags, "N"); + strlcat(flags, "N", sizeof(flags)); } /* @@ -789,11 +789,11 @@ */ UM_ZERO(dir_name, sizeof(dir_name)); if (vi->avp_type & VCC_IN) - strcat(dir_name, "In"); + strlcat(dir_name, "In", sizeof(dir_name)); if (vi->avp_type & VCC_OUT) - strcat(dir_name, "Out"); + strlcat(dir_name, "Out", sizeof(dir_name)); if (strlen(dir_name) == 0) - strcpy(dir_name, "-"); + strlcpy(dir_name, "-", sizeof(dir_name)); /* * Translate state @@ -883,7 +883,7 @@ /* * Print the interface information */ - sprintf(version_str, "%d.%d", + snprintf(version_str, sizeof(version_str), "%d.%d", ATM_VERS_MAJ(vi->avp_version), ATM_VERS_MIN(vi->avp_version)); printf("%7s\n", version_str); diff -ru sbin/atm.orig/atm/atm_set.c sbin/atm/atm/atm_set.c --- sbin/atm.orig/atm/atm_set.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_set.c 2004-10-28 14:39:07.876581196 -0300 @@ -136,7 +136,7 @@ len = sizeof(struct air_netif_rsp); UM_ZERO(&air, sizeof(air)); air.air_opcode = AIOCS_INF_NIF; - strcpy(air.air_int_intf, intf); + strlcpy(air.air_int_intf, intf, sizeof(air.air_int_intf)); len = do_info_ioctl(&air, len); if (len < 0) { fprintf(stderr, "%s: ", prog); @@ -194,7 +194,7 @@ */ UM_ZERO(&asr, sizeof(asr)); asr.asr_opcode = AIOCS_SET_ASV; - strncpy(asr.asr_arp_intf, intf, sizeof(asr.asr_arp_intf)); + strlcpy(asr.asr_arp_intf, intf, sizeof(asr.asr_arp_intf)); asr.asr_arp_addr = server; asr.asr_arp_subaddr.address_format = T_ATM_ABSENT; asr.asr_arp_subaddr.address_length = 0; @@ -298,7 +298,7 @@ * Build ioctl request */ asr.asr_opcode = AIOCS_SET_MAC; - strncpy(asr.asr_mac_intf, intf, sizeof(asr.asr_mac_intf)); + strlcpy(asr.asr_mac_intf, intf, sizeof(asr.asr_mac_intf)); UM_COPY(&mac, &asr.asr_mac_addr, sizeof(asr.asr_mac_addr)); /* @@ -380,7 +380,7 @@ fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(anr.asr_nif_intf, argv[0]); + strlcpy(anr.asr_nif_intf, argv[0], sizeof(anr.asr_nif_intf)); argc--; argv++; /* @@ -391,7 +391,7 @@ fprintf(stderr, "%s: Illegal network interface prefix\n", prog); exit(1); } - strcpy(anr.asr_nif_pref, argv[0]); + strlcpy(anr.asr_nif_pref, argv[0], sizeof(anr.asr_nif_pref)); argc--; argv++; /* @@ -407,7 +407,7 @@ /* * Make sure the resulting name won't be too long */ - sprintf(str, "%d", nifs - 1); + snprintf(str, sizeof(str), "%d", nifs - 1); if ((strlen(str) + strlen(anr.asr_nif_pref)) > sizeof(anr.asr_nif_intf) - 1) { fprintf(stderr, "%s: Network interface prefix too long\n", prog); @@ -476,7 +476,7 @@ * Build ioctl request */ asr.asr_opcode = AIOCS_SET_PRF; - strncpy(asr.asr_prf_intf, intf, sizeof(asr.asr_prf_intf)); + strlcpy(asr.asr_prf_intf, intf, sizeof(asr.asr_prf_intf)); UM_COPY(prefix, asr.asr_prf_pref, sizeof(asr.asr_prf_pref)); /* diff -ru sbin/atm.orig/atm/atm_show.c sbin/atm/atm/atm_show.c --- sbin/atm.orig/atm/atm_show.c 2003-11-01 15:15:57.000000000 -0200 +++ sbin/atm/atm/atm_show.c 2004-10-28 15:10:35.304199567 -0300 @@ -185,12 +185,13 @@ */ UM_ZERO(air.air_int_intf, sizeof(air.air_int_intf)); if (argc) { - if (strlen(argv[0]) > IFNAMSIZ - 1) { + size_t len; + len = strlcpy(air.air_int_intf, argv[0], sizeof(air.air_int_intf)); + if (len >= sizeof(sizeof(air.air_int_intf))) { fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(air.air_int_intf, argv[0]); argc--; argv++; } @@ -262,12 +263,13 @@ */ UM_ZERO(air.air_cfg_intf, sizeof(air.air_cfg_intf)); if (argc) { - if (strlen(argv[0]) > IFNAMSIZ - 1) { + size_t len; + len = strlcpy(air.air_cfg_intf, argv[0], sizeof(air.air_cfg_intf)); + if (len >= sizeof(air.air_cfg_intf)) { fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(air.air_cfg_intf, argv[0]); argc--; argv++; } @@ -339,7 +341,7 @@ prog); exit(1); } - strcpy(air.air_int_intf, argv[0]); + strlcpy(air.air_int_intf, argv[0], sizeof(air.air_int_intf)); argc--; argv++; } @@ -531,11 +533,12 @@ */ UM_ZERO(air.air_int_intf, sizeof(air.air_int_intf)); if (argc) { - if (strlen(argv[0]) > IFNAMSIZ - 1) { + size_t len; + len = strlcpy(air.air_int_intf, argv[0], sizeof(air.air_int_intf)); + if (len >= sizeof(air.air_int_intf)) { fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(air.air_int_intf, argv[0]); argc--; argv++; } @@ -604,12 +607,13 @@ */ UM_ZERO(intf, sizeof(intf)); if (argc) { - if (strlen(argv[0]) > IFNAMSIZ - 1) { + size_t len; + len = strlcpy(intf, argv[0], sizeof(intf)); + if (len >= sizeof(intf)) { fprintf(stderr, "%s: Illegal interface name\n", prog); exit(1); } - strcpy(intf, argv[0]); argc--; argv++; } @@ -623,7 +627,7 @@ */ buf_len = sizeof(struct air_cfg_rsp); air.air_opcode = AIOCS_INF_CFG; - strcpy(air.air_cfg_intf, intf); + strlcpy(air.air_cfg_intf, intf, sizeof(air.air_cfg_intf)); buf_len = do_info_ioctl(&air, buf_len); if (buf_len < 0) { fprintf(stderr, "%s: ", prog); @@ -667,7 +671,7 @@ */ buf_len = sizeof(struct air_phy_stat_rsp) * 3; air.air_opcode = AIOCS_INF_PIS; - strcpy(air.air_physt_intf, intf); + strlcpy(air.air_physt_intf, intf, sizeof(air.air_physt_intf)); buf_len = do_info_ioctl(&air, buf_len); if (buf_len < 0) { fprintf(stderr, "%s: ", prog); diff -ru sbin/atm.orig/atm/atm_subr.c sbin/atm/atm/atm_subr.c --- sbin/atm.orig/atm/atm_subr.c 2003-09-28 11:39:16.000000000 -0300 +++ sbin/atm/atm/atm_subr.c 2004-10-28 14:39:07.886579517 -0300 @@ -234,13 +234,12 @@ * Initialize */ UM_ZERO(&air, sizeof(air)); - UM_ZERO(name, sizeof(name)); /* * Get configuration information from the kernel */ air.air_opcode = AIOCS_INF_CFG; - strcpy(air.air_cfg_intf, intf); + strlcpy(air.air_cfg_intf, intf, sizeof(air.air_cfg_intf)); buf_len = do_info_ioctl(&air, sizeof(struct air_cfg_rsp)); if (buf_len < sizeof(struct air_cfg_rsp)) return("-"); @@ -249,9 +248,8 @@ /* * Build a string describing the adapter */ - strcpy(name, get_vendor(cfg->acp_vendor)); - strcat(name, " "); - strcat(name, get_adapter(cfg->acp_device)); + snprintf(name, sizeof(name), "%s %s", + get_vendor(cfg->acp_vendor), get_adapter(cfg->acp_device)); UM_FREE(cfg); @@ -281,14 +279,9 @@ return("-"); /* - * Clear the returned string - */ - UM_ZERO(str, sizeof(str)); - - /* * Format the address */ - sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x", + snprintf(str, sizeof(str), "%02x:%02x:%02x:%02x:%02x:%02x", addr->ma_data[0], addr->ma_data[1], addr->ma_data[2], diff -ru sbin/atm.orig/fore_dnld/fore_dnld.c sbin/atm/fore_dnld/fore_dnld.c --- sbin/atm.orig/fore_dnld/fore_dnld.c 2004-02-04 15:39:58.000000000 -0200 +++ sbin/atm/fore_dnld/fore_dnld.c 2004-10-28 14:39:07.892578509 -0300 @@ -736,7 +736,7 @@ { char cmd[80]; - sprintf ( cmd, "go %lx\r\n", binhdr.entry ); + snprintf ( cmd, sizeof(cmd), "go %lx\r\n", binhdr.entry ); xmit_to_i960 ( cmd, strlen ( cmd ), 0 ); @@ -875,7 +875,7 @@ { char cmd[80]; - sprintf ( cmd, "go %lx\r\n", binhdr.entry ); + snprintf ( cmd, sizeof(cmd), "go %lx\r\n", binhdr.entry ); xmit_to_i960 ( cmd, strlen ( cmd ), 0 ); @@ -982,7 +982,7 @@ /* * Copy interface name into ioctl request */ - strcpy ( req.air_cfg_intf, devname ); + strlcpy ( req.air_cfg_intf, devname, sizeof(req.air_cfg_intf) ); /* * Issue ioctl @@ -1019,9 +1019,10 @@ * Create /dev name */ #ifdef sun - sprintf ( bus_dev, DEV_NAME, air->acp_busslot ); + snprintf ( bus_dev, sizeof(bus_dev), DEV_NAME, + air->acp_busslot ); #else - sprintf ( bus_dev, DEV_NAME ); + snprintf ( bus_dev, sizeof(bus_dev), DEV_NAME ); #endif /* @@ -1232,15 +1233,15 @@ switch ( air->acp_device ) { case DEV_FORE_SBA200: - sprintf ( base, "sba200" ); + snprintf ( base, sizeof(base), "sba200" ); break; case DEV_FORE_SBA200E: - sprintf ( base, "sba200e" ); + snprintf ( base, sizeof(base), "sba200e" ); break; case DEV_FORE_PCA200E: - sprintf ( base, "pca200e" ); + snprintf ( base, sizeof(base), "pca200e" ); break; default: @@ -1255,21 +1256,24 @@ switch ( air->acp_device ) { case DEV_FORE_SBA200: case DEV_FORE_SBA200E: - sprintf ( filename, "%s.bin%d", base, - air->acp_bustype ); + snprintf ( filename, sizeof(filename), + "%s.bin%d", base, + air->acp_bustype ); if ( stat ( filename, &sbuf ) == -1 ) { - sprintf ( filename, "%s/%s.bin%d", - dirname, base, - air->acp_bustype ); + snprintf ( filename, sizeof(filename), + "%s/%s.bin%d", dirname, base, + air->acp_bustype ); if ( stat ( filename, &sbuf ) == -1 ) { ext = 1; - sprintf ( filename, "%s.objd%d", - base, air->acp_bustype ); + snprintf(filename, sizeof(filename), + "%s.objd%d", base, + air->acp_bustype); if ( stat(filename, &sbuf) == -1 ) { - sprintf ( filename, - "%s/%s.objd%d", dirname, - base, - air->acp_bustype ); + snprintf ( filename, + sizeof(filename), + "%s/%s.objd%d", + dirname, base, + air->acp_bustype ); if ( stat ( filename, &sbuf ) != -1 ) sndfile = filename; } else diff -ru sbin/atm.orig/ilmid/ilmid.c sbin/atm/ilmid/ilmid.c --- sbin/atm.orig/ilmid/ilmid.c 2003-11-03 17:51:04.000000000 -0200 +++ sbin/atm/ilmid/ilmid.c 2004-10-28 14:39:07.898577502 -0300 @@ -1638,8 +1638,8 @@ ilmi_fd[unit] = -1; continue; } - sprintf ( nifname, "%s0", Intf[unit].anp_nif_pref ); optlen = sizeof ( nifname ); + snprintf ( nifname, optlen, "%s0", Intf[unit].anp_nif_pref ); if ( setsockopt ( ilmi_fd[unit], T_ATM_SIGNALING, T_ATM_NET_INTF, (caddr_t)nifname, optlen ) < 0 ) { perror ( "setsockopt" ); @@ -1751,7 +1751,7 @@ perror("setsockopt(dest_sub)"); } - strncpy(appname.app_name, "ILMI", T_ATM_APP_NAME_LEN); + strlcpy(appname.app_name, "ILMI", T_ATM_APP_NAME_LEN); optlen = sizeof(appname); if (setsockopt(ilmi_fd[unit], T_ATM_SIGNALING, T_ATM_APP_NAME, (caddr_t)&appname, optlen) < 0) { @@ -1868,7 +1868,7 @@ * Build IOCTL request to set prefix */ asr.asr_opcode = AIOCS_SET_PRF; - strncpy ( asr.asr_prf_intf, Intf[intf].anp_intf, + strlcpy ( asr.asr_prf_intf, Intf[intf].anp_intf, sizeof(asr.asr_prf_intf ) ); /* * Pull prefix out of received Objid