diff -ru sbin/vinum.orig/commands.c sbin/vinum/commands.c --- sbin/vinum.orig/commands.c 2004-02-04 15:40:01.000000000 -0200 +++ sbin/vinum/commands.c 2004-10-26 15:48:42.810000732 -0300 @@ -89,7 +89,7 @@ editor = getenv("EDITOR"); if (editor == NULL) editor = "/usr/bin/vi"; - sprintf(tempfile, "/var/tmp/" VINUMMOD ".create.%d", getpid()); /* create a temp file */ + snprintf(tempfile, sizeof(tempfile), "/var/tmp/" VINUMMOD ".create.%d", getpid()); /* create a temp file */ tf = fopen(tempfile, "w"); /* open it */ if (tf == NULL) { fprintf(stderr, "Can't open %s: %s\n", argv[0], strerror(errno)); @@ -97,7 +97,7 @@ } printconfig(tf, "# "); /* and put the current config it */ fclose(tf); - sprintf(commandline, "%s %s", editor, tempfile); /* create an edit command */ + snprintf(commandline, sizeof(commandline), "%s %s", editor, tempfile); /* create an edit command */ status = system(commandline); /* do it */ if (status != 0) { fprintf(stderr, "Can't edit config: status %d\n", status); @@ -137,7 +137,7 @@ file_line++; /* count the lines */ if (vflag) printf("%4d: %s", file_line, buffer); - strcpy(commandline, buffer); /* make a copy */ + strlcpy(commandline, buffer, sizeof(commandline)); /* make a copy */ ioctl(superdev, VINUM_CREATE, buffer); if (reply->error != 0) { /* error in config */ if (!vflag) /* print this line anyway */ @@ -180,10 +180,10 @@ fprintf(stderr, "Usage: read drive [drive ...]\n"); return; } - strcpy(buffer, "read "); + strlcpy(buffer, "read ", sizeof(buffer)); for (i = 0; i < argc; i++) { /* each drive name */ - strcat(buffer, argv[i]); - strcat(buffer, " "); + strlcat(buffer, argv[i], sizeof(buffer)); + strlcat(buffer, " ", sizeof(buffer)); } if (ioctl(superdev, VINUM_STARTCONFIG, &force)) { /* can't get config? */ @@ -361,7 +361,7 @@ /* Variables for use by children */ int failed = 0; /* set if a child dies badly */ - sprintf(filename, VINUM_DIR "/plex/%s", name); + snprintf(filename, sizeof(filename), VINUM_DIR "/plex/%s", name); if ((plexfh = open(filename, O_RDWR, S_IRWXU)) < 0) { /* got a plex, open it */ /* * We don't actually write anything to the @@ -451,7 +451,7 @@ openlog("vinum", LOG_CONS | LOG_PERROR | LOG_PID, LOG_KERN); get_sd_info(&sd, sdno); sdsize = sd.sectors * DEV_BSIZE; /* size of subdisk in bytes */ - sprintf(filename, VINUM_DIR "/sd/%s", sd.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/sd/%s", sd.name); setproctitle("initializing %s", filename); /* show what we're doing */ syslog(LOG_INFO | LOG_KERN, "initializing subdisk %s", filename); if ((sdfh = open(filename, O_RDWR, S_IRWXU)) < 0) { /* no go */ @@ -527,10 +527,12 @@ int i; char **token; /* list of tokens */ int tokens; /* and their number */ + size_t listlen; bzero(&statinfo, sizeof(struct statinfo)); statinfo.dinfo = malloc(devs * sizeof(struct statinfo)); - namelist = malloc(devs * (DEVSTAT_NAME_LEN + 8)); + listlen = devs * (DEVSTAT_NAME_LEN + 8); + namelist = malloc(listlen); token = malloc((devs + 1) * sizeof(char *)); if ((statinfo.dinfo == NULL) || (namelist == NULL) || (token == NULL)) { fprintf(stderr, "Can't allocate memory for drive list\n"); @@ -554,7 +556,7 @@ &&((stat->device_type & DEVSTAT_TYPE_IF_MASK) != DEVSTAT_TYPE_IF_OTHER) /* and not md */ &&((stat->device_type & DEVSTAT_TYPE_PASS) == 0) /* and not passthrough */ &&((stat->device_name[0] != '\0'))) { /* and it has a name */ - sprintf(enamelist, "%s%s%d", _PATH_DEV, stat->device_name, stat->unit_number); + snprintf(enamelist, listlen, "%s%s%d", _PATH_DEV, stat->device_name, stat->unit_number); token[tokens] = enamelist; /* point to it */ tokens++; /* one more token */ enamelist = &enamelist[strlen(enamelist) + 1]; /* and start beyond the end */ @@ -1027,8 +1029,8 @@ if (plex.sdnos[sdno] == msg.index) /* found our subdisk */ break; } - sprintf(newname, "%s.s%d", plex.name, sdno); - sprintf(oldname, "%s", sd.name); + snprintf(newname, sizeof(newname), "%s.s%d", plex.name, sdno); + snprintf(oldname, sizeof(oldname), "%s", sd.name); vinum_rename_2(oldname, newname); break; @@ -1039,8 +1041,8 @@ if (vol.plex[plexno] == msg.index) /* found our subdisk */ break; } - sprintf(newname, "%s.p%d", vol.name, plexno); - sprintf(oldname, "%s", plex.name); + snprintf(newname, sizeof(newname), "%s.p%d", vol.name, plexno); + snprintf(oldname, sizeof(oldname), "%s", plex.name); vinum_rename_2(oldname, newname); /* this may recurse */ break; @@ -1113,7 +1115,7 @@ fprintf(stderr, "%s is too long\n", name); return; } - strcpy(msg->newname, name); + strlcpy(msg->newname, name, sizeof(msg->newname)); ioctl(superdev, VINUM_RENAME, msg); if (reply->error != 0) fprintf(stderr, @@ -1159,7 +1161,7 @@ char sdname[MAXPLEXNAME + 8]; get_plex_sd_info(&sd, plex.plexno, sdno); /* get info about the subdisk */ - sprintf(sdname, "%s.s%d", newname, sdno); + snprintf(sdname, sizeof(sdname), "%s.s%d", newname, sdno); msg.index = sd.sdno; /* number of the subdisk */ dorename(&msg, sd.name, sdname, MAXSDNAME); } @@ -1178,7 +1180,7 @@ char plexname[MAXVOLNAME + 8]; msg.type = plex_object; - sprintf(plexname, "%s.p%d", newname, plexno); + snprintf(plexname, sizeof(plexname), "%s.p%d", newname, plexno); msg.index = vol.plex[plexno]; /* number of the plex */ dorename(&msg, plex.name, plexname, MAXPLEXNAME); get_plex_info(&plex, vol.plex[plexno]); /* find out who we are */ @@ -1187,7 +1189,7 @@ char sdname[MAXPLEXNAME + 8]; get_plex_sd_info(&sd, plex.plexno, sdno); /* get info about the subdisk */ - sprintf(sdname, "%s.s%d", plexname, sdno); + snprintf(sdname, sizeof(sdname), "%s.s%d", plexname, sdno); msg.index = sd.sdno; /* number of the subdisk */ dorename(&msg, sd.name, sdname, MAXSDNAME); } @@ -1479,7 +1481,7 @@ objectname = volumename; /* point to it */ for (v = 0;; v++) { - sprintf(objectname, "vinum%d", v); /* create the name */ + snprintf(objectname, sizeof(volumename), "vinum%d", v); /* create the name */ if (find_object(objectname, &type) == -1) /* does it exist? */ return; /* no, it's ours */ } @@ -1506,11 +1508,11 @@ * looping if we have a bug somewhere. */ for (d = 0; d < 100000; d++) { /* look for a free drive number */ - sprintf(drivename, "vinumdrive%d", d); /* create the name */ + snprintf(drivename, sizeof(drivename), "vinumdrive%d", d); /* create the name */ if (find_object(drivename, &type) == -1) { /* does it exist? */ char command[MAXDRIVENAME * 2]; - sprintf(command, "drive %s device %s", drivename, devicename); /* create a create command */ + snprintf(command, sizeof(command), "drive %s device %s", drivename, devicename); /* create a create command */ if (vflag) printf("drive %s device %s\n", drivename, devicename); /* create a create command */ ioctl(superdev, VINUM_CREATE, command); @@ -1563,7 +1565,7 @@ } if (!objectname) /* we need a name for our object */ genvolname(); - sprintf(buffer, "volume %s", objectname); + snprintf(buffer, sizeof(buffer), "volume %s", objectname); if (vflag) printf("volume %s\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); /* create the volume */ @@ -1581,7 +1583,7 @@ reply->error); longjmp(command_fail, -1); /* give up */ } - sprintf(buffer, "plex name %s.p0 org concat", objectname); + snprintf(buffer, sizeof(buffer), "plex name %s.p0 org concat", objectname); if (vflag) printf(" plex name %s.p0 org concat\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); @@ -1602,7 +1604,7 @@ for (o = 0; o < argc; o++) { if ((drive = find_drive_by_devname(argv[o])) == NULL) /* doesn't exist */ drive = create_drive(argv[o]); /* create it */ - sprintf(buffer, "sd name %s.p0.s%d drive %s size 0", objectname, o, drive->label.name); + snprintf(buffer, sizeof(buffer), "sd name %s.p0.s%d drive %s size 0", objectname, o, drive->label.name); if (vflag) printf(" sd name %s.p0.s%d drive %s size 0\n", objectname, o, drive->label.name); ioctl(superdev, VINUM_CREATE, buffer); @@ -1702,7 +1704,7 @@ } /* Now create the volume */ - sprintf(buffer, "volume %s", objectname); + snprintf(buffer, sizeof(buffer), "volume %s", objectname); if (vflag) printf("volume %s\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); /* create the volume */ @@ -1720,7 +1722,7 @@ reply->error); longjmp(command_fail, -1); /* give up */ } - sprintf(buffer, "plex name %s.p0 org striped 256k", objectname); + snprintf(buffer, sizeof(buffer), "plex name %s.p0 org striped 256k", objectname); if (vflag) printf(" plex name %s.p0 org striped 256k\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); @@ -1740,7 +1742,7 @@ } for (o = 0; o < argc; o++) { drive = find_drive_by_devname(argv[o]); /* we know it exists... */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "sd name %s.p0.s%d drive %s size %lldb", objectname, o, @@ -1848,7 +1850,7 @@ } /* Now create the volume */ - sprintf(buffer, "volume %s", objectname); + snprintf(buffer, sizeof(buffer), "volume %s", objectname); if (vflag) printf("volume %s\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); /* create the volume */ @@ -1866,7 +1868,7 @@ reply->error); longjmp(command_fail, -1); /* give up */ } - sprintf(buffer, "plex name %s.p0 org raid4 256k", objectname); + snprintf(buffer, sizeof(buffer), "plex name %s.p0 org raid4 256k", objectname); if (vflag) printf(" plex name %s.p0 org raid4 256k\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); @@ -1886,7 +1888,7 @@ } for (o = 0; o < argc; o++) { drive = find_drive_by_devname(argv[o]); /* we know it exists... */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "sd name %s.p0.s%d drive %s size %lldb", objectname, o, @@ -1994,7 +1996,7 @@ } /* Now create the volume */ - sprintf(buffer, "volume %s", objectname); + snprintf(buffer, sizeof(buffer), "volume %s", objectname); if (vflag) printf("volume %s\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); /* create the volume */ @@ -2012,7 +2014,7 @@ reply->error); longjmp(command_fail, -1); /* give up */ } - sprintf(buffer, "plex name %s.p0 org raid5 256k", objectname); + snprintf(buffer, sizeof(buffer), "plex name %s.p0 org raid5 256k", objectname); if (vflag) printf(" plex name %s.p0 org raid5 256k\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); @@ -2032,7 +2034,7 @@ } for (o = 0; o < argc; o++) { drive = find_drive_by_devname(argv[o]); /* we know it exists... */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "sd name %s.p0.s%d drive %s size %lldb", objectname, o, @@ -2156,7 +2158,7 @@ } /* Now create the volume */ - sprintf(buffer, "volume %s setupstate", objectname); + snprintf(buffer, sizeof(buffer), "volume %s setupstate", objectname); if (vflag) printf("volume %s setupstate\n", objectname); ioctl(superdev, VINUM_CREATE, buffer); /* create the volume */ @@ -2176,11 +2178,13 @@ } for (p = 0; p < 2; p++) { /* create each plex */ if (sflag) { - sprintf(buffer, "plex name %s.p%d org striped 256k", objectname, p); + snprintf(buffer, sizeof(buffer), "plex name %s.p%d org striped 256k", + objectname, p); if (vflag) printf(" plex name %s.p%d org striped 256k\n", objectname, p); } else { /* concat */ - sprintf(buffer, "plex name %s.p%d org concat", objectname, p); + snprintf(buffer, sizeof(buffer), "plex name %s.p%d org concat", + objectname, p); if (vflag) printf(" plex name %s.p%d org concat\n", objectname, p); } @@ -2204,7 +2208,7 @@ /* Now look at the subdisks */ for (o = p; o < argc; o += 2) { /* every second one */ drive = find_drive_by_devname(argv[o]); /* we know it exists... */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "sd name %s.p%d.s%d drive %s size %lldb", objectname, p, diff -ru sbin/vinum.orig/list.c sbin/vinum/list.c --- sbin/vinum.orig/list.c 2004-02-04 15:40:01.000000000 -0200 +++ sbin/vinum/list.c 2004-10-26 16:13:05.104235530 -0300 @@ -89,13 +89,17 @@ static char description[16]; if (bytes > (int64_t) MEGABYTE * 10000) /* gigabytes */ - sprintf(description, lj ? "%lld GB" : "%10lld GB", bytes / GIGABYTE); + snprintf(description, sizeof(description), lj ? "%lld GB" : "%10lld GB", + bytes / GIGABYTE); else if (bytes > KILOBYTE * 10000) /* megabytes */ - sprintf(description, lj ? "%lld MB" : "%10lld MB", bytes / MEGABYTE); + snprintf(description, sizeof(description), lj ? "%lld MB" : "%10lld MB", + bytes / MEGABYTE); else if (bytes > 10000) /* kilobytes */ - sprintf(description, lj ? "%lld kB" : "%10lld kB", bytes / KILOBYTE); + snprintf(description, sizeof(description), lj ? "%lld kB" : "%10lld kB", + bytes / KILOBYTE); else /* bytes */ - sprintf(description, lj ? "%lld B" : "%10lld B", bytes); + snprintf(description, sizeof(description), lj ? "%lld B" : "%10lld B", + bytes); return description; } @@ -832,8 +836,8 @@ time_t t; /* to keep Bruce happy */ t = time->tv_sec; - strcpy(text, ctime(&t)); /* to the second */ - sprintf(&text[19], ".%06ld", time->tv_usec); /* and the microseconds */ + strlcpy(text, ctime(&t), sizeof(text)); /* to the second */ + snprintf(&text[19], sizeof(text) - 19, ".%06ld", time->tv_usec); /* and the microseconds */ return &text[11]; } @@ -1231,10 +1235,13 @@ int i; char **token; /* list of tokens */ int tokens; /* and their number */ + size_t listlen; bzero(&statinfo, sizeof(struct statinfo)); statinfo.dinfo = malloc(devs * sizeof(struct statinfo)); - namelist = malloc(devs * (DEVSTAT_NAME_LEN + 8)); + + listlen = devs * (DEVSTAT_NAME_LEN + 8); + namelist = malloc(listlen); token = malloc((devs + 1) * sizeof(char *)); if ((statinfo.dinfo == NULL) || (namelist == NULL) || (token == NULL)) { fprintf(stderr, "Can't allocate memory for drive list\n"); @@ -1256,7 +1263,8 @@ if (((stat->device_type & DEVSTAT_TYPE_MASK) == DEVSTAT_TYPE_DIRECT) /* disk device */ &&((stat->device_type & DEVSTAT_TYPE_PASS) == 0) /* and not passthrough */ &&((stat->device_name[0] != '\0'))) { /* and it has a name */ - sprintf(enamelist, "/dev/%s%d", stat->device_name, stat->unit_number); + snprintf(enamelist, listlen, "/dev/%s%d", + stat->device_name, stat->unit_number); token[tokens] = enamelist; /* point to it */ tokens++; /* one more token */ enamelist = &enamelist[strlen(enamelist) + 1]; /* and start beyond the end */ @@ -1285,19 +1293,20 @@ struct disklabel label; /* label of this drive */ int driveno; /* fd of drive */ int found; + size_t partidlen; u_int64_t drivelength; if (memcmp(part, "/dev/", DEVLEN) == 0) /* starts with /dev */ memcpy(partname, part, MAXPATHLEN); - else { /* prepend */ - strcpy(partname, "/dev/"); - strncat(&partname[DEVLEN], part, MAXPATHLEN - DEVLEN); - } + else /* prepend */ + snprintf(partname, sizeof(partname), "/dev/%s", part); + partid = &partname[strlen(partname)]; + partidlen = sizeof(partname) - strlen(partname); founddrive = 0; /* no vinum drive found yet on this spindle */ /* first try the partition table */ for (slice = 1; slice < 5; slice++) { - sprintf(partid, "s%dc", slice); /* c partition */ + snprintf(partid, partidlen, "s%dc", slice); /* c partition */ driveno = open(partname, O_RDONLY); if (driveno < 0) { if (errno != ENOENT) @@ -1312,7 +1321,7 @@ if ((partition != 'c') /* it's not the c partition */ &&((label.d_partitions[partition - 'a'].p_fstype == FS_VINUM) /* and it's a Vinum partition */ ||Verbose)) { /* or we're just plain curious */ - sprintf(partid, "s%d%c", slice, partition); + snprintf(partid, partidlen, "s%d%c", slice, partition); found = check_drive(partname); /* try to open it */ founddrive |= found; /* and note if we were successful at all */ if (label.d_partitions[partition - 'a'].p_fstype == FS_VINUM) { /* it's a Vinum partition */ @@ -1328,7 +1337,7 @@ } } if (founddrive == 0) { /* didn't find anything, */ - sprintf(partid, "c"); /* c partition */ + snprintf(partid, partidlen, "c"); /* c partition */ driveno = open(partname, O_RDONLY); if (driveno < 0) { if (errno != ENOENT) @@ -1343,7 +1352,7 @@ if ((partition != 'c') /* it's not the c partition */ &&((label.d_partitions[partition - 'a'].p_fstype == FS_VINUM) /* and it's a Vinum partition */ ||Verbose)) { /* or we're just plain curious */ - sprintf(partid, "%c", partition); + snprintf(partid, partidlen, "%c", partition); found = check_drive(partname); /* try to open it */ founddrive |= found; /* and note if we were successful at all */ if (label.d_partitions[partition - 'a'].p_fstype == FS_VINUM) { /* it's a Vinum partition */ diff -ru sbin/vinum.orig/v.c sbin/vinum/v.c --- sbin/vinum.orig/v.c 2003-08-08 01:18:41.000000000 -0300 +++ sbin/vinum/v.c 2004-10-26 16:15:55.729432314 -0300 @@ -220,7 +220,7 @@ } } else if (*c) { /* got something there */ add_history(c); /* save it in the history */ - strcpy(buffer, c); /* put it where we can munge it */ + strlcpy(buffer, c, sizeof(buffer)); /* put it where we can munge it */ free(c); line++; /* count the lines */ tokens = tokenize(buffer, token); @@ -578,7 +578,8 @@ get_drive_info(&drive, driveno); if (drive.state > drive_referenced) { - sprintf(filename, "ln -s %s " VINUM_DIR "/drive/%s", drive.devicename, drive.label.name); + snprintf(filename, sizeof(filename), "ln -s %s " VINUM_DIR "/drive/%s", + drive.devicename, drive.label.name); system(filename); } } @@ -597,18 +598,18 @@ voldev = VINUMDEV(volno, 0, 0, VINUM_VOLUME_TYPE); /* create a device number */ /* Create /dev/vinum/ */ - sprintf(filename, VINUM_DIR "/%s", vol.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/%s", vol.name); if (mknod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IFCHR, voldev) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); /* Create /dev/vinum/vol/ */ - sprintf(filename, VINUM_DIR "/vol/%s", vol.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/vol/%s", vol.name); if (mknod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IFCHR, voldev) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); if (vol.plexes > 0) { /* Create /dev/vinum/vol/.plex/ */ - sprintf(filename, VINUM_DIR "/vol/%s.plex", vol.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/vol/%s.plex", vol.name); if (mkdir(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IXOTH) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); } @@ -634,7 +635,7 @@ plexdev = VINUM_PLEX(plexno); /* /dev/vinum/plex/ */ - sprintf(filename, VINUM_DIR "/plex/%s", plex.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/plex/%s", plex.name); if (mknod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IFCHR, plexdev) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); @@ -643,12 +644,14 @@ plexdev = VINUMDEV(plex.volno, plexno, 0, VINUM_PLEX_TYPE); /* Create device /dev/vinum/vol/.plex/ */ - sprintf(filename, VINUM_DIR "/vol/%s.plex/%s", vol.name, plex.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/vol/%s.plex/%s", + vol.name, plex.name); if (mknod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IFCHR, plexdev) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); /* Create directory /dev/vinum/vol/.plex/.sd */ - sprintf(filename, VINUM_DIR "/vol/%s.plex/%s.sd", vol.name, plex.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/vol/%s.plex/%s.sd", + vol.name, plex.name); if (mkdir(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IXOTH) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); } @@ -673,7 +676,7 @@ sddev = VINUM_SD(sdno); /* /dev/vinum/sd/ */ - sprintf(filename, VINUM_DIR "/sd/%s", sd.name); + snprintf(filename, sizeof(filename), VINUM_DIR "/sd/%s", sd.name); if (mknod(filename, S_IRUSR | S_IWUSR | S_IRGRP | S_IFCHR, sddev) < 0) fprintf(stderr, "Can't create %s: %s\n", filename, strerror(errno)); }