[packages/SysVinit.git] / sysvinit-owl-bound-format.patch

diff -ur sysvinit-2.78.orig/src/bootlogd.c sysvinit-2.78/src/bootlogd.c
--- sysvinit-2.78.orig/src/bootlogd.c	Mon Oct  4 13:19:19 1999
+++ sysvinit-2.78/src/bootlogd.c	Tue Aug  8 06:36:47 2000
@@ -86,7 +86,7 @@
  *	Scan /dev and find the device name.
  *	Side-effect: directory is changed to /dev
  */
-int findtty(char *res, dev_t dev)
+int findtty(char **res, dev_t dev)
 {
 	DIR		*dir;
 	struct dirent	*ent;
@@ -109,8 +109,10 @@
 	if (ent == NULL) {
 		fprintf(stderr, "bootlogd: cannot find console device\n");
 		r = -1;
-	} else
-		strcpy(res, ent->d_name);
+	} else {
+		*res = strdup(ent->d_name);
+		if (!*res) r = -1;
+	}
 	closedir(dir);
 
 	return r;
@@ -121,7 +123,7 @@
  *	Find out the _real_ console. Assume that stdin is connected to
  *	the console device (/dev/console).
  */
-int consolename(char *res)
+int consolename(char **res)
 {
 	struct stat	st;
 #if TIOCTTYGSTRUCT_HACK
@@ -235,9 +237,10 @@
 	FILE		*fp;
 	struct timeval	tv;
 	fd_set		fds;
-	char		buf[1024];
+	char		*console;
 	char		*p;
 	char		*logfile;
+	char		*backfile;
 	char		*pidfile;
 	int		rotate;
 	int		dontfork;
@@ -285,10 +288,10 @@
 	/*
 	 *	Open console device directly.
 	 */
-	if (consolename(buf) < 0)
+	if (consolename(&console) < 0)
 		return 1;
-	if ((realfd = open(buf, O_WRONLY|O_NONBLOCK)) < 0) {
-		fprintf(stderr, "bootlogd: %s: %s\n", buf, strerror(errno));
+	if ((realfd = open(console, O_WRONLY|O_NONBLOCK)) < 0) {
+		fprintf(stderr, "bootlogd: %s: %s\n", console, strerror(errno));
 		return 1;
 	}
 	n = fcntl(realfd, F_GETFL);
@@ -298,7 +301,7 @@
 	/*
 	 *	Grab a pty, and redirect console messages to it.
 	 */
-	if (openpty(&ptm, &pts, buf, NULL, NULL) < 0) {
+	if (openpty(&ptm, &pts, console, NULL, NULL) < 0) {
 		fprintf(stderr, "bootlogd: cannot allocate pseudo tty\n");
 		return 1;
 	}
@@ -312,7 +315,7 @@
 #endif
 	if (ioctl(pts, TIOCCONS, NULL) < 0) {
 		fprintf(stderr, "bootlogd: ioctl(%s, TIOCCONS): %s\n",
-			buf, strerror(errno));
+			console, strerror(errno));
 		return 1;
 	}
 
@@ -384,8 +387,10 @@
 		 *	Perhaps we need to open the logfile.
 		 */
 		if (fp == NULL && rotate && access(logfile, F_OK) == 0) {
-			sprintf(buf, "%s~", logfile);
-			rename(logfile, buf);
+			backfile = malloc(strlen(logfile) + 2);
+			if (!backfile) break;
+			sprintf(backfile, "%s~", logfile);
+			rename(logfile, backfile);
 		}
 		if (fp == NULL)
 			fp = fopen(logfile, "a");
diff -ur sysvinit-2.78.orig/src/dowall.c sysvinit-2.78/src/dowall.c
--- sysvinit-2.78.orig/src/dowall.c	Tue Apr 20 01:10:10 1999
+++ sysvinit-2.78/src/dowall.c	Tue Aug  8 06:50:06 2000
@@ -90,7 +90,7 @@
 		if ((tty = ttyname(0)) != (char *)0) {
 			if (strncmp(tty, "/dev/", 5) == 0)
 				tty += 5;
-			sprintf(ttynm, "(%s) ", tty);	
+			snprintf(ttynm, sizeof(ttynm), "(%s) ", tty);
 		} else
 			ttynm[0] = 0;
 		init++;
@@ -105,7 +105,7 @@
 	*p = 0;
 	
 	if (remote) {
-		sprintf(line,
+		snprintf(line, sizeof(line),
 			"\007\r\nRemote broadcast message %s...\r\n\r\n",
 			date);
 	} else {
@@ -124,10 +124,14 @@
 	while ((utmp = getutent()) != NULL) {
 		if(utmp->ut_type != USER_PROCESS ||
 		   utmp->ut_user[0] == 0) continue;
-		if (strncmp(utmp->ut_line, "/dev/", 5) == 0)
-			strcpy(term, utmp->ut_line);
-		else
-			sprintf(term, "/dev/%s", utmp->ut_line);
+/* AUDIT: is ut_line always NUL-terminated? This code will at least not
+ * overflow the buffer if not. */
+		if (strlen(utmp->ut_line) >= sizeof(term) - 5) continue;
+		if (strncmp(utmp->ut_line, "/dev/", 5) == 0) {
+			term[0] = '\0';
+			strncat(term, utmp->ut_line, sizeof(term) - 1);
+		} else
+			snprintf(term, sizeof(term), "/dev/%s", utmp->ut_line);
 	
 		/*
 		 *	Sometimes the open/write hangs in spite of the O_NDELAY
diff -ur sysvinit-2.78.orig/src/init.c sysvinit-2.78/src/init.c
--- sysvinit-2.78.orig/src/init.c	Fri Feb 11 14:17:02 2000
+++ sysvinit-2.78/src/init.c	Tue Aug  8 08:07:37 2000
@@ -70,6 +70,11 @@
 #  define SIGPWR SIGUSR2
 #endif
 
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
+void log(int loglevel, char *s, ...);
+
 /* Set a signal handler. */
 #define SETSIG(sa, sig, fun, flags) \
 		do { \
@@ -416,10 +421,11 @@
 }
 
 /*
- *	Set the process title. We do not check for overflow of
- *	the stack space since we know there is plenty for
- *	our needs and we'll never use more than 10 bytes anyway.
+ *	Set the process title.
  */
+#ifdef __GNUC__
+__attribute__ ((format (printf, 1, 2)))
+#endif
 int setproctitle(char *fmt, ...)
 {
 	va_list ap;
@@ -429,7 +435,7 @@
 	buf[0] = 0;
 
 	va_start(ap, fmt);
-	len = vsprintf(buf, fmt, ap);
+	len = vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
 
 	memset(argv0, 0, maxproclen + 1);
@@ -728,6 +734,9 @@
 /*
  *	Log something to a logfile and the console.
  */
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
 void log(int loglevel, char *s, ...)
 {
 	va_list va_alist;
@@ -742,7 +751,7 @@
 		 *	Re-etablish connection with syslogd every time.
 		 */
 		openlog("init", 0, LOG_DAEMON);
-		syslog(LOG_INFO, buf);
+		syslog(LOG_INFO, "%s", buf);
 		/* closelog(); NOT needed with recent libc's. */
 	}
 
@@ -856,6 +865,7 @@
   } else {
 	/* Split up command line arguments */
   	strncpy(buf, proc, sizeof(buf) - 1);
+	buf[sizeof(buf) - 1] = '\0';
   	ptr = buf;
   	for(f = 1; f < 15; f++) {
   		/* Skip white space */
@@ -1003,7 +1013,7 @@
 #endif
 
 	if (pid == -1) {
-		log(L_VB, "cannot fork, retry..", NULL, NULL);
+		log(L_VB, "cannot fork, retry..");
 		do_sleep(5);
 		continue;
 	}
diff -ur sysvinit-2.78.orig/src/killall5.c sysvinit-2.78/src/killall5.c
--- sysvinit-2.78.orig/src/killall5.c	Wed Oct  7 00:34:46 1998
+++ sysvinit-2.78/src/killall5.c	Tue Aug  8 07:21:08 2000
@@ -72,6 +72,9 @@
 int scripts_too = 0;
 
 char *progname;	/* the name of the running program */
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
 void nsyslog(int pri, char *fmt, ...);
 
 /* Malloc space, barf if out of memory. */
@@ -166,7 +169,7 @@
 	memset(p, 0, sizeof(PROC));
 
 	/* Open the statistics file. */
-	sprintf(path, "/proc/%s/stat", d->d_name);
+	snprintf(path, sizeof(path), "/proc/%s/stat", d->d_name);
 
 	/* Read SID & statname from it. */
  	if ((fp = fopen(path, "r")) != NULL) {
@@ -211,7 +214,7 @@
 	}
 
 	/* Now read argv[0] */
-	sprintf(path, "/proc/%s/cmdline", d->d_name);
+	snprintf(path, sizeof(path), "/proc/%s/cmdline", d->d_name);
 	if ((fp = fopen(path, "r")) != NULL) {
 		f = 0;
 		while(f < 127 && (c = fgetc(fp)) != EOF && c) buf[f++] = c;
@@ -234,7 +237,7 @@
 	}
 
 	/* Try to stat the executable. */
-	sprintf(path, "/proc/%s/exe", d->d_name);
+	snprintf(path, sizeof(path), "/proc/%s/exe", d->d_name);
 	if (stat(path, &st) == 0) {
 		p->dev = st.st_dev;
 		p->ino = st.st_ino;
@@ -349,6 +352,9 @@
 }
 
 /* write to syslog file if not open terminal */
+#ifdef __GNUC__
+__attribute__ ((format (printf, 2, 3)))
+#endif
 void nsyslog(int pri, char *fmt, ...)
 {
      va_list  args;
diff -ur sysvinit-2.78.orig/src/last.c sysvinit-2.78/src/last.c
--- sysvinit-2.78.orig/src/last.c	Wed Nov 24 15:24:53 1999
+++ sysvinit-2.78/src/last.c	Tue Aug  8 07:39:02 2000
@@ -31,6 +31,7 @@
 #include <string.h>
 #include <signal.h>
 #include <getopt.h>
+#include <assert.h>
 #include <netinet/in.h>
 #include <netdb.h>
 #include <arpa/inet.h>
@@ -298,7 +299,7 @@
 /*
  *	Lookup a host with DNS.
  */
-int dns_lookup(char *result, char *org, unsigned int ip)
+int dns_lookup(char *result, int size, char *org, unsigned int ip)
 {
 	struct hostent *h;
 
@@ -315,8 +316,8 @@
 		strcpy(result, inet_ntoa(*(struct in_addr *)&ip));
 		return 0;
 	}
-	strncpy(result, h->h_name, 256);
-	result[255] = 0;
+	result[0] = '\0';
+	strncat(result, h->h_name, size - 1);
 
 	return 0;
 }
@@ -396,11 +397,13 @@
 			break;
  	}
 
+	assert(UT_HOSTSIZE <= sizeof(domain));
+
 	/*
 	 *	Look up host with DNS if needed.
 	 */
 	if (usedns)
-		dns_lookup(domain, p->ut_host, p->ut_addr);
+		dns_lookup(domain, sizeof(domain), p->ut_host, p->ut_addr);
 	if (useip) {
 		in.s_addr = p->ut_addr;
 		strcpy(domain, inet_ntoa(in));
@@ -418,17 +421,20 @@
 		     strcmp(s + 1, domainname) == 0) *s = 0;
 #endif
 		if (!altlist) {
-			sprintf(final, "%-8.8s %-12.12s %-16.16s %-16.16s %-7.7s %-12.12s\n",
+			snprintf(final, sizeof(final),
+				"%-8.8s %-12.12s %-16.16s "
+				"%-16.16s %-7.7s %-12.12s\n",
 				p->ut_name, utline,
 				domain, logintime, logouttime, length);
 		} else {
-			sprintf(final,
+			snprintf(final, sizeof(final),
 				"%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s %s\n",
 				p->ut_name, utline,
 				logintime, logouttime, length, domain);
 		}
 	} else
-		sprintf(final, "%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s\n",
+		snprintf(final, sizeof(final),
+			"%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s\n",
 			p->ut_name, utline,
 			logintime, logouttime, length);
 
@@ -436,7 +442,7 @@
 	 *	Print out "final" string safely.
 	 */
 	for (s = final; *s; s++) {
-		if (*s == '\n' || (*s >= 32 && (unsigned char)*s <= 128))
+		if (*s == '\n' || (*s >= 32 && (unsigned char)*s <= 126))
 			putchar(*s);
 		else
 			putchar('*');
@@ -547,10 +553,11 @@
 
 #if CHOP_DOMAIN
   /* Find out domainname. */
-  (void) gethostname(hostname, 256);
+  (void) gethostname(hostname, sizeof(hostname));
   if ((domainname = strchr(hostname, '.')) != NULL) domainname++;
   if (domainname == NULL || domainname[0] == 0) {
-	(void) getdomainname(hostname, 256);
+	(void) getdomainname(hostname, sizeof(hostname));
+	hostname[sizeof(hostname) - 1] = '\0';
 	domainname = hostname;
 	if (strcmp(domainname, "(none)") == 0 || domainname[0] == 0)
 		domainname = NULL;
diff -ur sysvinit-2.78.orig/src/shutdown.c sysvinit-2.78/src/shutdown.c
--- sysvinit-2.78.orig/src/shutdown.c	Sat Nov 13 19:39:01 1999
+++ sysvinit-2.78/src/shutdown.c	Tue Aug  8 07:47:47 2000
@@ -110,17 +110,19 @@
 void warn(mins)
 int mins;
 {
-  char buf[MESSAGELEN + 64];
+  char buf[MESSAGELEN + sizeof(newstate)];
   int len;
 
-  strcpy(buf, message);
+  buf[0] = '\0';
+  strncat(buf, message, sizeof(buf) - 1);
   len = strlen(buf);
 
   if (mins == 0)
-	sprintf(buf + len, "\rThe system is going down %s NOW !!\r\n",
+	snprintf(buf + len, sizeof(buf) - len,
+		"\rThe system is going down %s NOW !!\r\n",
 		newstate);
   else
-  	sprintf(buf + len,
+  	snprintf(buf + len, sizeof(buf) - len,
 		"\rThe system is going DOWN %s in %d minute%s !!\r\n",
 			newstate, mins, mins == 1 ? "" : "s");
   wall(buf, 1, 0);
@@ -377,7 +379,8 @@
 
 		/* See if this is a user process on a VC. */
 		if (ut->ut_type != USER_PROCESS) continue;
-		sprintf(buf, "/dev/%s", ut->ut_line);
+		if (strlen(ut->ut_line) >= sizeof(buf) - 5) continue;
+		snprintf(buf, sizeof(buf), "/dev/%s", ut->ut_line);
 		if (stat(buf, &st) < 0) continue;
 		if ((st.st_rdev & 0xFFC0) != 0x0400) continue;
 
diff -ur sysvinit-2.78.orig/src/wall.c sysvinit-2.78/src/wall.c
--- sysvinit-2.78.orig/src/wall.c	Tue Jul 28 15:22:56 1998
+++ sysvinit-2.78/src/wall.c	Tue Aug  8 07:41:34 2000
@@ -53,7 +53,7 @@
   if ((argc - optind) > 0) {
 	for(f = optind; f < argc; f++) {
 		len += strlen(argv[f]) + 1;
-		if (len >= MAXLEN) break;
+		if (len >= MAXLEN - 2) break;
 		strcat(buf, argv[f]);
 		strcat(buf, " ");
 	}
Commit	Line	Data
4f679525	1	diff -ur sysvinit-2.78.orig/src/bootlogd.c sysvinit-2.78/src/bootlogd.c
	2	--- sysvinit-2.78.orig/src/bootlogd.c Mon Oct 4 13:19:19 1999
	3	+++ sysvinit-2.78/src/bootlogd.c Tue Aug 8 06:36:47 2000
	4	@@ -86,7 +86,7 @@
	5	* Scan /dev and find the device name.
	6	* Side-effect: directory is changed to /dev
	7	*/
	8	-int findtty(char *res, dev_t dev)
	9	+int findtty(char **res, dev_t dev)
	10	{
	11	DIR *dir;
	12	struct dirent *ent;
	13	@@ -109,8 +109,10 @@
	14	if (ent == NULL) {
	15	fprintf(stderr, "bootlogd: cannot find console device\n");
	16	r = -1;
	17	- } else
	18	- strcpy(res, ent->d_name);
	19	+ } else {
	20	+ *res = strdup(ent->d_name);
	21	+ if (!*res) r = -1;
	22	+ }
	23	closedir(dir);
	24
	25	return r;
	26	@@ -121,7 +123,7 @@
	27	* Find out the _real_ console. Assume that stdin is connected to
	28	* the console device (/dev/console).
	29	*/
	30	-int consolename(char *res)
	31	+int consolename(char **res)
	32	{
	33	struct stat st;
	34	#if TIOCTTYGSTRUCT_HACK
	35	@@ -235,9 +237,10 @@
	36	FILE *fp;
	37	struct timeval tv;
	38	fd_set fds;
	39	- char buf[1024];
	40	+ char *console;
	41	char *p;
	42	char *logfile;
	43	+ char *backfile;
	44	char *pidfile;
	45	int rotate;
	46	int dontfork;
	47	@@ -285,10 +288,10 @@
	48	/*
	49	* Open console device directly.
	50	*/
	51	- if (consolename(buf) < 0)
	52	+ if (consolename(&console) < 0)
	53	return 1;
	54	- if ((realfd = open(buf, O_WRONLY\|O_NONBLOCK)) < 0) {
	55	- fprintf(stderr, "bootlogd: %s: %s\n", buf, strerror(errno));
	56	+ if ((realfd = open(console, O_WRONLY\|O_NONBLOCK)) < 0) {
	57	+ fprintf(stderr, "bootlogd: %s: %s\n", console, strerror(errno));
	58	return 1;
	59	}
	60	n = fcntl(realfd, F_GETFL);
	61	@@ -298,7 +301,7 @@
	62	/*
	63	* Grab a pty, and redirect console messages to it.
	64	*/
65	- if (openpty(&ptm, &pts, buf, NULL, NULL) < 0) {
66	+ if (openpty(&ptm, &pts, console, NULL, NULL) < 0) {
67	fprintf(stderr, "bootlogd: cannot allocate pseudo tty\n");
68	return 1;
69	}
70	@@ -312,7 +315,7 @@
71	#endif
72	if (ioctl(pts, TIOCCONS, NULL) < 0) {
73	fprintf(stderr, "bootlogd: ioctl(%s, TIOCCONS): %s\n",
74	- buf, strerror(errno));
75	+ console, strerror(errno));
76	return 1;
77	}
78
79	@@ -384,8 +387,10 @@
80	* Perhaps we need to open the logfile.
81	*/
82	if (fp == NULL && rotate && access(logfile, F_OK) == 0) {
83	- sprintf(buf, "%s~", logfile);
84	- rename(logfile, buf);
85	+ backfile = malloc(strlen(logfile) + 2);
86	+ if (!backfile) break;
87	+ sprintf(backfile, "%s~", logfile);
88	+ rename(logfile, backfile);
89	}
90	if (fp == NULL)
91	fp = fopen(logfile, "a");
92	diff -ur sysvinit-2.78.orig/src/dowall.c sysvinit-2.78/src/dowall.c
93	--- sysvinit-2.78.orig/src/dowall.c Tue Apr 20 01:10:10 1999
94	+++ sysvinit-2.78/src/dowall.c Tue Aug 8 06:50:06 2000
95	@@ -90,7 +90,7 @@
96	if ((tty = ttyname(0)) != (char *)0) {
97	if (strncmp(tty, "/dev/", 5) == 0)
98	tty += 5;
99	- sprintf(ttynm, "(%s) ", tty);
100	+ snprintf(ttynm, sizeof(ttynm), "(%s) ", tty);
101	} else
102	ttynm[0] = 0;
103	init++;
104	@@ -105,7 +105,7 @@
105	*p = 0;
106
107	if (remote) {
108	- sprintf(line,
109	+ snprintf(line, sizeof(line),
110	"\007\r\nRemote broadcast message %s...\r\n\r\n",
111	date);
112	} else {
113	@@ -124,10 +124,14 @@
114	while ((utmp = getutent()) != NULL) {
115	if(utmp->ut_type != USER_PROCESS \|\|
116	utmp->ut_user[0] == 0) continue;
117	- if (strncmp(utmp->ut_line, "/dev/", 5) == 0)
118	- strcpy(term, utmp->ut_line);
119	- else
120	- sprintf(term, "/dev/%s", utmp->ut_line);
121	+/* AUDIT: is ut_line always NUL-terminated? This code will at least not
122	+ * overflow the buffer if not. */
123	+ if (strlen(utmp->ut_line) >= sizeof(term) - 5) continue;
124	+ if (strncmp(utmp->ut_line, "/dev/", 5) == 0) {
125	+ term[0] = '\0';
126	+ strncat(term, utmp->ut_line, sizeof(term) - 1);
127	+ } else
128	+ snprintf(term, sizeof(term), "/dev/%s", utmp->ut_line);
129
130	/*
131	* Sometimes the open/write hangs in spite of the O_NDELAY
132	diff -ur sysvinit-2.78.orig/src/init.c sysvinit-2.78/src/init.c
133	--- sysvinit-2.78.orig/src/init.c Fri Feb 11 14:17:02 2000
134	+++ sysvinit-2.78/src/init.c Tue Aug 8 08:07:37 2000
135	@@ -70,6 +70,11 @@
136	# define SIGPWR SIGUSR2
137	#endif
138
139	+#ifdef __GNUC__
140	+__attribute__ ((format (printf, 2, 3)))
141	+#endif
142	+void log(int loglevel, char *s, ...);
143	+
144	/* Set a signal handler. */
145	#define SETSIG(sa, sig, fun, flags) \
146	do { \
147	@@ -416,10 +421,11 @@
148	}
149
150	/*
151	- * Set the process title. We do not check for overflow of
152	- * the stack space since we know there is plenty for
153	- * our needs and we'll never use more than 10 bytes anyway.
154	+ * Set the process title.
155	*/
156	+#ifdef __GNUC__
157	+__attribute__ ((format (printf, 1, 2)))
158	+#endif
159	int setproctitle(char *fmt, ...)
160	{
161	va_list ap;
162	@@ -429,7 +435,7 @@
163	buf[0] = 0;
164
165	va_start(ap, fmt);
166	- len = vsprintf(buf, fmt, ap);
167	+ len = vsnprintf(buf, sizeof(buf), fmt, ap);
168	va_end(ap);
169
170	memset(argv0, 0, maxproclen + 1);
171	@@ -728,6 +734,9 @@
172	/*
173	* Log something to a logfile and the console.
174	*/
175	+#ifdef __GNUC__
176	+__attribute__ ((format (printf, 2, 3)))
177	+#endif
178	void log(int loglevel, char *s, ...)
179	{
180	va_list va_alist;
181	@@ -742,7 +751,7 @@
182	* Re-etablish connection with syslogd every time.
183	*/
184	openlog("init", 0, LOG_DAEMON);
185	- syslog(LOG_INFO, buf);
186	+ syslog(LOG_INFO, "%s", buf);
187	/* closelog(); NOT needed with recent libc's. */
188	}
189
190	@@ -856,6 +865,7 @@
191	} else {
192	/* Split up command line arguments */
193	strncpy(buf, proc, sizeof(buf) - 1);
194	+ buf[sizeof(buf) - 1] = '\0';
195	ptr = buf;
196	for(f = 1; f < 15; f++) {
197	/* Skip white space */
198	@@ -1003,7 +1013,7 @@
199	#endif
200
201	if (pid == -1) {
202	- log(L_VB, "cannot fork, retry..", NULL, NULL);
203	+ log(L_VB, "cannot fork, retry..");
204	do_sleep(5);
205	continue;
206	}
207	diff -ur sysvinit-2.78.orig/src/killall5.c sysvinit-2.78/src/killall5.c
208	--- sysvinit-2.78.orig/src/killall5.c Wed Oct 7 00:34:46 1998
209	+++ sysvinit-2.78/src/killall5.c Tue Aug 8 07:21:08 2000
210	@@ -72,6 +72,9 @@
211	int scripts_too = 0;
212
213	char progname; / the name of the running program */
214	+#ifdef __GNUC__
215	+__attribute__ ((format (printf, 2, 3)))
216	+#endif
217	void nsyslog(int pri, char *fmt, ...);
218
219	/* Malloc space, barf if out of memory. */
220	@@ -166,7 +169,7 @@
221	memset(p, 0, sizeof(PROC));
222
223	/* Open the statistics file. */
224	- sprintf(path, "/proc/%s/stat", d->d_name);
225	+ snprintf(path, sizeof(path), "/proc/%s/stat", d->d_name);
226
227	/* Read SID & statname from it. */
228	if ((fp = fopen(path, "r")) != NULL) {
229	@@ -211,7 +214,7 @@
230	}
231
232	/* Now read argv[0] */
233	- sprintf(path, "/proc/%s/cmdline", d->d_name);
234	+ snprintf(path, sizeof(path), "/proc/%s/cmdline", d->d_name);
235	if ((fp = fopen(path, "r")) != NULL) {
236	f = 0;
237	while(f < 127 && (c = fgetc(fp)) != EOF && c) buf[f++] = c;
238	@@ -234,7 +237,7 @@
239	}
240
241	/* Try to stat the executable. */
242	- sprintf(path, "/proc/%s/exe", d->d_name);
243	+ snprintf(path, sizeof(path), "/proc/%s/exe", d->d_name);
244	if (stat(path, &st) == 0) {
245	p->dev = st.st_dev;
246	p->ino = st.st_ino;
247	@@ -349,6 +352,9 @@
248	}
249
250	/* write to syslog file if not open terminal */
251	+#ifdef __GNUC__
252	+__attribute__ ((format (printf, 2, 3)))
253	+#endif
254	void nsyslog(int pri, char *fmt, ...)
255	{
256	va_list args;
257	diff -ur sysvinit-2.78.orig/src/last.c sysvinit-2.78/src/last.c
258	--- sysvinit-2.78.orig/src/last.c Wed Nov 24 15:24:53 1999
259	+++ sysvinit-2.78/src/last.c Tue Aug 8 07:39:02 2000
260	@@ -31,6 +31,7 @@
261	#include <string.h>
262	#include <signal.h>
263	#include <getopt.h>
264	+#include <assert.h>
265	#include <netinet/in.h>
266	#include <netdb.h>
267	#include <arpa/inet.h>
268	@@ -298,7 +299,7 @@
269	/*
270	* Lookup a host with DNS.
271	*/
272	-int dns_lookup(char result, char org, unsigned int ip)
273	+int dns_lookup(char result, int size, char org, unsigned int ip)
274	{
275	struct hostent *h;
276
277	@@ -315,8 +316,8 @@
278	strcpy(result, inet_ntoa((struct in_addr )&ip));
279	return 0;
280	}
281	- strncpy(result, h->h_name, 256);
282	- result[255] = 0;
283	+ result[0] = '\0';
284	+ strncat(result, h->h_name, size - 1);
285
286	return 0;
287	}
288	@@ -396,11 +397,13 @@
289	break;
290	}
291
292	+ assert(UT_HOSTSIZE <= sizeof(domain));
293	+
294	/*
295	* Look up host with DNS if needed.
296	*/
297	if (usedns)
298	- dns_lookup(domain, p->ut_host, p->ut_addr);
299	+ dns_lookup(domain, sizeof(domain), p->ut_host, p->ut_addr);
300	if (useip) {
301	in.s_addr = p->ut_addr;
302	strcpy(domain, inet_ntoa(in));
303	@@ -418,17 +421,20 @@
304	strcmp(s + 1, domainname) == 0) *s = 0;
305	#endif
306	if (!altlist) {
307	- sprintf(final, "%-8.8s %-12.12s %-16.16s %-16.16s %-7.7s %-12.12s\n",
308	+ snprintf(final, sizeof(final),
309	+ "%-8.8s %-12.12s %-16.16s "
310	+ "%-16.16s %-7.7s %-12.12s\n",
311	p->ut_name, utline,
312	domain, logintime, logouttime, length);
313	} else {
314	- sprintf(final,
315	+ snprintf(final, sizeof(final),
316	"%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s %s\n",
317	p->ut_name, utline,
318	logintime, logouttime, length, domain);
319	}
320	} else
321	- sprintf(final, "%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s\n",
322	+ snprintf(final, sizeof(final),
323	+ "%-8.8s %-12.12s %-16.16s %-7.7s %-12.12s\n",
324	p->ut_name, utline,
325	logintime, logouttime, length);
326
327	@@ -436,7 +442,7 @@
328	* Print out "final" string safely.
329	*/
330	for (s = final; *s; s++) {
331	- if (s == '\n' \|\| (s >= 32 && (unsigned char)*s <= 128))
332	+ if (s == '\n' \|\| (s >= 32 && (unsigned char)*s <= 126))
333	putchar(*s);
334	else
335	putchar('*');
336	@@ -547,10 +553,11 @@
337
338	#if CHOP_DOMAIN
339	/* Find out domainname. */
340	- (void) gethostname(hostname, 256);
341	+ (void) gethostname(hostname, sizeof(hostname));
342	if ((domainname = strchr(hostname, '.')) != NULL) domainname++;
343	if (domainname == NULL \|\| domainname[0] == 0) {
344	- (void) getdomainname(hostname, 256);
345	+ (void) getdomainname(hostname, sizeof(hostname));
346	+ hostname[sizeof(hostname) - 1] = '\0';
347	domainname = hostname;
348	if (strcmp(domainname, "(none)") == 0 \|\| domainname[0] == 0)
349	domainname = NULL;
350	diff -ur sysvinit-2.78.orig/src/shutdown.c sysvinit-2.78/src/shutdown.c
351	--- sysvinit-2.78.orig/src/shutdown.c Sat Nov 13 19:39:01 1999
352	+++ sysvinit-2.78/src/shutdown.c Tue Aug 8 07:47:47 2000
353	@@ -110,17 +110,19 @@
354	void warn(mins)
355	int mins;
356	{
357	- char buf[MESSAGELEN + 64];
358	+ char buf[MESSAGELEN + sizeof(newstate)];
359	int len;
360
361	- strcpy(buf, message);
362	+ buf[0] = '\0';
363	+ strncat(buf, message, sizeof(buf) - 1);
364	len = strlen(buf);
365
366	if (mins == 0)
367	- sprintf(buf + len, "\rThe system is going down %s NOW !!\r\n",
368	+ snprintf(buf + len, sizeof(buf) - len,
369	+ "\rThe system is going down %s NOW !!\r\n",
370	newstate);
371	else
372	- sprintf(buf + len,
373	+ snprintf(buf + len, sizeof(buf) - len,
374	"\rThe system is going DOWN %s in %d minute%s !!\r\n",
375	newstate, mins, mins == 1 ? "" : "s");
376	wall(buf, 1, 0);
377	@@ -377,7 +379,8 @@
378
379	/* See if this is a user process on a VC. */
380	if (ut->ut_type != USER_PROCESS) continue;
381	- sprintf(buf, "/dev/%s", ut->ut_line);
382	+ if (strlen(ut->ut_line) >= sizeof(buf) - 5) continue;
383	+ snprintf(buf, sizeof(buf), "/dev/%s", ut->ut_line);
384	if (stat(buf, &st) < 0) continue;
385	if ((st.st_rdev & 0xFFC0) != 0x0400) continue;
386
387	diff -ur sysvinit-2.78.orig/src/wall.c sysvinit-2.78/src/wall.c
388	--- sysvinit-2.78.orig/src/wall.c Tue Jul 28 15:22:56 1998
389	+++ sysvinit-2.78/src/wall.c Tue Aug 8 07:41:34 2000
390	@@ -53,7 +53,7 @@
391	if ((argc - optind) > 0) {
392	for(f = optind; f < argc; f++) {
393	len += strlen(argv[f]) + 1;
394	- if (len >= MAXLEN) break;
395	+ if (len >= MAXLEN - 2) break;
396	strcat(buf, argv[f]);
397	strcat(buf, " ");
398	}