Changeset 8412869 for zcrypt.c

Timestamp:

Feb 11, 2009, 12:20:20 PM (15 years ago)

Author:

Nelson Elhage <nelhage@mit.edu>

Branches:

master, debian, release-1.10, release-1.4, release-1.5, release-1.6, release-1.7, release-1.8, release-1.9

Children:

44a61ac

Parents:

7d471c3

git-author:

Nelson Elhage <nelhage@mit.edu> (02/08/09 19:29:24)

git-committer:

Nelson Elhage <nelhage@mit.edu> (02/11/09 12:20:20)

Message:

zcrypt.c: Fix an unsafe use of sprintf()

Reported-By: Geoffrey Thomas <geofft@mit.edu>

File:

• zcrypt.c (modified) (3 diffs)

zcrypt.c

@@ -423 +423 @@
 char *GetZephyrVarKeyFile(char *whoami, char *class, char *instance) {
   char *keyfile = NULL;
-  char varname[MAX_SEARCH][128];
+  char *varname[MAX_SEARCH];
   int length[MAX_SEARCH], i;
   char buffer[MAX_BUFF];
-  char filename[MAX_BUFF];
+  char *filename;
   char result[MAX_SEARCH][MAX_BUFF];
   int numsearch = 0;
   FILE *fsearch;
 
+  memset(varname, 0, sizeof(varname));
+
   /* Determine names to look for in .crypt-table */
   if (instance) {
-    sprintf(varname[numsearch++], "crypt-%s-%s:", (class?class:"message"), instance);
+    varname[numsearch++] = owl_sprintf("crypt-%s-%s:", (class?class:"message"), instance);
   }
   if (class) {
-    sprintf(varname[numsearch++], "crypt-%s:", class);
-  }
-  sprintf(varname[numsearch++], "crypt-default:");
+    varname[numsearch++] = owl_sprintf("crypt-%s:", class);
+  }
+  varname[numsearch++] = owl_strdup("crypt-default:");
 
   /* Setup the result array, and determine string lengths */
@@ -447 +449 @@
 
   /* Open~/.crypt-table */
-  sprintf(filename, "%s/.crypt-table", getenv("HOME"));
+  filename = owl_sprintf("%s/.crypt-table", getenv("HOME"));
   fsearch = fopen(filename, "r");
   if (fsearch) {
@@ -495 +497 @@
   }
 
+  for(i = 0; i < MAX_SEARCH; i++) {
+    owl_free(varname[i]);
+  }
+
+  owl_free(filename);
+
   return(keyfile);
 }