$OpenBSD: patch-etc_afpd_volume_c,v 1.1 2006/09/22 05:56:25 pvalchev Exp $ --- etc/afpd/volume.c.orig Sun Apr 24 18:26:31 2005 +++ etc/afpd/volume.c Sat Dec 31 12:09:29 2005 @@ -231,13 +231,14 @@ static char *volxlate(AFPObj *obj, char return NULL; } if (!dest) { - dest = calloc(destlen +1, 1); + destlen++; + dest = malloc(destlen); } ret = dest; if (!ret) { return NULL; } - strlcpy(dest, src, destlen +1); + strlcpy(dest, src, destlen); if ((p = strchr(src, '$')) == NULL) /* nothing to do */ return ret; @@ -262,7 +263,7 @@ static char *volxlate(AFPObj *obj, char if (obj->proto == AFPPROTO_ASP) { ASP asp = obj->handle; - len = sprintf(dest, "%u.%u", ntohs(asp->asp_sat.sat_addr.s_net), + len = snprintf(dest, destlen, "%u.%u", ntohs(asp->asp_sat.sat_addr.s_net), asp->asp_sat.sat_addr.s_node); dest += len; destlen -= len; @@ -270,7 +271,7 @@ static char *volxlate(AFPObj *obj, char } else if (obj->proto == AFPPROTO_DSI) { DSI *dsi = obj->handle; - len = sprintf(dest, "%s:%u", inet_ntoa(dsi->client.sin_addr), + len = snprintf(dest, destlen, "%s:%u", inet_ntoa(dsi->client.sin_addr), ntohs(dsi->client.sin_port)); dest += len; destlen -= len; @@ -291,7 +292,7 @@ static char *volxlate(AFPObj *obj, char if (obj->proto == AFPPROTO_ASP) { ASP asp = obj->handle; - len = sprintf(dest, "%u", ntohs(asp->asp_sat.sat_addr.s_net)); + len = snprintf(dest, destlen, "%u", ntohs(asp->asp_sat.sat_addr.s_net)); dest += len; destlen -= len; @@ -606,14 +607,13 @@ static int creatvol(AFPObj *obj, struct free(volume); return -1; } - if (!( volume->v_path = (char *)malloc( strlen( path ) + 1 )) ) { + if ((volume->v_path = strdup( path )) == NULL) { LOG(log_error, logtype_afpd, "creatvol: malloc: %s", strerror(errno) ); free(volume->v_name); free(volume); return -1; } volume->v_hide = hide; - strcpy( volume->v_path, path ); #ifdef __svr4__ volume->v_qfd = -1; @@ -910,8 +910,8 @@ int user; struct passwd *pwent; { FILE *fp; - char path[ MAXPATHLEN + 1], tmp[ MAXPATHLEN + 1], - volname[ AFPVOL_NAMELEN + 1 ], buf[ BUFSIZ ], + char path[ MAXPATHLEN ], tmp[ MAXPATHLEN ], + volname[ AFPVOL_NAMELEN ], buf[ BUFSIZ ], type[ 5 ], creator[ 5 ]; char *u, *p; struct passwd *pw; @@ -923,10 +923,10 @@ struct passwd *pwent; if (!p1->name) return -1; p1->mtime = 0; - strcpy( path, p1->name ); + strlcpy( path, p1->name , sizeof(path)); if ( p2 != NULL ) { - strcat( path, "/" ); - strcat( path, p2 ); + strlcat( path, "/", sizeof(path) ); + strlcat( path, p2, sizeof(path) ); if (p1->full_name) { free(p1->full_name); } @@ -942,9 +942,9 @@ struct passwd *pwent; } memset(save_options, 0, sizeof(save_options)); - while ( myfgets( buf, sizeof( buf ), fp ) != NULL ) { + while ( myfgets( buf, sizeof( buf ) - 1, fp ) != NULL ) { initline( strlen( buf ), buf ); - parseline( sizeof( path ) - 1, path ); + parseline( sizeof( path ) , path ); switch ( *path ) { case '\0' : case '#' : @@ -955,10 +955,10 @@ struct passwd *pwent; if (strncmp(path, VOLOPT_DEFAULT, VOLOPT_DEFAULT_LEN) == 0) { *tmp = '\0'; for (i = 0; i < VOLOPT_NUM; i++) { - if (parseline( sizeof( path ) - VOLOPT_DEFAULT_LEN - 1, + if (parseline( sizeof( path ) - VOLOPT_DEFAULT_LEN, path + VOLOPT_DEFAULT_LEN) < 0) break; - volset(save_options, NULL, tmp, sizeof(tmp) - 1, + volset(save_options, NULL, tmp, sizeof(tmp), path + VOLOPT_DEFAULT_LEN); } } @@ -976,10 +976,10 @@ struct passwd *pwent; if ( u == NULL || *u == '\0' || ( pw = getpwnam( u )) == NULL ) { continue; } - strcpy( tmp, pw->pw_dir ); + strlcpy( tmp, pw->pw_dir, sizeof(tmp) ); if ( p != NULL && *p != '\0' ) { - strcat( tmp, "/" ); - strcat( tmp, p ); + strlcat( tmp, "/", sizeof(tmp) ); + strlcat( tmp, p, sizeof(tmp) ); } /* Tag a user's home directory with their umask. Note, this will * be overwritten if the user actually specifies a umask: option @@ -990,7 +990,7 @@ struct passwd *pwent; case '/' : /* send path through variable substitution */ if (*path != '~') /* need to copy path to tmp */ - strcpy(tmp, path); + strlcpy(tmp, path, sizeof(tmp)); if (!pwent) pwent = getpwnam(obj->username); volxlate(obj, path, sizeof(path) - 1, tmp, pwent, NULL, NULL); @@ -1019,10 +1019,10 @@ struct passwd *pwent; /* read in up to VOLOP_NUM possible options */ for (i = 0; i < VOLOPT_NUM; i++) { - if (parseline( sizeof( tmp ) - 1, tmp ) < 0) + if (parseline( sizeof( tmp ), tmp ) < 0) break; - volset(options, save_options, volname, sizeof(volname) - 1, tmp); + volset(options, save_options, volname, sizeof(volname), tmp); } /* check allow/deny lists: @@ -2103,9 +2103,9 @@ static int create_special_folder (const u_int16_t attr; struct stat st; int ret; + size_t plen = strlen(vol->v_path) + strlen(folder->name) + 2; - - p = (char *) malloc ( strlen(vol->v_path)+strlen(folder->name)+2); + p = (char *) malloc(plen); if ( p == NULL) { LOG(log_error, logtype_afpd,"malloc failed"); exit (EXITERR_SYS); @@ -2117,8 +2117,8 @@ static int create_special_folder (const exit (EXITERR_SYS); } - strcpy(p, vol->v_path); - strcat(p, "/"); + strlcpy(p, vol->v_path, plen); + strlcat(p, "/", plen); r=q; while (*r) { @@ -2128,7 +2128,7 @@ static int create_special_folder (const *r=tolower(*r); r++; } - strcat(p, q); + strlcat(p, q, plen); if ( (ret = stat( p, &st )) < 0 ) { if (folder->precreate) { @@ -2259,7 +2259,7 @@ static int savevoloptions (const struct snprintf(item, sizeof(item), "CNIDDBDPORT:%u\n", Cnid_port); strlcat(buf, item, sizeof(buf)); - strcpy(item, "CNID_DBPATH:"); + strlcpy(item, "CNID_DBPATH:", sizeof(item)); if (vol->v_dbpath) strlcat(item, vol->v_dbpath, sizeof(item)); else @@ -2268,7 +2268,7 @@ static int savevoloptions (const struct strlcat(buf, item, sizeof(buf)); /* volume flags */ - strcpy(item, "VOLUME_OPTS:"); + strlcpy(item, "VOLUME_OPTS:", sizeof(item)); for (;op->name; op++) { if ( (vol->v_flags & op->option) ) { strlcat(item, op->name, sizeof(item)); @@ -2279,7 +2279,7 @@ static int savevoloptions (const struct strlcat(buf, item, sizeof(buf)); /* casefold flags */ - strcpy(item, "VOLCASEFOLD:"); + strlcpy(item, "VOLCASEFOLD:", sizeof(item)); for (;cf->name; cf++) { if ( (vol->v_casefold & cf->option) ) { strlcat(item, cf->name, sizeof(item));