21 年之前 · bc62f8e983
--- a/doc/TODO
+++ b/doc/TODO
@@ -82,7 +82,7 @@ R  - learn from ben about his openssl-reinitialization-trick to
 
				      forbidden ports when fascistfirewall blocks all good dirservers.
			
 
				 
			
 
				    0.0.9 and beyond:
			
 
				-   - fix sprintf's to snprintf's?
			
 
				+   o fix sprintf's to snprintf's?
			
 
				    . Make intro points and rendezvous points accept $KEYID in addition
			
 
				      to nicknames.
			
 
				            o Specify
			
--- a/src/common/log.c
+++ b/src/common/log.c
@@ -142,7 +142,7 @@ static INLINE char *format_msg(char *buf, size_t buf_len,
 
				 
			
 
				 /** Helper: sends a message to the appropriate logfiles, at loglevel
			
 
				  * <b>severity</b>.  If provided, <b>funcname</b> is prepended to the
			
 
				- * message.  The actual message is derived as from vsprintf(format,ap).
			
 
				+ * message.  The actual message is derived as from vsnprintf(format,ap).
			
 
				  */
			
 
				 static void
			
 
				 logv(int severity, const char *funcname, const char *format, va_list ap)
			
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -294,12 +294,12 @@ tor_tls_context_new(crypto_pk_env_t *identity,
 
				   EVP_PKEY *pkey = NULL;
			
 
				   tor_tls_context *result = NULL;
			
 
				   X509 *cert = NULL, *idcert = NULL;
			
 
				-  char nn2[1024];
			
 
				+  char nn2[128];
			
 
				   int client_only;
			
 
				   SSL_CTX **ctx;
			
 
				   if (!nickname)
			
 
				     nickname = "null";
			
 
				-  sprintf(nn2, "%s <identity>", nickname);
			
 
				+  snprintf(nn2, sizeof(nn2), "%s <identity>", nickname);
			
 
				 
			
 
				   tor_tls_init();
			
 
				 
			
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -1763,6 +1763,7 @@ char *expand_filename(const char *filename)
 
				   tor_assert(filename);
			
 
				   /* XXXX Should eventually check for ~username/ */
			
 
				   if (!strncmp(filename,"~/",2)) {
			
 
				+    size_t len;
			
 
				     const char *home = getenv("HOME");
			
 
				     char *result;
			
 
				     if (!home) {
			
@@ -1770,8 +1771,9 @@ char *expand_filename(const char *filename)
 
				       return NULL;
			
 
				     }
			
 
				     /* minus two characters for ~/, plus one for /, plus one for NUL. */
			
 
				-    result = tor_malloc(strlen(home)+strlen(filename)+16);
			
 
				-    sprintf(result,"%s/%s",home,filename+2);
			
 
				+    len = strlen(home)+strlen(filename)+16;
			
 
				+    result = tor_malloc(len);
			
 
				+    snprintf(result,len,"%s/%s",home,filename+2);
			
 
				     return result;
			
 
				   } else {
			
 
				     return tor_strdup(filename);
			
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1105,7 +1105,7 @@ static routerinfo_t *choose_good_entry_server(cpath_build_state_t *state)
 
				 
			
 
				     for(i=0; i < smartlist_len(rl->routers); i++) {
			
 
				       r = smartlist_get(rl->routers, i);
			
 
				-      sprintf(buf, "%d", r->or_port);
			
 
				+      snprintf(buf, sizeof(buf), "%d", r->or_port);
			
 
				       if(!smartlist_string_isin(options.FirewallPorts, buf))
			
 
				          smartlist_add(excluded, r);
			
 
				     }
			
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -131,7 +131,7 @@ directory_post_to_dirservers(uint8_t purpose, const char *payload,
 
				        * descriptor -- those use Tor. */
			
 
				       if (options.FascistFirewall && purpose == DIR_PURPOSE_UPLOAD_DIR &&
			
 
				           !options.HttpProxy) {
			
 
				-        sprintf(buf,"%d",ds->dir_port);
			
 
				+        snprintf(buf,sizeof(buf),"%d",ds->dir_port);
			
 
				         if (!smartlist_string_isin(options.FirewallPorts, buf))
			
 
				           continue;
			
 
				       }
			
@@ -325,10 +325,10 @@ directory_send_command(connection_t *conn, const char *platform,
 
				   if(conn->port == 80) {
			
 
				     strlcpy(hoststring, conn->address, sizeof(hoststring));
			
 
				   } else {
			
 
				-    sprintf(hoststring, "%s:%d", conn->address, conn->port);
			
 
				+    snprintf(hoststring, sizeof(hoststring),"%s:%d",conn->address, conn->port);
			
 
				   }
			
 
				   if(options.HttpProxy) {
			
 
				-    sprintf(proxystring, "http://%s", hoststring);
			
 
				+    snprintf(proxystring, sizeof(proxystring),"http://%s", hoststring);
			
 
				   } else {
			
 
				     proxystring[0] = 0;
			
 
				   }
			
@@ -361,7 +361,7 @@ directory_send_command(connection_t *conn, const char *platform,
 
				       conn->rend_query[payload_len] = 0;
			
 
				 
			
 
				       httpcommand = "GET";
			
 
				-      sprintf(url, "%s/rendezvous/%s", use_newer ? "/tor" : "", payload);
			
 
				+      snprintf(url, sizeof(url), "%s/rendezvous/%s", use_newer ? "/tor" : "", payload);
			
 
				 
			
 
				       /* XXX We're using payload here to mean something other than
			
 
				        * payload of the http post. This is probably bad, and should
			
@@ -373,7 +373,7 @@ directory_send_command(connection_t *conn, const char *platform,
 
				     case DIR_PURPOSE_UPLOAD_RENDDESC:
			
 
				       tor_assert(payload);
			
 
				       httpcommand = "POST";
			
 
				-      sprintf(url, "%s/rendezvous/publish", use_newer ? "/tor" : "");
			
 
				+      snprintf(url, sizeof(url), "%s/rendezvous/publish", use_newer ? "/tor" : "");
			
 
				       break;
			
 
				   }
			
 
				 
			
--- a/src/or/dirserv.c
+++ b/src/or/dirserv.c
@@ -835,7 +835,7 @@ static int generate_runningrouters(crypto_pk_env_t *private_key)
 
				 #endif
			
 
				   published_on = time(NULL);
			
 
				   format_iso_time(published, published_on);
			
 
				-  sprintf(s, "network-status\n"
			
 
				+  snprintf(s, len, "network-status\n"
			
 
				              "published %s\n"
			
 
				              "router-status %s\n"
			
 
				              "opt dir-signing-key %s\n"
			
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -757,7 +757,7 @@ static int do_hup(void) {
 
				   }
			
 
				   if(authdir_mode()) {
			
 
				     /* reload the approved-routers file */
			
 
				-    sprintf(keydir,"%s/approved-routers", get_data_directory(&options));
			
 
				+    snprintf(keydir,sizeof(keydir),"%s/approved-routers", get_data_directory(&options));
			
 
				     log_fn(LOG_INFO,"Reloading approved fingerprints from %s...",keydir);
			
 
				     if(dirserv_parse_fingerprint_file(keydir) < 0) {
			
 
				       log_fn(LOG_WARN, "Error reloading fingerprints. Continuing with old list.");
			
@@ -772,7 +772,7 @@ static int do_hup(void) {
 
				     dnsworkers_rotate();
			
 
				     /* Rebuild fresh descriptor as needed. */
			
 
				     router_rebuild_descriptor();
			
 
				-    sprintf(keydir,"%s/router.desc", get_data_directory(&options));
			
 
				+    snprintf(keydir,sizeof(keydir),"%s/router.desc", get_data_directory(&options));
			
 
				     log_fn(LOG_INFO,"Dumping descriptor to %s...",keydir);
			
 
				     if (write_str_to_file(keydir, router_get_my_descriptor(), 0)) {
			
 
				       return -1;
			
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -309,7 +309,7 @@ int rend_service_load_keys(void)
 
				       log_fn(LOG_WARN, "Directory name too long: '%s'", s->directory);
			
 
				       return -1;
			
 
				     }
			
 
				-    sprintf(buf, "%s.onion\n", s->service_id);
			
 
				+    snprintf(buf, sizeof(buf),"%s.onion\n", s->service_id);
			
 
				     if (write_str_to_file(fname,buf,0)<0)
			
 
				       return -1;
			
 
				   }
			
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -528,7 +528,7 @@ char *rep_hist_get_bandwidth_lines(void)
 
				   for (r=0;r<2;++r) {
			
 
				     b = r?read_array:write_array;
			
 
				     format_iso_time(t, b->next_period-NUM_SECS_BW_SUM_INTERVAL);
			
 
				-    sprintf(cp, "opt %s %s (%d s) ", r?"read-history ":"write-history", t,
			
 
				+    snprintf(cp, len-(cp-buf), "opt %s %s (%d s) ", r?"read-history ":"write-history", t,
			
 
				             NUM_SECS_BW_SUM_INTERVAL);
			
 
				     cp += strlen(cp);
			
 
				 
			
@@ -543,9 +543,9 @@ char *rep_hist_get_bandwidth_lines(void)
 
				     for (n=0; n<b->num_maxes_set; ++n,++i) {
			
 
				       while (i >= NUM_TOTALS) i -= NUM_TOTALS;
			
 
				       if (n==(b->num_maxes_set-1))
			
 
				-        sprintf(cp, "%d", b->totals[i]);
			
 
				+        snprintf(cp, len-(cp-buf), "%d", b->totals[i]);
			
 
				       else
			
 
				-        sprintf(cp, "%d,", b->totals[i]);
			
 
				+        snprintf(cp, len-(cp-buf), "%d,", b->totals[i]);
			
 
				       cp += strlen(cp);
			
 
				     }
			
 
				     strcat(cp, "\n");
			
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -101,9 +101,10 @@ void rotate_onion_key(void)
 
				   char fname[512];
			
 
				   char fname_prev[512];
			
 
				   crypto_pk_env_t *prkey;
			
 
				-  sprintf(fname,"%s/keys/secret_onion_key",get_data_directory(&options));
			
 
				-  sprintf(fname_prev,"%s/keys/secret_onion_key.old",
			
 
				-          get_data_directory(&options));
			
 
				+  snprintf(fname,sizeof(fname),
			
 
				+           "%s/keys/secret_onion_key",get_data_directory(&options));
			
 
				+  snprintf(fname_prev,sizeof(fname_prev),
			
 
				+           "%s/keys/secret_onion_key.old",get_data_directory(&options));
			
 
				   if (!(prkey = crypto_new_pk_env())) {
			
 
				     log(LOG_ERR, "Error creating crypto environment.");
			
 
				     goto error;
			
@@ -263,27 +264,27 @@ int init_keys(void) {
 
				     return -1;
			
 
				   }
			
 
				   /* Check the key directory. */
			
 
				-  sprintf(keydir,"%s/keys", datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/keys", datadir);
			
 
				   if (check_private_dir(keydir, 1)) {
			
 
				     return -1;
			
 
				   }
			
 
				   cp = keydir + strlen(keydir); /* End of string. */
			
 
				 
			
 
				   /* 1. Read identity key. Make it if none is found. */
			
 
				-  sprintf(keydir,"%s/keys/identity.key",datadir);
			
 
				-  sprintf(keydir2,"%s/keys/secret_id_key",datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/keys/identity.key",datadir);
			
 
				+  snprintf(keydir2,sizeof(keydir2),"%s/keys/secret_id_key",datadir);
			
 
				   log_fn(LOG_INFO,"Reading/making identity key %s...",keydir2);
			
 
				   prkey = init_key_from_file_name_changed(keydir,keydir2);
			
 
				   if (!prkey) return -1;
			
 
				   set_identity_key(prkey);
			
 
				   /* 2. Read onion key.  Make it if none is found. */
			
 
				-  sprintf(keydir,"%s/keys/onion.key",datadir);
			
 
				-  sprintf(keydir2,"%s/keys/secret_onion_key",datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/keys/onion.key",datadir);
			
 
				+  snprintf(keydir2,sizeof(keydir2),"%s/keys/secret_onion_key",datadir);
			
 
				   log_fn(LOG_INFO,"Reading/making onion key %s...",keydir2);
			
 
				   prkey = init_key_from_file_name_changed(keydir,keydir2);
			
 
				   if (!prkey) return -1;
			
 
				   set_onion_key(prkey);
			
 
				-  sprintf(keydir,"%s/keys/secret_onion_key.old",datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/keys/secret_onion_key.old",datadir);
			
 
				   if (file_status(keydir) == FN_FILE) {
			
 
				     prkey = init_key_from_file(keydir);
			
 
				     if (prkey)
			
@@ -315,13 +316,13 @@ int init_keys(void) {
 
				     }
			
 
				   }
			
 
				 
			
 
				-  sprintf(keydir,"%s/router.desc", datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/router.desc", datadir);
			
 
				   log_fn(LOG_INFO,"Dumping descriptor to %s...",keydir);
			
 
				   if (write_str_to_file(keydir, mydesc,0)) {
			
 
				     return -1;
			
 
				   }
			
 
				   /* 5. Dump fingerprint to 'fingerprint' */
			
 
				-  sprintf(keydir,"%s/fingerprint", datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/fingerprint", datadir);
			
 
				   log_fn(LOG_INFO,"Dumping fingerprint to %s...",keydir);
			
 
				   tor_assert(strlen(options.Nickname) <= MAX_NICKNAME_LEN);
			
 
				   strcpy(fingerprint, options.Nickname);
			
@@ -337,7 +338,7 @@ int init_keys(void) {
 
				   if(!authdir_mode())
			
 
				     return 0;
			
 
				   /* 6. [authdirserver only] load approved-routers file */
			
 
				-  sprintf(keydir,"%s/approved-routers", datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/approved-routers", datadir);
			
 
				   log_fn(LOG_INFO,"Loading approved fingerprints from %s...",keydir);
			
 
				   if(dirserv_parse_fingerprint_file(keydir) < 0) {
			
 
				     log_fn(LOG_ERR, "Error loading fingerprints");
			
@@ -349,7 +350,7 @@ int init_keys(void) {
 
				     add_trusted_dir_server(options.Address, (uint16_t)options.DirPort, digest);
			
 
				   }
			
 
				   /* 7. [authdirserver only] load old directory, if it's there */
			
 
				-  sprintf(keydir,"%s/cached-directory", datadir);
			
 
				+  snprintf(keydir,sizeof(keydir),"%s/cached-directory", datadir);
			
 
				   log_fn(LOG_INFO,"Loading cached directory from %s...",keydir);
			
 
				   cp = read_file_to_str(keydir,0);
			
 
				   if(!cp) {
			
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -167,7 +167,7 @@ router_pick_directory_server_impl(int requireothers, int fascistfirewall)
 
				     if(requireothers && router_is_me(router))
			
 
				       continue;
			
 
				     if(fascistfirewall) {
			
 
				-      sprintf(buf,"%d",router->dir_port);
			
 
				+      snprintf(buf,sizeof(buf),"%d",router->dir_port);
			
 
				       if (!smartlist_string_isin(options.FirewallPorts, buf))
			
 
				         continue;
			
 
				     }
			
@@ -202,7 +202,7 @@ router_pick_trusteddirserver_impl(int requireother, int fascistfirewall)
 
				           !memcmp(me->identity_digest, d->digest, DIGEST_LEN))
			
 
				         continue;
			
 
				       if (fascistfirewall) {
			
 
				-        sprintf(buf,"%d",d->dir_port);
			
 
				+        snprintf(buf,sizeof(buf),"%d",d->dir_port);
			
 
				         if (!smartlist_string_isin(options.FirewallPorts, buf))
			
 
				           continue;
			
 
				       }
			
--- a/src/or/test.c
+++ b/src/or/test.c
@@ -50,7 +50,7 @@ setup_directory()
 
				   int r;
			
 
				   if (is_setup) return;
			
 
				 
			
 
				-  sprintf(temp_dir, "/tmp/tor_test_%d", (int) getpid());
			
 
				+  snprintf(temp_dir, sizeof(temp_dir), "/tmp/tor_test_%d", (int) getpid());
			
 
				 #ifdef MS_WINDOWS
			
 
				   r = mkdir(temp_dir);
			
 
				 #else
			
@@ -69,7 +69,7 @@ get_fname(const char *name)
 
				 {
			
 
				   static char buf[1024];
			
 
				   setup_directory();
			
 
				-  sprintf(buf,"%s/%s",temp_dir,name);
			
 
				+  snprintf(buf,sizeof(buf),"%s/%s",temp_dir,name);
			
 
				   return buf;
			
 
				 }