Merge pull request libarchive#1744 from seanm/snprintf

Fixed issue libarchive#1743: Changed sprintf to safer snprintf

Author: mmatuska

libarchive/archive_read_support_format_7zip.c

@@ -776,7 +776,7 @@ archive_read_format_7zip_read_header(struct archive_read *a,
 	}
 
 	/* Set up a more descriptive format name. */
-	sprintf(zip->format_name, "7-Zip");
+	snprintf(zip->format_name, sizeof(zip->format_name), "7-Zip");
 	a->archive.archive_format_name = zip->format_name;
 
 	return (ret);

libarchive/archive_read_support_format_cab.c

@@ -996,7 +996,7 @@ archive_read_format_cab_read_header(struct archive_read *a,
 		cab->end_of_entry_cleanup = cab->end_of_entry = 1;
 
 	/* Set up a more descriptive format name. */
-	sprintf(cab->format_name, "CAB %d.%d (%s)",
+	snprintf(cab->format_name, sizeof(cab->format_name), "CAB %d.%d (%s)",
 	    hd->major, hd->minor, cab->entry_cffolder->compname);
 	a->archive.archive_format_name = cab->format_name;
 

libarchive/archive_read_support_format_lha.c

@@ -739,7 +739,7 @@ archive_read_format_lha_read_header(struct archive_read *a,
 	if (lha->directory || lha->compsize == 0)
 		lha->end_of_entry = 1;
 
-	sprintf(lha->format_name, "lha -%c%c%c-",
+	snprintf(lha->format_name, sizeof(lha->format_name), "lha -%c%c%c-",
 	    lha->method[0], lha->method[1], lha->method[2]);
 	a->archive.archive_format_name = lha->format_name;
 

libarchive/archive_write_set_format_pax.c

@@ -1717,7 +1717,7 @@ build_pax_attribute_name(char *dest, const char *src)
 	 * to having clients override it.
 	 */
 #if HAVE_GETPID && 0  /* Disable this for now; see above comment. */
-	sprintf(buff, "PaxHeader.%d", getpid());
+	snprintf(buff, sizeof(buff), "PaxHeader.%d", getpid());
 #else
 	/* If the platform can't fetch the pid, don't include it. */
 	strcpy(buff, "PaxHeader");

libarchive/test/test_acl_platform_nfs4.c

@@ -907,7 +907,7 @@ DEFINE_TEST(test_acl_platform_nfs4)
 	assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
 
 	for (i = 0; i < acls_dir_cnt; ++i) {
-	  sprintf(buff, "dir%d", i);
+	  snprintf(buff, sizeof(buff), "dir%d", i);
 	  archive_entry_set_pathname(ae, buff);
 	  archive_entry_set_filetype(ae, AE_IFDIR);
 	  archive_entry_set_perm(ae, 0654);
@@ -960,7 +960,7 @@ DEFINE_TEST(test_acl_platform_nfs4)
 
 	/* Verify single-permission dirs on disk. */
 	for (i = 0; i < dircnt; ++i) {
-		sprintf(buff, "dir%d", i);
+		snprintf(buff, sizeof(buff), "dir%d", i);
 		assertEqualInt(0, stat(buff, &st));
 		assertEqualInt(st.st_mtime, 123456 + i);
 #if ARCHIVE_ACL_SUNOS_NFS4

libarchive/test/test_archive_api_feature.c

@@ -32,7 +32,7 @@ DEFINE_TEST(test_archive_api_feature)
 
 	/* This is the (hopefully) final versioning API. */
 	assertEqualInt(ARCHIVE_VERSION_NUMBER, archive_version_number());
-	sprintf(buff, "libarchive %d.%d.%d",
+	snprintf(buff, sizeof(buff), "libarchive %d.%d.%d",
 	    archive_version_number() / 1000000,
 	    (archive_version_number() / 1000) % 1000,
 	    archive_version_number() % 1000);

libarchive/test/test_read_truncated_filter.c

@@ -81,7 +81,7 @@ test_truncation(const char *compression,
 	archive_entry_set_filetype(ae, AE_IFREG);
 	archive_entry_set_size(ae, datasize);
 	for (i = 0; i < 100; i++) {
-		sprintf(path, "%s%d", compression, i);
+		snprintf(path, sizeof(path), "%s%d", compression, i);
 		archive_entry_copy_pathname(ae, path);
 		failure("%s", path);
 		if (!assertEqualIntA(a, ARCHIVE_OK,
@@ -123,7 +123,7 @@ test_truncation(const char *compression,
 			assert(NULL != archive_error_string(a));
 			break;
 		}
-		sprintf(path, "%s%d", compression, i);
+		snprintf(path, sizeof(path), "%s%d", compression, i);
 		assertEqualString(path, archive_entry_pathname(ae));
 		if (datasize != (size_t)archive_read_data(a, data, datasize)) {
 			failure("Should have non-NULL error message for %s",

libarchive/test/test_tar_large.c

@@ -224,7 +224,7 @@ DEFINE_TEST(test_tar_large)
 	 */
 	for (i = 0; tests[i] != 0; i++) {
 		assert((ae = archive_entry_new()) != NULL);
-		sprintf(namebuff, "file_%d", i);
+		snprintf(namebuff, sizeof(namebuff), "file_%d", i);
 		archive_entry_copy_pathname(ae, namebuff);
 		archive_entry_set_mode(ae, S_IFREG | 0755);
 		filesize = tests[i];
@@ -271,7 +271,7 @@ DEFINE_TEST(test_tar_large)
 	 */
 	for (i = 0; tests[i] > 0; i++) {
 		assertEqualIntA(a, 0, archive_read_next_header(a, &ae));
-		sprintf(namebuff, "file_%d", i);
+		snprintf(namebuff, sizeof(namebuff), "file_%d", i);
 		assertEqualString(namebuff, archive_entry_pathname(ae));
 		assert(tests[i] == archive_entry_size(ae));
 	}

libarchive/test/test_write_disk_secure744.c

@@ -75,7 +75,7 @@ DEFINE_TEST(test_write_disk_secure744)
 		archive_entry_free(ae);
 
 		*p++ = '/';
-		sprintf(p, "target%d", n);
+		snprintf(p, buff_size - (p - buff), "target%d", n);
 
 		/* Try to create a file through the symlink, should fail. */
 		assert((ae = archive_entry_new()) != NULL);

libarchive/test/test_write_filter_b64encode.c

@@ -64,7 +64,7 @@ DEFINE_TEST(test_write_filter_b64encode)
 		assert((ae = archive_entry_new()) != NULL);
 		archive_entry_set_filetype(ae, AE_IFREG);
 		archive_entry_set_size(ae, datasize);
-		sprintf(path, "file%03d", i);
+		snprintf(path, sizeof(path), "file%03d", i);
 		archive_entry_copy_pathname(ae, path);
 		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
 		assertA(datasize
@@ -79,7 +79,7 @@ DEFINE_TEST(test_write_filter_b64encode)
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1));
 	for (i = 0; i < 99; i++) {
-		sprintf(path, "file%03d", i);
+		snprintf(path, sizeof(path), "file%03d", i);
 		if (!assertEqualIntA(a, 0, archive_read_next_header(a, &ae)))
 			break;
 		assertEqualString(path, archive_entry_pathname(ae));
@@ -111,7 +111,7 @@ DEFINE_TEST(test_write_filter_b64encode)
 	assertEqualIntA(a, ARCHIVE_OK,
 	    archive_write_open_memory(a, buff, buffsize, &used2));
 	for (i = 0; i < 99; i++) {
-		sprintf(path, "file%03d", i);
+		snprintf(path, sizeof(path), "file%03d", i);
 		assert((ae = archive_entry_new()) != NULL);
 		archive_entry_copy_pathname(ae, path);
 		archive_entry_set_size(ae, datasize);
@@ -128,7 +128,7 @@ DEFINE_TEST(test_write_filter_b64encode)
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a));
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2));
 	for (i = 0; i < 99; i++) {
-		sprintf(path, "file%03d", i);
+		snprintf(path, sizeof(path), "file%03d", i);
 		if (!assertEqualInt(0, archive_read_next_header(a, &ae)))
 			break;
 		assertEqualString(path, archive_entry_pathname(ae));