[Fedora-directory-commits] ldapserver/ldap/clients/dsgw cgiutil.c, 1.6, 1.7 ckdel.c, 1.4, 1.5 ckdump.c, 1.4, 1.5 ckget.c, 1.4, 1.5 ckpurge.c, 1.4, 1.5 ckput.c, 1.4, 1.5 config.c, 1.5, 1.6 cookie.c, 1.5, 1.6 dbtdsgw.h, 1.4, 1.5 domodify.c, 1.5, 1.6 dsexpldif.c, 1.4, 1.5 dsgw.h, 1.6, 1.7 dsgwutil.c, 1.5, 1.6 dsimpldif.c, 1.4, 1.5 emitf.c, 1.4, 1.5 entrydisplay.c, 1.5, 1.6 htmlparse.c, 1.4, 1.5 ldaputil.c, 1.4, 1.5 templateindex.c, 1.4, 1.5 tutor.c, 1.4, 1.5

Richard Allen Megginson (rmeggins) fedora-directory-commits at redhat.com
Tue Apr 11 02:14:35 UTC 2006


Author: rmeggins

Update of /cvs/dirsec/ldapserver/ldap/clients/dsgw
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8136/ldapserver/ldap/clients/dsgw

Modified Files:
	cgiutil.c ckdel.c ckdump.c ckget.c ckpurge.c ckput.c config.c 
	cookie.c dbtdsgw.h domodify.c dsexpldif.c dsgw.h dsgwutil.c 
	dsimpldif.c emitf.c entrydisplay.c htmlparse.c ldaputil.c 
	templateindex.c tutor.c 
Log Message:
Bug(s) fixed: 186280
Bug Description: ldapserver: Close potential security vulnerabilities in CGI code
Reviewed by: Nathan, Noriko, and Pete (Thanks!)
Fix Description: Clean up usage of sprintf, strcpy, fgets instead of
gets, fixed buffer usage, etc., mostly in the CGI code and other user
facing code (i.e. setup).  Also, Steve Grubb told me about a GCC trick
to force it to check printf style varargs functions, to check the format
string against the argument string, for type mismatches, missing
arguments, and too many arguments.
In the CGI form argument parsing code, we needed to be more careful
about checking for bad input - good input is supposed to look like this:
name=value&name=value&.....
&name=value.  I don't think the original code
was checking properly for something like name&name=value.
There was another place where we were not checking to see if a buffer
had enough room before appending a string to it.
I had to change a couple of functions to allow passing in the size of
the buffer.
Fixed some issues raised by Noriko and Nathan.
Platforms tested: RHEL4
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none



Index: cgiutil.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/cgiutil.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- cgiutil.c	4 May 2005 16:37:27 -0000	1.6
+++ cgiutil.c	11 Apr 2006 02:14:32 -0000	1.7
@@ -236,7 +236,7 @@
 
     if ( required == DSGW_CGIVAR_REQUIRED && ans == NULL ) {
 	char errbuf[ 256 ];
-	PR_snprintf( errbuf, 256,
+	PR_snprintf( errbuf, sizeof(errbuf),
 		XP_GetClientStr(DBT_missingFormDataElement100s_), varname );
 	dsgw_error( DSGW_ERR_BADFORMDATA, errbuf, DSGW_ERROPT_EXIT, 0, NULL );
     }
@@ -325,21 +325,24 @@
             vars++;
     
     ans = (char **) dsgw_ch_malloc((sizeof(char *)) * (vars+1));
-  
-    x=0;
-    /* strtok() is not MT safe, but it is okay to call here because it is used in monothreaded env */
-    tmp = strtok(in, "&");
-    ans[x]=dsgw_ch_strdup(tmp);
-    dsgw_form_unescape(ans[x++]);
-
-    while((tmp = strtok(NULL, "&")))  {
-	if ( strchr( tmp, '=' ) == NULL ) {
-	    break;
+	if (ans) {
+		x=0;
+		/* strtok() is not MT safe, but it is okay to call here because it is used in monothreaded env */
+		tmp = strtok(in, "&");
+		if (tmp && *tmp && strchr(tmp, '=')) {
+			ans[x]=dsgw_ch_strdup(tmp);
+			dsgw_form_unescape(ans[x++]);
+
+			while((x <= vars) && (tmp = strtok(NULL, "&")))  {
+				if ( strchr( tmp, '=' ) == NULL ) {
+					break;
+				}
+				ans[x] = dsgw_ch_strdup(tmp);
+				dsgw_form_unescape(ans[x++]);
+			}
+		}
+		ans[x] = NULL;
 	}
-        ans[x] = dsgw_ch_strdup(tmp);
-        dsgw_form_unescape(ans[x++]);
-    }
-    ans[x] = NULL;
 
     return(ans);
 }


Index: ckdel.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckdel.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ckdel.c	19 Apr 2005 22:07:01 -0000	1.4
+++ ckdel.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -45,12 +45,16 @@
 main( int argc, char **argv)
 {
     char cookie[ 512 ];
+	char *ptr;
     int rc;
     
     printf( "Remove an entry to the cookie database\n" );
 
     printf( "cookie: " );
-    gets( cookie );
+    fgets( cookie, sizeof(cookie), stdin );
+	if (ptr = strchr(cookie, '\n')) {
+		*ptr = 0;
+	}
 
     rc = dsgw_delcookie( cookie );
     if ( rc == 0 ) {


Index: ckdump.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckdump.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ckdump.c	19 Apr 2005 22:07:01 -0000	1.4
+++ ckdump.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -44,12 +44,6 @@
 
 main()
 {
-    char *p;
-    time_t expires;
-    char dn[ 512 ];
-    char pw[ 512 ];
-    char expsec[ 512 ];
-    
 #ifdef notdef /* this was some testing code... */
 {
     char *ck, *r, *d, *p;


Index: ckget.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckget.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ckget.c	19 Apr 2005 22:07:01 -0000	1.4
+++ ckget.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -55,9 +55,15 @@
     printf( "Retrieve an entry from the cookie database\n" );
 
     printf( "cookie: " );
-    gets( cookie );
+    fgets( cookie, sizeof(cookie), stdin );
+	if (p = strchr(cookie, '\n')) {
+		*p = 0;
+	}
     printf( "dn: " );
-    gets( dn );
+    fgets( dn, sizeof(dn), stdin );
+	if (p = strchr(dn, '\n')) {
+		*p = 0;
+	}
 
     rc = dsgw_ckdn2passwd( cookie, dn, &pw );
     if ( rc == 0 ) {


Index: ckpurge.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckpurge.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ckpurge.c	19 Apr 2005 22:07:01 -0000	1.4
+++ ckpurge.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -44,11 +44,6 @@
 
 main()
 {
-    char *p;
-    time_t expires;
-    char dn[ 512 ];
-    char pw[ 512 ];
-    char expsec[ 512 ];
     int np = 0;
     time_t last;
     FILE *fp;


Index: ckput.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ckput.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ckput.c	19 Apr 2005 22:07:01 -0000	1.4
+++ ckput.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -59,17 +59,18 @@
     SEC_RNGInit();
     SEC_SystemInfoForRNG();
 
+	dn[0] = pw[0] = lifesec[0] = 0;
     if ( argc > 1 ) {
 	while (( c = getopt( argc, argv, "d:l:p:" )) != EOF ) {
 	    switch ( c ) {
 	    case 'd':
-		strcpy( dn, optarg );
+		PL_strncpyz( dn, optarg, sizeof(dn) );
 		break;
 	    case 'l':
-		strcpy( lifesec, optarg );
+		PL_strncpyz( lifesec, optarg, sizeof(lifesec) );
 		break;
 	    case 'p':
-		strcpy( pw, optarg );
+		PL_strncpyz( pw, optarg, sizeof(pw) );
 		break;
 	    }
 	}
@@ -77,11 +78,20 @@
 
     if ( strlen( dn ) == 0 || strlen( pw ) == 0 || strlen( lifesec ) == 0 ) {
 	printf( "dn: " );
-	gets( dn );
+	fgets( dn, sizeof(dn), stdin );
+	if (p = strchr(dn, '\n')) {
+		*p = 0;
+	}
 	printf( "passwd: " );
-	gets( pw );
+	fgets( pw, sizeof(pw), stdin );
+	if (p = strchr(pw, '\n')) {
+		*p = 0;
+	}
 	printf( "expires in how many seconds? " );
-	gets( lifesec );
+	fgets( lifesec, sizeof(lifesec), stdin );
+	if (p = strchr(lifesec, '\n')) {
+		*p = 0;
+	}
     }
 
     lifetime = atol( lifesec );


Index: config.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/config.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- config.c	19 Apr 2005 22:07:02 -0000	1.5
+++ config.c	11 Apr 2006 02:14:32 -0000	1.6
@@ -298,22 +298,6 @@
     read_dsgwconfig( fname, NULL, gc->gc_admserv, 0 );
     free( fname );
 
-#if 0
-    /* if necessary, try to set path to certificate database */
-#ifndef DSGW_NO_SSL
-    if ( gc->gc_ldapssl && gc->gc_securitypath == NULL ) {
-	if ( gc->gc_admserv ) {
-	    if (( p = get_nsadm_var( "CertFile" )) != NULL ) {
-		gc->gc_securitypath = dsgw_ch_malloc( strlen( p ) + 4 );
-		sprintf( gc->gc_securitypath, "%s.db", p );
-	    }
-	} else {
-	    gc->gc_securitypath = DSGW_DEFSECURITYPATH;
-	}
-    }
-#endif
-#endif
-
     if ( browser_ignores_acceptcharset() ) {
 	set_dsgwcharset();
     } else {
@@ -379,7 +363,7 @@
 	if ( strstr( filename, "dsgw-l10n.conf" ) != NULL ) {
 	    return;	/* ignore if it's dsgw-l10n.conf */
 	}
-	PR_snprintf( buf, MAXPATHLEN + 100,
+	PR_snprintf( buf, sizeof(buf),
 		XP_GetClientStr(DBT_cannotOpenConfigFileSN_), filename );
 	dsgw_error( DSGW_ERR_BADCONFIG, buf, DSGW_ERROPT_EXIT, 0, NULL );
     }
@@ -978,7 +962,7 @@
         return;
     }
 
-    PR_snprintf( tmpldif, 128, "%s.tmp", ldif);
+    PR_snprintf( tmpldif, sizeof(tmpldif), "%s.tmp", ldif);
     if ( (newfp = fopen( tmpldif, "w" )) == NULL ) {
         dsgw_emitf (XP_GetClientStr(DBT_AppSuffixCouldNotOpenTmpFileSN_),
             ldif);
@@ -1199,7 +1183,7 @@
     }
 
     /* read old dbswitch.conf contents */
-    PR_snprintf( oldfname, MAXPATHLEN, "%s/%s", userdb_path,
+    PR_snprintf( oldfname, sizeof(oldfname), "%s/%s", userdb_path,
 		DSGW_DBSWITCH_FILE );
     if (( rc = dbconf_read_config_file( oldfname, &cip )) != LDAPU_SUCCESS ) {
 	report_ldapu_error( rc, DSGW_ERR_BADCONFIG, erropts );
@@ -1207,10 +1191,10 @@
     }
 
     /* write db info to new file, replacing information for "dbhandle" */
-    PR_snprintf( newfname, MAXPATHLEN, "%s/%s", userdb_path,
+    PR_snprintf( newfname, sizeof(newfname), "%s/%s", userdb_path,
 		DSGW_DBSWITCH_TMPFILE );
     if (( newfp = fopen( newfname, "w" )) == NULL ) {
-	PR_snprintf( buf, MAXPATHLEN + 100,
+	PR_snprintf( buf, sizeof(buf),
 	    XP_GetClientStr(DBT_cannotOpenConfigFileSForWritingN_), newfname );
 	dsgw_error( DSGW_ERR_UPDATE_DBSWITCH, buf, erropts, 0, NULL );
 	return( -1 );
@@ -1693,7 +1677,7 @@
 	for ( token = strtok_quote( line, " \t" ); token != NULL;
 	    token = strtok_quote( NULL, " \t" ) ) {
 		if ( *argcp == MAXARGS ) {
-			PR_snprintf( buf, 20,
+			PR_snprintf( buf, sizeof(buf),
 				XP_GetClientStr(DBT_maxD_), MAXARGS );
 			dsgw_error( DSGW_ERR_CONFIGTOOMANYARGS, buf,
 				DSGW_ERROPT_EXIT, 0, NULL );


Index: cookie.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/cookie.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- cookie.c	19 Apr 2005 22:07:02 -0000	1.5
+++ cookie.c	11 Apr 2006 02:14:32 -0000	1.6
@@ -144,8 +144,8 @@
     PK11_ConfigurePKCS11(NULL, NULL, tokDes, ptokDes, NULL, NULL, NULL, NULL, 0, 0 );	
     /*NSS_NoDB_Init(NULL);*/
     dsgw_initNSS();
-    PK11_GenerateRandom(buf, RNDBUFLEN);
-    return( buf2str( buf, RNDBUFLEN ));
+    PK11_GenerateRandom(buf, sizeof(buf));
+    return( buf2str( buf, sizeof(buf) ));
 }
 
 
@@ -162,7 +162,7 @@
 #define F_OK 0
 #endif
 #endif
-    sprintf(cdb, "%s.%s", DSGW_COOKIEDB_FNAME, context);
+    PR_snprintf(cdb, sizeof(cdb), "%s.%s", DSGW_COOKIEDB_FNAME, context);
 
     if ( access( cdb, F_OK ) == 0 ) {
 	fp = fopen( cdb, "r+" );
@@ -253,7 +253,7 @@
     }
 
     for (;;) {
-	if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) {
+	if ( fgets( buf, sizeof(buf), fp ) == NULL ) {
 	    dsgw_closecookiedb( fp );
 #ifdef DSGW_DEBUG
 	    dsgw_log( "dsgw_ckdn2passwd: cookie <%s> not found in db\n",
@@ -433,14 +433,14 @@
     if (( fp = dsgw_opencookiedb()) == NULL ) {
         return -1;
     }
-    fgets( buf, CKBUFSIZ, fp );
+    fgets( buf, sizeof(buf), fp );
     if ( strncmp( buf, "lastpurge:", 10 )) {
 	dsgw_closecookiedb( fp );
 	return -1;
     }
     rc = DSGW_CKDB_KEY_NOT_PRESENT;
     for (;;) {
-	if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) {
+	if ( fgets( buf, sizeof(buf), fp ) == NULL ) {
 	    break;
 	}
 	if ( strncmp( buf, rndstr, CKLEN )) {
@@ -513,7 +513,7 @@
     pos = ftell( fp );
     fseek( fp, 0L, SEEK_SET );
 
-    fgets( buf, CKBUFSIZ, fp );
+    fgets( buf, sizeof(buf), fp );
     if ( strncmp( buf, "lastpurge:", 10 )) {
 	ret = (time_t) 0L;
     } else {
@@ -553,7 +553,7 @@
     size_t csize;	/* current size of file */
     char cdb[MAXPATHLEN]; /*DSGW_COOKIEDB_FNAME + context*/
     
-    sprintf(cdb, "%s.%s", DSGW_COOKIEDB_FNAME, context);
+    PR_snprintf(cdb, sizeof(cdb), "%s.%s", DSGW_COOKIEDB_FNAME, context);
 
     if (( fp = dsgw_opencookiedb()) == NULL ) {
 	return -1;
@@ -576,10 +576,11 @@
 	char *p;
 	char *dbdn;
 	int nukeit;
+	size_t maxlen = sizeof(expbuf);
 
 	nukeit = 0;
 
-	if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) {
+	if ( fgets( buf, sizeof(buf), fp ) == NULL ) {
 	    break;
 	}
 	if ( strncmp( buf, "lastpurge:", 10 ) == 0 ) {
@@ -596,8 +597,13 @@
 	    dsgw_closecookiedb( fp );
 	    return -1;
 	}
-	strncpy( expbuf, exp, p - exp );
-	expbuf[ p - exp ] = '\0';
+	if ((p - exp) < maxlen) {
+		maxlen = p - exp;
+	} else {
+		maxlen--; /* need a length, not a count */
+	}
+	strncpy( expbuf, exp, maxlen );
+	expbuf[ maxlen ] = '\0';
 	time( &now );
 
 	/* Get the entry's DN */
@@ -678,7 +684,7 @@
 	return;
     }
 
-    if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) {
+    if ( fgets( buf, sizeof(buf), fp ) == NULL ) {
 	dsgw_closecookiedb( fp );
 	printf( "Cookie database is empty (no lastpurge line)\n" );
 	return;
@@ -686,8 +692,9 @@
     puts( buf );
 
     for (;;) {
+	size_t maxlen = sizeof(expbuf);
 	char *p;
-	if ( fgets( buf, CKBUFSIZ, fp ) == NULL ) {
+	if ( fgets( buf, sizeof(buf), fp ) == NULL ) {
 	    dsgw_closecookiedb( fp );
 	    printf( "%d entries, %d expired\n", total, expired );
 	    return;
@@ -702,8 +709,13 @@
 	    return;
 	}
 	printf( "%s", buf );
-	strncpy( expbuf, exp, p - exp + 1 );
-	expbuf[ p - exp + 1 ] = '\0';
+	if ((p - exp + 1) < maxlen) {
+	    maxlen = p - exp + 1;
+	} else {
+	    maxlen--; /* need a length, not a count */
+	}
+	strncpy( expbuf, exp, maxlen );
+	expbuf[ maxlen ] = '\0';
 	time( &now );
 	total++;
 	if ( now > atol( expbuf )) {
@@ -752,6 +764,7 @@
 	return NULL;
     }
 
+    /* richm: replace with PR_smprintf */
     ckbuf = dsgw_ch_malloc( strlen( DSGW_CKHDR ) + strlen( r ) +
 	    strlen( edn ) + strlen( DSGW_AUTHCKNAME ) + 2 + 20 );
     ckbuf[ 0 ] = '\0';
@@ -770,26 +783,6 @@
 
 
 
-#if 0
-/*
- * Given a time_t, return a GMTString representation of that time.
- */
-char *
-dsgw_t2gmts( time_t cktime )
-{
-    time_t	tnl;
-    struct tm	*pt;
-#define	TBUFSIZE 40
-    char	tbuf[ TBUFSIZE ];
-
-    tnl = time( NULL );
-    pt = gmtime( &tnl );
-    (void)strftime( tbuf, (size_t)TBUFSIZE, "%A, %d-%b-%y %T GMT", pt);
-    return( dsgw_ch_strdup( tbuf ));
-}
-#endif
-
-
 /*
  * Password obfuscation, etc.
  * There is no real security here -- we just encrypt using a hard-coded key.


Index: dbtdsgw.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dbtdsgw.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dbtdsgw.h	19 Apr 2005 22:07:02 -0000	1.4
+++ dbtdsgw.h	11 Apr 2006 02:14:32 -0000	1.5
@@ -463,5 +463,6 @@
 	ResDef( DBT_missingArgumentForOrgChartURLDirectiv_, 412, "Missing argument for \"url-orgchart-base\" directive\n" )/*extracted from config.c*/
 	ResDef( DBT_missingArgumentForOrgChartSearchAttr_ , 413, "Missing argument for \"orgchart-attrib-farleft-rdn\" directive\n" )/*extracted from config.c*/
 	ResDef( DBT_theCharsetIsNotSupported , 414, "The charset is not supported\n" )
+	ResDef( DBT_invalidTemplateVarLen, 415, "The string length %d of template variable \"%s\" is too long\n" )
 END_STR(dsgw)
 


Index: domodify.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/domodify.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- domodify.c	20 May 2005 15:52:43 -0000	1.5
+++ domodify.c	11 Apr 2006 02:14:32 -0000	1.6
@@ -153,7 +153,7 @@
     }
 
     if ( !quiet ) {
-	PR_snprintf( buf, 256,
+	PR_snprintf( buf, sizeof(buf),
 		XP_GetClientStr(DBT_SDirectoryEntry_), changedesc );
 	dsgw_html_begin( buf, 1 );
     } else {
@@ -413,7 +413,7 @@
 entry_modify_or_add( LDAP *ld, char *dn, int add, int *pwdchangedp )
 {
     int		lderr, i, j, opoffset, modop, mls, unique, unchanged_count;
-    char	*varname, *varvalue, *retval, *attr, *p, **vals, **unchanged_attrs;
+    char	*varname, *varvalue, *attr, *p, **vals, **unchanged_attrs;
     char	*ntuserid = NULL;
 
     LDAPMod	**pmods;


Index: dsexpldif.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsexpldif.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dsexpldif.c	19 Apr 2005 22:07:02 -0000	1.4
+++ dsexpldif.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -124,14 +124,14 @@
 
     if (gc->gc_localdbconf == NULL) {
         /* remote */
-        PR_snprintf (cmd, BIG_LINE, 
+        PR_snprintf (cmd, sizeof(cmd), 
 	    "./%s -b \"%s\" -h %s -p %d \"objectclass=*\" > %s 2> %s", 
 	    DSGW_LDAPSEARCH, gc->gc_ldapsearchbase, gc->gc_ldapserver, 
 	    gc->gc_ldapport, ldiffile, DSGW_NULL_DEVICE);
     }
     else {
         /* local database */
-        PR_snprintf (cmd, BIG_LINE, 
+        PR_snprintf (cmd, sizeof(cmd), 
 	    "./%s -b \"\" -C %s \"objectclass=*\" > %s 2> %s",
             DSGW_LDAPSEARCH, gc->gc_localdbconf, ldiffile, DSGW_NULL_DEVICE);
     }


Index: dsgw.h
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsgw.h,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- dsgw.h	20 May 2005 15:52:43 -0000	1.6
+++ dsgw.h	11 Apr 2006 02:14:32 -0000	1.7
@@ -825,7 +825,12 @@
 int dsgw_parse_cookie( char *cookie, char **rndstr, char **dn );
 char *dsgw_getvp( int cginum );
 #ifdef DSGW_DEBUG
-void dsgw_log( char *fmt, ... );
+void dsgw_log( char *fmt, ... )
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 1, 2)));
+#else
+        ;
+#endif
 void dsgw_logstringarray( char *arrayname, char **strs );
 void dsgw_log_out (const char* s, size_t n);
 #else
@@ -875,16 +880,36 @@
 void dsgw_strcat_escaped( char *s1, const char *s2 );
 char *dsgw_strdup_escaped( const char *s );
 void dsgw_substitute_and_output( char *s, char *tag, char *value, int escape );
-void dsgw_form_begin( const char* name, const char* format, ... );
+void dsgw_form_begin( const char* name, const char* format, ... )
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 2, 3)));
+#else
+        ;
+#endif
 char *dsgw_strdup_with_entities( char *s, int *madecopyp );
 void dsgw_HTML_emits( char * );
 void dsgw_emit_cgi_var( int argc, char **argv );
-void dsgw_emit_button( int argc, char **argv, const char* format, ... );
+void dsgw_emit_button( int argc, char **argv, const char* format, ... )
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 3, 4)));
+#else
+        ;
+#endif
 void dsgw_emit_alertForm();
-void dsgw_emit_alert( const char* frame, const char* windowOptions, const char* fmt, ... );
+void dsgw_emit_alert( const char* frame, const char* windowOptions, const char* fmt, ... )
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 3, 4)));
+#else
+        ;
+#endif
 void dsgw_emit_confirmForm();
 void dsgw_emit_confirm( const char* frame, const char* yes, const char* no,
-		        const char* windowOptions, int enquote, const char* fmt, ... );
+		        const char* windowOptions, int enquote, const char* fmt, ... )
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 6, 7)));
+#else
+        ;
+#endif
 
 /*
  * in htmlparse.c:
@@ -983,7 +1008,12 @@
  * in emitf.c
  */
 int dsgw_emits (const char* s); /* like fputs(s, stdout) */
-int dsgw_emitf (const char* format, ...); /* like printf */
+int dsgw_emitf (const char* format, ...) /* like printf */
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 1, 2)));
+#else
+        ;
+#endif
 int dsgw_emitfv (const char* format, va_list argl);
 char* dsgw_emit_converts_to (char* charset);
 int is_UTF_8 (const char* charset);
@@ -995,7 +1025,12 @@
 void dsgw_quotation_begin (int kind);
 void dsgw_quotation_end();
 int dsgw_quote_emits (int kind, const char* s);
-int dsgw_quote_emitf (int kind, const char* format, ...);
+int dsgw_quote_emitf (int kind, const char* format, ...)
+#ifdef __GNUC__ 
+        __attribute__ ((format (printf, 2, 3)));
+#else
+        ;
+#endif
 
 /*
  * in collate.c


Index: dsgwutil.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsgwutil.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- dsgwutil.c	19 Apr 2005 22:07:02 -0000	1.5
+++ dsgwutil.c	11 Apr 2006 02:14:32 -0000	1.6
@@ -927,7 +927,7 @@
 #endif
 	install_dir = getenv("NETSITE_ROOT");
 	if (install_dir != NULL) {
-		 sprintf(tmp_log, "%s/tmp/dsgw", install_dir);
+		 PR_snprintf(tmp_log, sizeof(tmp_log), "%s/tmp/dsgw", install_dir);
 #if defined( XP_WIN32 )
 		 for(ilen=0; ilen < strlen(tmp_log); ilen++)
 		 {
@@ -937,15 +937,15 @@
 #endif /* XP_WIN32 */
 	} else {
 #if defined( XP_WIN32 )
-		ilen = strlen(tmp_dir); 
 		GetTempPath( ilen+1, tmp_dir ); 
+		ilen = strlen(tmp_dir); 
 		/* Remove trailing slash. */ 
 		pch = tmp_dir[ilen-1]; 
 		if( pch == '\\' || pch == '/' ) 
 			tmp_dir[ilen-1] = '\0';
-		sprintf(tmp_log, "%s\\DSGW", tmp_dir);
+		PR_snprintf(tmp_log, sizeof(tmp_log), "%s\\DSGW", tmp_dir);
 #else
-		sprintf(tmp_log, "/tmp/dsgw");		
+		PR_snprintf(tmp_log, sizeof(tmp_log), "/tmp/dsgw");		
 #endif
 	}
 	return tmp_log;
@@ -964,7 +964,7 @@
 #else
 	  "%s/%.50s.out";
 #endif
-	PR_snprintf( fname, 256, format, dsgw_get_tmp_log_dir(), progname );
+	PR_snprintf( fname, sizeof(fname), format, dsgw_get_tmp_log_dir(), progname );
 	log_out_fp = fopen( fname, "w" );
     }
     if (log_out_fp != NULL) {
@@ -996,14 +996,14 @@
 #else
 	  "%s/%.50s";
 #endif
-	PR_snprintf( fname, 256, format, dsgw_get_tmp_log_dir(), progname );
+	PR_snprintf( fname, sizeof(fname), format, dsgw_get_tmp_log_dir(), progname );
 	if (( logfp = fopen( fname, "a+" )) == NULL ) {
 	    return;
 	}
     }
 
-    memcpy( timebuf, ctime( &t ), 19 );
-    timebuf[ 19 ] = '\0';
+    memcpy( timebuf, ctime( &t ), sizeof(timebuf)-1 );
+    timebuf[ sizeof(timebuf)-1 ] = '\0';
     fprintf( logfp, "%s %s: ", timebuf, progname );
 
     va_start( ap, fmt );
@@ -1327,7 +1327,7 @@
       }
     }
     for ( i=0 ; i<countLang ; i++ ) {
-      strcpy(AcceptLanguageList[i],ptrLanguage[i]);
+      PL_strncpyz(AcceptLanguageList[i],ptrLanguage[i],sizeof(AcceptLanguageList[i]));
     }
 
   } else {
@@ -1336,7 +1336,7 @@
     cPtr = strtok(input,",");
     while (cPtr) {
       if (strlen(cPtr)<MAX_ACCEPT_LENGTH) {        /* ignore if too long */
-        strcpy(AcceptLanguageList[countLang++],cPtr);
+        PL_strncpyz(AcceptLanguageList[countLang++],cPtr,sizeof(AcceptLanguageList[i]));
         if (countLang>=MAX_ACCEPT_LANGUAGE) break; /* quit if too many */
       }
       cPtr = strtok(NULL,",");


Index: dsimpldif.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/dsimpldif.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- dsimpldif.c	19 Apr 2005 22:07:02 -0000	1.4
+++ dsimpldif.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -148,17 +148,17 @@
 
     if (gc->gc_localdbconf == NULL) {
 	/* remote */
-	PR_snprintf (cmd, BIG_LINE, "./%s -a %s -h %s -p %d -f %s > %s 2>&1", 
+	PR_snprintf (cmd, sizeof(cmd), "./%s -a %s -h %s -p %d -f %s > %s 2>&1", 
 		DSGW_LDAPMODIFY, stop?"":"-c",gc->gc_ldapserver, 
 		gc->gc_ldapport, ldiffile, DSGW_NULL_DEVICE);
     }
     else {
 	/* local database */
-    	PR_snprintf (cmd, BIG_LINE, "./%s -a %s -C %s -f %s > %s 2>&1",
+    	PR_snprintf (cmd, sizeof(cmd), "./%s -a %s -C %s -f %s > %s 2>&1",
 		DSGW_LDAPMODIFY, stop?"":"-c", gc->gc_localdbconf, ldiffile,
 		DSGW_NULL_DEVICE);
     }
-    PR_snprintf (path, BIG_LINE, "%s%s", userdb_path, DSGW_TOOLSDIR);
+    PR_snprintf (path, sizeof(path), "%s%s", userdb_path, DSGW_TOOLSDIR);
     chdir ( path );
     fflush (stdout);
     if (system (cmd) == 0) { 


Index: emitf.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/emitf.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- emitf.c	19 Apr 2005 22:07:02 -0000	1.4
+++ emitf.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -188,12 +188,12 @@
 
     char deffmt[DEFFMTC];
     char* fmt = deffmt;
-    size_t fmtc = DEFFMTC;
+    size_t fmtc = sizeof(deffmt);
 
     const char* next;
     const char* f;
 
-    char buf [1024];
+    char buf [1024] = {0};
     int i;
 
     i = count_slots (format);
@@ -396,33 +396,33 @@
 	}
 	/* produce a single argument */
 	switch (islot->type) {
-	  case TYPE_I:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break;
-	  case TYPE_U:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break;
-	  case TYPE_F:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break;
-	  case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break;
-	  case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break;
-	  case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break;
-	  case TYPE_P:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break;
+	  case TYPE_I:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break;
+	  case TYPE_U:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break;
+	  case TYPE_F:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break;
+	  case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break;
+	  case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break;
+	  case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break;
+	  case TYPE_P:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break;
 	  case TYPE_WIDTH:
 	  case TYPE_PRECISION:
 	    switch ((++islot)->type) {
-	      case TYPE_I:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break;
-	      case TYPE_U:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break;
-	      case TYPE_F:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break;
-	      case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break;
-	      case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break;
-	      case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break;
-	      case TYPE_P:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break;
+	      case TYPE_I:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break;
+	      case TYPE_U:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break;
+	      case TYPE_F:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break;
+	      case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break;
+	      case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break;
+	      case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break;
+	      case TYPE_P:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break;
 	      case TYPE_WIDTH:
 	      case TYPE_PRECISION:
 		switch ((++islot)->type) {
-		  case TYPE_I:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].i); break;
-		  case TYPE_U:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].u); break;
-		  case TYPE_F:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].f); break;
-		  case TYPE_LI: PR_snprintf (buf, 1024, fmt, argv[islot->arg].li); break;
-		  case TYPE_LU: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lu); break;
-		  case TYPE_LF: PR_snprintf (buf, 1024, fmt, argv[islot->arg].lf); break;
-		  case TYPE_P:  PR_snprintf (buf, 1024, fmt, argv[islot->arg].p); break;
+		  case TYPE_I:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].i); break;
+		  case TYPE_U:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].u); break;
+		  case TYPE_F:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].f); break;
+		  case TYPE_LI: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].li); break;
+		  case TYPE_LU: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lu); break;
+		  case TYPE_LF: PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].lf); break;
+		  case TYPE_P:  PR_snprintf (buf, sizeof(buf), fmt, argv[islot->arg].p); break;
 		  case TYPE_WIDTH:
 		  case TYPE_PRECISION: goto bail; /* how did this happen? */
 		  case TYPE_PERCENT:
@@ -647,7 +647,7 @@
 	    s += slen; /* advance pointer to next unconverted chars */
 	    /* convert as many chars from s as will fit in buf */
 	    result = dsgw_convert(DSGW_FROM_UTF8, emit_converter,
-				  &bufptr, CONVERT_BUFSIZE, &len,
+				  &bufptr, sizeof(buf), &len,
 				  s, n, &slen, &err);
 	    /* write the converted chars to the output */
 	    n = dsgw_emitq ((FILE*)parm, buf, len);
@@ -661,34 +661,6 @@
     return parm;
 }
 
-#if 0
-static void
-dsgw_convert (void* parm, const char* s, size_t n)
-     /* Transform the output, in a visually distinctive way.
-        This function is intended for testing, only.
-     */
-{
-    while (parm && n > 0) {
-	const size_t len = LDAP_UTF8LEN(s);
-	if (len == 1 && *s >= '!' && *s <= '~') { /* ASCII */
-	    /* output the double-width variant of this character */
-	    unsigned c = (unsigned)*s - '!' + 0xFF01;
-	    unsigned char buf[3];
-	    buf[2] = 0x80 | (c & 0x3F); c >>= 6;
-	    buf[1] = 0x80 | (c & 0x3F); c >>= 6;
-	    buf[0] = 0xE0 | (c & 0x0F);
-	    parm = dsgw_emitn (parm, (char*)buf, 3);
-	} else {
-	    parm = dsgw_emitn (parm, s, len);
-	}
-	if (parm) {
-	    n -= len;
-	    s += len;
-	}
-    }
-}
-#endif
-
 int
 dsgw_emits (const char* s)
      /* This function works like fputs(s, stdout), except it


Index: entrydisplay.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/entrydisplay.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- entrydisplay.c	20 May 2005 15:52:43 -0000	1.5
+++ entrydisplay.c	11 Apr 2006 02:14:32 -0000	1.6
@@ -239,7 +239,9 @@
 static char *dsgw_time(time_t secs_since_1970);
 
 /* attribute syntax handler routines */
+#if NEEDED_FOR_DEBUGGING
 static void ntdomain_display( struct dsgw_attrdispinfo *adip );
+#endif
 static void ntuserid_display( struct dsgw_attrdispinfo *adip );
 static void str_display( struct dsgw_attrdispinfo *adip );
 static void str_edit( struct dsgw_attrdispinfo *adip );
@@ -1623,10 +1625,10 @@
 				memcpy( &iValue, bin_data.bv_val, sizeof( iValue ) );
 
 				if(( adip->adi_opts & DSGW_ATTROPT_DECIMAL ) != 0 ) 
-					PR_snprintf( szFormat, 512, "%%lu" );
+					PR_snprintf( szFormat, sizeof(szFormat), "%%lu" );
 				else
-					PR_snprintf( szFormat, 512, "%%#0%lu.%lux", bin_data.bv_len*2, bin_data.bv_len*2 );
-				PR_snprintf( szFlags, 512, szFormat, iValue );
+					PR_snprintf( szFormat, sizeof(szFormat), "%%#0%lu.%lux", bin_data.bv_len*2, bin_data.bv_len*2 );
+				PR_snprintf( szFlags, sizeof(szFlags), szFormat, iValue );
 
 				fputs( szFlags, stdout );
 
@@ -1639,6 +1641,7 @@
 	}
 }
 
+#if NEEDED_FOR_DEBUGGING
 /*
  * display handler for NT Domain Identifier string
  */
@@ -1671,7 +1674,7 @@
     }
 
 }
-
+#endif
 
 
 /*
@@ -3222,7 +3225,7 @@
   }
 
   /* convert to utf8 */
-  u_strToUTF8(obuf, BSIZ, NULL, dstr0, myStrlen, &err);
+  u_strToUTF8(obuf, sizeof(obuf), NULL, dstr0, myStrlen, &err);
 
   if (err != U_ZERO_ERROR) {
     dsgw_error( DSGW_ERR_LDAPGENERAL, NULL, DSGW_ERROPT_EXIT, err, NULL );


Index: htmlparse.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/htmlparse.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- htmlparse.c	19 Apr 2005 22:07:02 -0000	1.4
+++ htmlparse.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -202,14 +202,14 @@
              } else if ( parse_status != DSGW_PARSE_STATUS_NO_OUTPUT && 
 			 !strcmp(templates[ index ].name + 1, "CONTEXT ")) {
 		 char line[ BIG_LINE ];
-                 PR_snprintf( line, BIG_LINE, templates[ index ].format, context);
+                 PR_snprintf( line, sizeof(line), templates[ index ].format, context);
                  dsgw_emits( line );
 
 	     } else if ( parse_status != DSGW_PARSE_STATUS_NO_OUTPUT ) { 
                  /* I just can't believe there's no easy way to create 
                   * a va_list. */
                  char line[ BIG_LINE ];
-                 PR_snprintf( line, BIG_LINE, templates[ index ].format, 
+                 PR_snprintf( line, sizeof(line), templates[ index ].format, 
                          ( *argc > 0 && vars[ 0 ] != NULL ) ? vars[ 0 ]: "",
                          ( *argc > 1 && vars[ 1 ] != NULL ) ? vars[ 1 ]: "",
                          ( *argc > 2 && vars[ 2 ] != NULL ) ? vars[ 2 ]: "",
@@ -377,14 +377,14 @@
 
     dsgw_emits("<center><table border=2 width=100%%>\n");
 
-    util_snprintf(line, BIG_LINE, "<tr>");
+    util_snprintf(line, sizeof(line), "<tr>");
     dsgw_emits(line);
 
-    util_snprintf(line, BIG_LINE, "<td align=center width=100%%>");
+    util_snprintf(line, sizeof(line), "<td align=center width=100%%>");
     dsgw_emits(line);
-    util_snprintf(line, BIG_LINE, "<hr size=0 width=0>");
+    util_snprintf(line, sizeof(line), "<hr size=0 width=0>");
     dsgw_emits(line);
-    util_snprintf(line, BIG_LINE, "<FONT size=+2><b>%s</b></FONT>"
+    util_snprintf(line, sizeof(line), "<FONT size=+2><b>%s</b></FONT>"
                                   "<hr size=0 width=0>"
                                   "</th>", ( argc > 0 ) ? argv[0] : "" );
     dsgw_emits(line);
@@ -399,7 +399,7 @@
     char line[BIG_LINE];
     dsgw_emits("<HTML>");
     dsgw_head_begin();
-    util_snprintf(line, BIG_LINE, "\n<TITLE>%s</TITLE></HEAD>\n"
+    util_snprintf(line, sizeof(line), "\n<TITLE>%s</TITLE></HEAD>\n"
 	    "<BODY %s>\n", ( argc > 0 ) ? argv[0] : "", dsgw_html_body_colors );
     dsgw_emits(line);
 }
@@ -411,10 +411,10 @@
     char line[BIG_LINE];
 
     if ( argc > 0 ) {
-	util_snprintf(line, BIG_LINE, "<BODY %s %s>\n", dsgw_html_body_colors,
+	util_snprintf(line, sizeof(line), "<BODY %s %s>\n", dsgw_html_body_colors,
 		( argc > 0 ) ? argv[0] : "" );
     } else {
-	util_snprintf(line, BIG_LINE, "<BODY %s>\n", dsgw_html_body_colors );
+	util_snprintf(line, sizeof(line), "<BODY %s>\n", dsgw_html_body_colors );
     }
 
     dsgw_emits(line);
@@ -451,14 +451,14 @@
 
     if(!verify)  {
         char outstr[256];
-        PR_snprintf(outstr, 256, "<td width=50%% align=center>"
+        PR_snprintf(outstr, sizeof(outstr), "<td width=50%% align=center>"
                "<input type=submit value=\"%s\">"
                "</td>\n",
                XP_GetClientStr(DBT_ok_1));
         dsgw_emits(outstr);
     }  else  {
         char outstr[256];
-        PR_snprintf(outstr, 256, "<td width=50%% align=center>"
+        PR_snprintf(outstr, sizeof(outstr), "<td width=50%% align=center>"
                "<input type=button value=\"%s\" "
                "onclick=\"verify(this.form)\">"
                "</td>\n",
@@ -467,7 +467,7 @@
     }
     {
         char outstr[256];
-        PR_snprintf(outstr, 256, "<td width=50%% align=center>"
+        PR_snprintf(outstr, sizeof(outstr), "<td width=50%% align=center>"
                "<input type=reset value=\"%s\"></td>\n",
                XP_GetClientStr(DBT_reset_));
         dsgw_emits(outstr);
@@ -489,12 +489,12 @@
 
     dsgw_emits("<center><table border=2 width=100%%><tr>");
 
-    PR_snprintf(outstr, 256, "<td width=50%% align=center>"
+    PR_snprintf(outstr, sizeof(outstr), "<td width=50%% align=center>"
            "<input type=submit value=\"%s\">"
            "</td>\n",
            XP_GetClientStr(DBT_done_));
     dsgw_emits(outstr);
-    PR_snprintf(outstr, 256, "<td width=50%% align=center>"
+    PR_snprintf(outstr, sizeof(outstr), "<td width=50%% align=center>"
            "<input type=button value=\"%s\" "
            "onClick=\"top.close()\"></td>\n",
            XP_GetClientStr(DBT_cancel_2));
@@ -707,8 +707,19 @@
 	    }
         } else {
             if ( isvar != -1 )  {
-		isvar += LDAP_UTF8COPY(scratch + isvar, string);
-                scratch[ isvar ] = '\0';
+		/* check for scratch overflow */
+		if ((strlen(string) + isvar) < sizeof(scratch)) {
+		    isvar += LDAP_UTF8COPY(scratch + isvar, string);
+		    scratch[ isvar ] = '\0';
+		} else {
+		    char msg[BUFSIZ];
+		    /* error - buffer overflow */
+		    PR_snprintf(msg, sizeof(msg), XP_GetClientStr(DBT_invalidTemplateVarLen),
+				strlen(string), string);
+		    template_error(msg);
+		    *argc = 0;
+		    return NULL;
+		}
             } else {
                 if ( *string == DIRECTIVE_END ) {
                     break;


Index: ldaputil.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/ldaputil.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- ldaputil.c	19 Apr 2005 22:07:02 -0000	1.4
+++ ldaputil.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -50,6 +50,7 @@
 #include <io.h>
 #include <fcntl.h>
 #endif
+#include "libadminutil/distadm.h"
 
 static dsgwtmplinfo *init_listdisplay( char *tmplname, unsigned long options );
 static int do_search( dsgwtmplinfo *tip, LDAP *ld, char *base, int scope,
@@ -1305,7 +1306,7 @@
 	*errsp = XP_GetClientStr(DBT_invalidUserIdOrNullLdapHandle_);
 	return NULL;
     }
-    PR_snprintf( filtbuf, 85, "uid=%s", uid );
+    PR_snprintf( filtbuf, sizeof(filtbuf), "uid=%s", uid );
 
     if (( rc = ldap_search_s( ld, base, LDAP_SCOPE_SUBTREE, filtbuf,
 	    attrs, 1, &result )) != LDAP_SUCCESS ) {
@@ -1423,10 +1424,10 @@
     }
 
     if ( count > 1 ) {
-	util_snprintf( line, BIG_LINE, "%s\n<SELECT NAME=\"%s\">\n",
+	util_snprintf( line, sizeof(line), "%s\n<SELECT NAME=\"%s\">\n",
 		prefix, varname );
     } else {
-	util_snprintf( line, BIG_LINE, "<INPUT TYPE=\"hidden\" NAME=\"%s\" ",
+	util_snprintf( line, sizeof(line), "<INPUT TYPE=\"hidden\" NAME=\"%s\" ",
 		varname );
     }
     dsgw_emits( line );
@@ -1463,7 +1464,7 @@
     }
 
     if ( count > 1 ) {
-	util_snprintf( line, BIG_LINE, "</SELECT>\n%s\n", suffix );
+	util_snprintf( line, sizeof(line), "</SELECT>\n%s\n", suffix );
 	dsgw_emits( line );
     }
 
@@ -1500,7 +1501,7 @@
 	}
     }
 
-    util_snprintf( line, BIG_LINE, " VALUE=\"%s\">%s\n", escapeddn,
+    util_snprintf( line, sizeof(line), " VALUE=\"%s\">%s\n", escapeddn,
 	    only_one ? "" : friendlyname );
     free( escapeddn );
     if ( rdns != NULL ) {


Index: templateindex.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/templateindex.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- templateindex.c	19 Apr 2005 22:07:02 -0000	1.4
+++ templateindex.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -63,11 +63,11 @@
 	if( ( dir == NULL ) || (strlen( dir ) == 0) )
 		return NULL;
 
-	if( ( ret = malloc( sizeof( char * ) ) ) == NULL ) 
+	if( ( ret = malloc( sizeof( char * ) * 2 ) ) == NULL ) 
 		return NULL;
 
-	strcpy(szWildcardFileSpec, dir);
-	strcat(szWildcardFileSpec, "/*");
+	PL_strncpyz(szWildcardFileSpec, dir, sizeof(szWildcardFileSpec));
+	PL_strcatn(szWildcardFileSpec, sizeof(szWildcardFileSpec), "/*");
 	
 	hFile = _findfirst( szWildcardFileSpec, &fileinfo);
 	if( hFile == -1 )


Index: tutor.c
===================================================================
RCS file: /cvs/dirsec/ldapserver/ldap/clients/dsgw/tutor.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- tutor.c	19 Apr 2005 22:07:03 -0000	1.4
+++ tutor.c	11 Apr 2006 02:14:32 -0000	1.5
@@ -124,7 +124,7 @@
         *tmp='\0';
         dsgw_emitf("<BASE href=\"%s%s/%s\">\n", surl, sn, base);
     }
-    while( fgets(line, BIG_LINE, html))  {
+    while( fgets(line, sizeof(line), html))  {
 	dsgw_emits( line );
     }
 }
@@ -210,7 +210,7 @@
             map=fopen(man_index, "r");
             if(!map) 
                 goto ohwell;
-            while(fgets(line, BIG_LINE, map))  {
+            while(fgets(line, sizeof(line), map))  {
                 if(line[0]==';')  
                     continue;
                 else if(ldap_utf8isspace(line))




More information about the Fedora-directory-commits mailing list