Index: addrtoname.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/addrtoname.c,v retrieving revision 1.5 diff -u -r1.5 addrtoname.c --- addrtoname.c 1998/09/15 19:46:59 1.5 +++ addrtoname.c 2000/10/30 22:45:58 @@ -525,7 +525,7 @@ tp->addr = i; tp->nxt = newhnamemem(); - (void)sprintf(buf, "%u", i); + (void)snprintf(buf, sizeof(buf), "%u", i); tp->name = savestr(buf); return (tp->name); } @@ -551,7 +551,7 @@ while (table->name) table = table->nxt; if (nflag) { - (void)sprintf(buf, "%d", port); + (void)snprintf(buf, sizeof(buf), "%d", port); table->name = savestr(buf); } else table->name = savestr(sv->s_name); Index: print-atalk.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-atalk.c,v retrieving revision 1.6 diff -u -r1.6 print-atalk.c --- print-atalk.c 1998/09/15 19:46:59 1.6 +++ print-atalk.c 2000/10/30 22:46:07 @@ -495,7 +495,7 @@ { register struct hnamemem *tp, *tp2; register int i = (atnet << 8) | athost; - char nambuf[256]; + char nambuf[MAXHOSTNAMELEN + 20]; static int first = 1; FILE *fp; @@ -540,7 +540,7 @@ if (tp2->addr == i) { tp->addr = (atnet << 8) | athost; tp->nxt = newhnamemem(); - (void)sprintf(nambuf, "%s.%d", tp2->name, athost); + (void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost); tp->name = savestr(nambuf); return (tp->name); } Index: print-fr.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-fr.c,v retrieving revision 1.2 diff -u -r1.2 print-fr.c --- print-fr.c 1998/01/01 04:13:43 1.2 +++ print-fr.c 2000/10/30 22:46:08 @@ -395,12 +395,12 @@ break; case LINK_VERIFY_IE_91: case LINK_VERIFY_IE_94: - sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d", + snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d", ptemp[2], ptemp[3]); decode_str = temp_str; break; case PVC_STATUS_IE: - sprintf(temp_str,"DLCI %d: status %s %s", + snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s", ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), ptemp[4] & 0x8 ?"new,":" ", ptemp[4] & 0x2 ?"Active":"Inactive"); Index: print-icmp.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-icmp.c,v retrieving revision 1.3 diff -u -r1.3 print-icmp.c --- print-icmp.c 1997/05/27 02:17:32 1.3 +++ print-icmp.c 2000/10/30 22:46:08 @@ -172,7 +172,7 @@ register const struct ip *oip; register const struct udphdr *ouh; register u_int hlen, dport, mtu; - char buf[256]; + char buf[MAXHOSTNAMELEN + 100]; dp = (struct icmp *)bp; ip = (struct ip *)bp2; @@ -191,7 +191,7 @@ case ICMP_UNREACH_PROTOCOL: TCHECK(dp->icmp_ip.ip_p); - (void)sprintf(buf, "%s protocol %d unreachable", + (void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable", ipaddr_string(&dp->icmp_ip.ip_dst), dp->icmp_ip.ip_p); break; @@ -205,21 +205,21 @@ switch (oip->ip_p) { case IPPROTO_TCP: - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%s tcp port %s unreachable", ipaddr_string(&oip->ip_dst), tcpport_string(dport)); break; case IPPROTO_UDP: - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%s udp port %s unreachable", ipaddr_string(&oip->ip_dst), udpport_string(dport)); break; default: - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%s protocol %d port %d unreachable", ipaddr_string(&oip->ip_dst), oip->ip_p, dport); @@ -234,11 +234,11 @@ mp = (struct mtu_discovery *)&dp->icmp_void; mtu = EXTRACT_16BITS(&mp->nexthopmtu); if (mtu) - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag (mtu %d)", ipaddr_string(&dp->icmp_ip.ip_dst), mtu); else - (void)sprintf(buf, + (void)snprintf(buf, sizeof(buf), "%s unreachable - need to frag", ipaddr_string(&dp->icmp_ip.ip_dst)); } @@ -247,7 +247,7 @@ default: fmt = tok2str(unreach2str, "#%d %%s unreachable", dp->icmp_code); - (void)sprintf(buf, fmt, + (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(&dp->icmp_ip.ip_dst)); break; } @@ -257,7 +257,7 @@ TCHECK(dp->icmp_ip.ip_dst); fmt = tok2str(type2str, "redirect-#%d %%s to net %%s", dp->icmp_code); - (void)sprintf(buf, fmt, + (void)snprintf(buf, sizeof(buf), fmt, ipaddr_string(&dp->icmp_ip.ip_dst), ipaddr_string(&dp->icmp_gwaddr)); break; @@ -277,30 +277,30 @@ cp = buf + strlen(buf); lifetime = EXTRACT_16BITS(&ihp->ird_lifetime); if (lifetime < 60) - (void)sprintf(cp, "%u", lifetime); + (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime); else if (lifetime < 60 * 60) - (void)sprintf(cp, "%u:%02u", + (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u", lifetime / 60, lifetime % 60); else - (void)sprintf(cp, "%u:%02u:%02u", + (void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u", lifetime / 3600, (lifetime % 3600) / 60, lifetime % 60); cp = buf + strlen(buf); num = ihp->ird_addrnum; - (void)sprintf(cp, " %d:", num); + (void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num); cp = buf + strlen(buf); size = ihp->ird_addrsiz; if (size != 2) { - (void)sprintf(cp, " [size %d]", size); + (void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size); break; } idp = (struct id_rdiscovery *)&dp->icmp_data; while (num-- > 0) { TCHECK(*idp); - (void)sprintf(cp, " {%s %u}", + (void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}", ipaddr_string(&idp->ird_addr), EXTRACT_32BITS(&idp->ird_pref)); cp = buf + strlen(buf); @@ -321,25 +321,25 @@ break; default: - (void)sprintf(buf, "time exceeded-#%d", dp->icmp_code); + (void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code); break; } break; case ICMP_PARAMPROB: if (dp->icmp_code) - (void)sprintf(buf, "parameter problem - code %d", + (void)snprintf(buf, sizeof(buf), "parameter problem - code %d", dp->icmp_code); else { TCHECK(dp->icmp_pptr); - (void)sprintf(buf, "parameter problem - octet %d", + (void)snprintf(buf, sizeof(buf), "parameter problem - octet %d", dp->icmp_pptr); } break; case ICMP_MASKREPLY: TCHECK(dp->icmp_mask); - (void)sprintf(buf, "address mask is 0x%08x", + (void)snprintf(buf, sizeof(buf), "address mask is 0x%08x", (u_int32_t)ntohl(dp->icmp_mask)); break; Index: print-sunrpc.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-sunrpc.c,v retrieving revision 1.4 diff -u -r1.4 print-sunrpc.c --- print-sunrpc.c 1998/09/15 19:46:59 1.4 +++ print-sunrpc.c 2000/10/30 22:46:09 @@ -126,7 +126,9 @@ rp = getrpcbynumber(prog); if (rp == NULL) (void) sprintf(buf, "#%u", prog); - else - strcpy(buf, rp->r_name); + else { + strncpy(buf, rp->r_name, sizeof(buf)-1); + buf[sizeof(buf)-1] = '\0'; + } return (buf); } Index: util.c =================================================================== RCS file: /usr/home/ncvs/src/contrib/tcpdump/util.c,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 util.c --- util.c 1998/09/15 19:36:31 1.1.1.3 +++ util.c 2000/10/30 22:46:09 @@ -154,7 +154,7 @@ } if (fmt == NULL) fmt = "#%d"; - (void)sprintf(buf, fmt, v); + (void)snprintf(buf, sizeof(buf), fmt, v); return (buf); }