shadow-maint · alejandro-colomar · Aug 26, 2023 · Aug 26, 2023 · Aug 26, 2023 · Aug 26, 2023
diff --git a/lib/commonio.c b/lib/commonio.c
@@ -32,6 +32,7 @@
 #include "prototypes.h"
 #include "commonio.h"
 #include "shadowlog_internal.h"
+#include "string/sprintf.h"
 
 
 /* local function prototypes */
@@ -123,11 +124,11 @@ static int check_link_count (const char *file, bool log)
 
 static int do_lock_file (const char *file, const char *lock, bool log)
 {
-	int fd;
-	pid_t pid;
-	ssize_t len;
-	int retval;
-	char buf[32];
+	int      fd;
+	int      retval;
+	char     buf[32];
+	pid_t    pid;
+	ssize_t  len;
 
 	fd = open (file, O_CREAT | O_TRUNC | O_WRONLY, 0600);
 	if (-1 == fd) {
@@ -140,7 +141,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
 	}
 
 	pid = getpid ();
-	snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
+	SNPRINTF(buf, "%lu", (unsigned long) pid);
 	len = (ssize_t) strlen (buf) + 1;
 	if (write_full(fd, buf, len) == -1) {
 		if (log) {
@@ -341,7 +342,7 @@ static void free_linked_list (struct commonio_db *db)
 
 int commonio_setname (struct commonio_db *db, const char *name)
 {
-	snprintf (db->filename, sizeof (db->filename), "%s", name);
+	SNPRINTF(db->filename, "%s", name);
 	db->setname = true;
 	return 1;
 }
@@ -467,7 +468,7 @@ static void dec_lock_count (void)
 
 int commonio_unlock (struct commonio_db *db)
 {
-	char lock[1024];
+	char  lock[1024];
 
 	if (db->isopen) {
 		db->readonly = true;
@@ -484,7 +485,7 @@ int commonio_unlock (struct commonio_db *db)
 		 * then call ulckpwdf() (if used) on last unlock.
 		 */
 		db->locked = false;
-		snprintf (lock, sizeof lock, "%s.lock", db->filename);
+		SNPRINTF(lock, "%s.lock", db->filename);
 		unlink (lock);
 		dec_lock_count ();
 		return 1;
@@ -893,9 +894,9 @@ static int write_all (const struct commonio_db *db)
 
 int commonio_close (struct commonio_db *db)
 {
-	char buf[1024];
-	int errors = 0, r;
-	struct stat sb;
+	int          errors = 0;
+	char         buf[1024];
+	struct stat  sb;
 
 	if (!db->isopen) {
 		errno = EINVAL;
@@ -926,8 +927,7 @@ int commonio_close (struct commonio_db *db)
 		/*
 		 * Create backup file.
 		 */
-		r = snprintf (buf, sizeof buf, "%s-", db->filename);
-		if (r < 0 || (size_t)r >= sizeof buf) {
+		if (SNPRINTF(buf, "%s-", db->filename) == -1) {
 			(void) fclose (db->fp);
 			db->fp = NULL;
 			goto fail;
@@ -964,8 +964,7 @@ int commonio_close (struct commonio_db *db)
 		sb.st_gid = db->st_gid;
 	}
 
-	r = snprintf (buf, sizeof buf, "%s+", db->filename);
-	if (r < 0 || (size_t)r >= sizeof buf)
+	if (SNPRINTF(buf, "%s+", db->filename) == -1)
 		goto fail;
 
 #ifdef WITH_SELINUX

diff --git a/lib/env.c b/lib/env.c
@@ -166,9 +166,9 @@ void addenv (const char *string, /*@null@*/const char *value)
  */
 void set_env (int argc, char *const *argv)
 {
-	int noname = 1;
-	char variable[1024];
-	char *cp;
+	int   noname = 1;
+	char  variable[1024];
+	char  *cp;
 
 	for (; argc > 0; argc--, argv++) {
 		if (strlen (*argv) >= sizeof variable) {
@@ -177,9 +177,7 @@ void set_env (int argc, char *const *argv)
 
 		cp = strchr (*argv, '=');
 		if (NULL == cp) {
-			int wlen;
-			wlen = snprintf (variable, sizeof variable, "L%d", noname);
-			assert (wlen < (int) sizeof(variable));
+			XSNPRINTF(variable, "L%d", noname);
 			noname++;
 			addenv (variable, *argv);
 		} else {

diff --git a/lib/get_pid.c b/lib/get_pid.c
@@ -14,6 +14,9 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
+#include "string/sprintf.h"
+
+
 int get_pid (const char *pidstr, pid_t *pid)
 {
 	long long  val;
@@ -75,18 +78,15 @@ int get_pidfd_from_fd(const char *pidfdstr)
 
 int open_pidfd(const char *pidstr)
 {
-	int proc_dir_fd;
-	int written;
-	char proc_dir_name[32];
-	pid_t target;
+	int    proc_dir_fd;
+	char   proc_dir_name[32];
+	pid_t  target;
 
 	if (get_pid(pidstr, &target) == 0)
 		return -ENOENT;
 
 	/* max string length is 6 + 10 + 1 + 1 = 18, allocate 32 bytes */
-	written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/",
-		target);
-	if ((written <= 0) || ((size_t)written >= sizeof(proc_dir_name))) {
+	if (SNPRINTF(proc_dir_name, "/proc/%u/", target) == -1) {
 		fprintf(stderr, "snprintf of proc path failed for %u: %s\n",
 			target, strerror(errno));
 		return -EINVAL;

diff --git a/lib/hushed.c b/lib/hushed.c
@@ -18,6 +18,9 @@
 #include "defines.h"
 #include "prototypes.h"
 #include "getdef.h"
+#include "string/sprintf.h"
+
+
 /*
  * hushed - determine if a user receives login messages
  *
@@ -26,11 +29,11 @@
  */
 bool hushed (const char *username)
 {
-	struct passwd *pw;
-	const char *hushfile;
-	char buf[BUFSIZ];
-	bool found;
-	FILE *fp;
+	bool           found;
+	char           buf[BUFSIZ];
+	FILE           *fp;
+	const char     *hushfile;
+	struct passwd  *pw;
 
 	/*
 	 * Get the name of the file to use.  If this option is not
@@ -53,7 +56,7 @@ bool hushed (const char *username)
 	 */
 
 	if (hushfile[0] != '/') {
-		(void) snprintf (buf, sizeof (buf), "%s/%s", pw->pw_dir, hushfile);
+		SNPRINTF(buf, "%s/%s", pw->pw_dir, hushfile);
 		return (access (buf, F_OK) == 0);
 	}
 

diff --git a/lib/nss.c b/lib/nss.c
@@ -14,6 +14,8 @@
 #include "../libsubid/subid.h"
 #include "shadowlog_internal.h"
 #include "shadowlog.h"
+#include "string/sprintf.h"
+
 
 #define NSSWITCH "/etc/nsswitch.conf"
 
@@ -44,12 +46,12 @@ static void nss_exit(void) {
 
 // nsswitch_path is an argument only to support testing.
 void nss_init(const char *nsswitch_path) {
-	FILE *nssfp = NULL;
-	char *line = NULL, *p, *token, *saveptr;
-	size_t len = 0;
-	FILE *shadow_logfd = log_get_logfd();
-	char libname[65];
-	void *h;
+	char    *line = NULL, *p, *token, *saveptr;
+	char    libname[64];
+	FILE    *nssfp = NULL;
+	FILE    *shadow_logfd = log_get_logfd();
+	void    *h;
+	size_t  len = 0;
 
 	if (atomic_flag_test_and_set(&nss_init_started)) {
 		// Another thread has started nss_init, wait for it to complete
@@ -103,7 +105,7 @@ void nss_init(const char *nsswitch_path) {
 		fprintf(shadow_logfd, "Using files\n");
 		goto null_subid;
 	}
-	snprintf(libname, 64,  "libsubid_%s.so", token);
+	SNPRINTF(libname, "libsubid_%s.so", token);
 	h = dlopen(libname, RTLD_LAZY);
 	if (!h) {
 		fprintf(shadow_logfd, "Error opening %s: %s\n", libname, dlerror());

diff --git a/lib/pwauth.c b/lib/pwauth.c
@@ -25,6 +25,7 @@
 #include "prototypes.h"
 #include "pwauth.h"
 #include "getdef.h"
+#include "string/sprintf.h"
 
 #ifdef SKEY
 #include <skey.h>
@@ -51,16 +52,16 @@
              int reason,
              /*@null@*/const char *input)
 {
-	char prompt[1024];
-	char *clear = NULL;
-	const char *cp;
-	const char *encrypted;
-	int retval;
+	int          retval;
+	char         prompt[1024];
+	char         *clear = NULL;
+	const char   *cp;
+	const char   *encrypted;
 
 #ifdef	SKEY
-	bool use_skey = false;
-	char challenge_info[40];
-	struct skey skey;
+	bool         use_skey = false;
+	char         challenge_info[40];
+	struct skey  skey;
 #endif
 
 	/*
@@ -141,7 +142,7 @@
 		}
 #endif
 
-		snprintf (prompt, sizeof prompt, cp, user);
+		SNPRINTF(prompt, cp, user);
 		clear = agetpass(prompt);
 		input = (clear == NULL) ? "" : clear;
 	}

diff --git a/lib/salt.c b/lib/salt.c
@@ -175,7 +175,7 @@ static /*@observer@*/void SHA_salt_rounds_to_buf (char *buf, unsigned long round
 	 */
 	assert (GENSALT_SETTING_SIZE > buf_begin + 17);
 
-	(void) snprintf (buf + buf_begin, 18, "rounds=%lu$", rounds);
+	snprintf(buf + buf_begin, 18, "rounds=%lu$", rounds);
 }
 #endif /* USE_SHA_CRYPT */
 
@@ -254,7 +254,7 @@ static /*@observer@*/void BCRYPT_salt_rounds_to_buf (char *buf, unsigned long ro
 	 */
 	assert (GENSALT_SETTING_SIZE > buf_begin + 3);
 
-	(void) snprintf (buf + buf_begin, 4, "%2.2lu$", rounds);
+	snprintf(buf + buf_begin, 4, "%2.2lu$", rounds);
 }
 #endif /* USE_BCRYPT */
 

diff --git a/lib/shell.c b/lib/shell.c
@@ -15,6 +15,9 @@
 #include <errno.h>
 #include "prototypes.h"
 #include "defines.h"
+#include "string/sprintf.h"
+
+
 extern char **newenvp;
 extern size_t newenvc;
 
@@ -30,8 +33,8 @@ extern size_t newenvc;
 
 int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 {
-	char arg0[1024];
-	int err;
+	int   err;
+	char  arg0[1024];
 
 	if (file == NULL) {
 		errno = EINVAL;
@@ -45,8 +48,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 	 * don't want to tell us what it is themselves.
 	 */
 	if (arg == NULL) {
-		(void) snprintf (arg0, sizeof arg0, "-%s", Basename (file));
-		arg0[sizeof arg0 - 1] = '\0';
+		SNPRINTF(arg0, "-%s", Basename(file));
 		arg = arg0;
 	}
 
@@ -72,7 +74,7 @@ int shell (const char *file, /*@null@*/const char *arg, char *const envp[])
 	 * how to execute this stupid shell, so I might as well give
 	 * up in disgust ...
 	 */
-	(void) snprintf (arg0, sizeof arg0, _("Cannot execute %s"), file);
+	SNPRINTF(arg0, _("Cannot execute %s"), file);
 	errno = err;
 	perror (arg0);
 	return err;

diff --git a/lib/string/sprintf.c b/lib/string/sprintf.c
@@ -17,3 +17,13 @@
 extern inline int xasprintf(char **restrict s, const char *restrict fmt, ...);
 extern inline int xvasprintf(char **restrict s, const char *restrict fmt,
     va_list ap);
+
+extern inline int snprintf_(char *restrict s, int size,
+    const char *restrict fmt, ...);
+extern inline int vsnprintf_(char *restrict s, int size,
+    const char *restrict fmt, va_list ap);
+
+extern inline int xsnprintf(char *restrict s, int size,
+    const char *restrict fmt, ...);
+extern inline int xvsnprintf(char *restrict s, int size,
+    const char *restrict fmt, va_list ap);