From e6cbb896fef6838af76c59b08c85ae7d85885007 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 29 Aug 2006 16:03:57 +0000 Subject: [PATCH] r17914: snpritnf() fixes & NULL deref fixes --- source/lib/snprintf.c | 61 ++++++++++++++++++++++++++++++++++++--------------- source/lib/util_str.c | 6 +++-- source/lib/xfile.c | 2 +- 3 files changed, 48 insertions(+), 21 deletions(-) diff --git a/source/lib/snprintf.c b/source/lib/snprintf.c index 5d89aa841fb..8ff76ab1165 100644 --- a/source/lib/snprintf.c +++ b/source/lib/snprintf.c @@ -247,7 +247,7 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, char *value, int flags, int min, int max); static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags); + LLONG value, int base, int min, int max, int flags); static void fmtfp(char *buffer, size_t *currlen, size_t maxlen, LDOUBLE fvalue, int min, int max, int flags); static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c); @@ -589,11 +589,11 @@ static size_t dopr(char *buffer, size_t maxlen, const char *format, va_list args if (cnk->cflags == DP_C_SHORT) cnk->value = va_arg (args, unsigned int); else if (cnk->cflags == DP_C_LONG) - cnk->value = (long)va_arg (args, unsigned long int); + cnk->value = (unsigned long int)va_arg (args, unsigned long int); else if (cnk->cflags == DP_C_LLONG) cnk->value = (LLONG)va_arg (args, unsigned LLONG); else - cnk->value = (long)va_arg (args, unsigned int); + cnk->value = (unsigned int)va_arg (args, unsigned int); for (i = 1; i < clist[pnum].num; i++) { clist[pnum].chunks[i]->value = cnk->value; @@ -799,10 +799,10 @@ static void fmtstr(char *buffer, size_t *currlen, size_t maxlen, /* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ static void fmtint(char *buffer, size_t *currlen, size_t maxlen, - long value, int base, int min, int max, int flags) + LLONG value, int base, int min, int max, int flags) { int signvalue = 0; - unsigned long uvalue; + unsigned LLONG uvalue; char convert[20]; int place = 0; int spadlen = 0; /* amount to space pad */ @@ -920,7 +920,7 @@ static LLONG ROUND(LDOUBLE value) static double my_modf(double x0, double *iptr) { int i; - long l; + LLONG l; double x = x0; double f = 1.0; @@ -1114,7 +1114,7 @@ static void dopr_outch(char *buffer, size_t *currlen, size_t maxlen, char c) static struct pr_chunk *new_chunk(void) { struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); - if ( !new_c ) + if (!new_c) return NULL; new_c->type = 0; @@ -1301,7 +1301,7 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) "%d", NULL }; - long int_nums[] = { -1, 134, 91340, 341, 0203, 0, 1234567890}; + long int_nums[] = { -1, 134, 91340, 341, 0203, 1234567890, 0}; char *str_fmt[] = { "%10.5s", "%-10.5s", @@ -1318,6 +1318,13 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) NULL }; char *str_vals[] = {"hello", "a", "", "a longer string", NULL}; +#ifdef HAVE_LONG_LONG + char *ll_fmt[] = { + "%llu", + NULL + }; + LLONG ll_nums[] = { 134, 91340, 341, 0203, 1234567890, 128006186140000000LL, 0}; +#endif int x, y; int fail = 0; int num = 0; @@ -1329,9 +1336,9 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) for (y = 0; fp_nums[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, fp_fmt[x], fp_nums[y]); - l2 = snprintf(buf1, sizeof(buf1), fp_fmt[x], fp_nums[y]); + l2 = sprintf(buf1, fp_fmt[x], fp_nums[y]); sprintf (buf2, fp_fmt[x], fp_nums[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", fp_fmt[x], l1, buf1, l2, buf2); @@ -1345,9 +1352,9 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) for (y = 0; int_nums[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, int_fmt[x], int_nums[y]); - l2 = snprintf(buf1, sizeof(buf1), int_fmt[x], int_nums[y]); + l2 = sprintf(buf1, int_fmt[x], int_nums[y]); sprintf (buf2, int_fmt[x], int_nums[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", int_fmt[x], l1, buf1, l2, buf2); @@ -1361,9 +1368,9 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) for (y = 0; str_vals[y] != 0 ; y++) { buf1[0] = buf2[0] = '\0'; l1 = snprintf(NULL, 0, str_fmt[x], str_vals[y]); - l2 = snprintf(buf1, sizeof(buf1), str_fmt[x], str_vals[y]); + l2 = sprintf(buf1, str_fmt[x], str_vals[y]); sprintf (buf2, str_fmt[x], str_vals[y]); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp (buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", str_fmt[x], l1, buf1, l2, buf2); @@ -1373,6 +1380,24 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) } } +#ifdef HAVE_LONG_LONG + for (x = 0; ll_fmt[x] ; x++) { + for (y = 0; ll_nums[y] != 0 ; y++) { + buf1[0] = buf2[0] = '\0'; + l1 = snprintf(NULL, 0, ll_fmt[x], ll_nums[y]); + l2 = sprintf(buf1, ll_fmt[x], ll_nums[y]); + sprintf (buf2, ll_fmt[x], ll_nums[y]); + buf1[1023] = buf2[1023] = '\0'; + if (strcmp (buf1, buf2) || (l1 != l2)) { + printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", + ll_fmt[x], l1, buf1, l2, buf2); + fail++; + } + num++; + } + } +#endif + #define BUFSZ 2048 buf1[0] = buf2[0] = '\0'; @@ -1392,7 +1417,7 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%4$*1$d %2$s %3$*1$.*1$f", 3, "pos test", 12.3456, 9); l2 = sprintf(buf2, "%4$*1$d %2$s %3$*1$.*1$f", 3, "pos test", 12.3456, 9); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2) || (l1 != l2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%4$*1$d %2$s %3$*1$.*1$f", l1, buf1, l2, buf2); @@ -1402,7 +1427,7 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%4$*4$d %2$s %3$*4$.*4$f", 3, "pos test", 12.3456, 9); l2 = sprintf(buf2, "%4$*4$d %2$s %3$*4$.*4$f", 3, "pos test", 12.3456, 9); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%4$*1$d %2$s %3$*1$.*1$f", l1, buf1, l2, buf2); @@ -1412,7 +1437,7 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%lld", (LLONG)1234567890); l2 = sprintf(buf2, "%lld", (LLONG)1234567890); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%lld", l1, buf1, l2, buf2); @@ -1422,7 +1447,7 @@ int smb_snprintf(char *str,size_t count,const char *fmt,...) buf1[0] = buf2[0] = '\0'; l1 = snprintf(buf1, sizeof(buf1), "%Lf", (LDOUBLE)890.1234567890123); l2 = sprintf(buf2, "%Lf", (LDOUBLE)890.1234567890123); - buf1[1023] = buf1[1023] = '\0'; + buf1[1023] = buf2[1023] = '\0'; if (strcmp(buf1, buf2)) { printf("snprintf doesn't match Format: %s\n\tsnprintf(%d) = [%s]\n\t sprintf(%d) = [%s]\n", "%Lf", l1, buf1, l2, buf2); diff --git a/source/lib/util_str.c b/source/lib/util_str.c index 7c9c6a6da8e..c106c4433aa 100644 --- a/source/lib/util_str.c +++ b/source/lib/util_str.c @@ -2023,7 +2023,7 @@ char* ipstr_list_make(char** ipstr_list, const struct ip_service* ip_list, int i int i; /* arguments checking */ - if (!ip_list && !ipstr_list) return 0; + if (!ip_list || !ipstr_list) return 0; *ipstr_list = NULL; @@ -2251,7 +2251,9 @@ SMB_BIG_UINT STR_TO_SMB_BIG_UINT(const char *nptr, const char **entptr) const char *p = nptr; if (!p) { - *entptr = p; + if (entptr) { + *entptr = p; + } return val; } diff --git a/source/lib/xfile.c b/source/lib/xfile.c index ef33c7894f7..2e90a62df45 100644 --- a/source/lib/xfile.c +++ b/source/lib/xfile.c @@ -259,7 +259,7 @@ int x_fflush(XFILE *f) return -1; } - if (f->bufused == 0) return 0; + if (f->bufused == 0 || !f->buf) return 0; ret = write(f->fd, f->buf, f->bufused); if (ret == -1) return -1; -- 2.11.4.GIT