[src/netbsd-1-6]: src/lib/libz Pullup rev 1.14-1.15 (requested by groo in tic...

[jmc <jmc%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/6822415c81fb
branches:  netbsd-1-6
changeset: 530176:6822415c81fb
user:      jmc <jmc%NetBSD.org@localhost>
date:      Wed Mar 05 19:47:41 2003 +0000

description:
Pullup rev 1.14-1.15 (requested by groo in tickets #1193 and #1194)
 Fix for potential buffer overflow in snprintf() (from OpenBSD)
 Remove the HAS_* ifdefs which select [v]s{,n}printf.  Always choose the
 n version.

diffstat:

 lib/libz/gzio.c |  23 ++++++-----------------
 1 files changed, 6 insertions(+), 17 deletions(-)

diffs (53 lines):

diff -r 2137c23bd55e -r 6822415c81fb lib/libz/gzio.c
--- a/lib/libz/gzio.c   Tue Mar 04 05:50:22 2003 +0000
+++ b/lib/libz/gzio.c   Wed Mar 05 19:47:41 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: gzio.c,v 1.12 2002/03/11 23:40:17 fvdl Exp $ */
+/* $NetBSD: gzio.c,v 1.12.2.1 2003/03/05 19:47:41 jmc Exp $ */
 
 /* gzio.c -- IO on .gz files
  * Copyright (C) 1995-2002 Jean-loup Gailly.
@@ -7,7 +7,7 @@
  * Compile this file with -DNO_DEFLATE to avoid the compression code.
  */
 
-/* @(#) $Id: gzio.c,v 1.12 2002/03/11 23:40:17 fvdl Exp $ */
+/* @(#) $Id: gzio.c,v 1.12.2.1 2003/03/05 19:47:41 jmc Exp $ */
 
 #include <stdio.h>
 
@@ -531,14 +531,9 @@
     int len;
 
     va_start(va, format);
-#ifdef HAS_vsnprintf
-    (void)vsnprintf(buf, sizeof(buf), format, va);
-#else
-    (void)vsprintf(buf, format, va);
-#endif
+    len = vsnprintf(buf, sizeof(buf), format, va);
     va_end(va);
-    len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
-    if (len <= 0) return 0;
+    if (len <= 0 || len >= sizeof(buf)) return 0;
 
     return gzwrite(file, buf, (unsigned)len);
 }
@@ -554,15 +549,9 @@
     char buf[Z_PRINTF_BUFSIZE];
     int len;
 
-#ifdef HAS_snprintf
-    snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
+    len = snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
             a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
-#else
-    sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
-           a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
-#endif
-    len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
-    if (len <= 0) return 0;
+    if (len <= 0 || len >= sizeof(buf)) return 0;
 
     return gzwrite(file, buf, len);
 }