These functions use sprintf() into a 1000-byte buffer. It appears to me
that the strings they format are either short, fixed-length strings or the
output of strerror(), neither of which should ordinarily overflow.
However, using snprintf() cannot hurt.
Launchpad bug #914160.
Reported-by: Matthias Klose <doko@ubuntu.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
void sfl_agent_error(SFLAgent *agent, char *modName, char *msg)
{
char errm[MAX_ERRMSG_LEN];
void sfl_agent_error(SFLAgent *agent, char *modName, char *msg)
{
char errm[MAX_ERRMSG_LEN];
- sprintf(errm, "sfl_agent_error: %s: %s\n", modName, msg);
+ snprintf(errm, sizeof errm, "sfl_agent_error: %s: %s\n", modName, msg);
if(agent->errorFn) (*agent->errorFn)(agent->magic, agent, errm);
else {
fprintf(stderr, "%s\n", errm);
if(agent->errorFn) (*agent->errorFn)(agent->magic, agent, errm);
else {
fprintf(stderr, "%s\n", errm);
void sfl_agent_sysError(SFLAgent *agent, char *modName, char *msg)
{
char errm[MAX_ERRMSG_LEN];
void sfl_agent_sysError(SFLAgent *agent, char *modName, char *msg)
{
char errm[MAX_ERRMSG_LEN];
- sprintf(errm, "sfl_agent_sysError: %s: %s (errno = %d - %s)\n", modName, msg, errno, strerror(errno));
+ snprintf(errm, sizeof errm, "sfl_agent_sysError: %s: %s (errno = %d - %s)\n", modName, msg, errno, strerror(errno));
if(agent->errorFn) (*agent->errorFn)(agent->magic, agent, errm);
else {
fprintf(stderr, "%s\n", errm);
if(agent->errorFn) (*agent->errorFn)(agent->magic, agent, errm);
else {
fprintf(stderr, "%s\n", errm);