Changeset 90a8e42b in rtems


Ignore:
Timestamp:
11/19/14 20:42:02 (9 years ago)
Author:
Josh Oguin <josh.oguin@…>
Branches:
4.11, 5, master
Children:
e106aa73
Parents:
4862532
git-author:
Josh Oguin <josh.oguin@…> (11/19/14 20:42:02)
git-committer:
Joel Sherrill <joel.sherrill@…> (11/26/14 13:51:59)
Message:

monitor/mon-editor.c: Use puts() and snprintf() not fprintf() or sprintf()

CodeSonar? flagged this as a case where the user could inject a format
string and cause issues. Since we were not printing anything but a
string, just switching to puts() rather than fprintf(stdout,...) was
sufficient to make this code safer.

snprintf() places a limit on the length of the output from sprintf()
and avoids similar buffer overrun issues.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cpukit/libmisc/monitor/mon-editor.c

    r4862532 r90a8e42b  
    266266        {
    267267          case KEYS_END:
    268             fprintf(stdout,buffer + pos);
     268            puts(buffer + pos);
    269269            pos = (int) strlen (buffer);
    270270            break;
     
    429429                for (ch = end; ch > pos; ch--)
    430430                  buffer[ch] = buffer[ch - 1];
    431                 fprintf(stdout,buffer + pos);
     431                puts(buffer + pos);
    432432                for (bs = 0; bs < (end - pos + 1); bs++)
    433433                  putchar ('\b');
     
    491491#if defined(RTEMS_MULTIPROCESSING)
    492492  if (!rtems_configuration_get_user_multiprocessing_table ())
    493     sprintf (monitor_prompt, "%s",
     493    snprintf (monitor_prompt, sizeof(monitor_prompt), "%s",
    494494             (env_prompt == NULL) ? MONITOR_PROMPT: env_prompt);
    495495  else /* .... */
    496496#endif
    497497  if (rtems_monitor_default_node != rtems_monitor_node)
    498     sprintf (monitor_prompt, "%" PRId32 "-%s-%" PRId32 "", rtems_monitor_node,
     498    snprintf (monitor_prompt, sizeof(monitor_prompt),
     499              "%" PRId32 "-%s-%" PRId32 "", rtems_monitor_node,
    499500             (env_prompt == NULL) ? MONITOR_PROMPT : env_prompt,
    500501             rtems_monitor_default_node);
    501502  else
    502     sprintf (monitor_prompt, "%" PRId32 "-%s", rtems_monitor_node,
     503    snprintf (monitor_prompt, sizeof(monitor_prompt),
     504             "%" PRId32 "-%s", rtems_monitor_node,
    503505             (env_prompt == NULL) ? MONITOR_PROMPT : env_prompt);
    504506
Note: See TracChangeset for help on using the changeset viewer.