From 3421a7aaab77be990946c14d9e244a25b4e0ad2c Mon Sep 17 00:00:00 2001 From: Shreenidhi Shedi Date: Wed, 1 Sep 2021 19:50:35 +0530 Subject: [PATCH 04/12] Use the safer alternative snprintf instead of sprintf Signed-off-by: Shreenidhi Shedi --- src/idcache.c | 8 ++++---- src/userspec.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/idcache.c b/src/idcache.c index 877993f..898d20e 100644 --- a/src/idcache.c +++ b/src/idcache.c @@ -59,7 +59,7 @@ getuser (uid_t uid) { register struct userid *tail; struct passwd *pwent; - char usernum_string[20]; + char usernum_string[20] = {0}; for (tail = user_alist; tail; tail = tail->next) if (tail->id.u == uid) @@ -70,7 +70,7 @@ getuser (uid_t uid) tail->id.u = uid; if (pwent == 0) { - sprintf (usernum_string, "%u", (unsigned) uid); + snprintf (usernum_string, sizeof (usernum_string), "%u", (unsigned) uid); tail->name = xstrdup (usernum_string); } else @@ -134,7 +134,7 @@ getgroup (gid_t gid) { register struct userid *tail; struct group *grent; - char groupnum_string[20]; + char groupnum_string[20] = {0}; for (tail = group_alist; tail; tail = tail->next) if (tail->id.g == gid) @@ -145,7 +145,7 @@ getgroup (gid_t gid) tail->id.g = gid; if (grent == 0) { - sprintf (groupnum_string, "%u", (unsigned int) gid); + snprintf (groupnum_string, sizeof (groupnum_string), "%u", (unsigned int) gid); tail->name = xstrdup (groupnum_string); } else diff --git a/src/userspec.c b/src/userspec.c index f84147d..c1d1ae3 100644 --- a/src/userspec.c +++ b/src/userspec.c @@ -144,8 +144,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid, /* This is enough room to hold the unsigned decimal representation of any 32-bit quantity and the trailing zero byte. */ - char uint_buf[21]; - sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid)); + char uint_buf[21] = {0}; + snprintf (uint_buf, sizeof (uint_buf), "%u", (unsigned int) (pwd->pw_gid)); V_STRDUP (groupname, uint_buf); } else -- 2.17.1