From 21c5e998e144ac69c6654e131e3bdb9edb343caa Mon Sep 17 00:00:00 2001
From: Anthony Gialluca <agialluc@redhat.com>
Date: Tue, 26 Sep 2023 14:27:42 -0400
Subject: [PATCH 1/2] Updated conserver/cutil.c and conserver/group.c to use
 snprintf( ) vice sprintf( ) to prevent buffer overflows.

Signed-off-by: Anthony Gialluca <agialluc@redhat.com>
---
 conserver/cutil.c | 24 ++++++++++++------------
 conserver/group.c |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/conserver/cutil.c b/conserver/cutil.c
index 342be53..53ca39f 100644
--- a/conserver/cutil.c
+++ b/conserver/cutil.c
@@ -618,19 +618,19 @@ FileOpenFD(int fd, enum consFileType type)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	sprintf(buf, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	sprintf(buf, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
@@ -663,19 +663,19 @@ FileOpenPipe(int fd, int fdout)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	sprintf(buf, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fdout);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	sprintf(buf, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
@@ -754,19 +754,19 @@ FileOpen(const char *path, int flag, int mode)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	sprintf(buf, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	sprintf(buf, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    sprintf(buf, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
diff --git a/conserver/group.c b/conserver/group.c
index 0c5435b..a198110 100644
--- a/conserver/group.c
+++ b/conserver/group.c
@@ -2560,7 +2560,7 @@ TelOpt(int o)
     if (o < sizeof(telopts) / sizeof(char *))
 	return telopts[o];
     else {
-	sprintf(opt, "%d", o);
+	snprintf(opt, 128, "%d", o);
 	return opt;
     }
 }

From 6093e2e0831fe90a138bd647716b91f7de0f9040 Mon Sep 17 00:00:00 2001
From: Anthony Gialluca <agialluc@redhat.com>
Date: Tue, 26 Sep 2023 15:06:28 -0400
Subject: [PATCH 2/2] Cleaned up calls to snprintf in conserver/cutil.c and
 conserver/group.c with recommended code change.

Signed-off-by: Anthony Gialluca <agialluc@redhat.com>
---
 conserver/cutil.c | 24 ++++++++++++------------
 conserver/group.c |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/conserver/cutil.c b/conserver/cutil.c
index 53ca39f..b83e257 100644
--- a/conserver/cutil.c
+++ b/conserver/cutil.c
@@ -618,19 +618,19 @@ FileOpenFD(int fd, enum consFileType type)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
@@ -663,19 +663,19 @@ FileOpenPipe(int fd, int fdout)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fdout);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
@@ -754,19 +754,19 @@ FileOpen(const char *path, int flag, int mode)
 #if DEBUG_CONSFILE_IO
     {
 	char buf[1024];
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.w", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.w", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugwfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugwfd, buf, strlen(buf));
 	}
-	snprintf(buf, 1024, "CONSFILE-%s-%lu-%d.r", progname,
+	snprintf(buf, sizeof(buf), "CONSFILE-%s-%lu-%d.r", progname,
 		(unsigned long)thepid, fd);
 	if ((cfp->debugrfd =
 	     open(buf, O_WRONLY | O_CREAT | O_APPEND, 0644)) != -1) {
-	    snprintf(buf, 1024, "[---- STARTED - %s ----]\n",
+	    snprintf(buf, sizeof(buf), "[---- STARTED - %s ----]\n",
 		    StrTime((time_t *)0));
 	    write(cfp->debugrfd, buf, strlen(buf));
 	}
diff --git a/conserver/group.c b/conserver/group.c
index a198110..1304787 100644
--- a/conserver/group.c
+++ b/conserver/group.c
@@ -2560,7 +2560,7 @@ TelOpt(int o)
     if (o < sizeof(telopts) / sizeof(char *))
 	return telopts[o];
     else {
-	snprintf(opt, 128, "%d", o);
+	snprintf(opt, sizeof(opt), "%d", o);
 	return opt;
     }
 }