diff -r 7c771f0a24f3 tools/console/daemon/io.c --- a/tools/console/daemon/io.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/console/daemon/io.c Thu Jun 12 14:45:13 2008 +0200 @@ -525,7 +525,8 @@ static int domain_create_ring(struct dom } else dom->use_consolepath = 0; - sprintf(path, "%s/type", dom->use_consolepath ? dom->conspath: dom->serialpath); + snprintf(path, sizeof(path), "%s/type", + dom->use_consolepath ? dom->conspath: dom->serialpath); type = xs_read(xs, XBT_NULL, path, NULL); if (type && strcmp(type, "xenconsoled") != 0) { free(type); diff -r 7c771f0a24f3 tools/fs-back/fs-ops.c --- a/tools/fs-back/fs-ops.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/fs-back/fs-ops.c Thu Jun 12 14:45:13 2008 +0200 @@ -55,7 +55,8 @@ void dispatch_file_open(struct mount *mo printf("File open issued for %s\n", file_name); assert(BUFFER_SIZE > strlen(file_name) + strlen(mount->export->export_path) + 1); - sprintf(full_path, "%s/%s", mount->export->export_path, file_name); + snprintf(full_path, sizeof(full_path), "%s/%s", + mount->export->export_path, file_name); assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0); printf("Issuing open for %s\n", full_path); fd = open(full_path, O_RDWR); @@ -311,7 +312,8 @@ void dispatch_remove(struct mount *mount printf("File remove issued for %s\n", file_name); assert(BUFFER_SIZE > strlen(file_name) + strlen(mount->export->export_path) + 1); - sprintf(full_path, "%s/%s", mount->export->export_path, file_name); + snprintf(full_path, sizeof(full_path), "%s/%s", + mount->export->export_path, file_name); assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0); printf("Issuing remove for %s\n", full_path); ret = remove(full_path); @@ -355,8 +357,10 @@ void dispatch_rename(struct mount *mount strlen(old_file_name) + strlen(mount->export->export_path) + 1); assert(BUFFER_SIZE > strlen(new_file_name) + strlen(mount->export->export_path) + 1); - sprintf(old_full_path, "%s/%s", mount->export->export_path, old_file_name); - sprintf(new_full_path, "%s/%s", mount->export->export_path, new_file_name); + snprintf(old_full_path, sizeof(old_full_path), "%s/%s", + mount->export->export_path, old_file_name); + snprintf(new_full_path, sizeof(new_full_path), "%s/%s", + mount->export->export_path, new_file_name); assert(xc_gnttab_munmap(mount->gnth, buf, 1) == 0); printf("Issuing rename for %s -> %s\n", old_full_path, new_full_path); ret = rename(old_full_path, new_full_path); @@ -398,7 +402,8 @@ void dispatch_create(struct mount *mount printf("File create issued for %s\n", file_name); assert(BUFFER_SIZE > strlen(file_name) + strlen(mount->export->export_path) + 1); - sprintf(full_path, "%s/%s", mount->export->export_path, file_name); + snprintf(full_path, sizeof(full_path), "%s/%s", + mount->export->export_path, file_name); assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0); /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ @@ -447,7 +452,8 @@ void dispatch_list(struct mount *mount, printf("Dir list issued for %s\n", file_name); assert(BUFFER_SIZE > strlen(file_name) + strlen(mount->export->export_path) + 1); - sprintf(full_path, "%s/%s", mount->export->export_path, file_name); + snprintf(full_path, sizeof(full_path), "%s/%s", + mount->export->export_path, file_name); /* We can advance the request consumer index, from here on, the request * should not be used (it may be overrinden by a response) */ mount->ring.req_cons++; @@ -540,7 +546,8 @@ void dispatch_fs_space(struct mount *mou printf("Fs space issued for %s\n", file_name); assert(BUFFER_SIZE > strlen(file_name) + strlen(mount->export->export_path) + 1); - sprintf(full_path, "%s/%s", mount->export->export_path, file_name); + snprintf(full_path, sizeof(full_path), "%s/%s", + mount->export->export_path, file_name); assert(xc_gnttab_munmap(mount->gnth, file_name, 1) == 0); printf("Issuing fs space for %s\n", full_path); ret = statfs(full_path, &stat); diff -r 7c771f0a24f3 tools/fs-back/fs-xenbus.c --- a/tools/fs-back/fs-xenbus.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/fs-back/fs-xenbus.c Thu Jun 12 14:45:13 2008 +0200 @@ -22,8 +22,8 @@ static bool xenbus_printf(struct xs_hand va_list args; va_start(args, fmt); - sprintf(fullpath,"%s/%s", node, path); - vsprintf(val, fmt, args); + snprintf(fullpath, sizeof(fullpath), "%s/%s", node, path); + vsnprintf(val, sizeof(val), fmt, args); va_end(args); printf("xenbus_printf (%s) <= %s.\n", fullpath, val); @@ -72,7 +72,7 @@ int xenbus_register_export(struct fs_exp printf("XS transaction is %d\n", xst); /* Create node string */ - sprintf(node, "%s/%d", EXPORTS_NODE, export->export_id); + snprintf(node, sizeof(node), "%s/%d", EXPORTS_NODE, export->export_id); /* Remove old export (if exists) */ xs_rm(xsh, xst, node); @@ -116,20 +116,20 @@ void xenbus_read_mount_request(struct mo assert(xsh != NULL); #if 0 - sprintf(node, WATCH_NODE"/%d/%d/frontend", + snprintf(node, sizeof(node), WATCH_NODE"/%d/%d/frontend", mount->dom_id, mount->export->export_id); frontend = xs_read(xsh, XBT_NULL, node, NULL); #endif mount->frontend = frontend; - sprintf(node, "%s/state", frontend); + snprintf(node, sizeof(node), "%s/state", frontend); s = xs_read(xsh, XBT_NULL, node, NULL); assert(strcmp(s, STATE_READY) == 0); free(s); - sprintf(node, "%s/ring-ref", frontend); + snprintf(node, sizeof(node), "%s/ring-ref", frontend); s = xs_read(xsh, XBT_NULL, node, NULL); mount->gref = atoi(s); free(s); - sprintf(node, "%s/event-channel", frontend); + snprintf(node, sizeof(node), "%s/event-channel", frontend); s = xs_read(xsh, XBT_NULL, node, NULL); mount->remote_evtchn = atoi(s); free(s); @@ -158,12 +158,12 @@ void xenbus_write_backend_node(struct mo assert(xsh != NULL); self_id = get_self_id(); printf("Our own dom_id=%d\n", self_id); - sprintf(node, "%s/backend", mount->frontend); - sprintf(backend_node, "/local/domain/%d/"ROOT_NODE"/%d", + snprintf(node, sizeof(node), "%s/backend", mount->frontend); + snprintf(backend_node, sizeof(backend_node), "/local/domain/%d/"ROOT_NODE"/%d", self_id, mount->mount_id); xs_write(xsh, XBT_NULL, node, backend_node, strlen(backend_node)); - sprintf(node, ROOT_NODE"/%d/state", mount->mount_id); + snprintf(node, sizeof(node), ROOT_NODE"/%d/state", mount->mount_id); xs_write(xsh, XBT_NULL, node, STATE_INITIALISED, strlen(STATE_INITIALISED)); } @@ -174,7 +174,7 @@ void xenbus_write_backend_ready(struct m assert(xsh != NULL); self_id = get_self_id(); - sprintf(node, ROOT_NODE"/%d/state", mount->mount_id); + snprintf(node, sizeof(node), ROOT_NODE"/%d/state", mount->mount_id); xs_write(xsh, XBT_NULL, node, STATE_READY, strlen(STATE_READY)); } diff -r 7c771f0a24f3 tools/libfsimage/zfs/fsys_zfs.c --- a/tools/libfsimage/zfs/fsys_zfs.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/libfsimage/zfs/fsys_zfs.c Thu Jun 12 14:45:13 2008 +0200 @@ -1336,7 +1336,7 @@ zfs_open(fsi_file_t *ffi, char *filename char zfs_bootstr[] = "zfs-bootfs="; char zfs_bootpath[] = ",bootpath='"; - sprintf(temp, "%llu", (unsigned long long) + snprintf(temp, sizeof(temp), "%llu", (unsigned long long) current_bootfs_obj); alloc_size = strlen(zfs_bootstr) + strlen(current_rootpool) + diff -r 7c771f0a24f3 tools/libxc/xc_dom_x86.c --- a/tools/libxc/xc_dom_x86.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/libxc/xc_dom_x86.c Thu Jun 12 14:45:13 2008 +0200 @@ -418,7 +418,7 @@ static int start_info_x86_32(struct xc_d xc_dom_printf("%s: called\n", __FUNCTION__); memset(start_info, 0, sizeof(*start_info)); - sprintf(start_info->magic, dom->guest_type); + snprintf(start_info->magic, sizeof(start_info->magic), dom->guest_type); start_info->nr_pages = dom->total_pages; start_info->shared_info = shinfo << PAGE_SHIFT_X86; start_info->pt_base = dom->pgtables_seg.vstart; @@ -457,7 +457,7 @@ static int start_info_x86_64(struct xc_d xc_dom_printf("%s: called\n", __FUNCTION__); memset(start_info, 0, sizeof(*start_info)); - sprintf(start_info->magic, dom->guest_type); + snprintf(start_info->magic, sizeof(start_info->magic), dom->guest_type); start_info->nr_pages = dom->total_pages; start_info->shared_info = shinfo << PAGE_SHIFT_X86; start_info->pt_base = dom->pgtables_seg.vstart; diff -r 7c771f0a24f3 tools/misc/nsplitd/nsplitd.c --- a/tools/misc/nsplitd/nsplitd.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/misc/nsplitd/nsplitd.c Thu Jun 12 14:45:13 2008 +0200 @@ -106,7 +106,7 @@ static void fault(char *format, ...) /* XXX This is a bit dubious, but there is no vsyslog */ va_start(ap, format); - vsprintf(logbuf, format, ap); + vsnprintf(logbuf, sizeof(logbuf), format, ap); syslog(LOG_ERR, logbuf); va_end(ap); exit(1); diff -r 7c771f0a24f3 tools/misc/xenperf.c --- a/tools/misc/xenperf.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/misc/xenperf.c Thu Jun 12 14:45:13 2008 +0200 @@ -202,7 +202,7 @@ int main(int argc, char *argv[]) strncpy(hypercall_name, hypercall_name_table[j], sizeof(hypercall_name)); else - sprintf(hypercall_name, "[%d]", j); + snprintf(hypercall_name, sizeof(hypercall_name), "[%d]", j); hypercall_name[sizeof(hypercall_name)-1]='\0'; printf("%-35s ", hypercall_name); printf("%12u\n", (unsigned int)val[j]); diff -r 7c771f0a24f3 tools/vnet/vnet-module/varp_util.h --- a/tools/vnet/vnet-module/varp_util.h Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/vnet/vnet-module/varp_util.h Thu Jun 12 14:45:13 2008 +0200 @@ -53,11 +53,11 @@ static inline const char *VarpAddr_ntoa( switch(addr->family){ default: case AF_INET: - sprintf(buf, "%u.%u.%u.%u", + snprintf(buf, sizeof(buf), "%u.%u.%u.%u", NIPQUAD(addr->u.ip4)); break; case AF_INET6: - sprintf(buf, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", + snprintf(buf, sizeof(buf), "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", NIP6(addr->u.ip6)); break; } @@ -66,7 +66,7 @@ static inline const char *VarpAddr_ntoa( static inline const char *VnetId_ntoa(VnetId *vnet, char buf[VNET_ID_BUF]) { - sprintf(buf, "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", + snprintf(buf, sizeof(buf), "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x", ntohs(vnet->u.vnet16[0]), \ ntohs(vnet->u.vnet16[1]), \ ntohs(vnet->u.vnet16[2]), \ diff -r 7c771f0a24f3 tools/vnet/vnet-module/vnet.c --- a/tools/vnet/vnet-module/vnet.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/vnet/vnet-module/vnet.c Thu Jun 12 14:45:13 2008 +0200 @@ -354,7 +354,7 @@ static int vnet_setup(void){ if(err) break; vnetid = VNET_VIF + i; vnet->vnet = toVnetId(vnetid); - sprintf(vnet->device, "vnif%04x", vnetid); + snprintf(vnet->device, sizeof(vnet->device), "vnif%04x", vnetid); vnet->security = (vnetid > 10 ? security : 0); err = Vnet_create(vnet); Vnet_decref(vnet); diff -r 7c771f0a24f3 tools/vtpm_manager/migration/vtpm_migratord_handler.c --- a/tools/vtpm_manager/migration/vtpm_migratord_handler.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/vtpm_manager/migration/vtpm_migratord_handler.c Thu Jun 12 14:45:13 2008 +0200 @@ -49,8 +49,8 @@ // This must be updated to the longest command name. Currently GETINST #define VTPM_SH_CMD_SIZE (strlen(VTPM_SH_CMD_HDR) + strlen(VTPM_SH_CMD_FTR) + 1 + strlen(VTPM_SH_GETINST) + 2) -void handle_vtpm_mig_step2(buffer_t *in_param_buf, buffer_t *result_buf){ - +void handle_vtpm_mig_step2(buffer_t *in_param_buf, buffer_t *result_buf) +{ TPM_TAG tag = VTPM_TAG_RSP; buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF; TPM_RESULT status=TPM_SUCCESS, cmd_status; @@ -97,13 +97,14 @@ void handle_vtpm_mig_step2(buffer_t *in_ return; } -void handle_vtpm_mig_step3(buffer_t *in_param_buf, buffer_t *result_buf){ - +void handle_vtpm_mig_step3(buffer_t *in_param_buf, buffer_t *result_buf) +{ TPM_TAG tag = VTPM_TAG_RSP; buffer_t out_param_buf= NULL_BUF, mig_key_buf=NULL_BUF, empty_buf=NULL_BUF; TPM_RESULT status=TPM_SUCCESS, cmd_status; UINT32 out_param_size, instance; char *shell_cmd_str=NULL; + size_t shell_cmd_strlen; FILE *shell_f=NULL; if ( (!in_param_buf) || (!result_buf) ) { @@ -124,16 +125,20 @@ void handle_vtpm_mig_step3(buffer_t *in_ } // ====== Call hotplug-script and get an instance ====== - shell_cmd_str = (char *) malloc(VTPM_SH_CMD_SIZE + name_data32.size + 10); // 10 is just padding for the UINT32 + shell_cmd_strlen = VTPM_SH_CMD_SIZE + name_data32.size + 10; + shell_cmd_str = (char *) malloc(shell_cmd_strlen); // 10 is just padding for the UINT32 - sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_GETINST VTPM_SH_CMD_FTR); + snprintf(shell_cmd_str, shell_cmd_strlen, + VTPM_SH_CMD_HDR VTPM_SH_GETINST VTPM_SH_CMD_FTR); shell_f = popen(shell_cmd_str, "r"); fscanf(shell_f, "%d", &instance); pclose(shell_f); // ====== Call hotplug-script and add instance ====== - sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_ADD " %s %d" VTPM_SH_CMD_FTR, name_data32.data, instance); + snprintf(shell_cmd_str, shell_cmd_strlen, + VTPM_SH_CMD_HDR VTPM_SH_ADD " %s %d" VTPM_SH_CMD_FTR, + name_data32.data, instance); system(shell_cmd_str); // ========= Call vtpm_manager and load VTPM ======= @@ -156,7 +161,8 @@ void handle_vtpm_mig_step3(buffer_t *in_ TPMTRYRETURN(cmd_status); // ====== Call hotplug-script and resume instance ====== - sprintf(shell_cmd_str, VTPM_SH_CMD_HDR VTPM_SH_RESUME " %d" VTPM_SH_CMD_FTR, instance); + snprintf(shell_cmd_str, shell_cmd_strlen, + VTPM_SH_CMD_HDR VTPM_SH_RESUME " %d" VTPM_SH_CMD_FTR, instance); system(shell_cmd_str); goto egress; diff -r 7c771f0a24f3 tools/xenmon/xenbaked.c --- a/tools/xenmon/xenbaked.c Wed Jun 11 11:35:35 2008 +0100 +++ b/tools/xenmon/xenbaked.c Thu Jun 12 14:45:13 2008 +0200 @@ -749,9 +749,13 @@ void qos_init_domain(int domid, int idx) new_qos->domain_info[idx].blocked_start_time = 0; new_qos->domain_info[idx].id = domid; if (domid == IDLE_DOMAIN_ID) - sprintf(new_qos->domain_info[idx].name, "Idle Task%d", global_cpu); + snprintf(new_qos->domain_info[idx].name, + sizeof(new_qos->domain_info[idx].name), + "Idle Task%d", global_cpu); else - sprintf(new_qos->domain_info[idx].name, "Domain#%d", domid); + snprintf(new_qos->domain_info[idx].name, + sizeof(new_qos->domain_info[idx].name), + "Domain#%d", domid); for (i=0; iqdata[i].ns_gotten[idx] = 0;