Merge pull request #2670 from armstrdj/security_fixes_buffer_overflow

security updates for potential buffer overflows

client/acct_setup.cpp

@@ -383,7 +383,7 @@ int LOOKUP_LOGIN_TOKEN_OP::do_rpc(
 ) {
     char url[1024];
     pli = _pli;
-    sprintf(url, "%slogin_token_lookup.php?user_id=%d&token=%s",
+    snprintf(url, sizeof(url), "%slogin_token_lookup.php?user_id=%d&token=%s",
         pli->master_url.c_str(), user_id, login_token
     );
     return gui_http->do_rpc(this, url, LOGIN_TOKEN_LOOKUP_REPLY, false);

client/app_config.cpp

@@ -139,7 +139,7 @@ void check_app_config() {
 
     for (unsigned int i=0; i<gstate.projects.size(); i++) {
         PROJECT* p = gstate.projects[i];
-        sprintf(path, "%s/%s", p->project_dir(), APP_CONFIG_FILE_NAME);
+        snprintf(path, sizeof(path), "%s/%s", p->project_dir(), APP_CONFIG_FILE_NAME);
         f = boinc_fopen(path, "r");
         if (!f) {
             clear_app_config(p);

client/cs_account.cpp

@@ -568,7 +568,7 @@ int CLIENT_STATE::add_project(
     // (unless PROJECT/app_info.xml is found, so that
     // people using anonymous platform don't have to get apps again)
     //
-    sprintf(path, "%s/%s", project->project_dir(), APP_INFO_FILE_NAME);
+    snprintf(path, sizeof(path),  "%s/%s", project->project_dir(), APP_INFO_FILE_NAME);
     if (boinc_file_exists(path)) {
         project->anonymous_platform = true;
         f = fopen(path, "r");

client/rrsim_test.cpp

@@ -127,7 +127,7 @@ void msg_printf(PROJECT* p, int, const char* fmt, ...) {
     char buf[8192];
     va_list ap;
     va_start(ap, fmt);
-    vsprintf(buf, fmt, ap);
+    vsnprintf(buf, sizeof(buf), fmt, ap);
     va_end(ap);
     printf("%s: %s\n", p?p->name:"BOINC", buf);
 }

lib/cc_config.cpp

@@ -713,7 +713,7 @@ int APP_CONFIG::parse_gpu_versions(
             continue;
         }
         if (log_flags.unparsed_xml) {
-            sprintf(buf, "Unparsed line in app_config.xml: %s", xp.parsed_tag);
+            snprintf(buf, sizeof(buf), "Unparsed line in app_config.xml: %s", xp.parsed_tag);
             mv.push_back(string(buf));
         }
     }
@@ -747,7 +747,7 @@ int APP_CONFIG::parse(XML_PARSER& xp, MSG_VEC& mv, LOG_FLAGS& log_flags) {
         // unparsed XML not considered an error; maybe it should be?
         //
         if (log_flags.unparsed_xml) {
-            sprintf(buf, "Unparsed line in app_config.xml: %s", xp.parsed_tag);
+            snprintf(buf, sizeof(buf), "Unparsed line in app_config.xml: %s", xp.parsed_tag);
             mv.push_back(string(buf));
         }
         xp.skip_unexpected(log_flags.unparsed_xml, "APP_CONFIG::parse");
@@ -764,7 +764,7 @@ int APP_VERSION_CONFIG::parse(
 
     while (!xp.get_tag()) {
         if (!xp.is_tag) {
-            sprintf(buf, "unexpected text '%s' in app_config.xml", xp.parsed_tag);
+            snprintf(buf, sizeof(buf), "unexpected text '%s' in app_config.xml", xp.parsed_tag);
             mv.push_back(string(buf));
             return ERR_XML_PARSE;
         }
@@ -775,7 +775,7 @@ int APP_VERSION_CONFIG::parse(
         if (xp.parse_double("avg_ncpus", avg_ncpus)) continue;
         if (xp.parse_double("ngpus", ngpus)) continue;
         if (log_flags.unparsed_xml) {
-            sprintf(buf, "Unparsed line in app_config.xml: %s", xp.parsed_tag);
+            snprintf(buf, sizeof(buf), "Unparsed line in app_config.xml: %s", xp.parsed_tag);
             mv.push_back(string(buf));
         }
         xp.skip_unexpected(log_flags.unparsed_xml, "APP_VERSION_CONFIG::parse");
@@ -790,7 +790,7 @@ int APP_CONFIGS::parse(XML_PARSER& xp, MSG_VEC& mv, LOG_FLAGS& log_flags) {
     clear();
     while (!xp.get_tag()) {
         if (!xp.is_tag) {
-            sprintf(buf, "unexpected text '%s' in app_config.xml", xp.parsed_tag);
+            snprintf(buf, sizeof(buf), "unexpected text '%s' in app_config.xml", xp.parsed_tag);
             mv.push_back(string(buf));
             return ERR_XML_PARSE;
         }
@@ -819,7 +819,7 @@ int APP_CONFIGS::parse(XML_PARSER& xp, MSG_VEC& mv, LOG_FLAGS& log_flags) {
         if (xp.parse_bool("report_results_immediately", report_results_immediately)) {
             continue;
         }
-        sprintf(buf, "Unknown tag in app_config.xml: %s", xp.parsed_tag);
+        snprintf(buf, sizeof(buf), "Unknown tag in app_config.xml: %s", xp.parsed_tag);
         mv.push_back(string(buf));
 
         xp.skip_unexpected(log_flags.unparsed_xml, "APP_CONFIGS::parse");

lib/gui_rpc_client_ops.cpp

@@ -2636,7 +2636,7 @@ int RPC_CLIENT::get_app_config(const char* url, APP_CONFIGS& config) {
     MSG_VEC mv;
     char buf[1024];
 
-    sprintf(buf,
+    snprintf(buf, sizeof (buf),
         "<get_app_config>\n"
         "    <url>%s</url>\n"
         "</get_app_config>\n",

lib/msg_log.cpp

@@ -116,7 +116,7 @@ void MSG_LOG::vprintf_multiline(
 
     char sprefix[256] = "";
     if (prefix_format) {
-        vsprintf(sprefix, prefix_format, va);
+        vsnprintf(sprefix, sizeof(sprefix),prefix_format, va);
     }
     const char* now_timestamp = precision_time_to_string(dtime());
     const char* skind = v_format_kind(kind);
@@ -143,7 +143,7 @@ void MSG_LOG::vprintf_file(
 
     char sprefix[256] = "";
     if (prefix_format) {
-        vsprintf(sprefix, prefix_format, va);
+        vsnprintf(sprefix, sizeof(sprefix), prefix_format, va);
     }
     const char* now_timestamp = precision_time_to_string(dtime());
     const char* skind = v_format_kind(kind);