From bb90a8bf7557bce71223ef66119a0dd98eecea91 Mon Sep 17 00:00:00 2001
From: Franck Joncourt <franck@debian.org>
Date: Tue, 14 May 2013 22:08:44 +0200
Subject: [PATCH] Fixed gcc warnings on openbsd. - mrash/fwknop#60

---
 client/getpasswd.c   |   2 +-
 lib/digest.c         |  70 ++++++++++++++-----------
 lib/digest.h         |  10 ++--
 lib/fko_encode.c     |   6 +--
 lib/fko_rand_value.c |   6 ++-
 lib/gpgme_funcs.c    |   2 +-
 server/utils.c       | 118 ++++++++++++++++++++++++++-----------------
 7 files changed, 126 insertions(+), 88 deletions(-)

diff --git a/client/getpasswd.c b/client/getpasswd.c
index a84a2447..81e9a5ac 100644
--- a/client/getpasswd.c
+++ b/client/getpasswd.c
@@ -161,7 +161,7 @@ getpasswd(
     return (ptr);
 }
 
-/* Function for accepting password input from from a file
+/* Function for accepting password input from a file
 */
 void
 get_key_file(char *key, int *key_len, const char *key_file,
diff --git a/lib/digest.c b/lib/digest.c
index 4987d8ca..f47ed449 100644
--- a/lib/digest.c
+++ b/lib/digest.c
@@ -1,17 +1,15 @@
-/*
- *****************************************************************************
+/**
+ * @file    digest.c
  *
- * File:    digest.c
+ * @author  Damien S. Stuart
  *
- * Author:  Damien S. Stuart
- *
- * Purpose: Roll-up of the digests used by fwknop.
+ * @brief   Roll-up of the digests used by fwknop.
  *
  * Copyright 2009-2010 Damien Stuart (dstuart@dstuart.org)
  *
  *  License (GNU Public License):
  *
- *  This library is free software; you can redistribute it and/or
+ *  This program is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU General Public License
  *  as published by the Free Software Foundation; either version 2
  *  of the License, or (at your option) any later version.
@@ -25,9 +23,8 @@
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  *  USA
- *
- *****************************************************************************
-*/
+ */
+
 #include "fko_common.h"
 #include "digest.h"
 #include "base64.h"
@@ -36,15 +33,30 @@
 /* Convert a raw digest into its hex string representation.
 */
 static void
-digest_to_hex(char *out, const unsigned char *in, const size_t size)
+digest_to_hex(char *out, size_t size_out, const unsigned char *in, const size_t size_in)
 {
     size_t i;
 
-    for(i=0; i<size; i++)
+    /* Assume the output buffer must be a NULL terminated string */
+    memset(out, 0, size_out);
+    size_out -= 1;
+
+    /* The hex string representation must be long enough */
+    if (size_out >= (size_in * 2))
     {
-        sprintf(out, "%02x", in[i]);
-        out += 2;
+        /* For each byte... */
+        for(i=0; i<size_in; i++)
+        {
+            /* Append the hex string to the output buffer */
+            snprintf(out, 2, "%02x", in[i]);
+
+            /* Moved the pointer on the output buffer to the next place  */
+            out += 2;
+        }
     }
+
+    /* Not enough space in the output buffer - Should not occur */
+    else;
 }
 
 /* Compute MD5 hash on in and store result in out.
@@ -62,12 +74,12 @@ md5(unsigned char *out, unsigned char *in, size_t size)
 /* Compute MD5 hash on in and store the hex string result in out.
 */
 void
-md5_hex(char *out, unsigned char *in, size_t size)
+md5_hex(char *out, size_t size_out, unsigned char *in, size_t size_in)
 {
     uint8_t      md[MD5_DIGEST_LEN];
 
-    md5(md, in, size);
-    digest_to_hex(out, md, MD5_DIGEST_LEN);
+    md5(md, in, size_in);
+    digest_to_hex(out, size_out, md, MD5_DIGEST_LEN);
 }
 
 /* Compute MD5 hash on in and store the base64 string result in out.
@@ -98,12 +110,12 @@ sha1(unsigned char *out, unsigned char *in, size_t size)
 /* Compute SHA1 hash on in and store the hex string result in out.
 */
 void
-sha1_hex(char *out, unsigned char *in, size_t size)
+sha1_hex(char *out, size_t size_out, unsigned char *in, size_t size_in)
 {
     uint8_t       md[SHA1_DIGEST_LEN];
 
-    sha1(md, in, size);
-    digest_to_hex(out, md, SHA1_DIGEST_LEN);
+    sha1(md, in, size_in);
+    digest_to_hex(out, size_out, md, SHA1_DIGEST_LEN);
 }
 
 /* Compute SHA1 hash on in and store the base64 string result in out.
@@ -134,12 +146,12 @@ sha256(unsigned char *out, unsigned char *in, size_t size)
 /* Compute SHA256 hash on in and store the hex string result in out.
 */
 void
-sha256_hex(char *out, unsigned char *in, size_t size)
+sha256_hex(char *out, size_t size_out, unsigned char *in, size_t size_in)
 {
     uint8_t       md[SHA256_DIGEST_LEN];
 
-    sha256(md, in, size);
-    digest_to_hex(out, md, SHA256_DIGEST_LEN);
+    sha256(md, in, size_in);
+    digest_to_hex(out, size_out, md, SHA256_DIGEST_LEN);
 }
 
 /* Compute SHA256 hash on in and store the base64 string result in out.
@@ -170,12 +182,12 @@ sha384(unsigned char *out, unsigned char *in, size_t size)
 /* Compute SHA384 hash on in and store the hex string result in out.
 */
 void
-sha384_hex(char *out, unsigned char *in, size_t size)
+sha384_hex(char *out, size_t size_out, unsigned char *in, size_t size_in)
 {
     uint8_t       md[SHA384_DIGEST_LEN];
 
-    sha384(md, in, size);
-    digest_to_hex(out, md, SHA384_DIGEST_LEN);
+    sha384(md, in, size_in);
+    digest_to_hex(out, size_out, md, SHA384_DIGEST_LEN);
 }
 
 /* Compute SHA384 hash on in and store the base64 string result in out.
@@ -206,12 +218,12 @@ sha512(unsigned char *out, unsigned char *in, size_t size)
 /* Compute SHA512 hash on in and store the hex string result in out.
 */
 void
-sha512_hex(char *out, unsigned char *in, size_t size)
+sha512_hex(char *out, size_t size_out, unsigned char *in, size_t size_in)
 {
     uint8_t       md[SHA512_DIGEST_LEN];
 
-    sha512(md, in, size);
-    digest_to_hex(out, md, SHA512_DIGEST_LEN);
+    sha512(md, in, size_in);
+    digest_to_hex(out, size_out, md, SHA512_DIGEST_LEN);
 }
 
 /* Compute SHA512 hash on in and store the base64 string result in out.
diff --git a/lib/digest.h b/lib/digest.h
index b948ac2d..25be3878 100644
--- a/lib/digest.h
+++ b/lib/digest.h
@@ -40,19 +40,19 @@
 #define MD_HEX_SIZE(x) x * 2
 
 void md5(unsigned char* out, unsigned char* in, size_t size);
-void md5_hex(char* out, unsigned char* in, size_t size);
+void md5_hex(char* out, size_t size_out, unsigned char* in, size_t size);
 void md5_base64(char* out, unsigned char* in, size_t size);
 void sha1(unsigned char* out, unsigned char* in, size_t size);
-void sha1_hex(char* out, unsigned char* in, size_t size);
+void sha1_hex(char* out, size_t size_out, unsigned char* in, size_t size);
 void sha1_base64(char* out, unsigned char* in, size_t size);
 void sha256(unsigned char* out, unsigned char* in, size_t size);
-void sha256_hex(char* out, unsigned char* in, size_t size);
+void sha256_hex(char* out, size_t size_out, unsigned char* in, size_t size);
 void sha256_base64(char* out, unsigned char* in, size_t size);
 void sha384(unsigned char* out, unsigned char* in, size_t size);
-void sha384_hex(char* out, unsigned char* in, size_t size);
+void sha384_hex(char* out, size_t size_out, unsigned char* in, size_t size);
 void sha384_base64(char* out, unsigned char* in, size_t size);
 void sha512(unsigned char* out, unsigned char* in, size_t size);
-void sha512_hex(char* out, unsigned char* in, size_t size);
+void sha512_hex(char* out, size_t size_out, unsigned char* in, size_t size);
 void sha512_base64(char* out, unsigned char* in, size_t size);
 
 #endif /* DIGEST_H */
diff --git a/lib/fko_encode.c b/lib/fko_encode.c
index edd1788b..4a63132f 100644
--- a/lib/fko_encode.c
+++ b/lib/fko_encode.c
@@ -118,7 +118,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
     /* Add the timestamp.
     */
     offset = strlen(tbuf);
-    sprintf(((char*)tbuf+offset), ":%u:", (unsigned int) ctx->timestamp);
+    snprintf(((char*)tbuf+offset), FKO_ENCODE_TMP_BUF_SIZE - offset, ":%u:", (unsigned int) ctx->timestamp);
 
     /* Add the version string.
     */
@@ -138,7 +138,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
     /* Add the message type value.
     */
     offset = strlen(tbuf);
-    sprintf(((char*)tbuf+offset), ":%i:", ctx->message_type);
+    snprintf(((char*)tbuf+offset), FKO_ENCODE_TMP_BUF_SIZE - offset, ":%i:", ctx->message_type);
 
     /* Add the base64-encoded SPA message.
     */
@@ -180,7 +180,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
     if(ctx->client_timeout > 0 && ctx->message_type != FKO_COMMAND_MSG)
     {
         offset = strlen(tbuf);
-        sprintf(((char*)tbuf+offset), ":%i", ctx->client_timeout);
+        snprintf(((char*)tbuf+offset), FKO_ENCODE_TMP_BUF_SIZE - offset, ":%i", ctx->client_timeout);
     }
 
     /* If encoded_msg is not null, then we assume it needs to
diff --git a/lib/fko_rand_value.c b/lib/fko_rand_value.c
index 11a32769..224bb6da 100644
--- a/lib/fko_rand_value.c
+++ b/lib/fko_rand_value.c
@@ -120,16 +120,18 @@ fko_set_rand_value(fko_ctx_t ctx, const char * const new_val)
     ctx->rand_val = malloc(FKO_RAND_VAL_SIZE+1);
     if(ctx->rand_val == NULL)
             return(FKO_ERROR_MEMORY_ALLOCATION);
+    memset(ctx->rand_val, 0, FKO_RAND_VAL_SIZE+1);
 
     tmp_buf = malloc(FKO_RAND_VAL_SIZE+1);
     if(tmp_buf == NULL)
             return(FKO_ERROR_MEMORY_ALLOCATION);
+    memset(tmp_buf, 0, FKO_RAND_VAL_SIZE+1);
 
-    sprintf(ctx->rand_val, "%u", rand());
+    snprintf(ctx->rand_val, FKO_RAND_VAL_SIZE, "%u", rand());
 
     while(strnlen(ctx->rand_val, FKO_RAND_VAL_SIZE+1) < FKO_RAND_VAL_SIZE)
     {
-        sprintf(tmp_buf, "%u", rand());
+        snprintf(tmp_buf, FKO_RAND_VAL_SIZE, "%u", rand());
         strlcat(ctx->rand_val, tmp_buf, FKO_RAND_VAL_SIZE+1);
     }
 
diff --git a/lib/gpgme_funcs.c b/lib/gpgme_funcs.c
index a2299d4d..e5bcd4b3 100644
--- a/lib/gpgme_funcs.c
+++ b/lib/gpgme_funcs.c
@@ -392,7 +392,7 @@ gpgme_encrypt(fko_ctx_t fko_ctx, unsigned char *indata, size_t in_len, const cha
     gpgme_data_release(plaintext);
 
     /* Get the encrypted data and its length from the gpgme data object.
-     * BTW, this does does free the memory used by cipher.
+     * BTW, this does free the memory used by cipher.
     */
     tmp_buf = gpgme_data_release_and_get_mem(cipher, out_len);
 
diff --git a/server/utils.c b/server/utils.c
index 1109ff34..8422a993 100644
--- a/server/utils.c
+++ b/server/utils.c
@@ -1,11 +1,9 @@
-/*
- *****************************************************************************
+/**
+ * @file    utils.c
  *
- * File:    utils.c
+ * @author  Damien S. Stuart
  *
- * Author:  Damien S. Stuart
- *
- * Purpose: General/Generic functions for the fwknop server.
+ * @brief   General/Generic functions for the fwknop server.
  *
  * Copyright 2010 Damien Stuart (dstuart@dstuart.org)
  *
@@ -25,11 +23,54 @@
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  *  USA
- *
- *****************************************************************************
-*/
+ */
+
 #include "fwknopd_common.h"
 #include "utils.h"
+#include "log_msg.h"
+#include <stdarg.h>
+
+/**
+ * @brief Add a printf style message to a buffer
+ *
+ * This function allows to append a printf style message to a buffer
+ * and prevents buffer overflow by taking care of the size the buffer.
+ * It returns the number of bytes really written to the buffer.
+ * Thus if an error is encoutered during the process the number of bytes
+ * written is set to 0. This way the user knows exactly how many bytes
+ * can be appended afterwards.
+ *
+ * @param buf Buffer to write the formated message to
+ * @param buf_size Maximum number of bytes to write to the buffer
+ * @param msg Message to format and to append to the buffer
+ *
+ * @return the number of bytes written to the buffer
+ */
+static int
+append_msg_to_buf(char *buf, size_t buf_size, const char* msg, ...)
+{
+    int     bytes_written = 0;  /* Number of bytes written to buf */
+    va_list ap;
+
+    if (buf_size != 0)
+    {
+        va_start(ap, msg);
+
+        bytes_written = vsnprintf(buf, buf_size, msg, ap);
+        if ( (bytes_written < 0) || (bytes_written >= buf_size) )
+        {
+            log_msg(LOG_WARNING, "add_msg_to_buf() : message truncated / snprintf error");
+            bytes_written = 0;
+        }
+        else;
+
+        va_end(ap);
+    }
+    else
+        log_msg(LOG_WARNING, "add_msg_to_buf() : nothing to write.");
+
+    return bytes_written;
+}
 
 /* Generic hex dump function.
 */
@@ -74,8 +115,8 @@ char *
 dump_ctx(fko_ctx_t ctx)
 {
     static char buf[CTX_DUMP_BUFSIZE];
-    char       *ndx;
-    int         cp;
+    int         cp = 0;
+    size_t      bytes_left;
 
     char       *rand_val        = NULL;
     char       *username        = NULL;
@@ -123,43 +164,26 @@ dump_ctx(fko_ctx_t ctx)
     hmac_digest_inttostr(hmac_type, hmac_str, sizeof(hmac_str));
     enc_mode_inttostr(encryption_mode, enc_mode_str, sizeof(enc_mode_str));
 
-    memset(buf, 0x0, CTX_DUMP_BUFSIZE);
+    memset(buf, 0x0, sizeof(buf));
+    bytes_left = sizeof(buf) - 1;
 
-    ndx = buf;
-
-    cp = sprintf(ndx, "SPA Field Values:\n=================\n");
-    ndx += cp;
-    cp = sprintf(ndx, "   Random Value: %s\n", rand_val == NULL ? "<NULL>" : rand_val);
-    ndx += cp;
-    cp = sprintf(ndx, "       Username: %s\n", username == NULL ? "<NULL>" : username);
-    ndx += cp;
-    cp = sprintf(ndx, "      Timestamp: %u\n", (unsigned int) timestamp);
-    ndx += cp;
-    cp = sprintf(ndx, "    FKO Version: %s\n", version == NULL ? "<NULL>" : version);
-    ndx += cp;
-    cp = sprintf(ndx, "   Message Type: %i (%s)\n", msg_type, msg_type_inttostr(msg_type));
-    ndx += cp;
-    cp = sprintf(ndx, " Message String: %s\n", spa_message == NULL ? "<NULL>" : spa_message);
-    ndx += cp;
-    cp = sprintf(ndx, "     Nat Access: %s\n", nat_access == NULL ? "<NULL>" : nat_access);
-    ndx += cp;
-    cp = sprintf(ndx, "    Server Auth: %s\n", server_auth == NULL ? "<NULL>" : server_auth);
-    ndx += cp;
-    cp = sprintf(ndx, " Client Timeout: %u\n", client_timeout);
-    ndx += cp;
-    cp = sprintf(ndx, "    Digest Type: %u (%s)\n", digest_type, digest_str);
-    ndx += cp;
-    cp = sprintf(ndx, "      HMAC Type: %u (%s)\n", hmac_type, hmac_str);
-    ndx += cp;
-    cp = sprintf(ndx, "Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type));
-    ndx += cp;
-    cp = sprintf(ndx, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str);
-    ndx += cp;
-    cp = sprintf(ndx, "   Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
-    ndx += cp;
-    cp = sprintf(ndx, "SPA Data Digest: %s\n", spa_digest == NULL ? "<NULL>" : spa_digest);
-    ndx += cp;
-    sprintf(ndx, "           HMAC: %s\n", hmac_data == NULL ? "<NULL>" : hmac_data);
+    cp  = append_msg_to_buf(buf,    bytes_left,    "SPA Field Values:\n=================\n");
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "   Random Value: %s\n", rand_val == NULL ? "<NULL>" : rand_val);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "       Username: %s\n", username == NULL ? "<NULL>" : username);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "      Timestamp: %u\n", (unsigned int) timestamp);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "    FKO Version: %s\n", version == NULL ? "<NULL>" : version);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "   Message Type: %i (%s)\n", msg_type, msg_type_inttostr(msg_type));
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, " Message String: %s\n", spa_message == NULL ? "<NULL>" : spa_message);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "     Nat Access: %s\n", nat_access == NULL ? "<NULL>" : nat_access);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "    Server Auth: %s\n", server_auth == NULL ? "<NULL>" : server_auth);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, " Client Timeout: %u\n", client_timeout);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "    Digest Type: %u (%s)\n", digest_type, digest_str);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "      HMAC Type: %u (%s)\n", hmac_type, hmac_str);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "Encryption Type: %d (%s)\n", encryption_type, enc_type_inttostr(encryption_type));
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "Encryption Mode: %d (%s)\n", encryption_mode, enc_mode_str);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "   Encoded Data: %s\n", enc_data == NULL ? "<NULL>" : enc_data);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "SPA Data Digest: %s\n", spa_digest == NULL ? "<NULL>" : spa_digest);
+    cp += append_msg_to_buf(buf+cp, bytes_left-cp, "           HMAC: %s\n", hmac_data == NULL ? "<NULL>" : hmac_data);
 
     return(buf);
 }