diff --git a/src/bio.c b/src/bio.c index bd6bbdc1d..43492126d 100644 --- a/src/bio.c +++ b/src/bio.c @@ -3345,21 +3345,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/x509.c b/src/x509.c index 09c56dc8c..04e2a8be9 100644 --- a/src/x509.c +++ b/src/x509.c @@ -7040,7 +7040,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, for (i = 0; i < length; ++i) { char hex_digits[4]; -#ifdef XSNPRINTF if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ', (unsigned int)sigalg->algorithm->obj[idx+i]) >= (int)sizeof(hex_digits)) @@ -7048,10 +7047,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } -#else - XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ', - (unsigned int)sigalg->algorithm->obj[idx+i]); -#endif if (wolfSSL_BIO_puts(bp, hex_digits) <= 0) return WOLFSSL_FAILURE; } @@ -9005,14 +9000,13 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, if (iplen == 4) { /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */ buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } - XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - buf[15] = '\0'; + (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + buf[15] = '\0'; /* null terminate */ } else if (iplen == 16) { /* ipv6 normal address scheme @@ -9041,47 +9035,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, * to re-construct IP address in ascii. */ buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } p = buf; for (i = 0; i < 16; i += 2) { - val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; - if (val == 0){ - if (!write_zero) { + val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; + if (val == 0){ + if (!write_zero) { *p = ':'; - } - p++; - *p = '\0'; - write_zero = 1; - } - else { - if (i != 0) - *p++ = ':'; - XSPRINTF(p, "%x", val); - } - /* sanity check */ - if (XSTRLEN(buf) > max_ipv6_len) { - WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - buf = NULL; - break; - } - /* move the pointer to the last */ - /* XSTRLEN includes NULL because of XSPRINTF use */ - p = buf + (XSTRLEN(buf)); + } + p++; + *p = '\0'; + write_zero = 1; + } + else { + if (i != 0) { + *p++ = ':'; + } + (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val); + } + /* sanity check */ + if (XSTRLEN(buf) > max_ipv6_len) { + WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + break; + } + /* move the pointer to the last */ + /* XSTRLEN includes NULL because of XSPRINTF use */ + p = buf + (XSTRLEN(buf)); } /* termination */ - if(i == 16 && buf) { + if (i == 16 && buf) { p--; if ((*p) == ':') { - /* when the last character is :, the following segments are zero - * Therefore, adding : and null termination - */ - p++; - *p++ = ':'; + /* when the last character is :, the following segments are zero + * Therefore, adding : and null termination */ + p++; + *p++ = ':'; *p = '\0'; } } @@ -9092,7 +9085,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, } if (buf) { - /* set address to ip asc */ + /* set address to ip asc */ ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } diff --git a/tests/api.c b/tests/api.c index 161590af2..6c2d24222 100644 --- a/tests/api.c +++ b/tests/api.c @@ -58278,7 +58278,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); /* Start the test proper */ /* Setup the TCP BIO */ @@ -58325,7 +58325,7 @@ static int test_wolfSSL_BIO_connect(void) server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); - ExpectIntGT(XSPRINTF(buff, "%d", ready.port), 0); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx)); ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); diff --git a/tests/quic.c b/tests/quic.c index bbd103d81..bc93c4a7d 100644 --- a/tests/quic.c +++ b/tests/quic.c @@ -848,7 +848,7 @@ static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, int i rec_name = "Finished"; break; default: - sprintf(lbuffer, "%d", rec_type); + (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type); rec_name = lbuffer; break; } diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 5fa0ce499..3e0986e15 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -300,7 +300,7 @@ static int test_crl_monitor(void) printf("\nRunning CRL monitor test\n"); - sprintf(rounds, "%d", CRL_MONITOR_TEST_ROUNDS); + (void)XSNPRINTF(rounds, sizeof(rounds), "%d", CRL_MONITOR_TEST_ROUNDS); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); @@ -320,18 +320,19 @@ static int test_crl_monitor(void) InitTcpReady(&ready); start_thread(server_test, &server_args, &serverThread); wait_tcp_ready(&server_args); - sprintf(portNum, "%d", server_args.signal->port); + (void)XSNPRINTF(portNum, sizeof(portNum), "%d", server_args.signal->port); for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) { int expectFail; if (i % 2 == 0) { + /* succeed on even rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -349,12 +350,12 @@ static int test_crl_monitor(void) } else { /* fail on odd rounds */ - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); if (STAGE_FILE("certs/crl/crl.revoked", buf) != 0) { fprintf(stderr, "[%d] Failed to copy file to %s\n", i, buf); goto cleanup; } - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); /* The monitor can be holding the file handle and this will cause * the remove call to fail. Let's give the monitor a some time to * finish up. */ @@ -395,9 +396,9 @@ static int test_crl_monitor(void) cleanup: if (ret != 0 && i >= 0) fprintf(stderr, "test_crl_monitor failed on iteration %d\n", i); - sprintf(buf, "%s/%s", tmpDir, "crl.pem"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); rem_file(buf); - sprintf(buf, "%s/%s", tmpDir, "crl.revoked"); + (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.revoked"); rem_file(buf); (void)rem_dir(tmpDir); return ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index f32f46206..227ab0566 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -15071,19 +15071,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_UTC_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%02d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%02d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } else { /* GeneralizedTime */ @@ -15093,19 +15087,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_GENERALIZED_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%4d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%4d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } return ret; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c9e10ae5d..7c357e681 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -49806,11 +49806,7 @@ static wc_test_ret_t pkcs7signed_run_vectors( #endif for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { - #if defined(WOLF_C89) - XSPRINTF((char*)&transId[k], "%02x", digest[j]); - #else - (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); - #endif + (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); } } diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 641246cbd..b907e9248 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -831,6 +831,8 @@ typedef struct w64wrapper { #elif defined(WOLF_C89) #include #define XSPRINTF sprintf + /* snprintf not available for C89, so remap using macro */ + #define XSNPRINTF(f, len, ...) sprintf(f, ...) #else #include #define XSNPRINTF snprintf