OpenVPN/openvpn
1
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2025-05-09 05:31:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

Remove openvpn_snprintf and similar functions

Browse Source 
Old Microsoft versions did strange behaviour but according to the
newly added unit test and
https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating
this is now standard conforming and we can use the normal snprintf
method.

Microsoft own documentation to swprintf also says you nowadays need to
define _CRT_NON_CONFORMING_SWPRINTFS to get to non-standard behaviour.

Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20240506102710.8976-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Arne Schwabe 2024-05-06 12:27:10 +02:00 committed by Gert Doering
parent 9d92221eb4
commit 130548fe4d
38 changed files with 291 additions and 333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/openvpn/buffer.c
View File

@ -279,32 +279,6 @@ buf_puts(struct buffer *buf, const char *str)
return ret;
}
/*
* This is necessary due to certain buggy implementations of snprintf,
* that don't guarantee null termination for size > 0.
*
* Return false on overflow.
*
* This functionality is duplicated in src/openvpnserv/common.c
* Any modifications here should be done to the other place as well.
*/
bool
openvpn_snprintf(char *str, size_t size, const char *format, ...)
{
va_list arglist;
int len = -1;
if (size > 0)
{
va_start(arglist, format);
len = vsnprintf(str, size, format, arglist);
va_end(arglist);
str[size - 1] = 0;
}
return (len >= 0 && len < size);
}
/*
* write a string to the end of a buffer that was
* truncated by buf_printf

13
src/openvpn/buffer.h
View File

@ -448,19 +448,6 @@ __attribute__ ((format(__printf__, 2, 3)))
*/
bool buf_puts(struct buffer *buf, const char *str);
/*
* Like snprintf but guarantees null termination for size > 0
*/
bool openvpn_snprintf(char *str, size_t size, const char *format, ...)
#ifdef __GNUC__
#if __USE_MINGW_ANSI_STDIO
__attribute__ ((format(gnu_printf, 3, 4)))
#else
__attribute__ ((format(__printf__, 3, 4)))
#endif
#endif
;
/*
* remove/add trailing characters

4
src/openvpn/crypto.c
View File

@ -874,11 +874,11 @@ init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
key_direction_state_init(&kds, key_direction);
openvpn_snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name);
snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name);
init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt,
OPENVPN_OP_ENCRYPT, log_prefix);
openvpn_snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name);
snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name);
init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt,
OPENVPN_OP_DECRYPT, log_prefix);

10
src/openvpn/crypto_mbedtls.c
View File

@ -128,7 +128,7 @@ mbed_log_func_line(unsigned int flags, int errval, const char *func,
{
char prefix[256];
if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line))
if (!snprintf(prefix, sizeof(prefix), "%s:%d", func, line))
{
return mbed_log_err(flags, errval, func);
}
@ -239,11 +239,11 @@ crypto_pem_encode(const char *name, struct buffer *dst,
char header[1000+1] = { 0 };
char footer[1000+1] = { 0 };
if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name))
if (!snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name))
{
return false;
}
if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----\n", name))
if (!snprintf(footer, sizeof(footer), "-----END %s-----\n", name))
{
return false;
}
@ -278,11 +278,11 @@ crypto_pem_decode(const char *name, struct buffer *dst,
char header[1000+1] = { 0 };
char footer[1000+1] = { 0 };
if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----", name))
if (!snprintf(header, sizeof(header), "-----BEGIN %s-----", name))
{
return false;
}
if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----", name))
if (!snprintf(footer, sizeof(footer), "-----END %s-----", name))
{
return false;
}

4
src/openvpn/dns.c
View File

@ -349,11 +349,11 @@ setenv_dns_option(struct env_set *es,
if (j < 0)
{
name_ok = openvpn_snprintf(name, sizeof(name), format, i);
name_ok = snprintf(name, sizeof(name), format, i);
}
else
{
name_ok = openvpn_snprintf(name, sizeof(name), format, i, j);
name_ok = snprintf(name, sizeof(name), format, i, j);
}
if (!name_ok)

8
src/openvpn/env_set.c
View File

@ -259,7 +259,7 @@ void
setenv_counter(struct env_set *es, const char *name, counter_type value)
{
char buf[64];
openvpn_snprintf(buf, sizeof(buf), counter_format, value);
snprintf(buf, sizeof(buf), counter_format, value);
setenv_str(es, name, buf);
}
@ -267,7 +267,7 @@ void
setenv_int(struct env_set *es, const char *name, int value)
{
char buf[64];
openvpn_snprintf(buf, sizeof(buf), "%d", value);
snprintf(buf, sizeof(buf), "%d", value);
setenv_str(es, name, buf);
}
@ -275,7 +275,7 @@ void
setenv_long_long(struct env_set *es, const char *name, long long value)
{
char buf[64];
openvpn_snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value);
snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value);
setenv_str(es, name, buf);
}
@ -310,7 +310,7 @@ setenv_str_incr(struct env_set *es, const char *name, const char *value)
strcpy(tmpname, name);
while (NULL != env_set_get(es, tmpname) && counter < 1000)
{
ASSERT(openvpn_snprintf(tmpname, tmpname_len, "%s_%u", name, counter));
ASSERT(snprintf(tmpname, tmpname_len, "%s_%u", name, counter));
counter++;
}
if (counter < 1000)

14
src/openvpn/error.c
View File

@ -274,14 +274,14 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
if ((flags & M_ERRNO) && e)
{
openvpn_snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)",
m1, openvpn_strerror(e, crt_error, &gc), e);
snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)",
m1, openvpn_strerror(e, crt_error, &gc), e);
SWAP;
}
if (flags & M_OPTERR)
{
openvpn_snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1);
snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1);
SWAP;
}
@ -321,10 +321,10 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist)
const struct virtual_output *vo = msg_get_virtual_output();
if (vo)
{
openvpn_snprintf(m2, ERR_BUF_SIZE, "%s%s%s",
prefix,
prefix_sep,
m1);
snprintf(m2, ERR_BUF_SIZE, "%s%s%s",
prefix,
prefix_sep,
m1);
virtual_output_print(vo, flags, m2);
}
}

2
src/openvpn/init.c
View File

@ -359,7 +359,7 @@ management_callback_remote_entry_get(void *arg, unsigned int index, char **remot
char *out = malloc(len);
check_malloc_return(out);
openvpn_snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status);
snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status);
*remote = out;
}
else

8
src/openvpn/manage.c
View File

@ -515,8 +515,8 @@ man_bytecount_output_client(struct management *man,
char out[32];
/* do in a roundabout way to work around possible mingw or mingw-glibc bug */
openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes);
openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes);
snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes);
snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes);
msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out);
}
@ -528,8 +528,8 @@ man_bytecount_output_server(const counter_type *bytes_in_total,
char in[32];
char out[32];
/* do in a roundabout way to work around possible mingw or mingw-glibc bug */
openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total);
openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total);
snprintf(in, sizeof(in), counter_format, *bytes_in_total);
snprintf(out, sizeof(out), counter_format, *bytes_out_total);
msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out);
mdac->bytecount_last_update = now;
}

8
src/openvpn/options.c
View File

@ -1427,7 +1427,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es)
for (int i = 1; i <= opt_max; ++i)
{
char name[32];
openvpn_snprintf(name, sizeof(name), "foreign_option_%d", i);
snprintf(name, sizeof(name), "foreign_option_%d", i);
const char *env_str = env_set_get(es, name);
const char *value = strchr(env_str, '=') + 1;
@ -1482,7 +1482,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es)
while (o->foreign_option_index < opt_max)
{
char name[32];
openvpn_snprintf(name, sizeof(name), "foreign_option_%d", opt_max--);
snprintf(name, sizeof(name), "foreign_option_%d", opt_max--);
setenv_del(es, name);
}
}
@ -5674,8 +5674,8 @@ set_user_script(struct options *options,
#ifndef ENABLE_SMALL
{
char script_name[100];
openvpn_snprintf(script_name, sizeof(script_name),
"--%s script", type);
snprintf(script_name, sizeof(script_name),
"--%s script", type);
if (check_cmd_access(*script, script_name, (in_chroot ? options->chroot_dir : NULL)))
{

6
src/openvpn/pkcs11.c
View File

@ -201,7 +201,7 @@ _pkcs11_openvpn_token_prompt(
CLEAR(token_resp);
token_resp.defined = false;
token_resp.nocache = true;
openvpn_snprintf(
snprintf(
token_resp.username,
sizeof(token_resp.username),
"Please insert %s token",
@ -245,7 +245,7 @@ _pkcs11_openvpn_pin_prompt(
ASSERT(token!=NULL);
openvpn_snprintf(prompt, sizeof(prompt), "%s token", token->label);
snprintf(prompt, sizeof(prompt), "%s token", token->label);
token_pass.defined = false;
token_pass.nocache = true;
@ -719,7 +719,7 @@ tls_ctx_use_pkcs11(
id_resp.defined = false;
id_resp.nocache = true;
openvpn_snprintf(
snprintf(
id_resp.username,
sizeof(id_resp.username),
"Please specify PKCS#11 id to use"

6
src/openvpn/platform.c
View File

@ -564,9 +564,9 @@ platform_create_temp_file(const char *directory, const char *prefix, struct gc_a
{
++attempts;
if (!openvpn_snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len,
prefix, (unsigned long) get_random(),
(unsigned long) get_random()))
if (!snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len,
prefix, (unsigned long) get_random(),
(unsigned long) get_random()))
{
msg(M_WARN, "ERROR: temporary filename too long");
return NULL;

4
src/openvpn/plugin.c
View File

@ -260,7 +260,7 @@ plugin_init_item(struct plugin *p, const struct plugin_option *o)
{
char full[PATH_MAX];
openvpn_snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname);
p->handle = dlopen(full, RTLD_NOW);
}
else
@ -409,7 +409,7 @@ plugin_vlog(openvpn_plugin_log_flags_t flags, const char *name, const char *form
gc_init(&gc);
msg_fmt = gc_malloc(ERR_BUF_SIZE, false, &gc);
openvpn_snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format);
snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format);
x_msg_va(msg_flags, msg_fmt, arglist);
gc_free(&gc);

2
src/openvpn/pool.c
View File

@ -766,7 +766,7 @@ ifconfig_pool_test(in_addr_t start, in_addr_t end)
ifconfig_pool_handle h;
in_addr_t local, remote;
char buf[256];
openvpn_snprintf(buf, sizeof(buf), "common-name-%d", i);
snprintf(buf, sizeof(buf), "common-name-%d", i);
#ifdef DUP_CN
cn = NULL;
#else

87
src/openvpn/proxy.c
View File

@ -582,9 +582,9 @@ add_proxy_headers(struct http_proxy_info *p,
{
if (p->options.custom_headers[i].content)
{
openvpn_snprintf(buf, sizeof(buf), "%s: %s",
p->options.custom_headers[i].name,
p->options.custom_headers[i].content);
snprintf(buf, sizeof(buf), "%s: %s",
p->options.custom_headers[i].name,
p->options.custom_headers[i].content);
if (!strcasecmp(p->options.custom_headers[i].name, "Host"))
{
host_header_sent = true;
@ -592,8 +592,8 @@ add_proxy_headers(struct http_proxy_info *p,
}
else
{
openvpn_snprintf(buf, sizeof(buf), "%s",
p->options.custom_headers[i].name);
snprintf(buf, sizeof(buf), "%s",
p->options.custom_headers[i].name);
if (!strncasecmp(p->options.custom_headers[i].name, "Host:", 5))
{
host_header_sent = true;
@ -609,7 +609,7 @@ add_proxy_headers(struct http_proxy_info *p,
if (!host_header_sent)
{
openvpn_snprintf(buf, sizeof(buf), "Host: %s", host);
snprintf(buf, sizeof(buf), "Host: %s", host);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{
@ -620,8 +620,8 @@ add_proxy_headers(struct http_proxy_info *p,
/* send User-Agent string if provided */
if (p->options.user_agent)
{
openvpn_snprintf(buf, sizeof(buf), "User-Agent: %s",
p->options.user_agent);
snprintf(buf, sizeof(buf), "User-Agent: %s",
p->options.user_agent);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{
@ -667,10 +667,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
else
{
/* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host,
port,
p->options.http_version);
snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host,
port,
p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -692,8 +692,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
break;
case HTTP_AUTH_BASIC:
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s",
username_password_as_base64(p, &gc));
snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s",
username_password_as_base64(p, &gc));
msg(D_PROXY, "Attempting Basic Proxy-Authorization");
dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
@ -705,14 +705,14 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
#if NTLM
case HTTP_AUTH_NTLM2:
/* keep-alive connection */
openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
if (!send_line_crlf(sd, buf))
{
goto error;
}
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s",
ntlm_phase_1(p, &gc));
snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s",
ntlm_phase_1(p, &gc));
msg(D_PROXY, "Attempting NTLM Proxy-Authorization phase 1");
dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
@ -773,7 +773,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
char get[80];
CLEAR(buf2);
openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1);
snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1);
nparms = sscanf(buf, get, buf2);
/* check for "Proxy-Authenticate: NTLM TlRM..." */
@ -795,10 +795,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
/* now send the phase 3 reply */
/* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host,
port,
p->options.http_version);
snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s",
host,
port,
p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -809,7 +809,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
}
/* keep-alive connection */
openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive");
if (!send_line_crlf(sd, buf))
{
goto error;
@ -829,7 +829,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
msg(D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server");
goto error;
}
openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3);
snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3);
}
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -899,15 +899,15 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
/* build the digest response */
openvpn_snprintf(uri, sizeof(uri), "%s:%s",
host,
port);
snprintf(uri, sizeof(uri), "%s:%s",
host,
port);
if (opaque)
{
const int len = strlen(opaque)+16;
opaque_kv = gc_malloc(len, false, &gc);
openvpn_snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque);
snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque);
}
DigestCalcHA1(algor,
@ -928,10 +928,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
response);
/* format HTTP CONNECT message */
openvpn_snprintf(buf, sizeof(buf), "%s %s HTTP/%s",
http_method,
uri,
p->options.http_version);
snprintf(buf, sizeof(buf), "%s %s HTTP/%s",
http_method,
uri,
p->options.http_version);
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
@ -948,21 +948,22 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
}
/* send digest response */
int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
username,
realm,
nonce,
uri,
qop,
nonce_count,
cnonce,
response,
opaque_kv
);
int sret = snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s",
username,
realm,
nonce,
uri,
qop,
nonce_count,
cnonce,
response,
opaque_kv
);
if (sret >= sizeof(buf))
{
goto error;
}
msg(D_PROXY, "Send to HTTP proxy: '%s'", buf);
if (!send_line_crlf(sd, buf))
{

2
src/openvpn/ps.c
View File

@ -354,7 +354,7 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c
fnlen = strlen(journal_dir) + strlen(t) + 2;
jfn = (char *) malloc(fnlen);
check_malloc_return(jfn);
openvpn_snprintf(jfn, fnlen, "%s/%s", journal_dir, t);
snprintf(jfn, fnlen, "%s/%s", journal_dir, t);
dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: client origin %s -> %s", jfn, f);
fd = platform_open(jfn, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP);
if (fd != -1)

6
src/openvpn/route.c
View File

@ -1621,11 +1621,11 @@ add_route(struct route_ipv4 *r,
if (rgi)
{
openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface);
}
else
{
openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway);
}
bool ret = management_android_control(management, "ROUTE", out);
status = ret ? RTA_SUCCESS : RTA_ERROR;
@ -2000,7 +2000,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt,
#elif defined (TARGET_ANDROID)
char out[64];
openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device);
status = management_android_control(management, "ROUTE6", out);

4
src/openvpn/run_command.h
View File

@ -66,8 +66,8 @@ openvpn_run_script(const struct argv *a, const struct env_set *es,
{
char msg[256];
openvpn_snprintf(msg, sizeof(msg),
"WARNING: Failed running command (%s)", hook);
snprintf(msg, sizeof(msg),
"WARNING: Failed running command (%s)", hook);
return openvpn_execve_check(a, es, flags | S_SCRIPT, msg);
}

12
src/openvpn/socket.c
View File

@ -2983,11 +2983,11 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
case AF_INET:
if (flags & SA_IP_PORT)
{
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
}
else
{
openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s", name_prefix);
}
inet_ntop(AF_INET, &addr->addr.in4.sin_addr, buf, sizeof(buf));
@ -2995,7 +2995,7 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port)
{
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port));
}
break;
@ -3006,19 +3006,19 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp
struct in_addr ia;
memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12],
sizeof(ia.s_addr));
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix);
inet_ntop(AF_INET, &ia, buf, sizeof(buf));
}
else
{
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix);
inet_ntop(AF_INET6, &addr->addr.in6.sin6_addr, buf, sizeof(buf));
}
setenv_str(es, name_buf, buf);
if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port)
{
openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix);
setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port));
}
break;

7
src/openvpn/socks.c
View File

@ -109,9 +109,10 @@ socks_username_password_auth(struct socks_proxy_info *p,
"Authentication not possible.");
goto cleanup;
}
int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
(int) strlen(creds.username), creds.username,
(int) strlen(creds.password), creds.password);
int sret = snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s",
(int) strlen(creds.username), creds.username,
(int) strlen(creds.password), creds.password);
ASSERT(sret <= sizeof(to_send));
size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL);

12
src/openvpn/ssl_mbedtls.c
View File

@ -1531,16 +1531,16 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
char s2[256];
s1[0] = s2[0] = 0;
openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s",
prefix,
mbedtls_ssl_get_version(ks_ssl->ctx),
mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
snprintf(s1, sizeof(s1), "%s %s, cipher %s",
prefix,
mbedtls_ssl_get_version(ks_ssl->ctx),
mbedtls_ssl_get_ciphersuite(ks_ssl->ctx));
cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx);
if (cert != NULL)
{
openvpn_snprintf(s2, sizeof(s2), ", %u bit key",
(unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
snprintf(s2, sizeof(s2), ", %u bit key",
(unsigned int) mbedtls_pk_get_bitlen(&cert->pk));
}
msg(D_HANDSHAKE, "%s%s", s1, s2);

4
src/openvpn/ssl_ncp.c
View File

@ -198,8 +198,8 @@ append_cipher_to_ncp_list(struct options *o, const char *ciphername)
size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(ciphername) + 1;
char *ncp_ciphers = gc_malloc(newlen, false, &o->gc);
ASSERT(openvpn_snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers,
ciphername));
ASSERT(snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers,
ciphername));
o->ncp_ciphers = ncp_ciphers;
}

32
src/openvpn/ssl_openssl.c
View File

@ -1774,7 +1774,7 @@ open_biofp(void)
if (!biofp)
{
char fn[256];
openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle);
biofp = fopen(fn, "w");
ASSERT(biofp);
biofp_last_open = time(NULL);
@ -2116,8 +2116,8 @@ print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen)
#endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */
}
openvpn_snprintf(buf, buflen, "%d bits %s%s",
EVP_PKEY_bits(pkey), type, curve);
snprintf(buf, buflen, "%d bits %s%s",
EVP_PKEY_bits(pkey), type, curve);
}
/**
@ -2137,12 +2137,12 @@ print_cert_details(X509 *cert, char *buf, size_t buflen)
int signature_nid = X509_get_signature_nid(cert);
if (signature_nid != 0)
{
openvpn_snprintf(sig, sizeof(sig), ", signature: %s",
OBJ_nid2sn(signature_nid));
snprintf(sig, sizeof(sig), ", signature: %s",
OBJ_nid2sn(signature_nid));
}
openvpn_snprintf(buf, buflen, ", peer certificate: %s%s",
pkeybuf, sig);
snprintf(buf, buflen, ", peer certificate: %s%s",
pkeybuf, sig);
EVP_PKEY_free(pkey);
}
@ -2160,8 +2160,8 @@ print_server_tempkey(SSL *ssl, char *buf, size_t buflen)
char pkeybuf[128] = { 0 };
print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf));
openvpn_snprintf(buf, buflen, ", peer temporary key: %s",
pkeybuf);
snprintf(buf, buflen, ", peer temporary key: %s",
pkeybuf);
EVP_PKEY_free(pkey);
}
@ -2238,8 +2238,8 @@ print_peer_signature(SSL *ssl, char *buf, size_t buflen)
return;
}
openvpn_snprintf(buf, buflen, ", peer signing digest/type: %s %s",
peer_sig, peer_sig_type);
snprintf(buf, buflen, ", peer signing digest/type: %s %s",
peer_sig, peer_sig_type);
}
@ -2262,11 +2262,11 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix)
s1[0] = s2[0] = s3[0] = s4[0] = 0;
ciph = SSL_get_current_cipher(ks_ssl->ssl);
openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
prefix,
SSL_get_version(ks_ssl->ssl),
SSL_CIPHER_get_version(ciph),
SSL_CIPHER_get_name(ciph));
snprintf(s1, sizeof(s1), "%s %s, cipher %s %s",
prefix,
SSL_get_version(ks_ssl->ssl),
SSL_CIPHER_get_version(ciph),
SSL_CIPHER_get_name(ciph));
X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl);
if (cert)

22
src/openvpn/ssl_verify.c
View File

@ -421,12 +421,12 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
}
/* export subject name string as environmental variable */
openvpn_snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth);
setenv_str(es, envname, subject);
#if 0
/* export common name string as environmental variable */
openvpn_snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth);
setenv_str(es, envname, common_name);
#endif
@ -435,24 +435,24 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert
struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc);
struct buffer sha256 = x509_get_sha256_fingerprint(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth);
snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth);
setenv_str(es, envname,
format_hex_ex(BPTR(&sha1), BLEN(&sha1), 0, 1, ":", &gc));
openvpn_snprintf(envname, sizeof(envname), "tls_digest_sha256_%d",
cert_depth);
snprintf(envname, sizeof(envname), "tls_digest_sha256_%d",
cert_depth);
setenv_str(es, envname,
format_hex_ex(BPTR(&sha256), BLEN(&sha256), 0, 1, ":", &gc));
}
/* export serial number as environmental variable */
serial = backend_x509_get_serial(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth);
snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth);
setenv_str(es, envname, serial);
/* export serial number in hex as environmental variable */
serial = backend_x509_get_serial_hex(peer_cert, &gc);
openvpn_snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth);
snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth);
setenv_str(es, envname, serial);
gc_free(&gc);
@ -569,7 +569,7 @@ verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert,
goto cleanup;
}
if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial))
if (!snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial))
{
msg(D_HANDSHAKE, "VERIFY CRL: filename overflow");
goto cleanup;
@ -938,9 +938,9 @@ key_state_check_auth_pending_file(struct auth_deferred_status *ads,
if (!check_auth_pending_method(multi->peer_info, pending_method))
{
char buf[128];
openvpn_snprintf(buf, sizeof(buf),
"Authentication failed, required pending auth "
"method '%s' not supported", pending_method);
snprintf(buf, sizeof(buf),
"Authentication failed, required pending auth "
"method '%s' not supported", pending_method);
auth_set_client_reason(multi, buf);
msg(M_INFO, "Client does not supported auth pending method "
"'%s'", pending_method);

14
src/openvpn/ssl_verify_mbedtls.c
View File

@ -86,8 +86,8 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth,
char *serial = backend_x509_get_serial(cert, &gc);
ret = mbedtls_x509_crt_verify_info(errstr, sizeof(errstr)-1, "", *flags);
if (ret <= 0 && !openvpn_snprintf(errstr, sizeof(errstr),
"Could not retrieve error string, flags=%" PRIx32, *flags))
if (ret <= 0 && !snprintf(errstr, sizeof(errstr),
"Could not retrieve error string, flags=%" PRIx32, *flags))
{
errstr[0] = '\0';
}
@ -307,7 +307,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
name_expand_size = 64 + strlen(name);
name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
setenv_str(es, name_expand, value);
free(name_expand);
}
@ -431,13 +431,13 @@ x509_setenv(struct env_set *es, int cert_depth, mbedtls_x509_crt *cert)
if (0 == mbedtls_oid_get_attr_short_name(&name->oid, &shortname) )
{
openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_%s",
cert_depth, shortname);
snprintf(name_expand, sizeof(name_expand), "X509_%d_%s",
cert_depth, shortname);
}
else
{
openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?",
cert_depth);
snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?",
cert_depth);
}
for (i = 0; i < name->val.len; i++)

8
src/openvpn/ssl_verify_openssl.c
View File

@ -279,7 +279,7 @@ backend_x509_get_username(char *common_name, int cn_len,
gc_free(&gc);
return FAILURE;
}
openvpn_snprintf(common_name, cn_len, "0x%s", serial);
snprintf(common_name, cn_len, "0x%s", serial);
gc_free(&gc);
}
else
@ -454,7 +454,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth)
name_expand_size = 64 + strlen(name);
name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name);
setenv_str(es, name_expand, value);
free(name_expand);
}
@ -597,8 +597,8 @@ x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert)
name_expand_size = 64 + strlen(objbuf);
name_expand = (char *) malloc(name_expand_size);
check_malloc_return(name_expand);
openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth,
objbuf);
snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth,
objbuf);
string_mod(name_expand, CC_PRINT, CC_CRLF, '_');
string_mod((char *)buf, CC_PRINT, CC_CRLF, '_');
setenv_str_incr(es, name_expand, (char *)buf);

4
src/openvpn/tls_crypt.c
View File

@ -574,8 +574,8 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx,
}
char metadata_type_str[4] = { 0 }; /* Max value: 255 */
openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str),
"%i", (uint8_t) metadata_type);
snprintf(metadata_type_str, sizeof(metadata_type_str),
"%i", (uint8_t) metadata_type);
struct env_set *es = env_set_create(NULL);
setenv_str(es, "script_type", "tls-crypt-v2-verify");
setenv_str(es, "metadata_type", metadata_type_str);

68
src/openvpn/tun.c
View File

@ -1114,8 +1114,8 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu,
#elif defined(TARGET_ANDROID)
char out6[64];
openvpn_snprintf(out6, sizeof(out6), "%s/%d %d",
ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu);
snprintf(out6, sizeof(out6), "%s/%d %d",
ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu);
management_android_control(management, "IFCONFIG6", out6);
#elif defined(TARGET_SOLARIS)
argv_printf(&argv, "%s %s inet6 unplumb", IFCONFIG_PATH, ifname);
@ -1362,8 +1362,8 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu,
top = "undef";
}
openvpn_snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local,
ifconfig_remote_netmask, tun_mtu, top);
snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local,
ifconfig_remote_netmask, tun_mtu, top);
management_android_control(management, "IFCONFIG", out);
#elif defined(TARGET_SOLARIS)
@ -1912,7 +1912,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
*/
if (dev_node)
{
openvpn_snprintf(tunname, sizeof(tunname), "%s", dev_node);
snprintf(tunname, sizeof(tunname), "%s", dev_node);
}
else
{
@ -1926,10 +1926,10 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
{
for (int i = 0; i < 256; ++i)
{
openvpn_snprintf(tunname, sizeof(tunname),
"/dev/%s%d", dev, i);
openvpn_snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i);
snprintf(tunname, sizeof(tunname),
"/dev/%s%d", dev, i);
snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i);
if ((tt->fd = open(tunname, O_RDWR)) > 0)
{
dynamic_opened = true;
@ -1947,7 +1947,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node,
*/
else
{
openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
}
}
@ -2002,8 +2002,8 @@ open_tun_dco_generic(const char *dev, const char *dev_type,
{
for (int i = 0; i < 256; ++i)
{
openvpn_snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i);
snprintf(dynamic_name, sizeof(dynamic_name),
"%s%d", dev, i);
int ret = open_tun_dco(tt, ctx, dynamic_name);
if (ret == 0)
{
@ -2519,7 +2519,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
tt->actual_name = (char *) malloc(32);
check_malloc_return(tt->actual_name);
openvpn_snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa);
snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa);
if (tt->type == DEV_TYPE_TAP)
{
@ -3509,7 +3509,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
int i;
for (i = 0; i<99; i++)
{
openvpn_snprintf(tunname, sizeof(tunname), "/dev/tap%d", i);
snprintf(tunname, sizeof(tunname), "/dev/tap%d", i);
if (access( tunname, F_OK ) < 0 && errno == ENOENT)
{
break;
@ -3520,7 +3520,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
msg( M_FATAL, "cannot find unused tap device" );
}
openvpn_snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i );
snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i );
dev = dynamic_name;
}
else /* name given, sanity check */
@ -3536,7 +3536,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun
msg( M_FATAL, "TAP device name must be '--dev tapNNNN'" );
}
openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
snprintf(tunname, sizeof(tunname), "/dev/%s", dev);
}
/* pre-existing device?
@ -3956,8 +3956,8 @@ get_tap_reg(struct gc_arena *gc)
ADAPTER_KEY);
}
openvpn_snprintf(unit_string, sizeof(unit_string), "%s\\%s",
ADAPTER_KEY, enum_name);
snprintf(unit_string, sizeof(unit_string), "%s\\%s",
ADAPTER_KEY, enum_name);
status = RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
@ -4098,9 +4098,9 @@ get_panel_reg(struct gc_arena *gc)
NETWORK_CONNECTIONS_KEY);
}
openvpn_snprintf(connection_string, sizeof(connection_string),
"%s\\%s\\Connection",
NETWORK_CONNECTIONS_KEY, enum_name);
snprintf(connection_string, sizeof(connection_string),
"%s\\%s\\Connection",
NETWORK_CONNECTIONS_KEY, enum_name);
status = RegOpenKeyEx(
HKEY_LOCAL_MACHINE,
@ -4984,7 +4984,7 @@ get_adapter_index_method_1(const char *guid)
DWORD index;
ULONG aindex;
wchar_t wbuf[256];
openvpn_swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid);
swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid);
if (GetAdapterIndex(wbuf, &aindex) != NO_ERROR)
{
index = TUN_ADAPTER_INDEX_INVALID;
@ -5164,10 +5164,10 @@ tap_allow_nonadmin_access(const char *dev_node)
}
/* Open Windows TAP-Windows adapter */
openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
hand = CreateFile(
device_path,
@ -5208,10 +5208,10 @@ tap_allow_nonadmin_access(const char *dev_node)
}
/* Open Windows TAP-Windows adapter */
openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
snprintf(device_path, sizeof(device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
hand = CreateFile(
device_path,
@ -6607,10 +6607,10 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev
else
{
/* Open TAP-Windows */
openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s",
USERMODEDEVICEDIR,
device_guid,
TAP_WIN_SUFFIX);
path = tuntap_device_path;
}

25
src/openvpn/win32.c
View File

@ -885,8 +885,8 @@ env_block(const struct env_set *es)
char force_path[256];
char *sysroot = get_win_sys_path();
if (!openvpn_snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem",
sysroot, sysroot, sysroot))
if (!snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem",
sysroot, sysroot, sysroot))
{
msg(M_WARN, "env_block: default path truncated to %s", force_path);
}
@ -1482,27 +1482,12 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t size,
return ret;
}
bool
openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...)
{
va_list arglist;
int len = -1;
if (size > 0)
{
va_start(arglist, format);
len = vswprintf(str, size, format, arglist);
va_end(arglist);
str[size - 1] = L'\0';
}
return (len >= 0 && len < size);
}
bool
get_openvpn_reg_value(const WCHAR *key, WCHAR *value, DWORD size)
{
WCHAR reg_path[256];
HKEY hkey;
openvpn_swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME);
swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME);
LONG status = RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &hkey);
if (status != ERROR_SUCCESS)
@ -1528,7 +1513,7 @@ set_openssl_env_vars()
/* if we cannot find installation path from the registry,
* use Windows directory as a fallback
*/
openvpn_swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir);
swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir);
}
if ((install_path[wcslen(install_path) - 1]) == L'\\')
@ -1553,7 +1538,7 @@ set_openssl_env_vars()
if (size == 0)
{
WCHAR val[MAX_PATH] = {0};
openvpn_swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value);
swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value);
_wputenv_s(ossl_env[i].name, val);
}
}

8
src/openvpn/win32.h
View File

@ -319,14 +319,6 @@ bool send_msg_iservice(HANDLE pipe, const void *data, size_t size,
int
openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags);
/*
* openvpn_swprintf() is currently only used by Windows code paths
* and when enabled for all platforms it will currently break older
* OpenBSD versions lacking vswprintf(3) support in their libc.
*/
bool
openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
/* Sleep that can be interrupted by signals and exit event */
void win32_sleep(const int n);

10
src/openvpn/xkey_helper.c
View File

@ -205,7 +205,7 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
}
else
{
openvpn_snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname);
snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname);
}
}
else if (!strcmp(alg.keytype, "ED448") || !strcmp(alg.keytype, "ED25519"))
@ -229,8 +229,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
/* For undigested message, add hashalg=digest parameter */
else
{
openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s",
"RSA_PKCS1_PADDING", alg.mdname);
snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s",
"RSA_PKCS1_PADDING", alg.mdname);
}
}
else if (!strcmp(alg.padmode, "none") && (flags & MF_EXTERNAL_KEY_NOPADDING)
@ -240,8 +240,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen,
}
else if (!strcmp(alg.padmode, "pss") && (flags & MF_EXTERNAL_KEY_PSSPAD))
{
openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s",
"RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen);
snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s",
"RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen);
}
else
{

52
src/openvpnserv/common.c
View File

@ -27,36 +27,6 @@
LPCTSTR service_instance = TEXT("");
static wchar_t win_sys_path[MAX_PATH];
/*
* These are necessary due to certain buggy implementations of (v)snprintf,
* that don't guarantee null termination for size > 0.
*/
BOOL
openvpn_vswprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist)
{
int len = -1;
if (size > 0)
{
len = vswprintf_s(str, size, format, arglist);
str[size - 1] = 0;
}
return (len >= 0 && (size_t)len < size);
}
BOOL
openvpn_swprintf(LPTSTR str, size_t size, LPCTSTR format, ...)
{
va_list arglist;
BOOL res = FALSE;
if (size > 0)
{
va_start(arglist, format);
res = openvpn_vswprintf(str, size, format, arglist);
va_end(arglist);
}
return res;
}
static DWORD
GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_value)
{
@ -66,7 +36,7 @@ GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_v
if (status == ERROR_FILE_NOT_FOUND && default_value)
{
size_t len = size/sizeof(data[0]);
if (openvpn_swprintf(data, len, default_value))
if (swprintf(data, len, default_value))
{
status = ERROR_SUCCESS;
}
@ -93,7 +63,7 @@ GetOpenvpnSettings(settings_t *s)
TCHAR install_path[MAX_PATH];
TCHAR default_value[MAX_PATH];
openvpn_swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance);
swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance);
LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &key);
if (status != ERROR_SUCCESS)
@ -110,15 +80,15 @@ GetOpenvpnSettings(settings_t *s)
goto out;
}
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"),
install_path);
swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"),
install_path);
error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path), default_value);
if (error != ERROR_SUCCESS)
{
goto out;
}
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path);
swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path);
error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir),
default_value);
if (error != ERROR_SUCCESS)
@ -133,7 +103,7 @@ GetOpenvpnSettings(settings_t *s)
goto out;
}
openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path);
swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path);
error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir), default_value);
if (error != ERROR_SUCCESS)
{
@ -229,7 +199,7 @@ GetLastErrorText()
else
{
tmp[wcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */
openvpn_swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error);
swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error);
}
if (tmp)
@ -259,12 +229,12 @@ MsgToEventLog(DWORD flags, LPCTSTR format, ...)
hEventSource = RegisterEventSource(NULL, APPNAME);
if (hEventSource != NULL)
{
openvpn_swprintf(msg[0], _countof(msg[0]),
TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance,
(flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg);
swprintf(msg[0], _countof(msg[0]),
TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance,
(flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg);
va_start(arglist, format);
openvpn_vswprintf(msg[1], _countof(msg[1]), format, arglist);
vswprintf(msg[1], _countof(msg[1]), format, arglist);
va_end(arglist);
const TCHAR *mesg[] = { msg[0], msg[1] };

57
src/openvpnserv/interactive.c
View File

@ -311,7 +311,7 @@ ReturnProcessId(HANDLE pipe, DWORD pid, DWORD count, LPHANDLE events)
* Same format as error messages (3 line string) with error = 0 in
* 0x%08x format, PID on line 2 and a description "Process ID" on line 3
*/
openvpn_swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg);
swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg);
WritePipeAsync(pipe, buf, (DWORD)(wcslen(buf) * 2), count, events);
}
@ -385,9 +385,9 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
if (!argv)
{
openvpn_swprintf(errmsg, capacity,
L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x",
GetLastError());
swprintf(errmsg, capacity,
L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x",
GetLastError());
goto out;
}
@ -407,8 +407,8 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
if (!CheckOption(workdir, 2, argv_tmp, &settings))
{
openvpn_swprintf(errmsg, capacity, msg1, argv[0], workdir,
settings.ovpn_admin_group);
swprintf(errmsg, capacity, msg1, argv[0], workdir,
settings.ovpn_admin_group);
}
goto out;
}
@ -424,13 +424,13 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR *
{
if (wcscmp(L"--config", argv[i]) == 0 && argc-i > 1)
{
openvpn_swprintf(errmsg, capacity, msg1, argv[i+1], workdir,
settings.ovpn_admin_group);
swprintf(errmsg, capacity, msg1, argv[i+1], workdir,
settings.ovpn_admin_group);
}
else
{
openvpn_swprintf(errmsg, capacity, msg2, argv[i],
settings.ovpn_admin_group);
swprintf(errmsg, capacity, msg2, argv[i],
settings.ovpn_admin_group);
}
goto out;
}
@ -985,7 +985,7 @@ RegisterDNS(LPVOID unused)
HANDLE wait_handles[2] = {rdns_semaphore, exit_event};
openvpn_swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe");
swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe");
if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0)
{
@ -1064,7 +1064,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
}
/* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template:
* netsh interface $proto $action dns $if_name $addr [validate=no]
@ -1080,7 +1080,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam
goto out;
}
openvpn_swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr);
swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr);
if (IsWindows7OrGreater())
{
@ -1124,7 +1124,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add
}
/* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template:
* netsh interface ip $action wins $if_name $static $addr
@ -1141,7 +1141,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add
goto out;
}
openvpn_swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr);
swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr);
err = ExecCommand(argv0, cmdline, timeout);
@ -1167,7 +1167,7 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index,
wchar_t *cmdline = NULL;
int timeout = 10000; /* in msec */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe");
swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe");
const wchar_t *fmt;
/* comma separated list must be enclosed in parenthesis */
@ -1188,8 +1188,8 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index,
return ERROR_OUTOFMEMORY;
}
openvpn_swprintf(cmdline, ncmdline, fmt, if_index, action,
data ? data : L"");
swprintf(cmdline, ncmdline, fmt, if_index, action,
data ? data : L"");
err = ExecCommand(argv0, cmdline, timeout);
free(cmdline);
@ -1453,7 +1453,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp)
wchar_t argv0[MAX_PATH];
/* Path of netsh */
openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe");
/* cmd template:
* netsh interface ipv4 set address name=$if_index source=dhcp
@ -1471,7 +1471,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp)
return err;
}
openvpn_swprintf(cmdline, ncmdline, fmt, dhcp->iface.index);
swprintf(cmdline, ncmdline, fmt, dhcp->iface.index);
err = ExecCommand(argv0, cmdline, timeout);
@ -1970,8 +1970,8 @@ RunOpenvpn(LPVOID p)
goto out;
}
openvpn_swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name),
TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId());
swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name),
TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId());
ovpn_pipe = CreateNamedPipe(ovpn_pipe_name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL);
@ -2003,8 +2003,11 @@ RunOpenvpn(LPVOID p)
ReturnLastError(pipe, L"malloc");
goto out;
}
openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, svc_pipe);
/* there seem to be no common printf specifier that works on all
* mingw/msvc platforms without trickery, so convert to void* and use
* PRIuPTR to print that as best compromise */
swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR,
sud.options, (uintptr_t)svc_pipe);
if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE))
{
@ -2079,8 +2082,8 @@ RunOpenvpn(LPVOID p)
else if (exit_code != 0)
{
WCHAR buf[256];
openvpn_swprintf(buf, _countof(buf),
L"OpenVPN exited with error: exit code = %lu", exit_code);
swprintf(buf, _countof(buf),
L"OpenVPN exited with error: exit code = %lu", exit_code);
ReturnError(pipe, ERROR_OPENVPN_STARTUP, buf, 1, &exit_event);
}
Undo(&undo_lists);
@ -2174,7 +2177,7 @@ CreateClientPipeInstance(VOID)
initialized = TRUE;
}
openvpn_swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance);
swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance);
pipe = CreateNamedPipe(pipe_name, flags,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS,
PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL);

6
src/openvpnserv/service.h
View File

@ -81,12 +81,6 @@ VOID WINAPI ServiceStartInteractiveOwn(DWORD argc, LPTSTR *argv);
VOID WINAPI ServiceStartInteractive(DWORD argc, LPTSTR *argv);
BOOL openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist);
BOOL openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...);
BOOL openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
DWORD GetOpenvpnSettings(settings_t *s);
BOOL ReportStatusToSCMgr(SERVICE_STATUS_HANDLE service, SERVICE_STATUS *status);

2
src/openvpnserv/validate.c
View File

@ -68,7 +68,7 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s)
/* convert fname to full path */
if (PathIsRelativeW(fname) )
{
openvpn_swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname);
swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname);
config_file = tmp;
}
else

51
tests/unit_tests/openvpn/test_buffer.c
View File

@ -354,6 +354,56 @@ test_character_class(void **state)
assert_string_equal(buf, "There is a .'nice.' \"1234\" [.] year old .tree!");
}
static void
test_snprintf(void **state)
{
/* we used to have a custom openvpn_snprintf function because some
* OS (the comment did not specify which) did not always put the
* null byte there. So we unit test this to be sure.
*
* This probably refers to the MSVC behaviour, see also
* https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating
*/
/* Instead of trying to trick the compiler here, disable the warnings
* for this unit test. We know that the results will be truncated
* and we want to test that */
#if defined(__GNUC__)
/* some clang version do not understand -Wformat-truncation, so ignore the
* warning to avoid warnings/errors (-Werror) about unknown pragma/option */
#if defined(__clang__)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunknown-warning-option"
#endif
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wformat-truncation"
#endif
char buf[10] = { 'a' };
int ret = 0;
ret = snprintf(buf, sizeof(buf), "0123456789abcde");
assert_int_equal(ret, 15);
assert_int_equal(buf[9], '\0');
memset(buf, 'b', sizeof(buf));
ret = snprintf(buf, sizeof(buf), "- %d - %d -", 77, 88);
assert_int_equal(ret, 11);
assert_int_equal(buf[9], '\0');
memset(buf, 'c', sizeof(buf));
ret = snprintf(buf, sizeof(buf), "- %8.2f", 77.8899);
assert_int_equal(ret, 10);
assert_int_equal(buf[9], '\0');
#if defined(__GNUC__)
#pragma GCC diagnostic pop
#if defined(__clang__)
#pragma clang diagnostic pop
#endif
#endif
}
int
main(void)
{
@ -387,6 +437,7 @@ main(void)
cmocka_unit_test(test_buffer_free_gc_two),
cmocka_unit_test(test_buffer_gc_realloc),
cmocka_unit_test(test_character_class),
cmocka_unit_test(test_snprintf)
};
return cmocka_run_group_tests_name("buffer", tests, NULL, NULL);

10
tests/unit_tests/openvpn/test_cryptoapi.c
View File

@ -271,7 +271,7 @@ test_find_cert_bythumb(void **state)
for (struct test_cert *c = certs; c->cert; c++)
{
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
ctx = find_certificate_in_store(select_string, user_store);
if (ctx)
{
@ -304,7 +304,7 @@ test_find_cert_byname(void **state)
for (struct test_cert *c = certs; c->cert; c++)
{
openvpn_snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname);
snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname);
ctx = find_certificate_in_store(select_string, user_store);
/* In this case we expect a successful return as there is at least one valid
* cert that matches the common name. But the returned cert may not exactly match
@ -337,7 +337,7 @@ test_find_cert_byissuer(void **state)
for (struct test_cert *c = certs; c->cert; c++)
{
openvpn_snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer);
snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer);
ctx = find_certificate_in_store(select_string, user_store);
/* In this case we expect a successful return as there is at least one valid
* cert that matches the issuer. But the returned cert may not exactly match
@ -411,7 +411,7 @@ test_cryptoapi_sign(void **state)
{
continue;
}
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
if (Load_CryptoAPI_certificate(select_string, &x509, &privkey) != 1)
{
fail_msg("Load_CryptoAPI_certificate failed: <%s>", c->friendly_name);
@ -446,7 +446,7 @@ test_ssl_ctx_use_cryptoapicert(void **state)
SSL_CTX *ssl_ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method());
assert_non_null(ssl_ctx);
openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash);
if (!SSL_CTX_use_CryptoAPI_certificate(ssl_ctx, select_string))
{
fail_msg("SSL_CTX_use_CryptoAPI_certificate failed: <%s>", c->friendly_name);

6
tests/unit_tests/openvpn/test_pkcs11.c
View File

@ -161,7 +161,7 @@ get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix
}
else if (flags & GET_USER_PASS_PASSWORD_ONLY)
{
openvpn_snprintf(up->password, sizeof(up->password), "%s", PIN);
snprintf(up->password, sizeof(up->password), "%s", PIN);
}
else
{
@ -204,8 +204,8 @@ init(void **state)
{
fail_msg("make tmpfile using template <%s> failed (error = %d)", softhsm2_conf_path, errno);
}
openvpn_snprintf(config, sizeof(config), "directories.tokendir=%s/",
softhsm2_tokens_path);
snprintf(config, sizeof(config), "directories.tokendir=%s/",
softhsm2_tokens_path);
assert_int_equal(write(fd, config, strlen(config)), strlen(config));
close(fd);