diff --git a/plugins/sudoers/iolog.c b/plugins/sudoers/iolog.c index 4c4ccc6d2..0ec4bcdf9 100644 --- a/plugins/sudoers/iolog.c +++ b/plugins/sudoers/iolog.c @@ -612,32 +612,26 @@ sudoers_io_open_local(struct timespec *now) { struct eventlog *evlog = iolog_details.evlog; int i, ret = -1; - size_t len; debug_decl(sudoers_io_open_local, SUDOERS_DEBUG_PLUGIN); /* If no I/O log path defined we need to figure it out ourselves. */ if (evlog->iolog_path == NULL) { + int len; + /* Get next session ID and convert it into a path. */ - const size_t pathlen = sizeof(_PATH_SUDO_IO_LOGDIR "/00/00/00"); - if ((evlog->iolog_path = malloc(pathlen)) == NULL) { - sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); - goto done; - } - len = strlcpy(evlog->iolog_path, _PATH_SUDO_IO_LOGDIR, pathlen); - if (len + strlen("/00/00/00") >= pathlen) { - sudo_warnx(U_("internal error, %s overflow"), __func__); - goto done; - } - if (!iolog_nextid(evlog->iolog_path, evlog->sessid)) { + if (!iolog_nextid(_PATH_SUDO_IO_LOGDIR, evlog->sessid)) { log_warning(SLOG_SEND_MAIL, N_("unable to update sequence file")); warned = true; goto done; } - (void)snprintf(evlog->iolog_path + strlen(_PATH_SUDO_IO_LOGDIR), - pathlen - strlen(_PATH_SUDO_IO_LOGDIR), - "/%c%c/%c%c/%c%c", evlog->sessid[0], evlog->sessid[1], - evlog->sessid[2], evlog->sessid[3], evlog->sessid[4], - evlog->sessid[5]); + len = asprintf(&evlog->iolog_path, "%s/%c%c/%c%c/%c%c", + _PATH_SUDO_IO_LOGDIR, + evlog->sessid[0], evlog->sessid[1], evlog->sessid[2], + evlog->sessid[3], evlog->sessid[4], evlog->sessid[5]); + if (len == -1) { + sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + goto done; + } } /* diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c index 0f9ada432..4b768fdfb 100644 --- a/plugins/sudoers/ldap.c +++ b/plugins/sudoers/ldap.c @@ -1339,7 +1339,7 @@ sudo_krb5_copy_cc_file(const char *old_ccname) { int nfd, ofd = -1; ssize_t nread, nwritten = -1; - static char new_ccname[sizeof(_PATH_TMP) + sizeof("sudocc_XXXXXXXX") - 1]; + static char new_ccname[] = _PATH_TMP "sudocc_XXXXXXXX"; char buf[10240], *ret = NULL; debug_decl(sudo_krb5_copy_cc_file, SUDOERS_DEBUG_LDAP); @@ -1355,8 +1355,6 @@ sudo_krb5_copy_cc_file(const char *old_ccname) if (ofd != -1) { (void) fcntl(ofd, F_SETFL, 0); if (sudo_lock_file(ofd, SUDO_LOCK)) { - (void)snprintf(new_ccname, sizeof(new_ccname), "%s%s", - _PATH_TMP, "sudocc_XXXXXXXX"); nfd = mkstemp(new_ccname); if (nfd != -1) { sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO, diff --git a/plugins/sudoers/toke.c b/plugins/sudoers/toke.c index 81c2adaab..e9b2739d2 100644 --- a/plugins/sudoers/toke.c +++ b/plugins/sudoers/toke.c @@ -5116,7 +5116,11 @@ read_dir_files(const char *dirpath, struct path_list ***pathsp) len = dirlen + 1 + namelen; if ((path = sudo_rcstr_alloc(len)) == NULL) goto oom; - (void)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name); + if ((size_t)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name) != len) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudo_rcstr_delref(path); + goto bad; + } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { sudo_rcstr_delref(path); continue; diff --git a/plugins/sudoers/toke.l b/plugins/sudoers/toke.l index 8749d408d..3e8e6f831 100644 --- a/plugins/sudoers/toke.l +++ b/plugins/sudoers/toke.l @@ -903,7 +903,11 @@ read_dir_files(const char *dirpath, struct path_list ***pathsp) len = dirlen + 1 + namelen; if ((path = sudo_rcstr_alloc(len)) == NULL) goto oom; - (void)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name); + if ((size_t)snprintf(path, len + 1, "%s/%s", dirpath, dent->d_name) != len) { + sudo_warnx(U_("internal error, %s overflow"), __func__); + sudo_rcstr_delref(path); + goto bad; + } if (stat(path, &sb) != 0 || !S_ISREG(sb.st_mode)) { sudo_rcstr_delref(path); continue;