Index: include/port_after.h =================================================================== RCS file: /cvsroot/src/lib/libc/include/port_after.h,v retrieving revision 1.1 diff -u -p -u -r1.1 port_after.h --- include/port_after.h 20 May 2004 22:26:22 -0000 1.1 +++ include/port_after.h 8 Apr 2026 13:57:44 -0000 @@ -0,0 +1,31 @@ + +/* + * dst: output buffer + * l: local length + * t: index into dst + * size: size of output buffer + * emsgsize: label to go on error. + */ + +/* + * Add a character and NUL terminate + */ +#define ADDC(C) \ + do { \ + if ((size_t)(t + 2) >= size) \ + goto emsgsize; \ + dst[t++] = (C); \ + dst[t] = '\0'; \ + } while (0) + +/* + * Call A that appends to the buffer, check that it fit, and move + * the index. + */ +#define ADDS(A) \ + do { \ + l = (A); \ + if (l < 0 || (size_t)(l + t) >= size) \ + goto emsgsize; \ + t += l; \ + } while (0) Index: inet/inet_cidr_ntop.c =================================================================== RCS file: /cvsroot/src/lib/libc/inet/inet_cidr_ntop.c,v retrieving revision 1.8 diff -u -p -u -r1.8 inet_cidr_ntop.c --- inet/inet_cidr_ntop.c 13 Mar 2012 21:13:38 -0000 1.8 +++ inet/inet_cidr_ntop.c 8 Apr 2026 13:57:44 -0000 @@ -47,12 +47,6 @@ __RCSID("$NetBSD: inet_cidr_ntop.c,v 1.8 __weak_alias(inet_cidr_ntop,_inet_cidr_ntop) #endif -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - static char * inet_cidr_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size); static char * @@ -87,23 +81,17 @@ inet_cidr_ntop(int af, const void *src, static int decoct(const u_char *src, size_t bytes, char *dst, size_t size) { - char *odst = dst; - char *t; size_t b; + int l, t = 0; for (b = 1; b <= bytes; b++) { - if (size < sizeof "255.") - return (0); - t = dst; - dst += SPRINTF((dst, "%u", *src++)); - if (b != bytes) { - *dst++ = '.'; - *dst = '\0'; - } - size -= (size_t)(dst - t); - } - _DIAGASSERT(__type_fit(int, dst - odst)); - return (int)(dst - odst); + ADDS(snprintf(dst + t, size - t, "%u", *src++)); + if (b != bytes) + ADDC('.'); + } + return t; +emsgsize: + return l < 0 ? l : l + t; } /*% @@ -121,10 +109,8 @@ decoct(const u_char *src, size_t bytes, */ static char * inet_cidr_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size) { - char *odst = dst; - size_t len = 4; - size_t b; - size_t bytes; + size_t len = 4, b, bytes, t = 0; + int l; if ((bits < -1) || (bits > 32)) { errno = EINVAL; @@ -143,20 +129,14 @@ inet_cidr_ntop_ipv4(const u_char *src, i bytes = (((bits <= 0) ? 1 : bits) + 7) / 8; if (len > bytes) bytes = len; - b = decoct(src, bytes, dst, size); - if (b == 0U) - goto emsgsize; - dst += b; - size -= b; + ADDS(decoct(src, bytes, dst + t, size - t)); if (bits != -1) { /* Format CIDR /width. */ - if (size < sizeof "/32") - goto emsgsize; - dst += SPRINTF((dst, "/%u", bits)); + ADDS(snprintf(dst + t, size - t, "/%u", bits)); } - return (odst); + return (dst); emsgsize: errno = EMSGSIZE; @@ -172,11 +152,10 @@ inet_cidr_ntop_ipv6(const u_char *src, i * Keep this in mind if you think this function should have been coded * to use pointer overlays. All the world's not a VAX. */ - char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255/128"]; - char *tp; struct { int base, len; } best, cur; u_int words[NS_IN6ADDRSZ / NS_INT16SZ]; - int i; + int i, l; + size_t t; if ((bits < -1) || (bits > 128)) { errno = EINVAL; @@ -216,21 +195,22 @@ inet_cidr_ntop_ipv6(const u_char *src, i if (best.base != -1 && best.len < 2) best.base = -1; + /* * Format the result. */ - tp = tmp; + t = 0; for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) { /* Are we inside the best run of 0x00's? */ if (best.base != -1 && i >= best.base && i < (best.base + best.len)) { if (i == best.base) - *tp++ = ':'; + ADDC(':'); continue; } /* Are we following an initial run of 0x00s or any real hex? */ if (i != 0) - *tp++ = ':'; + ADDC(':'); /* Is this address an encapsulated IPv4? */ if (i == 6 && best.base == 0 && (best.len == 6 || (best.len == 7 && words[7] != 0x0001) || @@ -243,35 +223,25 @@ inet_cidr_ntop_ipv6(const u_char *src, i n = 3; else n = 2; - n = decoct(src+12, n, tp, sizeof tmp - (tp - tmp)); - if (n == 0) { - errno = EMSGSIZE; - return (NULL); - } - tp += strlen(tp); + ADDS(decoct(src+12, n, dst + t, size - t)); break; } - tp += SPRINTF((tp, "%x", words[i])); + ADDS(snprintf(dst + t, size - t, "%x", words[i])); } /* Was it a trailing run of 0x00's? */ if (best.base != -1 && (best.base + best.len) == - (NS_IN6ADDRSZ / NS_INT16SZ)) - *tp++ = ':'; - *tp = '\0'; + (NS_IN6ADDRSZ / NS_INT16SZ)) { + ADDC(':'); + } if (bits != -1) - tp += SPRINTF((tp, "/%u", bits)); + ADDS(snprintf(dst + t, size - t, "/%u", bits)); - /* - * Check for overflow, copy, and we're done. - */ - if ((size_t)(tp - tmp) > size) { - errno = EMSGSIZE; - return (NULL); - } - strcpy(dst, tmp); - return (dst); + return dst; +emsgsize: + errno = EMSGSIZE; + return (NULL); } /*! \file */ Index: inet/inet_net_ntop.c =================================================================== RCS file: /cvsroot/src/lib/libc/inet/inet_net_ntop.c,v retrieving revision 1.4 diff -u -p -u -r1.4 inet_net_ntop.c --- inet/inet_net_ntop.c 9 May 2017 02:56:44 -0000 1.4 +++ inet/inet_net_ntop.c 8 Apr 2026 13:57:44 -0000 @@ -43,12 +43,6 @@ __RCSID("$NetBSD: inet_net_ntop.c,v 1.4 __weak_alias(inet_net_ntop,_inet_net_ntop) #endif -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) sprintf x -#endif - static char * inet_net_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size); static char * inet_net_ntop_ipv6(const u_char *src, int bits, @@ -94,55 +88,40 @@ inet_net_ntop(int af, const void *src, i static char * inet_net_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size) { - char *odst = dst; - char *t; + size_t t; u_int m; - int b; + int b, l; if (bits < 0 || bits > 32) { errno = EINVAL; return (NULL); } - if (bits == 0) { - if (size < sizeof "0") - goto emsgsize; - *dst++ = '0'; - size--; - *dst = '\0'; - } + + t = 0; + if (bits == 0) + ADDC('0'); /* Format whole octets. */ + t = 0; for (b = bits / 8; b > 0; b--) { - if (size <= sizeof "255.") - goto emsgsize; - t = dst; - dst += SPRINTF((dst, "%u", *src++)); - if (b > 1) { - *dst++ = '.'; - *dst = '\0'; - } - size -= (size_t)(dst - t); + ADDS(snprintf(dst + t, size - t, "%u", *src++)); + if (b > 1) + ADDC('.'); } /* Format partial octet. */ b = bits % 8; if (b > 0) { - if (size <= sizeof ".255") - goto emsgsize; - t = dst; - if (dst != odst) - *dst++ = '.'; + if (t) + ADDC('.'); m = ((1 << b) - 1) << (8 - b); - dst += SPRINTF((dst, "%u", *src & m)); - size -= (size_t)(dst - t); + ADDS(snprintf(dst + t, size - t, "%u", *src & m)); } /* Format CIDR /width. */ - if (size <= sizeof "/32") - goto emsgsize; - dst += SPRINTF((dst, "/%u", bits)); - return (odst); + ADDS(snprintf(dst + t, size - t, "/%u", bits)); + return dst; emsgsize: errno = EMSGSIZE; @@ -170,14 +149,12 @@ static char * inet_net_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size) { u_int m; - int b; + int b, t, l; size_t p; size_t zero_s, zero_l, tmp_zero_s, tmp_zero_l; size_t i; int is_ipv4 = 0; unsigned char inbuf[16]; - char outbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; - char *cp; size_t words; u_char *s; @@ -186,12 +163,10 @@ inet_net_ntop_ipv6(const u_char *src, in return (NULL); } - cp = outbuf; - + t = 0; if (bits == 0) { - *cp++ = ':'; - *cp++ = ':'; - *cp = '\0'; + ADDC(':'); + ADDC(':'); } else { /* Copy src to private buffer. Zero host part. */ p = (bits + 7) / 8; @@ -241,36 +216,33 @@ inet_net_ntop_ipv6(const u_char *src, in if (zero_l != 0 && p >= zero_s && p < zero_s + zero_l) { /* Time to skip some zeros */ if (p == zero_s) - *cp++ = ':'; + ADDC(':'); if (p == words - 1) - *cp++ = ':'; + ADDC(':'); s++; s++; continue; } if (is_ipv4 && p > 5 ) { - *cp++ = (p == 6) ? ':' : '.'; - cp += SPRINTF((cp, "%u", *s++)); + ADDS(snprintf(dst + t, size - t, "%c%u", + (p == 6) ? ':' : '.', *s++)); /* we can potentially drop the last octet */ if (p != 7 || bits > 120) { - *cp++ = '.'; - cp += SPRINTF((cp, "%u", *s++)); + ADDS(snprintf(dst + t, size - t, ".%u", + *s++)); } } else { - if (cp != outbuf) - *cp++ = ':'; - cp += SPRINTF((cp, "%x", *s * 256 + s[1])); + if (t) + ADDC(':'); + ADDS(snprintf(dst + t, size - t, "%x", + *s * 256 + s[1])); s += 2; } } } /* Format CIDR /width. */ - (void)SPRINTF((cp, "/%u", bits)); - if (strlen(outbuf) + 1 > size) - goto emsgsize; - strcpy(dst, outbuf); - + ADDS(snprintf(dst + t, size - t, "/%u", bits)); return (dst); emsgsize: Index: nameser/ns_name.c =================================================================== RCS file: /cvsroot/src/lib/libc/nameser/ns_name.c,v retrieving revision 1.15 diff -u -p -u -r1.15 ns_name.c --- nameser/ns_name.c 2 Feb 2024 22:00:32 -0000 1.15 +++ nameser/ns_name.c 8 Apr 2026 13:57:44 -0000 @@ -43,12 +43,6 @@ __RCSID("$NetBSD: ns_name.c,v 1.15 2024/ #include "port_after.h" -#ifdef SPRINTF_CHAR -# define SPRINTF(x) ((int)strlen(sprintf/**/x)) -#else -# define SPRINTF(x) (sprintf x) -#endif - #define NS_TYPE_ELT 0x40 /*%< EDNS0 extended label type */ #define DNS_LABELTYPE_BITSTRING 0x41 @@ -999,49 +993,33 @@ static int decode_bitstring(const unsigned char **cpp, char *dn, const char *eom) { const unsigned char *cp = *cpp; - char *beg = dn, tc; - int b, blen, plen, i; + char tc; + int b, blen, t, l; + size_t size = (size_t)(eom - dn); if ((blen = (*cp & 0xff)) == 0) blen = 256; - plen = (blen + 3) / 4; - plen += (int)sizeof("\\[x/]") + (blen > 99 ? 3 : (blen > 9) ? 2 : 1); - if (dn + plen >= eom) - return (-1); - cp++; - i = SPRINTF((dn, "\\[x")); - if (i < 0) - return (-1); - dn += i; + t = 0; + ADDS(snprintf(dn + t, size - t, "\\[x")); for (b = blen; b > 7; b -= 8, cp++) { - i = SPRINTF((dn, "%02x", *cp & 0xff)); - if (i < 0) - return (-1); - dn += i; + ADDS(snprintf(dn + t, size - t, "%02x", *cp & 0xff)); } if (b > 4) { tc = *cp++; - i = SPRINTF((dn, "%02x", tc & (0xff << (8 - b)))); - if (i < 0) - return (-1); - dn += i; + ADDS(snprintf(dn + t, size - t, "%02x", + tc & (0xff << (8 - b)))); } else if (b > 0) { tc = *cp++; - i = SPRINTF((dn, "%1x", - (((u_int32_t)tc >> 4) & 0x0f) & (0x0f << (4 - b)))); - if (i < 0) - return (-1); - dn += i; + ADDS(snprintf(dn + t, size - t, "%1x", + (((u_int32_t)tc >> 4) & 0x0f) & (0x0f << (4 - b)))); } - i = SPRINTF((dn, "/%d]", blen)); - if (i < 0) - return (-1); - dn += i; + ADDS(snprintf(dn + t, size - t, "/%d]", blen)); *cpp = cp; - _DIAGASSERT(__type_fit(int, dn - beg)); - return (int)(dn - beg); + return t; +emsgsize: + return -1; } static int Index: nameser/ns_print.c =================================================================== RCS file: /cvsroot/src/lib/libc/nameser/ns_print.c,v retrieving revision 1.12 diff -u -p -u -r1.12 ns_print.c --- nameser/ns_print.c 19 Apr 2022 20:32:15 -0000 1.12 +++ nameser/ns_print.c 8 Apr 2026 13:57:44 -0000 @@ -48,12 +48,6 @@ __RCSID("$NetBSD: ns_print.c,v 1.12 2022 #include "port_after.h" -#ifdef SPRINTF_CHAR -# define SPRINTF(x) ((int)strlen(sprintf/**/x)) -#else -# define SPRINTF(x) (sprintf x) -#endif - /* Forward. */ static size_t prune_origin(const char *name, const char *origin); @@ -152,7 +146,8 @@ ns_sprintrrf(const u_char *msg, size_t m */ T(x = ns_format_ttl(ttl, buf, buflen)); addlen((size_t)x, &buf, &buflen); - len = SPRINTF((tmp, " %s %s", p_class(class), p_type(type))); + len = snprintf(tmp, sizeof(tmp), " %s %s", p_class(class), + p_type(type)); T(addstr(tmp, (size_t)len, &buf, &buflen)); T(spaced = addtab((size_t)(x + len), (size_t)16, spaced, &buf, &buflen)); @@ -215,7 +210,7 @@ ns_sprintrrf(const u_char *msg, size_t m /* Serial number. */ t = ns_get32(rdata); rdata += NS_INT32SZ; T(addstr("\t\t\t\t\t", (size_t)5, &buf, &buflen)); - len = SPRINTF((tmp, "%lu", t)); + len = snprintf(tmp, sizeof(tmp), "%lu", t); T(addstr(tmp, (size_t)len, &buf, &buflen)); T(spaced = addtab((size_t)len, (size_t)16, spaced, &buf, &buflen)); T(addstr("; serial\n", (size_t)9, &buf, &buflen)); @@ -272,7 +267,7 @@ ns_sprintrrf(const u_char *msg, size_t m /* Priority. */ t = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); + len = snprintf(tmp, sizeof(tmp), "%u ", t); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Target. */ @@ -290,7 +285,7 @@ ns_sprintrrf(const u_char *msg, size_t m /* Priority. */ t = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); + len = snprintf(tmp, sizeof(tmp), "%u ", t); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Name1. */ @@ -341,7 +336,7 @@ ns_sprintrrf(const u_char *msg, size_t m char t[255]; /* XXX protocol format checking? */ - (void) loc_ntoa(rdata, t); + (void) loc_ntoa1(rdata, t, sizeof(t)); T(addstr(t, strlen(t), &buf, &buflen)); break; } @@ -356,7 +351,7 @@ ns_sprintrrf(const u_char *msg, size_t m /* Order, Precedence. */ order = ns_get16(rdata); rdata += NS_INT16SZ; preference = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((t, "%u %u ", order, preference)); + len = snprintf(t, sizeof(t), "%u %u ", order, preference); T(addstr(t, (size_t)len, &buf, &buflen)); /* Flags. */ @@ -398,7 +393,8 @@ ns_sprintrrf(const u_char *msg, size_t m priority = ns_get16(rdata); rdata += NS_INT16SZ; weight = ns_get16(rdata); rdata += NS_INT16SZ; port = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((t, "%u %u %u ", priority, weight, port)); + len = snprintf(t, sizeof(t), "%u %u %u ", priority, weight, + port); T(addstr(t, (size_t)len, &buf, &buflen)); /* Server. */ @@ -429,7 +425,7 @@ ns_sprintrrf(const u_char *msg, size_t m rdata += NS_INADDRSZ; /* Protocol. */ - len = SPRINTF((tmp, " %u ( ", *rdata)); + len = snprintf(tmp, sizeof(tmp), " %u ( ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata += NS_INT8SZ; @@ -446,7 +442,8 @@ ns_sprintrrf(const u_char *msg, size_t m lcnt = 10; spaced = 0; } - len = SPRINTF((tmp, "%d ", n)); + len = snprintf(tmp, sizeof(tmp), "%d ", + n); T(addstr(tmp, (size_t)len, &buf, &buflen)); lcnt--; } @@ -477,8 +474,8 @@ ns_sprintrrf(const u_char *msg, size_t m keyflags = ns_get16(rdata); rdata += NS_INT16SZ; protocol = *rdata++; algorithm = *rdata++; - len = SPRINTF((tmp, "0x%04x %u %u", - keyflags, protocol, algorithm)); + len = snprintf(tmp, sizeof(tmp), "0x%04x %u %u", + keyflags, protocol, algorithm); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Public key data. */ @@ -499,7 +496,7 @@ ns_sprintrrf(const u_char *msg, size_t m } if (len > 15) T(addstr(" )", (size_t)2, &buf, &buflen)); - n = SPRINTF((tmp, " ; key_tag= %u", key_id)); + n = snprintf(tmp, sizeof(tmp), " ; key_tag= %u", key_id); T(addstr(tmp, (size_t)n, &buf, &buflen)); break; @@ -521,25 +518,25 @@ ns_sprintrrf(const u_char *msg, size_t m algorithm = *rdata++; labels = *rdata++; t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s %d %d %lu ", - p_type((int)typ), algorithm, labels, t)); + len = snprintf(tmp, sizeof(tmp), "%s %d %d %lu ", + p_type((int)typ), algorithm, labels, t); T(addstr(tmp, (size_t)len, &buf, &buflen)); if (labels > (u_int)dn_count_labels(name)) goto formerr; /* Signature expiry. */ t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); + len = snprintf(tmp, sizeof(tmp), "%s ", p_secstodate(t)); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Time signed. */ t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); + len = snprintf(tmp, sizeof(tmp), "%s ", p_secstodate(t)); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Signature Footprint. */ footprint = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", footprint)); + len = snprintf(tmp, sizeof(tmp), "%u ", footprint); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Signer's name. */ @@ -576,7 +573,8 @@ ns_sprintrrf(const u_char *msg, size_t m n = edata - rdata; for (c = 0; c < n*8; c++) if (NS_NXT_BIT_ISSET(c, rdata)) { - len = SPRINTF((tmp, " %s", p_type((int)c))); + len = snprintf(tmp, sizeof(tmp), " %s", + p_type((int)c)); T(addstr(tmp, (size_t)len, &buf, &buflen)); } break; @@ -593,7 +591,8 @@ ns_sprintrrf(const u_char *msg, size_t m key_tag = ns_get16(rdata); rdata += NS_INT16SZ; alg = (u_int) *rdata++; - len = SPRINTF((tmp1, "%d %d %d ", c_type, key_tag, alg)); + len = snprintf(tmp1, sizeof(tmp1), "%d %d %d ", + c_type, key_tag, alg); T(addstr(tmp1, (size_t)len, &buf, &buflen)); siz = (edata-rdata)*4/3 + 4; /* "+4" accounts for trailing \0 */ if (siz > sizeof(base64_cert) * 3/4) { @@ -637,12 +636,12 @@ ns_sprintrrf(const u_char *msg, size_t m /* Inception. */ t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); + len = snprintf(tmp, sizeof(tmp), "%s ", p_secstodate(t)); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Experation. */ t = ns_get32(rdata); rdata += NS_INT32SZ; - len = SPRINTF((tmp, "%s ", p_secstodate(t))); + len = snprintf(tmp, sizeof(tmp), "%s ", p_secstodate(t)); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* Mode , Error, Key Size. */ @@ -650,7 +649,8 @@ ns_sprintrrf(const u_char *msg, size_t m mode = ns_get16(rdata); rdata += NS_INT16SZ; err = ns_get16(rdata); rdata += NS_INT16SZ; keysize = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u %u %u ", mode, err, keysize)); + len = snprintf(tmp, sizeof(tmp), "%u %u %u ", mode, err, + keysize); T(addstr(tmp, (size_t)len, &buf, &buflen)); /* XXX need to dump key, print otherdata length & other data */ @@ -667,9 +667,9 @@ ns_sprintrrf(const u_char *msg, size_t m n = ns_get16(rdata); rdata += INT16SZ; rdata += n; /*%< sig */ n = ns_get16(rdata); rdata += INT16SZ; /*%< original id */ - sprintf(buf, "%d", ns_get16(rdata)); + len = snprintf(tmp, sizeof(tmp), "%d", ns_get16(rdata)); rdata += INT16SZ; - addlen(strlen(buf), &buf, &buflen); + T(addstr(tmp, (size_t)len, &buf, &buflen)); break; } @@ -679,7 +679,7 @@ ns_sprintrrf(const u_char *msg, size_t m /* prefix length */ if (rdlen == 0U) goto formerr; - len = SPRINTF((tmp, "%d ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%d ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); pbit = *rdata; if (pbit > 128) goto formerr; @@ -707,7 +707,7 @@ ns_sprintrrf(const u_char *msg, size_t m } case ns_t_opt: { - len = SPRINTF((tmp, "%u bytes", class)); + len = snprintf(tmp, sizeof(tmp), "%u bytes", class); T(addstr(tmp, (size_t)len, &buf, &buflen)); break; } @@ -721,21 +721,21 @@ ns_sprintrrf(const u_char *msg, size_t m if (rdlen < 4U) goto formerr; t = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); + len = snprintf(tmp, sizeof(tmp), "%u ", t); T(addstr(tmp, (size_t)len, &buf, &buflen)); } else if (rdlen < 2U) goto formerr; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; while (rdata < edata) { - len = SPRINTF((tmp, "%02X", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%02X", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; } @@ -746,17 +746,17 @@ ns_sprintrrf(const u_char *msg, size_t m case ns_t_nsec3param: { u_int t, w, l, j, k, c; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; t = ns_get16(rdata); rdata += NS_INT16SZ; - len = SPRINTF((tmp, "%u ", t)); + len = snprintf(tmp, sizeof(tmp), "%u ", t); T(addstr(tmp, (size_t)len, &buf, &buflen)); t = *rdata++; @@ -764,7 +764,8 @@ ns_sprintrrf(const u_char *msg, size_t m T(addstr("-", 1, &buf, &buflen)); } else { while (t-- > 0) { - len = SPRINTF((tmp, "%02X", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%02X", + *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; } @@ -848,7 +849,8 @@ ns_sprintrrf(const u_char *msg, size_t m if ((rdata[j] & (0x80 >> k)) == 0) continue; c = w * 256 + j * 8 + k; - len = SPRINTF((tmp, " %s", p_type((ns_type)c))); + len = snprintf(tmp, sizeof(tmp), + " %s", p_type((ns_type)c)); T(addstr(tmp, (size_t)len, &buf, &buflen)); } } @@ -872,7 +874,8 @@ ns_sprintrrf(const u_char *msg, size_t m if ((rdata[j] & (0x80 >> k)) == 0) continue; c = w * 256 + j * 8 + k; - len = SPRINTF((tmp, " %s", p_type((ns_type)c))); + len = snprintf(tmp, sizeof(tmp), " %s", + p_type((ns_type)c)); T(addstr(tmp, (size_t)len, &buf, &buflen)); } } @@ -946,15 +949,15 @@ ns_sprintrrf(const u_char *msg, size_t m goto hexify; } - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; - len = SPRINTF((tmp, "%u ", *rdata)); + len = snprintf(tmp, sizeof(tmp), "%u ", *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; @@ -1027,11 +1030,12 @@ ns_sprintrrf(const u_char *msg, size_t m const char *str = "record too long to print"; T(addstr(str, strlen(str), &buf, &buflen)); } else { - len = sprintf(tmp, "( %u ", algorithm); + len = snprintf(tmp, sizeof(tmp), "( %u ", algorithm); T(addstr(tmp, (size_t)len, &buf, &buflen)); for (i = 0; i < hip_len; i++) { - len = sprintf(tmp, "%02X", *rdata); + len = snprintf(tmp, sizeof(tmp), "%02X", + *rdata); T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata++; } @@ -1063,36 +1067,50 @@ ns_sprintrrf(const u_char *msg, size_t m formerr: comment = "RR format error"; hexify: { - int n, m; - char *p; + int n, m, l; - len = SPRINTF((tmp, "\\# %u%s\t; %s", (unsigned)(edata - rdata), - rdlen != 0U ? " (" : "", comment)); + len = snprintf(tmp, sizeof(tmp), "\\# %u%s\t; %s", + (unsigned)(edata - rdata), rdlen != 0U ? " (" : "", comment); + if (len < 0 || (size_t)len >= sizeof(tmp)) + goto out; T(addstr(tmp, (size_t)len, &buf, &buflen)); while (rdata < edata) { - p = tmp; - p += SPRINTF((p, "\n\t")); + len = snprintf(tmp, sizeof(tmp), "\n\t"); + if (len < 0 || (size_t)len >= sizeof(tmp)) + goto out; spaced = 0; n = MIN(16, (int)(edata - rdata)); - for (m = 0; m < n; m++) - p += SPRINTF((p, "%02x ", rdata[m])); - T(addstr(tmp, (size_t)(p - tmp), &buf, &buflen)); + for (m = 0; m < n; m++) { + l = snprintf(tmp + len, sizeof(tmp) - len, "%02x ", + rdata[m]); + if (l < 0 || (size_t)(l + len) >= sizeof(tmp)) + goto out; + len += l; + } + T(addstr(tmp, (size_t)len, &buf, &buflen)); if (n < 16) { T(addstr(")", (size_t)1, &buf, &buflen)); - T(addtab((size_t)(p - tmp + 1), (size_t)48, spaced, &buf, &buflen)); + T(addtab((size_t)(len + 1), (size_t)48, spaced, &buf, &buflen)); } - p = tmp; - p += SPRINTF((p, "; ")); - for (m = 0; m < n; m++) - *p++ = (isascii(rdata[m]) && isprint(rdata[m])) + len = snprintf(tmp, sizeof(tmp), "; "); + if (len < 0 || (size_t)len >= sizeof(tmp)) + goto out; + for (m = 0; m < n; m++) { + tmp[len++] = (isascii(rdata[m]) && isprint(rdata[m])) ? rdata[m] : '.'; - T(addstr(tmp, (size_t)(p - tmp), &buf, &buflen)); + if ((size_t)len >= sizeof(tmp)) + goto out; + } + T(addstr(tmp, (size_t)len, &buf, &buflen)); rdata += n; } _DIAGASSERT(__type_fit(int, buf - obuf)); return (int)(buf - obuf); } +out: + errno = ENOSPC; + return -1; } /* Private. */ Index: nameser/ns_ttl.c =================================================================== RCS file: /cvsroot/src/lib/libc/nameser/ns_ttl.c,v retrieving revision 1.8 diff -u -p -u -r1.8 ns_ttl.c --- nameser/ns_ttl.c 13 Mar 2012 21:13:39 -0000 1.8 +++ nameser/ns_ttl.c 8 Apr 2026 13:57:44 -0000 @@ -40,12 +40,6 @@ __RCSID("$NetBSD: ns_ttl.c,v 1.8 2012/03 #include "port_after.h" -#ifdef SPRINTF_CHAR -# define SPRINTF(x) strlen(sprintf/**/x) -#else -# define SPRINTF(x) ((size_t)sprintf x) -#endif - /* Forward. */ static int fmt1(int t, char s, char **buf, size_t *buflen); @@ -159,10 +153,10 @@ ns_parse_ttl(const char *src, u_long *ds static int fmt1(int t, char s, char **buf, size_t *buflen) { char tmp[50]; - size_t len; + int len; - len = SPRINTF((tmp, "%d%c", t, s)); - if (len + 1 > *buflen) + len = snprintf(tmp, sizeof(tmp), "%d%c", t, s); + if (len == -1 || (size_t)(len + 1) > *buflen) return (-1); strcpy(*buf, tmp); *buf += len; Index: resolv/res_debug.c =================================================================== RCS file: /cvsroot/src/lib/libc/resolv/res_debug.c,v retrieving revision 1.19 diff -u -p -u -r1.19 res_debug.c --- resolv/res_debug.c 19 Jan 2026 15:23:10 -0000 1.19 +++ resolv/res_debug.c 8 Apr 2026 13:57:44 -0000 @@ -581,7 +581,6 @@ sym_ston(const struct res_sym *syms, con const char * sym_ntos(const struct res_sym *syms, int number, int *success) { - char *unname = sym_ntos_unname; for (; syms->name != 0; syms++) { if (number == syms->number) { @@ -591,15 +590,14 @@ sym_ntos(const struct res_sym *syms, int } } - sprintf(unname, "%d", number); /*%< XXX nonreentrant */ + snprintf(sym_ntos_unname, sizeof(sym_ntos_unname), "%d", number); /*%< XXX nonreentrant */ if (success) *success = 0; - return (unname); + return sym_ntos_unname; } const char * sym_ntop(const struct res_sym *syms, int number, int *success) { - char *unname = sym_ntop_unname; for (; syms->name != 0; syms++) { if (number == syms->number) { @@ -608,10 +606,10 @@ sym_ntop(const struct res_sym *syms, int return (syms->humanname); } } - sprintf(unname, "%d", number); /*%< XXX nonreentrant */ + snprintf(sym_ntop_unname, sizeof(sym_ntop_unname), "%d", number); /*%< XXX nonreentrant */ if (success) *success = 0; - return (unname); + return sym_ntop_unname; } /*% @@ -628,7 +626,7 @@ p_type(int type) { return (result); if (type < 0 || type > 0xffff) return ("BADTYPE"); - sprintf(typebuf, "TYPE%d", type); + snprintf(typebuf, sizeof(typebuf), "TYPE%d", type); return (typebuf); } @@ -664,7 +662,7 @@ p_class(int class) { return (result); if (class < 0 || class > 0xffff) return ("BADCLASS"); - sprintf(classbuf, "CLASS%d", class); + snprintf(classbuf, sizeof(classbuf), "CLASS%d", class); return (classbuf); } @@ -673,7 +671,6 @@ p_class(int class) { */ const char * p_option(u_long option) { - char *nbuf = p_option_nbuf; switch (option) { case RES_INIT: return "init"; @@ -707,8 +704,8 @@ p_option(u_long option) { case RES_NO_NIBBLE2: return "no-nibble2"; #endif /* XXX nonreentrant */ - default: sprintf(nbuf, "?0x%lx?", (u_long)option); - return (nbuf); + default: snprintf(p_option_nbuf, sizeof(p_option_nbuf), "?0x%lx?", (u_long)option); + return (p_option_nbuf); } } @@ -748,7 +745,7 @@ p_sockun(union res_sockaddr_union u, cha break; #endif default: - sprintf(ret, "[af%d]", u.sin.sin_family); + snprintf(ret, sizeof(ret), "[af%d]", u.sin.sin_family); break; } if (size > 0U) { @@ -771,7 +768,6 @@ static unsigned int poweroften[10] = {1, static const char * precsize_ntoa(u_int32_t prec) { - char *retbuf = precsize_ntoa_retbuf; unsigned long val; int mantissa, exponent; @@ -780,8 +776,8 @@ precsize_ntoa(u_int32_t prec) val = mantissa * poweroften[exponent]; - (void) sprintf(retbuf, "%lu.%.2lu", val/100, val%100); - return (retbuf); + (void) snprintf(precsize_ntoa_retbuf, sizeof(precsize_ntoa_retbuf), "%lu.%.2lu", val/100, val%100); + return precsize_ntoa_retbuf; } /*% converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer. */ @@ -1029,10 +1025,16 @@ loc_aton(const char *ascii, u_char *bina return (16); /*%< size of RR in octets */ } -/*% takes an on-the-wire LOC RR and formats it in a human readable format. */ const char * loc_ntoa(const u_char *binary, char *ascii) { + return loc_ntoa1(binary, ascii, 255); /* XXX: broken */ +} + +/*% takes an on-the-wire LOC RR and formats it in a human readable format. */ +const char * +loc_ntoa1(const u_char *binary, char *ascii, size_t len) +{ static const char *error = "?"; static char tmpbuf[sizeof "1000 60 60.000 N 1000 60 60.000 W -12345678.00m 90000000.00m 90000000.00m 90000000.00m"]; @@ -1054,11 +1056,13 @@ loc_ntoa(const u_char *binary, char *asc versionval = *cp++; - if (ascii == NULL) + if (ascii == NULL) { ascii = tmpbuf; + len = sizeof(tmpbuf); + } if (versionval) { - (void) sprintf(ascii, "; error: unknown LOC RR version"); + (void) snprintf(ascii, len, "; error: unknown LOC RR version"); return (ascii); } @@ -1117,7 +1121,7 @@ loc_ntoa(const u_char *binary, char *asc hpstr = strdup(precsize_ntoa((u_int32_t)hpval)); vpstr = strdup(precsize_ntoa((u_int32_t)vpval)); - sprintf(ascii, + snprintf(ascii, len, "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %s%d.%.2dm %sm %sm %sm", latdeg, latmin, latsec, latsecfrac, northsouth, longdeg, longmin, longsec, longsecfrac, eastwest, Index: resolv/res_init.c =================================================================== RCS file: /cvsroot/src/lib/libc/resolv/res_init.c,v retrieving revision 1.32 diff -u -p -u -r1.32 res_init.c --- resolv/res_init.c 30 Sep 2021 12:35:55 -0000 1.32 +++ resolv/res_init.c 8 Apr 2026 13:57:44 -0000 @@ -436,7 +436,7 @@ __res_vinit(res_state statp, int preinit hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_DGRAM; /*dummy*/ hints.ai_flags = AI_NUMERICHOST; - sprintf(sbuf, "%u", NAMESERVER_PORT); + snprintf(sbuf, sizeof(sbuf), "%u", NAMESERVER_PORT); if (getaddrinfo(cp, sbuf, &hints, &ai) == 0 && ai->ai_addrlen <= minsiz) { if (statp->_u._ext.ext != NULL) {