From 130548fe4d23afac5d2948d4e5ee164eef635cfd Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Mon, 6 May 2024 12:27:10 +0200 Subject: [PATCH] Remove openvpn_snprintf and similar functions Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation to swprintf also says you nowadays need to define _CRT_NON_CONFORMING_SWPRINTFS to get to non-standard behaviour. Change-Id: I07096977e3b562bcb5d2c6f11673a4175b8e12ac Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240506102710.8976-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.html Signed-off-by: Gert Doering --- src/openvpn/buffer.c | 26 ------- src/openvpn/buffer.h | 13 ---- src/openvpn/crypto.c | 4 +- src/openvpn/crypto_mbedtls.c | 10 +-- src/openvpn/dns.c | 4 +- src/openvpn/env_set.c | 8 +-- src/openvpn/error.c | 14 ++-- src/openvpn/init.c | 2 +- src/openvpn/manage.c | 8 +-- src/openvpn/options.c | 8 +-- src/openvpn/pkcs11.c | 6 +- src/openvpn/platform.c | 6 +- src/openvpn/plugin.c | 4 +- src/openvpn/pool.c | 2 +- src/openvpn/proxy.c | 87 ++++++++++++----------- src/openvpn/ps.c | 2 +- src/openvpn/route.c | 6 +- src/openvpn/run_command.h | 4 +- src/openvpn/socket.c | 12 ++-- src/openvpn/socks.c | 7 +- src/openvpn/ssl_mbedtls.c | 12 ++-- src/openvpn/ssl_ncp.c | 4 +- src/openvpn/ssl_openssl.c | 32 ++++----- src/openvpn/ssl_verify.c | 22 +++--- src/openvpn/ssl_verify_mbedtls.c | 14 ++-- src/openvpn/ssl_verify_openssl.c | 8 +-- src/openvpn/tls_crypt.c | 4 +- src/openvpn/tun.c | 68 +++++++++--------- src/openvpn/win32.c | 25 ++----- src/openvpn/win32.h | 8 --- src/openvpn/xkey_helper.c | 10 +-- src/openvpnserv/common.c | 52 +++----------- src/openvpnserv/interactive.c | 57 ++++++++------- src/openvpnserv/service.h | 6 -- src/openvpnserv/validate.c | 2 +- tests/unit_tests/openvpn/test_buffer.c | 51 +++++++++++++ tests/unit_tests/openvpn/test_cryptoapi.c | 10 +-- tests/unit_tests/openvpn/test_pkcs11.c | 6 +- 38 files changed, 291 insertions(+), 333 deletions(-) diff --git a/src/openvpn/buffer.c b/src/openvpn/buffer.c index 66fd63f9..3a8069c5 100644 --- a/src/openvpn/buffer.c +++ b/src/openvpn/buffer.c @@ -279,32 +279,6 @@ buf_puts(struct buffer *buf, const char *str) return ret; } - -/* - * This is necessary due to certain buggy implementations of snprintf, - * that don't guarantee null termination for size > 0. - * - * Return false on overflow. - * - * This functionality is duplicated in src/openvpnserv/common.c - * Any modifications here should be done to the other place as well. - */ - -bool -openvpn_snprintf(char *str, size_t size, const char *format, ...) -{ - va_list arglist; - int len = -1; - if (size > 0) - { - va_start(arglist, format); - len = vsnprintf(str, size, format, arglist); - va_end(arglist); - str[size - 1] = 0; - } - return (len >= 0 && len < size); -} - /* * write a string to the end of a buffer that was * truncated by buf_printf diff --git a/src/openvpn/buffer.h b/src/openvpn/buffer.h index 7c2f75a6..27c31995 100644 --- a/src/openvpn/buffer.h +++ b/src/openvpn/buffer.h @@ -448,19 +448,6 @@ __attribute__ ((format(__printf__, 2, 3))) */ bool buf_puts(struct buffer *buf, const char *str); -/* - * Like snprintf but guarantees null termination for size > 0 - */ -bool openvpn_snprintf(char *str, size_t size, const char *format, ...) -#ifdef __GNUC__ -#if __USE_MINGW_ANSI_STDIO -__attribute__ ((format(gnu_printf, 3, 4))) -#else -__attribute__ ((format(__printf__, 3, 4))) -#endif -#endif -; - /* * remove/add trailing characters diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c index 5d05cc42..207f145a 100644 --- a/src/openvpn/crypto.c +++ b/src/openvpn/crypto.c @@ -874,11 +874,11 @@ init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2, key_direction_state_init(&kds, key_direction); - openvpn_snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name); + snprintf(log_prefix, sizeof(log_prefix), "Outgoing %s", name); init_key_ctx(&ctx->encrypt, &key2->keys[kds.out_key], kt, OPENVPN_OP_ENCRYPT, log_prefix); - openvpn_snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name); + snprintf(log_prefix, sizeof(log_prefix), "Incoming %s", name); init_key_ctx(&ctx->decrypt, &key2->keys[kds.in_key], kt, OPENVPN_OP_DECRYPT, log_prefix); diff --git a/src/openvpn/crypto_mbedtls.c b/src/openvpn/crypto_mbedtls.c index c2302929..32511f0f 100644 --- a/src/openvpn/crypto_mbedtls.c +++ b/src/openvpn/crypto_mbedtls.c @@ -128,7 +128,7 @@ mbed_log_func_line(unsigned int flags, int errval, const char *func, { char prefix[256]; - if (!openvpn_snprintf(prefix, sizeof(prefix), "%s:%d", func, line)) + if (!snprintf(prefix, sizeof(prefix), "%s:%d", func, line)) { return mbed_log_err(flags, errval, func); } @@ -239,11 +239,11 @@ crypto_pem_encode(const char *name, struct buffer *dst, char header[1000+1] = { 0 }; char footer[1000+1] = { 0 }; - if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name)) + if (!snprintf(header, sizeof(header), "-----BEGIN %s-----\n", name)) { return false; } - if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----\n", name)) + if (!snprintf(footer, sizeof(footer), "-----END %s-----\n", name)) { return false; } @@ -278,11 +278,11 @@ crypto_pem_decode(const char *name, struct buffer *dst, char header[1000+1] = { 0 }; char footer[1000+1] = { 0 }; - if (!openvpn_snprintf(header, sizeof(header), "-----BEGIN %s-----", name)) + if (!snprintf(header, sizeof(header), "-----BEGIN %s-----", name)) { return false; } - if (!openvpn_snprintf(footer, sizeof(footer), "-----END %s-----", name)) + if (!snprintf(footer, sizeof(footer), "-----END %s-----", name)) { return false; } diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c index 7de39916..0539ca50 100644 --- a/src/openvpn/dns.c +++ b/src/openvpn/dns.c @@ -349,11 +349,11 @@ setenv_dns_option(struct env_set *es, if (j < 0) { - name_ok = openvpn_snprintf(name, sizeof(name), format, i); + name_ok = snprintf(name, sizeof(name), format, i); } else { - name_ok = openvpn_snprintf(name, sizeof(name), format, i, j); + name_ok = snprintf(name, sizeof(name), format, i, j); } if (!name_ok) diff --git a/src/openvpn/env_set.c b/src/openvpn/env_set.c index b13d01e1..81ab59e9 100644 --- a/src/openvpn/env_set.c +++ b/src/openvpn/env_set.c @@ -259,7 +259,7 @@ void setenv_counter(struct env_set *es, const char *name, counter_type value) { char buf[64]; - openvpn_snprintf(buf, sizeof(buf), counter_format, value); + snprintf(buf, sizeof(buf), counter_format, value); setenv_str(es, name, buf); } @@ -267,7 +267,7 @@ void setenv_int(struct env_set *es, const char *name, int value) { char buf[64]; - openvpn_snprintf(buf, sizeof(buf), "%d", value); + snprintf(buf, sizeof(buf), "%d", value); setenv_str(es, name, buf); } @@ -275,7 +275,7 @@ void setenv_long_long(struct env_set *es, const char *name, long long value) { char buf[64]; - openvpn_snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value); + snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value); setenv_str(es, name, buf); } @@ -310,7 +310,7 @@ setenv_str_incr(struct env_set *es, const char *name, const char *value) strcpy(tmpname, name); while (NULL != env_set_get(es, tmpname) && counter < 1000) { - ASSERT(openvpn_snprintf(tmpname, tmpname_len, "%s_%u", name, counter)); + ASSERT(snprintf(tmpname, tmpname_len, "%s_%u", name, counter)); counter++; } if (counter < 1000) diff --git a/src/openvpn/error.c b/src/openvpn/error.c index 245a2d51..ec65d5e6 100644 --- a/src/openvpn/error.c +++ b/src/openvpn/error.c @@ -274,14 +274,14 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist) if ((flags & M_ERRNO) && e) { - openvpn_snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)", - m1, openvpn_strerror(e, crt_error, &gc), e); + snprintf(m2, ERR_BUF_SIZE, "%s: %s (errno=%d)", + m1, openvpn_strerror(e, crt_error, &gc), e); SWAP; } if (flags & M_OPTERR) { - openvpn_snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1); + snprintf(m2, ERR_BUF_SIZE, "Options error: %s", m1); SWAP; } @@ -321,10 +321,10 @@ x_msg_va(const unsigned int flags, const char *format, va_list arglist) const struct virtual_output *vo = msg_get_virtual_output(); if (vo) { - openvpn_snprintf(m2, ERR_BUF_SIZE, "%s%s%s", - prefix, - prefix_sep, - m1); + snprintf(m2, ERR_BUF_SIZE, "%s%s%s", + prefix, + prefix_sep, + m1); virtual_output_print(vo, flags, m2); } } diff --git a/src/openvpn/init.c b/src/openvpn/init.c index e67f10e3..ec0c309e 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -359,7 +359,7 @@ management_callback_remote_entry_get(void *arg, unsigned int index, char **remot char *out = malloc(len); check_malloc_return(out); - openvpn_snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status); + snprintf(out, len, "%s,%s,%s,%s", ce->remote, ce->remote_port, proto, status); *remote = out; } else diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c index 43c55079..89591eae 100644 --- a/src/openvpn/manage.c +++ b/src/openvpn/manage.c @@ -515,8 +515,8 @@ man_bytecount_output_client(struct management *man, char out[32]; /* do in a roundabout way to work around possible mingw or mingw-glibc bug */ - openvpn_snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes); - openvpn_snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes); + snprintf(in, sizeof(in), counter_format, man->persist.bytes_in + dco_read_bytes); + snprintf(out, sizeof(out), counter_format, man->persist.bytes_out + dco_write_bytes); msg(M_CLIENT, ">BYTECOUNT:%s,%s", in, out); } @@ -528,8 +528,8 @@ man_bytecount_output_server(const counter_type *bytes_in_total, char in[32]; char out[32]; /* do in a roundabout way to work around possible mingw or mingw-glibc bug */ - openvpn_snprintf(in, sizeof(in), counter_format, *bytes_in_total); - openvpn_snprintf(out, sizeof(out), counter_format, *bytes_out_total); + snprintf(in, sizeof(in), counter_format, *bytes_in_total); + snprintf(out, sizeof(out), counter_format, *bytes_out_total); msg(M_CLIENT, ">BYTECOUNT_CLI:%lu,%s,%s", mdac->cid, in, out); mdac->bytecount_last_update = now; } diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 07387cd9..abcde897 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -1427,7 +1427,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es) for (int i = 1; i <= opt_max; ++i) { char name[32]; - openvpn_snprintf(name, sizeof(name), "foreign_option_%d", i); + snprintf(name, sizeof(name), "foreign_option_%d", i); const char *env_str = env_set_get(es, name); const char *value = strchr(env_str, '=') + 1; @@ -1482,7 +1482,7 @@ foreign_options_copy_dns(struct options *o, struct env_set *es) while (o->foreign_option_index < opt_max) { char name[32]; - openvpn_snprintf(name, sizeof(name), "foreign_option_%d", opt_max--); + snprintf(name, sizeof(name), "foreign_option_%d", opt_max--); setenv_del(es, name); } } @@ -5674,8 +5674,8 @@ set_user_script(struct options *options, #ifndef ENABLE_SMALL { char script_name[100]; - openvpn_snprintf(script_name, sizeof(script_name), - "--%s script", type); + snprintf(script_name, sizeof(script_name), + "--%s script", type); if (check_cmd_access(*script, script_name, (in_chroot ? options->chroot_dir : NULL))) { diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 35a02c27..418f6bb0 100644 --- a/src/openvpn/pkcs11.c +++ b/src/openvpn/pkcs11.c @@ -201,7 +201,7 @@ _pkcs11_openvpn_token_prompt( CLEAR(token_resp); token_resp.defined = false; token_resp.nocache = true; - openvpn_snprintf( + snprintf( token_resp.username, sizeof(token_resp.username), "Please insert %s token", @@ -245,7 +245,7 @@ _pkcs11_openvpn_pin_prompt( ASSERT(token!=NULL); - openvpn_snprintf(prompt, sizeof(prompt), "%s token", token->label); + snprintf(prompt, sizeof(prompt), "%s token", token->label); token_pass.defined = false; token_pass.nocache = true; @@ -719,7 +719,7 @@ tls_ctx_use_pkcs11( id_resp.defined = false; id_resp.nocache = true; - openvpn_snprintf( + snprintf( id_resp.username, sizeof(id_resp.username), "Please specify PKCS#11 id to use" diff --git a/src/openvpn/platform.c b/src/openvpn/platform.c index 9853dacc..3d9d59e6 100644 --- a/src/openvpn/platform.c +++ b/src/openvpn/platform.c @@ -564,9 +564,9 @@ platform_create_temp_file(const char *directory, const char *prefix, struct gc_a { ++attempts; - if (!openvpn_snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len, - prefix, (unsigned long) get_random(), - (unsigned long) get_random())) + if (!snprintf(fname, sizeof(fname), fname_fmt, max_prefix_len, + prefix, (unsigned long) get_random(), + (unsigned long) get_random())) { msg(M_WARN, "ERROR: temporary filename too long"); return NULL; diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c index 2ad459cd..944ce94a 100644 --- a/src/openvpn/plugin.c +++ b/src/openvpn/plugin.c @@ -260,7 +260,7 @@ plugin_init_item(struct plugin *p, const struct plugin_option *o) { char full[PATH_MAX]; - openvpn_snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname); + snprintf(full, sizeof(full), "%s/%s", PLUGIN_LIBDIR, p->so_pathname); p->handle = dlopen(full, RTLD_NOW); } else @@ -409,7 +409,7 @@ plugin_vlog(openvpn_plugin_log_flags_t flags, const char *name, const char *form gc_init(&gc); msg_fmt = gc_malloc(ERR_BUF_SIZE, false, &gc); - openvpn_snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format); + snprintf(msg_fmt, ERR_BUF_SIZE, "PLUGIN %s: %s", name, format); x_msg_va(msg_flags, msg_fmt, arglist); gc_free(&gc); diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c index f706c1ab..e3c37084 100644 --- a/src/openvpn/pool.c +++ b/src/openvpn/pool.c @@ -766,7 +766,7 @@ ifconfig_pool_test(in_addr_t start, in_addr_t end) ifconfig_pool_handle h; in_addr_t local, remote; char buf[256]; - openvpn_snprintf(buf, sizeof(buf), "common-name-%d", i); + snprintf(buf, sizeof(buf), "common-name-%d", i); #ifdef DUP_CN cn = NULL; #else diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c index 5c1cdcb6..ba3d87ce 100644 --- a/src/openvpn/proxy.c +++ b/src/openvpn/proxy.c @@ -582,9 +582,9 @@ add_proxy_headers(struct http_proxy_info *p, { if (p->options.custom_headers[i].content) { - openvpn_snprintf(buf, sizeof(buf), "%s: %s", - p->options.custom_headers[i].name, - p->options.custom_headers[i].content); + snprintf(buf, sizeof(buf), "%s: %s", + p->options.custom_headers[i].name, + p->options.custom_headers[i].content); if (!strcasecmp(p->options.custom_headers[i].name, "Host")) { host_header_sent = true; @@ -592,8 +592,8 @@ add_proxy_headers(struct http_proxy_info *p, } else { - openvpn_snprintf(buf, sizeof(buf), "%s", - p->options.custom_headers[i].name); + snprintf(buf, sizeof(buf), "%s", + p->options.custom_headers[i].name); if (!strncasecmp(p->options.custom_headers[i].name, "Host:", 5)) { host_header_sent = true; @@ -609,7 +609,7 @@ add_proxy_headers(struct http_proxy_info *p, if (!host_header_sent) { - openvpn_snprintf(buf, sizeof(buf), "Host: %s", host); + snprintf(buf, sizeof(buf), "Host: %s", host); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) { @@ -620,8 +620,8 @@ add_proxy_headers(struct http_proxy_info *p, /* send User-Agent string if provided */ if (p->options.user_agent) { - openvpn_snprintf(buf, sizeof(buf), "User-Agent: %s", - p->options.user_agent); + snprintf(buf, sizeof(buf), "User-Agent: %s", + p->options.user_agent); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) { @@ -667,10 +667,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p, else { /* format HTTP CONNECT message */ - openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", - host, - port, - p->options.http_version); + snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", + host, + port, + p->options.http_version); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); @@ -692,8 +692,8 @@ establish_http_proxy_passthru(struct http_proxy_info *p, break; case HTTP_AUTH_BASIC: - openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s", - username_password_as_base64(p, &gc)); + snprintf(buf, sizeof(buf), "Proxy-Authorization: Basic %s", + username_password_as_base64(p, &gc)); msg(D_PROXY, "Attempting Basic Proxy-Authorization"); dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) @@ -705,14 +705,14 @@ establish_http_proxy_passthru(struct http_proxy_info *p, #if NTLM case HTTP_AUTH_NTLM2: /* keep-alive connection */ - openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); + snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); if (!send_line_crlf(sd, buf)) { goto error; } - openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", - ntlm_phase_1(p, &gc)); + snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", + ntlm_phase_1(p, &gc)); msg(D_PROXY, "Attempting NTLM Proxy-Authorization phase 1"); dmsg(D_SHOW_KEYS, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) @@ -773,7 +773,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, char get[80]; CLEAR(buf2); - openvpn_snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1); + snprintf(get, sizeof(get), "%%*s NTLM %%%zus", sizeof(buf2) - 1); nparms = sscanf(buf, get, buf2); /* check for "Proxy-Authenticate: NTLM TlRM..." */ @@ -795,10 +795,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p, /* now send the phase 3 reply */ /* format HTTP CONNECT message */ - openvpn_snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", - host, - port, - p->options.http_version); + snprintf(buf, sizeof(buf), "CONNECT %s:%s HTTP/%s", + host, + port, + p->options.http_version); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); @@ -809,7 +809,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, } /* keep-alive connection */ - openvpn_snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); + snprintf(buf, sizeof(buf), "Proxy-Connection: Keep-Alive"); if (!send_line_crlf(sd, buf)) { goto error; @@ -829,7 +829,7 @@ establish_http_proxy_passthru(struct http_proxy_info *p, msg(D_PROXY, "NTLM Proxy-Authorization phase 3 failed: received corrupted data from proxy server"); goto error; } - openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3); + snprintf(buf, sizeof(buf), "Proxy-Authorization: NTLM %s", np3); } msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); @@ -899,15 +899,15 @@ establish_http_proxy_passthru(struct http_proxy_info *p, /* build the digest response */ - openvpn_snprintf(uri, sizeof(uri), "%s:%s", - host, - port); + snprintf(uri, sizeof(uri), "%s:%s", + host, + port); if (opaque) { const int len = strlen(opaque)+16; opaque_kv = gc_malloc(len, false, &gc); - openvpn_snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque); + snprintf(opaque_kv, len, ", opaque=\"%s\"", opaque); } DigestCalcHA1(algor, @@ -928,10 +928,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p, response); /* format HTTP CONNECT message */ - openvpn_snprintf(buf, sizeof(buf), "%s %s HTTP/%s", - http_method, - uri, - p->options.http_version); + snprintf(buf, sizeof(buf), "%s %s HTTP/%s", + http_method, + uri, + p->options.http_version); msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); @@ -948,21 +948,22 @@ establish_http_proxy_passthru(struct http_proxy_info *p, } /* send digest response */ - int sret = openvpn_snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", - username, - realm, - nonce, - uri, - qop, - nonce_count, - cnonce, - response, - opaque_kv - ); + int sret = snprintf(buf, sizeof(buf), "Proxy-Authorization: Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", uri=\"%s\", qop=%s, nc=%s, cnonce=\"%s\", response=\"%s\"%s", + username, + realm, + nonce, + uri, + qop, + nonce_count, + cnonce, + response, + opaque_kv + ); if (sret >= sizeof(buf)) { goto error; } + msg(D_PROXY, "Send to HTTP proxy: '%s'", buf); if (!send_line_crlf(sd, buf)) { diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c index 7d9f9b51..4ca3a129 100644 --- a/src/openvpn/ps.c +++ b/src/openvpn/ps.c @@ -354,7 +354,7 @@ journal_add(const char *journal_dir, struct proxy_connection *pc, struct proxy_c fnlen = strlen(journal_dir) + strlen(t) + 2; jfn = (char *) malloc(fnlen); check_malloc_return(jfn); - openvpn_snprintf(jfn, fnlen, "%s/%s", journal_dir, t); + snprintf(jfn, fnlen, "%s/%s", journal_dir, t); dmsg(D_PS_PROXY_DEBUG, "PORT SHARE PROXY: client origin %s -> %s", jfn, f); fd = platform_open(jfn, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR | S_IRGRP); if (fd != -1) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index 909d6d2f..68bbcfd7 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -1621,11 +1621,11 @@ add_route(struct route_ipv4 *r, if (rgi) { - openvpn_snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface); + snprintf(out, sizeof(out), "%s %s %s dev %s", network, netmask, gateway, rgi->iface); } else { - openvpn_snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway); + snprintf(out, sizeof(out), "%s %s %s", network, netmask, gateway); } bool ret = management_android_control(management, "ROUTE", out); status = ret ? RTA_SUCCESS : RTA_ERROR; @@ -2000,7 +2000,7 @@ add_route_ipv6(struct route_ipv6 *r6, const struct tuntap *tt, #elif defined (TARGET_ANDROID) char out[64]; - openvpn_snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device); + snprintf(out, sizeof(out), "%s/%d %s", network, r6->netbits, device); status = management_android_control(management, "ROUTE6", out); diff --git a/src/openvpn/run_command.h b/src/openvpn/run_command.h index 52ab1155..ccad307e 100644 --- a/src/openvpn/run_command.h +++ b/src/openvpn/run_command.h @@ -66,8 +66,8 @@ openvpn_run_script(const struct argv *a, const struct env_set *es, { char msg[256]; - openvpn_snprintf(msg, sizeof(msg), - "WARNING: Failed running command (%s)", hook); + snprintf(msg, sizeof(msg), + "WARNING: Failed running command (%s)", hook); return openvpn_execve_check(a, es, flags | S_SCRIPT, msg); } diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index d2b82d5d..24d12768 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2983,11 +2983,11 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp case AF_INET: if (flags & SA_IP_PORT) { - openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); } else { - openvpn_snprintf(name_buf, sizeof(name_buf), "%s", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s", name_prefix); } inet_ntop(AF_INET, &addr->addr.in4.sin_addr, buf, sizeof(buf)); @@ -2995,7 +2995,7 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp if ((flags & SA_IP_PORT) && addr->addr.in4.sin_port) { - openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); setenv_int(es, name_buf, ntohs(addr->addr.in4.sin_port)); } break; @@ -3006,19 +3006,19 @@ setenv_sockaddr(struct env_set *es, const char *name_prefix, const struct openvp struct in_addr ia; memcpy(&ia.s_addr, &addr->addr.in6.sin6_addr.s6_addr[12], sizeof(ia.s_addr)); - openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s_ip", name_prefix); inet_ntop(AF_INET, &ia, buf, sizeof(buf)); } else { - openvpn_snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s_ip6", name_prefix); inet_ntop(AF_INET6, &addr->addr.in6.sin6_addr, buf, sizeof(buf)); } setenv_str(es, name_buf, buf); if ((flags & SA_IP_PORT) && addr->addr.in6.sin6_port) { - openvpn_snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); + snprintf(name_buf, sizeof(name_buf), "%s_port", name_prefix); setenv_int(es, name_buf, ntohs(addr->addr.in6.sin6_port)); } break; diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c index b0469102..8b8c01a9 100644 --- a/src/openvpn/socks.c +++ b/src/openvpn/socks.c @@ -109,9 +109,10 @@ socks_username_password_auth(struct socks_proxy_info *p, "Authentication not possible."); goto cleanup; } - int sret = openvpn_snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", - (int) strlen(creds.username), creds.username, - (int) strlen(creds.password), creds.password); + + int sret = snprintf(to_send, sizeof(to_send), "\x01%c%s%c%s", + (int) strlen(creds.username), creds.username, + (int) strlen(creds.password), creds.password); ASSERT(sret <= sizeof(to_send)); size = send(sd, to_send, strlen(to_send), MSG_NOSIGNAL); diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 0730d251..b0303b60 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1531,16 +1531,16 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) char s2[256]; s1[0] = s2[0] = 0; - openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s", - prefix, - mbedtls_ssl_get_version(ks_ssl->ctx), - mbedtls_ssl_get_ciphersuite(ks_ssl->ctx)); + snprintf(s1, sizeof(s1), "%s %s, cipher %s", + prefix, + mbedtls_ssl_get_version(ks_ssl->ctx), + mbedtls_ssl_get_ciphersuite(ks_ssl->ctx)); cert = mbedtls_ssl_get_peer_cert(ks_ssl->ctx); if (cert != NULL) { - openvpn_snprintf(s2, sizeof(s2), ", %u bit key", - (unsigned int) mbedtls_pk_get_bitlen(&cert->pk)); + snprintf(s2, sizeof(s2), ", %u bit key", + (unsigned int) mbedtls_pk_get_bitlen(&cert->pk)); } msg(D_HANDSHAKE, "%s%s", s1, s2); diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index 73ec9f5d..968858ed 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -198,8 +198,8 @@ append_cipher_to_ncp_list(struct options *o, const char *ciphername) size_t newlen = strlen(o->ncp_ciphers) + 1 + strlen(ciphername) + 1; char *ncp_ciphers = gc_malloc(newlen, false, &o->gc); - ASSERT(openvpn_snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers, - ciphername)); + ASSERT(snprintf(ncp_ciphers, newlen, "%s:%s", o->ncp_ciphers, + ciphername)); o->ncp_ciphers = ncp_ciphers; } diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index a1586173..6efef4f0 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -1774,7 +1774,7 @@ open_biofp(void) if (!biofp) { char fn[256]; - openvpn_snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle); + snprintf(fn, sizeof(fn), "bio/%d-%d.log", pid, biofp_toggle); biofp = fopen(fn, "w"); ASSERT(biofp); biofp_last_open = time(NULL); @@ -2116,8 +2116,8 @@ print_pkey_details(EVP_PKEY *pkey, char *buf, size_t buflen) #endif /* if OPENSSL_VERSION_NUMBER < 0x30000000L */ } - openvpn_snprintf(buf, buflen, "%d bits %s%s", - EVP_PKEY_bits(pkey), type, curve); + snprintf(buf, buflen, "%d bits %s%s", + EVP_PKEY_bits(pkey), type, curve); } /** @@ -2137,12 +2137,12 @@ print_cert_details(X509 *cert, char *buf, size_t buflen) int signature_nid = X509_get_signature_nid(cert); if (signature_nid != 0) { - openvpn_snprintf(sig, sizeof(sig), ", signature: %s", - OBJ_nid2sn(signature_nid)); + snprintf(sig, sizeof(sig), ", signature: %s", + OBJ_nid2sn(signature_nid)); } - openvpn_snprintf(buf, buflen, ", peer certificate: %s%s", - pkeybuf, sig); + snprintf(buf, buflen, ", peer certificate: %s%s", + pkeybuf, sig); EVP_PKEY_free(pkey); } @@ -2160,8 +2160,8 @@ print_server_tempkey(SSL *ssl, char *buf, size_t buflen) char pkeybuf[128] = { 0 }; print_pkey_details(pkey, pkeybuf, sizeof(pkeybuf)); - openvpn_snprintf(buf, buflen, ", peer temporary key: %s", - pkeybuf); + snprintf(buf, buflen, ", peer temporary key: %s", + pkeybuf); EVP_PKEY_free(pkey); } @@ -2238,8 +2238,8 @@ print_peer_signature(SSL *ssl, char *buf, size_t buflen) return; } - openvpn_snprintf(buf, buflen, ", peer signing digest/type: %s %s", - peer_sig, peer_sig_type); + snprintf(buf, buflen, ", peer signing digest/type: %s %s", + peer_sig, peer_sig_type); } @@ -2262,11 +2262,11 @@ print_details(struct key_state_ssl *ks_ssl, const char *prefix) s1[0] = s2[0] = s3[0] = s4[0] = 0; ciph = SSL_get_current_cipher(ks_ssl->ssl); - openvpn_snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", - prefix, - SSL_get_version(ks_ssl->ssl), - SSL_CIPHER_get_version(ciph), - SSL_CIPHER_get_name(ciph)); + snprintf(s1, sizeof(s1), "%s %s, cipher %s %s", + prefix, + SSL_get_version(ks_ssl->ssl), + SSL_CIPHER_get_version(ciph), + SSL_CIPHER_get_name(ciph)); X509 *cert = SSL_get_peer_certificate(ks_ssl->ssl); if (cert) diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 930769b7..934ff8d8 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -421,12 +421,12 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert } /* export subject name string as environmental variable */ - openvpn_snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth); + snprintf(envname, sizeof(envname), "tls_id_%d", cert_depth); setenv_str(es, envname, subject); #if 0 /* export common name string as environmental variable */ - openvpn_snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth); + snprintf(envname, sizeof(envname), "tls_common_name_%d", cert_depth); setenv_str(es, envname, common_name); #endif @@ -435,24 +435,24 @@ verify_cert_set_env(struct env_set *es, openvpn_x509_cert_t *peer_cert, int cert struct buffer sha1 = x509_get_sha1_fingerprint(peer_cert, &gc); struct buffer sha256 = x509_get_sha256_fingerprint(peer_cert, &gc); - openvpn_snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth); + snprintf(envname, sizeof(envname), "tls_digest_%d", cert_depth); setenv_str(es, envname, format_hex_ex(BPTR(&sha1), BLEN(&sha1), 0, 1, ":", &gc)); - openvpn_snprintf(envname, sizeof(envname), "tls_digest_sha256_%d", - cert_depth); + snprintf(envname, sizeof(envname), "tls_digest_sha256_%d", + cert_depth); setenv_str(es, envname, format_hex_ex(BPTR(&sha256), BLEN(&sha256), 0, 1, ":", &gc)); } /* export serial number as environmental variable */ serial = backend_x509_get_serial(peer_cert, &gc); - openvpn_snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth); + snprintf(envname, sizeof(envname), "tls_serial_%d", cert_depth); setenv_str(es, envname, serial); /* export serial number in hex as environmental variable */ serial = backend_x509_get_serial_hex(peer_cert, &gc); - openvpn_snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth); + snprintf(envname, sizeof(envname), "tls_serial_hex_%d", cert_depth); setenv_str(es, envname, serial); gc_free(&gc); @@ -569,7 +569,7 @@ verify_check_crl_dir(const char *crl_dir, openvpn_x509_cert_t *cert, goto cleanup; } - if (!openvpn_snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial)) + if (!snprintf(fn, sizeof(fn), "%s%c%s", crl_dir, PATH_SEPARATOR, serial)) { msg(D_HANDSHAKE, "VERIFY CRL: filename overflow"); goto cleanup; @@ -938,9 +938,9 @@ key_state_check_auth_pending_file(struct auth_deferred_status *ads, if (!check_auth_pending_method(multi->peer_info, pending_method)) { char buf[128]; - openvpn_snprintf(buf, sizeof(buf), - "Authentication failed, required pending auth " - "method '%s' not supported", pending_method); + snprintf(buf, sizeof(buf), + "Authentication failed, required pending auth " + "method '%s' not supported", pending_method); auth_set_client_reason(multi, buf); msg(M_INFO, "Client does not supported auth pending method " "'%s'", pending_method); diff --git a/src/openvpn/ssl_verify_mbedtls.c b/src/openvpn/ssl_verify_mbedtls.c index a801cd3d..ca14cebc 100644 --- a/src/openvpn/ssl_verify_mbedtls.c +++ b/src/openvpn/ssl_verify_mbedtls.c @@ -86,8 +86,8 @@ verify_callback(void *session_obj, mbedtls_x509_crt *cert, int cert_depth, char *serial = backend_x509_get_serial(cert, &gc); ret = mbedtls_x509_crt_verify_info(errstr, sizeof(errstr)-1, "", *flags); - if (ret <= 0 && !openvpn_snprintf(errstr, sizeof(errstr), - "Could not retrieve error string, flags=%" PRIx32, *flags)) + if (ret <= 0 && !snprintf(errstr, sizeof(errstr), + "Could not retrieve error string, flags=%" PRIx32, *flags)) { errstr[0] = '\0'; } @@ -307,7 +307,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth) name_expand_size = 64 + strlen(name); name_expand = (char *) malloc(name_expand_size); check_malloc_return(name_expand); - openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); + snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); setenv_str(es, name_expand, value); free(name_expand); } @@ -431,13 +431,13 @@ x509_setenv(struct env_set *es, int cert_depth, mbedtls_x509_crt *cert) if (0 == mbedtls_oid_get_attr_short_name(&name->oid, &shortname) ) { - openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_%s", - cert_depth, shortname); + snprintf(name_expand, sizeof(name_expand), "X509_%d_%s", + cert_depth, shortname); } else { - openvpn_snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?", - cert_depth); + snprintf(name_expand, sizeof(name_expand), "X509_%d_\?\?", + cert_depth); } for (i = 0; i < name->val.len; i++) diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c index ec3a7cf5..7d41d4ac 100644 --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c @@ -279,7 +279,7 @@ backend_x509_get_username(char *common_name, int cn_len, gc_free(&gc); return FAILURE; } - openvpn_snprintf(common_name, cn_len, "0x%s", serial); + snprintf(common_name, cn_len, "0x%s", serial); gc_free(&gc); } else @@ -454,7 +454,7 @@ do_setenv_x509(struct env_set *es, const char *name, char *value, int depth) name_expand_size = 64 + strlen(name); name_expand = (char *) malloc(name_expand_size); check_malloc_return(name_expand); - openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); + snprintf(name_expand, name_expand_size, "X509_%d_%s", depth, name); setenv_str(es, name_expand, value); free(name_expand); } @@ -597,8 +597,8 @@ x509_setenv(struct env_set *es, int cert_depth, openvpn_x509_cert_t *peer_cert) name_expand_size = 64 + strlen(objbuf); name_expand = (char *) malloc(name_expand_size); check_malloc_return(name_expand); - openvpn_snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth, - objbuf); + snprintf(name_expand, name_expand_size, "X509_%d_%s", cert_depth, + objbuf); string_mod(name_expand, CC_PRINT, CC_CRLF, '_'); string_mod((char *)buf, CC_PRINT, CC_CRLF, '_'); setenv_str_incr(es, name_expand, (char *)buf); diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 6ef1c7d6..90fe6e9c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -574,8 +574,8 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, } char metadata_type_str[4] = { 0 }; /* Max value: 255 */ - openvpn_snprintf(metadata_type_str, sizeof(metadata_type_str), - "%i", (uint8_t) metadata_type); + snprintf(metadata_type_str, sizeof(metadata_type_str), + "%i", (uint8_t) metadata_type); struct env_set *es = env_set_create(NULL); setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index f550e9c2..d01515db 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1114,8 +1114,8 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname, int tun_mtu, #elif defined(TARGET_ANDROID) char out6[64]; - openvpn_snprintf(out6, sizeof(out6), "%s/%d %d", - ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); + snprintf(out6, sizeof(out6), "%s/%d %d", + ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu); management_android_control(management, "IFCONFIG6", out6); #elif defined(TARGET_SOLARIS) argv_printf(&argv, "%s %s inet6 unplumb", IFCONFIG_PATH, ifname); @@ -1362,8 +1362,8 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname, int tun_mtu, top = "undef"; } - openvpn_snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local, - ifconfig_remote_netmask, tun_mtu, top); + snprintf(out, sizeof(out), "%s %s %d %s", ifconfig_local, + ifconfig_remote_netmask, tun_mtu, top); management_android_control(management, "IFCONFIG", out); #elif defined(TARGET_SOLARIS) @@ -1912,7 +1912,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, */ if (dev_node) { - openvpn_snprintf(tunname, sizeof(tunname), "%s", dev_node); + snprintf(tunname, sizeof(tunname), "%s", dev_node); } else { @@ -1926,10 +1926,10 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, { for (int i = 0; i < 256; ++i) { - openvpn_snprintf(tunname, sizeof(tunname), - "/dev/%s%d", dev, i); - openvpn_snprintf(dynamic_name, sizeof(dynamic_name), - "%s%d", dev, i); + snprintf(tunname, sizeof(tunname), + "/dev/%s%d", dev, i); + snprintf(dynamic_name, sizeof(dynamic_name), + "%s%d", dev, i); if ((tt->fd = open(tunname, O_RDWR)) > 0) { dynamic_opened = true; @@ -1947,7 +1947,7 @@ open_tun_generic(const char *dev, const char *dev_type, const char *dev_node, */ else { - openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev); + snprintf(tunname, sizeof(tunname), "/dev/%s", dev); } } @@ -2002,8 +2002,8 @@ open_tun_dco_generic(const char *dev, const char *dev_type, { for (int i = 0; i < 256; ++i) { - openvpn_snprintf(dynamic_name, sizeof(dynamic_name), - "%s%d", dev, i); + snprintf(dynamic_name, sizeof(dynamic_name), + "%s%d", dev, i); int ret = open_tun_dco(tt, ctx, dynamic_name); if (ret == 0) { @@ -2519,7 +2519,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun tt->actual_name = (char *) malloc(32); check_malloc_return(tt->actual_name); - openvpn_snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa); + snprintf(tt->actual_name, 32, "%s%d", dev_tuntap_type, ppa); if (tt->type == DEV_TYPE_TAP) { @@ -3509,7 +3509,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun int i; for (i = 0; i<99; i++) { - openvpn_snprintf(tunname, sizeof(tunname), "/dev/tap%d", i); + snprintf(tunname, sizeof(tunname), "/dev/tap%d", i); if (access( tunname, F_OK ) < 0 && errno == ENOENT) { break; @@ -3520,7 +3520,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun msg( M_FATAL, "cannot find unused tap device" ); } - openvpn_snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i ); + snprintf( dynamic_name, sizeof(dynamic_name), "tap%d", i ); dev = dynamic_name; } else /* name given, sanity check */ @@ -3536,7 +3536,7 @@ open_tun(const char *dev, const char *dev_type, const char *dev_node, struct tun msg( M_FATAL, "TAP device name must be '--dev tapNNNN'" ); } - openvpn_snprintf(tunname, sizeof(tunname), "/dev/%s", dev); + snprintf(tunname, sizeof(tunname), "/dev/%s", dev); } /* pre-existing device? @@ -3956,8 +3956,8 @@ get_tap_reg(struct gc_arena *gc) ADAPTER_KEY); } - openvpn_snprintf(unit_string, sizeof(unit_string), "%s\\%s", - ADAPTER_KEY, enum_name); + snprintf(unit_string, sizeof(unit_string), "%s\\%s", + ADAPTER_KEY, enum_name); status = RegOpenKeyEx( HKEY_LOCAL_MACHINE, @@ -4098,9 +4098,9 @@ get_panel_reg(struct gc_arena *gc) NETWORK_CONNECTIONS_KEY); } - openvpn_snprintf(connection_string, sizeof(connection_string), - "%s\\%s\\Connection", - NETWORK_CONNECTIONS_KEY, enum_name); + snprintf(connection_string, sizeof(connection_string), + "%s\\%s\\Connection", + NETWORK_CONNECTIONS_KEY, enum_name); status = RegOpenKeyEx( HKEY_LOCAL_MACHINE, @@ -4984,7 +4984,7 @@ get_adapter_index_method_1(const char *guid) DWORD index; ULONG aindex; wchar_t wbuf[256]; - openvpn_swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid); + swprintf(wbuf, SIZE(wbuf), L"\\DEVICE\\TCPIP_%hs", guid); if (GetAdapterIndex(wbuf, &aindex) != NO_ERROR) { index = TUN_ADAPTER_INDEX_INVALID; @@ -5164,10 +5164,10 @@ tap_allow_nonadmin_access(const char *dev_node) } /* Open Windows TAP-Windows adapter */ - openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s", - USERMODEDEVICEDIR, - device_guid, - TAP_WIN_SUFFIX); + snprintf(device_path, sizeof(device_path), "%s%s%s", + USERMODEDEVICEDIR, + device_guid, + TAP_WIN_SUFFIX); hand = CreateFile( device_path, @@ -5208,10 +5208,10 @@ tap_allow_nonadmin_access(const char *dev_node) } /* Open Windows TAP-Windows adapter */ - openvpn_snprintf(device_path, sizeof(device_path), "%s%s%s", - USERMODEDEVICEDIR, - device_guid, - TAP_WIN_SUFFIX); + snprintf(device_path, sizeof(device_path), "%s%s%s", + USERMODEDEVICEDIR, + device_guid, + TAP_WIN_SUFFIX); hand = CreateFile( device_path, @@ -6607,10 +6607,10 @@ tun_try_open_device(struct tuntap *tt, const char *device_guid, const struct dev else { /* Open TAP-Windows */ - openvpn_snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s", - USERMODEDEVICEDIR, - device_guid, - TAP_WIN_SUFFIX); + snprintf(tuntap_device_path, sizeof(tuntap_device_path), "%s%s%s", + USERMODEDEVICEDIR, + device_guid, + TAP_WIN_SUFFIX); path = tuntap_device_path; } diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index 27d82c51..98955ba2 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -885,8 +885,8 @@ env_block(const struct env_set *es) char force_path[256]; char *sysroot = get_win_sys_path(); - if (!openvpn_snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem", - sysroot, sysroot, sysroot)) + if (!snprintf(force_path, sizeof(force_path), "PATH=%s\\System32;%s;%s\\System32\\Wbem", + sysroot, sysroot, sysroot)) { msg(M_WARN, "env_block: default path truncated to %s", force_path); } @@ -1482,27 +1482,12 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t size, return ret; } -bool -openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...) -{ - va_list arglist; - int len = -1; - if (size > 0) - { - va_start(arglist, format); - len = vswprintf(str, size, format, arglist); - va_end(arglist); - str[size - 1] = L'\0'; - } - return (len >= 0 && len < size); -} - bool get_openvpn_reg_value(const WCHAR *key, WCHAR *value, DWORD size) { WCHAR reg_path[256]; HKEY hkey; - openvpn_swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME); + swprintf(reg_path, _countof(reg_path), L"SOFTWARE\\" PACKAGE_NAME); LONG status = RegOpenKeyExW(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &hkey); if (status != ERROR_SUCCESS) @@ -1528,7 +1513,7 @@ set_openssl_env_vars() /* if we cannot find installation path from the registry, * use Windows directory as a fallback */ - openvpn_swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir); + swprintf(install_path, _countof(install_path), L"%ls", ssl_fallback_dir); } if ((install_path[wcslen(install_path) - 1]) == L'\\') @@ -1553,7 +1538,7 @@ set_openssl_env_vars() if (size == 0) { WCHAR val[MAX_PATH] = {0}; - openvpn_swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value); + swprintf(val, _countof(val), L"%ls\\ssl\\%ls", install_path, ossl_env[i].value); _wputenv_s(ossl_env[i].name, val); } } diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 974fe02d..fd75992a 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -319,14 +319,6 @@ bool send_msg_iservice(HANDLE pipe, const void *data, size_t size, int openvpn_execve(const struct argv *a, const struct env_set *es, const unsigned int flags); -/* - * openvpn_swprintf() is currently only used by Windows code paths - * and when enabled for all platforms it will currently break older - * OpenBSD versions lacking vswprintf(3) support in their libc. - */ -bool -openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...); - /* Sleep that can be interrupted by signals and exit event */ void win32_sleep(const int n); diff --git a/src/openvpn/xkey_helper.c b/src/openvpn/xkey_helper.c index c8033232..283c95db 100644 --- a/src/openvpn/xkey_helper.c +++ b/src/openvpn/xkey_helper.c @@ -205,7 +205,7 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen, } else { - openvpn_snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname); + snprintf(alg_str, sizeof(alg_str), "ECDSA,hashalg=%s", alg.mdname); } } else if (!strcmp(alg.keytype, "ED448") || !strcmp(alg.keytype, "ED25519")) @@ -229,8 +229,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen, /* For undigested message, add hashalg=digest parameter */ else { - openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s", - "RSA_PKCS1_PADDING", alg.mdname); + snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s", + "RSA_PKCS1_PADDING", alg.mdname); } } else if (!strcmp(alg.padmode, "none") && (flags & MF_EXTERNAL_KEY_NOPADDING) @@ -240,8 +240,8 @@ xkey_management_sign(void *unused, unsigned char *sig, size_t *siglen, } else if (!strcmp(alg.padmode, "pss") && (flags & MF_EXTERNAL_KEY_PSSPAD)) { - openvpn_snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s", - "RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen); + snprintf(alg_str, sizeof(alg_str), "%s,hashalg=%s,saltlen=%s", + "RSA_PKCS1_PSS_PADDING", alg.mdname, alg.saltlen); } else { diff --git a/src/openvpnserv/common.c b/src/openvpnserv/common.c index bd0a484e..96bf8005 100644 --- a/src/openvpnserv/common.c +++ b/src/openvpnserv/common.c @@ -27,36 +27,6 @@ LPCTSTR service_instance = TEXT(""); static wchar_t win_sys_path[MAX_PATH]; -/* - * These are necessary due to certain buggy implementations of (v)snprintf, - * that don't guarantee null termination for size > 0. - */ -BOOL -openvpn_vswprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist) -{ - int len = -1; - if (size > 0) - { - len = vswprintf_s(str, size, format, arglist); - str[size - 1] = 0; - } - return (len >= 0 && (size_t)len < size); -} - -BOOL -openvpn_swprintf(LPTSTR str, size_t size, LPCTSTR format, ...) -{ - va_list arglist; - BOOL res = FALSE; - if (size > 0) - { - va_start(arglist, format); - res = openvpn_vswprintf(str, size, format, arglist); - va_end(arglist); - } - return res; -} - static DWORD GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_value) { @@ -66,7 +36,7 @@ GetRegString(HKEY key, LPCTSTR value, LPTSTR data, DWORD size, LPCTSTR default_v if (status == ERROR_FILE_NOT_FOUND && default_value) { size_t len = size/sizeof(data[0]); - if (openvpn_swprintf(data, len, default_value)) + if (swprintf(data, len, default_value)) { status = ERROR_SUCCESS; } @@ -93,7 +63,7 @@ GetOpenvpnSettings(settings_t *s) TCHAR install_path[MAX_PATH]; TCHAR default_value[MAX_PATH]; - openvpn_swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance); + swprintf(reg_path, _countof(reg_path), TEXT("SOFTWARE\\" PACKAGE_NAME "%ls"), service_instance); LONG status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, reg_path, 0, KEY_READ, &key); if (status != ERROR_SUCCESS) @@ -110,15 +80,15 @@ GetOpenvpnSettings(settings_t *s) goto out; } - openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"), - install_path); + swprintf(default_value, _countof(default_value), TEXT("%ls\\bin\\openvpn.exe"), + install_path); error = GetRegString(key, TEXT("exe_path"), s->exe_path, sizeof(s->exe_path), default_value); if (error != ERROR_SUCCESS) { goto out; } - openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path); + swprintf(default_value, _countof(default_value), TEXT("%ls\\config"), install_path); error = GetRegString(key, TEXT("config_dir"), s->config_dir, sizeof(s->config_dir), default_value); if (error != ERROR_SUCCESS) @@ -133,7 +103,7 @@ GetOpenvpnSettings(settings_t *s) goto out; } - openvpn_swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path); + swprintf(default_value, _countof(default_value), TEXT("%ls\\log"), install_path); error = GetRegString(key, TEXT("log_dir"), s->log_dir, sizeof(s->log_dir), default_value); if (error != ERROR_SUCCESS) { @@ -229,7 +199,7 @@ GetLastErrorText() else { tmp[wcslen(tmp) - 2] = TEXT('\0'); /* remove CR/LF characters */ - openvpn_swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error); + swprintf(buf, _countof(buf), TEXT("%ls (0x%x)"), tmp, error); } if (tmp) @@ -259,12 +229,12 @@ MsgToEventLog(DWORD flags, LPCTSTR format, ...) hEventSource = RegisterEventSource(NULL, APPNAME); if (hEventSource != NULL) { - openvpn_swprintf(msg[0], _countof(msg[0]), - TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance, - (flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg); + swprintf(msg[0], _countof(msg[0]), + TEXT("%ls%ls%ls: %ls"), APPNAME, service_instance, + (flags & MSG_FLAGS_ERROR) ? TEXT(" error") : TEXT(""), err_msg); va_start(arglist, format); - openvpn_vswprintf(msg[1], _countof(msg[1]), format, arglist); + vswprintf(msg[1], _countof(msg[1]), format, arglist); va_end(arglist); const TCHAR *mesg[] = { msg[0], msg[1] }; diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index d32223ce..294db00a 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -311,7 +311,7 @@ ReturnProcessId(HANDLE pipe, DWORD pid, DWORD count, LPHANDLE events) * Same format as error messages (3 line string) with error = 0 in * 0x%08x format, PID on line 2 and a description "Process ID" on line 3 */ - openvpn_swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg); + swprintf(buf, _countof(buf), L"0x%08x\n0x%08x\n%ls", 0, pid, msg); WritePipeAsync(pipe, buf, (DWORD)(wcslen(buf) * 2), count, events); } @@ -385,9 +385,9 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR * if (!argv) { - openvpn_swprintf(errmsg, capacity, - L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x", - GetLastError()); + swprintf(errmsg, capacity, + L"Cannot validate options: CommandLineToArgvW failed with error = 0x%08x", + GetLastError()); goto out; } @@ -407,8 +407,8 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR * if (!CheckOption(workdir, 2, argv_tmp, &settings)) { - openvpn_swprintf(errmsg, capacity, msg1, argv[0], workdir, - settings.ovpn_admin_group); + swprintf(errmsg, capacity, msg1, argv[0], workdir, + settings.ovpn_admin_group); } goto out; } @@ -424,13 +424,13 @@ ValidateOptions(HANDLE pipe, const WCHAR *workdir, const WCHAR *options, WCHAR * { if (wcscmp(L"--config", argv[i]) == 0 && argc-i > 1) { - openvpn_swprintf(errmsg, capacity, msg1, argv[i+1], workdir, - settings.ovpn_admin_group); + swprintf(errmsg, capacity, msg1, argv[i+1], workdir, + settings.ovpn_admin_group); } else { - openvpn_swprintf(errmsg, capacity, msg2, argv[i], - settings.ovpn_admin_group); + swprintf(errmsg, capacity, msg2, argv[i], + settings.ovpn_admin_group); } goto out; } @@ -985,7 +985,7 @@ RegisterDNS(LPVOID unused) HANDLE wait_handles[2] = {rdns_semaphore, exit_event}; - openvpn_swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe"); + swprintf(ipcfg, MAX_PATH, L"%ls\\%ls", get_win_sys_path(), L"ipconfig.exe"); if (WaitForMultipleObjects(2, wait_handles, FALSE, timeout) == WAIT_OBJECT_0) { @@ -1064,7 +1064,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam } /* Path of netsh */ - openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); + swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); /* cmd template: * netsh interface $proto $action dns $if_name $addr [validate=no] @@ -1080,7 +1080,7 @@ netsh_dns_cmd(const wchar_t *action, const wchar_t *proto, const wchar_t *if_nam goto out; } - openvpn_swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr); + swprintf(cmdline, ncmdline, fmt, proto, action, if_name, addr); if (IsWindows7OrGreater()) { @@ -1124,7 +1124,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add } /* Path of netsh */ - openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); + swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); /* cmd template: * netsh interface ip $action wins $if_name $static $addr @@ -1141,7 +1141,7 @@ netsh_wins_cmd(const wchar_t *action, const wchar_t *if_name, const wchar_t *add goto out; } - openvpn_swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr); + swprintf(cmdline, ncmdline, fmt, action, if_name, addr_static, addr); err = ExecCommand(argv0, cmdline, timeout); @@ -1167,7 +1167,7 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index, wchar_t *cmdline = NULL; int timeout = 10000; /* in msec */ - openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe"); + swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"wbem\\wmic.exe"); const wchar_t *fmt; /* comma separated list must be enclosed in parenthesis */ @@ -1188,8 +1188,8 @@ wmic_nicconfig_cmd(const wchar_t *action, const NET_IFINDEX if_index, return ERROR_OUTOFMEMORY; } - openvpn_swprintf(cmdline, ncmdline, fmt, if_index, action, - data ? data : L""); + swprintf(cmdline, ncmdline, fmt, if_index, action, + data ? data : L""); err = ExecCommand(argv0, cmdline, timeout); free(cmdline); @@ -1453,7 +1453,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp) wchar_t argv0[MAX_PATH]; /* Path of netsh */ - openvpn_swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); + swprintf(argv0, _countof(argv0), L"%ls\\%ls", get_win_sys_path(), L"netsh.exe"); /* cmd template: * netsh interface ipv4 set address name=$if_index source=dhcp @@ -1471,7 +1471,7 @@ HandleEnableDHCPMessage(const enable_dhcp_message_t *dhcp) return err; } - openvpn_swprintf(cmdline, ncmdline, fmt, dhcp->iface.index); + swprintf(cmdline, ncmdline, fmt, dhcp->iface.index); err = ExecCommand(argv0, cmdline, timeout); @@ -1970,8 +1970,8 @@ RunOpenvpn(LPVOID p) goto out; } - openvpn_swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name), - TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId()); + swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name), + TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId()); ovpn_pipe = CreateNamedPipe(ovpn_pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL); @@ -2003,8 +2003,11 @@ RunOpenvpn(LPVOID p) ReturnLastError(pipe, L"malloc"); goto out; } - openvpn_swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR, - sud.options, svc_pipe); + /* there seem to be no common printf specifier that works on all + * mingw/msvc platforms without trickery, so convert to void* and use + * PRIuPTR to print that as best compromise */ + swprintf(cmdline, cmdline_size, L"openvpn %ls --msg-channel %" PRIuPTR, + sud.options, (uintptr_t)svc_pipe); if (!CreateEnvironmentBlock(&user_env, imp_token, FALSE)) { @@ -2079,8 +2082,8 @@ RunOpenvpn(LPVOID p) else if (exit_code != 0) { WCHAR buf[256]; - openvpn_swprintf(buf, _countof(buf), - L"OpenVPN exited with error: exit code = %lu", exit_code); + swprintf(buf, _countof(buf), + L"OpenVPN exited with error: exit code = %lu", exit_code); ReturnError(pipe, ERROR_OPENVPN_STARTUP, buf, 1, &exit_event); } Undo(&undo_lists); @@ -2174,7 +2177,7 @@ CreateClientPipeInstance(VOID) initialized = TRUE; } - openvpn_swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance); + swprintf(pipe_name, _countof(pipe_name), TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service"), service_instance); pipe = CreateNamedPipe(pipe_name, flags, PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_REJECT_REMOTE_CLIENTS, PIPE_UNLIMITED_INSTANCES, 1024, 1024, 0, NULL); diff --git a/src/openvpnserv/service.h b/src/openvpnserv/service.h index 3acf08cb..6d0827d9 100644 --- a/src/openvpnserv/service.h +++ b/src/openvpnserv/service.h @@ -81,12 +81,6 @@ VOID WINAPI ServiceStartInteractiveOwn(DWORD argc, LPTSTR *argv); VOID WINAPI ServiceStartInteractive(DWORD argc, LPTSTR *argv); -BOOL openvpn_vsntprintf(LPTSTR str, size_t size, LPCTSTR format, va_list arglist); - -BOOL openvpn_sntprintf(LPTSTR str, size_t size, LPCTSTR format, ...); - -BOOL openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...); - DWORD GetOpenvpnSettings(settings_t *s); BOOL ReportStatusToSCMgr(SERVICE_STATUS_HANDLE service, SERVICE_STATUS *status); diff --git a/src/openvpnserv/validate.c b/src/openvpnserv/validate.c index 5f7acd74..9563fa55 100644 --- a/src/openvpnserv/validate.c +++ b/src/openvpnserv/validate.c @@ -68,7 +68,7 @@ CheckConfigPath(const WCHAR *workdir, const WCHAR *fname, const settings_t *s) /* convert fname to full path */ if (PathIsRelativeW(fname) ) { - openvpn_swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname); + swprintf(tmp, _countof(tmp), L"%ls\\%ls", workdir, fname); config_file = tmp; } else diff --git a/tests/unit_tests/openvpn/test_buffer.c b/tests/unit_tests/openvpn/test_buffer.c index 52ffb540..fbfb937d 100644 --- a/tests/unit_tests/openvpn/test_buffer.c +++ b/tests/unit_tests/openvpn/test_buffer.c @@ -354,6 +354,56 @@ test_character_class(void **state) assert_string_equal(buf, "There is a .'nice.' \"1234\" [.] year old .tree!"); } +static void +test_snprintf(void **state) +{ + /* we used to have a custom openvpn_snprintf function because some + * OS (the comment did not specify which) did not always put the + * null byte there. So we unit test this to be sure. + * + * This probably refers to the MSVC behaviour, see also + * https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating + */ + + /* Instead of trying to trick the compiler here, disable the warnings + * for this unit test. We know that the results will be truncated + * and we want to test that */ +#if defined(__GNUC__) +/* some clang version do not understand -Wformat-truncation, so ignore the + * warning to avoid warnings/errors (-Werror) about unknown pragma/option */ +#if defined(__clang__) +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunknown-warning-option" +#endif +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wformat-truncation" +#endif + + char buf[10] = { 'a' }; + int ret = 0; + + ret = snprintf(buf, sizeof(buf), "0123456789abcde"); + assert_int_equal(ret, 15); + assert_int_equal(buf[9], '\0'); + + memset(buf, 'b', sizeof(buf)); + ret = snprintf(buf, sizeof(buf), "- %d - %d -", 77, 88); + assert_int_equal(ret, 11); + assert_int_equal(buf[9], '\0'); + + memset(buf, 'c', sizeof(buf)); + ret = snprintf(buf, sizeof(buf), "- %8.2f", 77.8899); + assert_int_equal(ret, 10); + assert_int_equal(buf[9], '\0'); + +#if defined(__GNUC__) +#pragma GCC diagnostic pop +#if defined(__clang__) +#pragma clang diagnostic pop +#endif +#endif +} + int main(void) { @@ -387,6 +437,7 @@ main(void) cmocka_unit_test(test_buffer_free_gc_two), cmocka_unit_test(test_buffer_gc_realloc), cmocka_unit_test(test_character_class), + cmocka_unit_test(test_snprintf) }; return cmocka_run_group_tests_name("buffer", tests, NULL, NULL); diff --git a/tests/unit_tests/openvpn/test_cryptoapi.c b/tests/unit_tests/openvpn/test_cryptoapi.c index 87f62086..98102ef2 100644 --- a/tests/unit_tests/openvpn/test_cryptoapi.c +++ b/tests/unit_tests/openvpn/test_cryptoapi.c @@ -271,7 +271,7 @@ test_find_cert_bythumb(void **state) for (struct test_cert *c = certs; c->cert; c++) { - openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); + snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); ctx = find_certificate_in_store(select_string, user_store); if (ctx) { @@ -304,7 +304,7 @@ test_find_cert_byname(void **state) for (struct test_cert *c = certs; c->cert; c++) { - openvpn_snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname); + snprintf(select_string, sizeof(select_string), "SUBJ:%s", c->cname); ctx = find_certificate_in_store(select_string, user_store); /* In this case we expect a successful return as there is at least one valid * cert that matches the common name. But the returned cert may not exactly match @@ -337,7 +337,7 @@ test_find_cert_byissuer(void **state) for (struct test_cert *c = certs; c->cert; c++) { - openvpn_snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer); + snprintf(select_string, sizeof(select_string), "ISSUER:%s", c->issuer); ctx = find_certificate_in_store(select_string, user_store); /* In this case we expect a successful return as there is at least one valid * cert that matches the issuer. But the returned cert may not exactly match @@ -411,7 +411,7 @@ test_cryptoapi_sign(void **state) { continue; } - openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); + snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); if (Load_CryptoAPI_certificate(select_string, &x509, &privkey) != 1) { fail_msg("Load_CryptoAPI_certificate failed: <%s>", c->friendly_name); @@ -446,7 +446,7 @@ test_ssl_ctx_use_cryptoapicert(void **state) SSL_CTX *ssl_ctx = SSL_CTX_new_ex(tls_libctx, NULL, SSLv23_client_method()); assert_non_null(ssl_ctx); - openvpn_snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); + snprintf(select_string, sizeof(select_string), "THUMB:%s", c->hash); if (!SSL_CTX_use_CryptoAPI_certificate(ssl_ctx, select_string)) { fail_msg("SSL_CTX_use_CryptoAPI_certificate failed: <%s>", c->friendly_name); diff --git a/tests/unit_tests/openvpn/test_pkcs11.c b/tests/unit_tests/openvpn/test_pkcs11.c index a48e404d..84ebb292 100644 --- a/tests/unit_tests/openvpn/test_pkcs11.c +++ b/tests/unit_tests/openvpn/test_pkcs11.c @@ -161,7 +161,7 @@ get_user_pass_cr(struct user_pass *up, const char *auth_file, const char *prefix } else if (flags & GET_USER_PASS_PASSWORD_ONLY) { - openvpn_snprintf(up->password, sizeof(up->password), "%s", PIN); + snprintf(up->password, sizeof(up->password), "%s", PIN); } else { @@ -204,8 +204,8 @@ init(void **state) { fail_msg("make tmpfile using template <%s> failed (error = %d)", softhsm2_conf_path, errno); } - openvpn_snprintf(config, sizeof(config), "directories.tokendir=%s/", - softhsm2_tokens_path); + snprintf(config, sizeof(config), "directories.tokendir=%s/", + softhsm2_tokens_path); assert_int_equal(write(fd, config, strlen(config)), strlen(config)); close(fd);