Sophie: vixie-cron-4.1-9.1mdv2007.1 src

vixie-cron-4.1-9.1mdv2007.1.src.rpm

--- vixie-cron-4.1/misc.c.sprintf	2005-11-04 21:27:58.000000000 +0100
+++ vixie-cron-4.1/misc.c	2005-11-04 21:36:17.000000000 +0100
@@ -298,7 +298,7 @@
 		pidfile = _PATH_CRON_PID;
 		/* Initial mode is 0600 to prevent flock() race/DoS. */
 		if ((fd = open(pidfile, O_RDWR|O_CREAT, 0600)) == -1) {
-			sprintf(buf, "can't open or create %s: %s",
+			snprintf(buf, MAX_TEMPSTR, "can't open or create %s: %s",
 				pidfile, strerror(errno));
 			fprintf(stderr, "%s: %s\n", ProgramName, buf);
 			log_it("CRON", getpid(), "DEATH", buf);
@@ -320,7 +320,7 @@
 				    "can't lock %s, otherpid unknown: %s",
 				    pidfile, strerror(save_errno));
 			}
-			sprintf(buf, "can't lock %s, otherpid may be %ld: %s",
+			snprintf(buf, MAX_TEMPSTR, "can't lock %s, otherpid may be %ld: %s",
 				pidfile, otherpid, strerror(save_errno));
 			fprintf(stderr, "%s: %s\n", ProgramName, buf);
 			log_it("CRON", getpid(), "DEATH", buf);
@@ -549,7 +549,7 @@
 
 	free(msg);
 #endif /*LOG_FILE*/
-
+	int 			msg_size;
 #if defined(SYSLOG)
 	if (!syslog_open) {
 # ifdef LOG_DAEMON
@@ -646,8 +646,10 @@
 			*dst++ = '^';
 			*dst++ = '?';
 		} else {			/* parity character */
-			sprintf(dst, "\\%03o", ch);
-			dst += 4;
+		    /* well, the following snprintf is paranoid, but that will
+		     * keep grep happy */
+		    snprintf(dst, 5, "\\%03o", ch);
+		    dst += 4;
 		}
 	}
 	*dst = '\0';
@@ -684,7 +686,7 @@
 	int minutes = (gmtoff - (hours * SECONDS_PER_HOUR)) / SECONDS_PER_MINUTE;
 	static char ret[64];	/* zone name might be >3 chars */
 	
-	(void) sprintf(ret, "%s, %2d %s %2d %02d:%02d:%02d %.2d%.2d (%s)",
+	(void) snprintf(ret, 64, "%s, %2d %s %2d %02d:%02d:%02d %.2d%.2d (%s)",
 		       DowNames[tm.tm_wday],
 		       tm.tm_mday,
 		       MonthNames[tm.tm_mon],
--- vixie-cron-4.1/do_command.c.sprintf	2005-11-04 21:27:58.000000000 +0100
+++ vixie-cron-4.1/do_command.c	2005-11-04 21:38:17.000000000 +0100
@@ -499,7 +499,7 @@
 					fprintf(stderr, "mailcmd too long\n");
 					(void) _exit(ERROR_EXIT);
 				}
-				(void)sprintf(mailcmd, MAILFMT, MAILARG);
+				(void)snprintf(mailcmd, MAX_COMMAND, MAILFMT, MAILARG);
 				if (!(mail = cron_popen(mailcmd, "w", e->pwd))) {
 					perror(mailcmd);
 					(void) _exit(ERROR_EXIT);
@@ -557,7 +557,7 @@
 			if (mailto && status) {
 				char buf[MAX_TEMPSTR];
 
-				sprintf(buf,
+				snprintf(buf, MAX_TEMPSTR,
 			"mailed %d byte%s of output but got status 0x%04x\n",
 					bytes, (bytes==1)?"":"s",
 					status);