diff --git a/channels/rdpdr/client/rdpdr_main.c b/channels/rdpdr/client/rdpdr_main.c index 86daabcc4..69a922ed9 100644 --- a/channels/rdpdr/client/rdpdr_main.c +++ b/channels/rdpdr/client/rdpdr_main.c @@ -403,7 +403,7 @@ static UINT handle_hotplug(rdpdrPlugin* rdpdr) { if (pDirent->d_name[0] != '.') { - sprintf(fullpath, "%s/%s", szdir, pDirent->d_name); + sprintf_s(fullpath, ARRAYSIZE(fullpath), "%s/%s", szdir, pDirent->d_name); lstat(fullpath, &buf); if (S_ISDIR(buf.st_mode)) diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c index a0d31ade5..8efe8580b 100644 --- a/channels/urbdrc/client/libusb/libusb_udevice.c +++ b/channels/urbdrc/client/libusb/libusb_udevice.c @@ -532,7 +532,7 @@ static int udev_get_hub_handle(UDEVICE* pdev, UINT16 bus_number, UINT16 dev_numb error = 0; WLog_DBG(TAG, " Port: %d", pdev->port_number); /* gen device path */ - sprintf(pdev->path, "ugen%"PRIu16".%"PRIu16"", bus_number, dev_number); + sprintf_s(pdev->path, ARRAYSIZE(pdev->path), "ugen%"PRIu16".%"PRIu16"", bus_number, dev_number); WLog_DBG(TAG, " DevPath: %s", pdev->path); break; } @@ -661,7 +661,7 @@ static int udev_get_hub_handle(UDEVICE* pdev, UINT16 bus_number, UINT16 dev_numb } while (p1 != NULL); - _snprintf(pdev->path, ARRAYSIZE(pdev->path), "%s", p2); + sprintf_s(pdev->path, ARRAYSIZE(pdev->path), "%s", p2); WLog_DBG(TAG, " DevPath: %s", pdev->path); /* query parent hub info */ dev = udev_device_get_parent(dev); @@ -1035,7 +1035,8 @@ static int libusb_udev_control_query_device_text(IUDEVICE* idev, UINT32 TextType case DeviceTextLocationInformation: bus_number = libusb_get_bus_number(pdev->libusb_dev); device_address = libusb_get_device_address(pdev->libusb_dev); - sprintf(deviceLocation, "Port_#%04"PRIu8".Hub_#%04"PRIu8"", device_address, bus_number); + sprintf_s(deviceLocation, ARRAYSIZE(deviceLocation), "Port_#%04"PRIu8".Hub_#%04"PRIu8"", + device_address, bus_number); for (i = 0; i < strlen(deviceLocation); i++) { diff --git a/channels/urbdrc/client/libusb/libusb_udevman.c b/channels/urbdrc/client/libusb/libusb_udevman.c index 3bf0f0358..b0d0fbc19 100644 --- a/channels/urbdrc/client/libusb/libusb_udevman.c +++ b/channels/urbdrc/client/libusb/libusb_udevman.c @@ -484,7 +484,7 @@ static void urbdrc_udevman_register_devices(UDEVMAN* udevman, char* devices) dev_number = 0; idVendor = 0; idProduct = 0; - _snprintf(hardware_id, ARRAYSIZE(hardware_id), "%s", token); + sprintf_s(hardware_id, ARRAYSIZE(hardware_id), "%s", token); token = strtok(NULL, "#"); if (udevman->flags & UDEVMAN_FLAG_ADD_BY_VID_PID) diff --git a/client/X11/xf_client.c b/client/X11/xf_client.c index eaf292e1d..7583d80cf 100644 --- a/client/X11/xf_client.c +++ b/client/X11/xf_client.c @@ -551,16 +551,26 @@ BOOL xf_create_window(xfContext* xfc) } else if (settings->ServerPort == 3389) { - windowTitle = malloc(1 + sizeof("FreeRDP: ") + strlen( - settings->ServerHostname)); - sprintf(windowTitle, "FreeRDP: %s", settings->ServerHostname); + size_t size = 1 + sizeof("FreeRDP: ") + strlen( + settings->ServerHostname); + windowTitle = malloc(size); + + if (!windowTitle) + return FALSE; + + sprintf_s(windowTitle, size, "FreeRDP: %s", settings->ServerHostname); } else { - windowTitle = malloc(1 + sizeof("FreeRDP: ") + strlen(settings->ServerHostname) - + sizeof(":00000")); - sprintf(windowTitle, "FreeRDP: %s:%i", settings->ServerHostname, - settings->ServerPort); + size_t size = 1 + sizeof("FreeRDP: ") + strlen(settings->ServerHostname) + + sizeof(":00000"); + windowTitle = malloc(size); + + if (!windowTitle) + return FALSE; + + sprintf_s(windowTitle, size, "FreeRDP: %s:%i", settings->ServerHostname, + settings->ServerPort); } #ifdef WITH_XRENDER diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 1c13ca187..434b28748 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -314,7 +314,7 @@ static int nla_client_init(rdpNla* nla) if (!spn) return -1; - sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->ServerHostname); + sprintf_s(spn, length + 1, "%s%s", TERMSRV_SPN_PREFIX, settings->ServerHostname); #ifdef UNICODE nla->ServicePrincipalName = NULL; ConvertToUnicode(CP_UTF8, 0, spn, -1, &nla->ServicePrincipalName, 0); diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c index 25f0eb72d..983363cbb 100644 --- a/libfreerdp/crypto/crypto.c +++ b/libfreerdp/crypto/crypto.c @@ -212,7 +212,7 @@ void crypto_reverse(BYTE* data, int length) char* crypto_cert_fingerprint(X509* xcert) { - int i = 0; + size_t i = 0; char* p; char* fp_buffer; UINT32 fp_len; @@ -225,13 +225,13 @@ char* crypto_cert_fingerprint(X509* xcert) p = fp_buffer; - for (i = 0; i < (int)(fp_len - 1); i++) + for (i = 0; i < (fp_len - 1); i++) { - sprintf(p, "%02"PRIx8":", fp[i]); + sprintf_s(p, fp_len * 3 - i, "%02"PRIx8":", fp[i]); p = &fp_buffer[(i + 1) * 3]; } - sprintf(p, "%02"PRIx8"", fp[i]); + sprintf_s(p, fp_len * 3 - i, "%02"PRIx8"", fp[i]); return fp_buffer; } diff --git a/libfreerdp/primitives/test/measure.h b/libfreerdp/primitives/test/measure.h index 00ab2e7e0..4377ee8c5 100644 --- a/libfreerdp/primitives/test/measure.h +++ b/libfreerdp/primitives/test/measure.h @@ -56,7 +56,7 @@ #define PROFILER_START(_prefix_) \ do { \ char _path[PATH_MAX]; \ - sprintf(_path, "./%s.prof", (_prefix_)); \ + sprintf_s(_path, sizeof(_path), "./%s.prof", (_prefix_)); \ ProfilerStart(_path); \ } while (0); # define PROFILER_STOP \ diff --git a/server/shadow/shadow_capture.c b/server/shadow/shadow_capture.c index 18c33b984..1f6f5447a 100644 --- a/server/shadow/shadow_capture.c +++ b/server/shadow/shadow_capture.c @@ -34,7 +34,6 @@ int shadow_capture_align_clip_rect(RECTANGLE_16* rect, RECTANGLE_16* clip) { int dx, dy; - dx = (rect->left % 16); if (dx != 0) @@ -89,25 +88,21 @@ int shadow_capture_compare(BYTE* pData1, UINT32 nStep1, UINT32 nWidth, UINT32 nH UINT32 tx, ty, k; UINT32 nrow, ncol; UINT32 l, t, r, b; - BYTE *p1, *p2; + BYTE* p1, *p2; BOOL rows[1024]; #ifdef WITH_DEBUG_SHADOW_CAPTURE BOOL cols[1024]; #endif - allEqual = TRUE; ZeroMemory(rect, sizeof(RECTANGLE_16)); FillMemory(rows, sizeof(rows), 0xFF); #ifdef WITH_DEBUG_SHADOW_CAPTURE FillMemory(cols, sizeof(cols), 0xFF); #endif - nrow = (nHeight + 15) / 16; ncol = (nWidth + 15) / 16; - l = ncol + 1; r = 0; - t = nrow + 1; b = 0; @@ -121,7 +116,6 @@ int shadow_capture_compare(BYTE* pData1, UINT32 nStep1, UINT32 nWidth, UINT32 nH for (tx = 0; tx < ncol; tx++) { equal = TRUE; - tw = ((tx + 1) == ncol) ? (nWidth % 16) : 16; if (!tw) @@ -184,7 +178,9 @@ int shadow_capture_compare(BYTE* pData1, UINT32 nStep1, UINT32 nWidth, UINT32 nH rect->bottom = nHeight; #ifdef WITH_DEBUG_SHADOW_CAPTURE - char *col_str = calloc(ncol + 1, sizeof(char)); + size_t size = ncol + 1; + char* col_str = calloc(size, sizeof(char)); + if (!col_str) { WLog_ERR(TAG, "calloc failed!"); @@ -192,37 +188,39 @@ int shadow_capture_compare(BYTE* pData1, UINT32 nStep1, UINT32 nWidth, UINT32 nH } for (tx = 0; tx < ncol; tx++) - sprintf(&col_str[tx], "-"); + sprintf_s(&col_str[tx], size - tx, "-"); + WLog_INFO(TAG, "%s", col_str); for (tx = 0; tx < ncol; tx++) - sprintf(&col_str[tx], "%c", cols[tx] ? 'O' : 'X'); + sprintf_s(&col_str[tx], size - tx, "%c", cols[tx] ? 'O' : 'X'); + WLog_INFO(TAG, "%s", col_str); for (tx = 0; tx < ncol; tx++) - sprintf(&col_str[tx], "-"); + sprintf_s(&col_str[tx], size - tx, "-"); + WLog_INFO(TAG, "%s", col_str); for (ty = 0; ty < nrow; ty++) { for (tx = 0; tx < ncol; tx++) - sprintf(&col_str[tx], "%c", cols[tx] ? 'O' : 'X'); + sprintf_s(&col_str[tx], size - tx, "%c", cols[tx] ? 'O' : 'X'); + WLog_INFO(TAG, "%s", col_str); WLog_INFO(TAG, "|%s|", rows[ty] ? "O" : "X"); } WLog_INFO(TAG, "left: %d top: %d right: %d bottom: %d ncol: %d nrow: %d", - l, t, r, b, ncol, nrow); + l, t, r, b, ncol, nrow); free(col_str); #endif - return 1; } rdpShadowCapture* shadow_capture_new(rdpShadowServer* server) { rdpShadowCapture* capture; - capture = (rdpShadowCapture*) calloc(1, sizeof(rdpShadowCapture)); if (!capture) @@ -245,7 +243,6 @@ void shadow_capture_free(rdpShadowCapture* capture) return; DeleteCriticalSection(&(capture->lock)); - free(capture); } diff --git a/winpr/libwinpr/library/library.c b/winpr/libwinpr/library/library.c index 91d537d8d..7f22a6585 100644 --- a/winpr/libwinpr/library/library.c +++ b/winpr/libwinpr/library/library.c @@ -112,13 +112,10 @@ HMODULE LoadLibraryA(LPCSTR lpLibFileName) return NULL; hModule = LoadPackagedLibrary(filenameW, 0); - free(filenameW); - return hModule; #else HMODULE library; - library = dlopen(lpLibFileName, RTLD_LOCAL | RTLD_LAZY); if (!library) @@ -144,7 +141,6 @@ HMODULE LoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags) { #if !defined(_UWP) HMODULE library; - library = dlopen(lpLibFileName, RTLD_LOCAL | RTLD_LAZY); if (!library) @@ -228,7 +224,7 @@ DWORD GetModuleFileNameA(HMODULE hModule, LPSTR lpFilename, DWORD nSize) if (!hModule) { char buffer[4096]; - sprintf(path, "/proc/%d/exe", getpid()); + sprintf_s(path, ARRAYSIZE(path), "/proc/%d/exe", getpid()); status = readlink(path, buffer, sizeof(buffer)); if (status < 0) diff --git a/winpr/libwinpr/path/shell.c b/winpr/libwinpr/path/shell.c index c9a4c401a..f8b9b41c6 100644 --- a/winpr/libwinpr/path/shell.c +++ b/winpr/libwinpr/path/shell.c @@ -115,6 +115,7 @@ static char* GetPath_TEMP(void) static char* GetPath_XDG_DATA_HOME(void) { + size_t size; char* path = NULL; #if defined(WIN32) path = GetPath_XDG_CONFIG_HOME(); @@ -137,7 +138,8 @@ static char* GetPath_XDG_DATA_HOME(void) if (!home) return NULL; - path = (char*) malloc(strlen(home) + strlen("/.local/share") + 1); + size = strlen(home) + strlen("/.local/share") + 1; + path = (char*) malloc(size); if (!path) { @@ -145,7 +147,7 @@ static char* GetPath_XDG_DATA_HOME(void) return NULL; } - sprintf(path, "%s%s", home, "/.local/share"); + sprintf_s(path, size, "%s%s", home, "/.local/share"); free(home); #endif return path; @@ -153,6 +155,7 @@ static char* GetPath_XDG_DATA_HOME(void) static char* GetPath_XDG_CONFIG_HOME(void) { + size_t size; char* path = NULL; #if defined(WIN32) && !defined(_UWP) path = calloc(MAX_PATH, sizeof(char)); @@ -190,7 +193,8 @@ static char* GetPath_XDG_CONFIG_HOME(void) if (!home) return NULL; - path = (char*) malloc(strlen(home) + strlen("/.config") + 1); + size = strlen(home) + strlen("/.config") + 1; + path = (char*) malloc(size); if (!path) { @@ -198,7 +202,7 @@ static char* GetPath_XDG_CONFIG_HOME(void) return NULL; } - sprintf(path, "%s%s", home, "/.config"); + sprintf_s(path, size, "%s%s", home, "/.config"); free(home); #endif return path; @@ -206,6 +210,7 @@ static char* GetPath_XDG_CONFIG_HOME(void) static char* GetPath_XDG_CACHE_HOME(void) { + size_t size; char* path = NULL; char* home = NULL; #if defined(WIN32) @@ -239,7 +244,8 @@ static char* GetPath_XDG_CACHE_HOME(void) if (!home) return NULL; - path = (char*) malloc(strlen(home) + strlen("/.cache") + 1); + size = strlen(home) + strlen("/.cache") + 1; + path = (char*) malloc(size); if (!path) { @@ -247,7 +253,7 @@ static char* GetPath_XDG_CACHE_HOME(void) return NULL; } - sprintf(path, "%s%s", home, "/.cache"); + sprintf_s(path, size, "%s%s", home, "/.cache"); free(home); #endif return path; @@ -518,27 +524,28 @@ BOOL PathFileExistsW(LPCWSTR pszPath) return FALSE; ret = PathFileExistsA(lpFileNameA); - free (lpFileNameA); - + free(lpFileNameA); return ret; } BOOL PathIsDirectoryEmptyA(LPCSTR pszPath) { - struct dirent *dp; + struct dirent* dp; int empty = 1; + DIR* dir = opendir(pszPath); - DIR *dir = opendir(pszPath); if (dir == NULL) /* Not a directory or doesn't exist */ return 1; - while ((dp = readdir(dir)) != NULL) { + while ((dp = readdir(dir)) != NULL) + { if (strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0) continue; /* Skip . and .. */ empty = 0; break; } + closedir(dir); return empty; } @@ -553,8 +560,7 @@ BOOL PathIsDirectoryEmptyW(LPCWSTR pszPath) return FALSE; ret = PathIsDirectoryEmptyA(lpFileNameA); - free (lpFileNameA); - + free(lpFileNameA); return ret; } diff --git a/winpr/libwinpr/path/test/TestPathMakePath.c b/winpr/libwinpr/path/test/TestPathMakePath.c index e69b396bd..9727407ee 100644 --- a/winpr/libwinpr/path/test/TestPathMakePath.c +++ b/winpr/libwinpr/path/test/TestPathMakePath.c @@ -16,6 +16,7 @@ int TestPathMakePath(int argc, char* argv[]) char* cur; char delim = PathGetSeparatorA(0); char* base = GetKnownPath(KNOWN_PATH_TEMP); + if (!base) { fprintf(stderr, "Failed to get temporary directory!\n"); @@ -24,11 +25,13 @@ int TestPathMakePath(int argc, char* argv[]) baseLen = strlen(base); srand(time(NULL)); - for (x=0; x<5; x++) + + for (x = 0; x < 5; x++) { - sprintf(tmp, "%08X", rand()); + sprintf_s(tmp, ARRAYSIZE(tmp), "%08X", rand()); path = GetCombinedPath(base, tmp); free(base); + if (!path) { fprintf(stderr, "GetCombinedPath failed!\n"); @@ -40,18 +43,20 @@ int TestPathMakePath(int argc, char* argv[]) printf("Creating path %s\n", path); success = PathMakePathA(path, NULL); + if (!success) { fprintf(stderr, "MakePath failed!\n"); - free (path); + free(path); return -1; } success = PathFileExistsA(path); + if (!success) { fprintf(stderr, "MakePath lied about success!\n"); - free (path); + free(path); return -1; } @@ -60,15 +65,17 @@ int TestPathMakePath(int argc, char* argv[]) if (!RemoveDirectoryA(path)) { fprintf(stderr, "RemoveDirectoryA %s failed!\n", path); - free (path); + free(path); return -1; } + cur = strrchr(path, delim); + if (cur) *cur = '\0'; } - free (path); + free(path); printf("%s success!\n", __FUNCTION__); return 0; }