From 4b5a6b191834fc665c613f22312ce3495f291dc5 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt Date: Tue, 10 Dec 2024 16:35:12 +0100 Subject: [PATCH] use snprintf instead of sprintf - move _snprintf define to const.h - bump to 2.4.16.7dev Signed-off-by: Hans Zandbelt --- ChangeLog | 6 ++++++ configure.ac | 2 +- src/const.h | 4 ++++ src/jose.c | 4 ---- src/metrics.c | 2 +- test/test.c | 34 +++++++++++++++++----------------- 6 files changed, 29 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2474b389..6248fbf0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +12/10/2024 +- github: add SonarQube analysis to Github workflows +- code: use snprintf instead of sprintf +- code: move _snprintf define to const.h +- bump to 2.4.16.7dev + 12/09/2024 - release 2.4.16.6 diff --git a/configure.ac b/configure.ac index f6d0a93d..8948d63e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT([mod_auth_openidc],[2.4.16.6],[hans.zandbelt@openidc.com]) +AC_INIT([mod_auth_openidc],[2.4.16.7dev],[hans.zandbelt@openidc.com]) AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION()) diff --git a/src/const.h b/src/const.h index 98c54d46..d0a68f41 100644 --- a/src/const.h +++ b/src/const.h @@ -104,6 +104,10 @@ static inline int _oidc_str_to_int(const char *s, const int default_value) { return v; } +#ifdef WIN32 +#define snprintf _snprintf +#endif + #define HAVE_APACHE_24 MODULE_MAGIC_NUMBER_MAJOR >= 20100714 #ifndef OIDC_DEBUG diff --git a/src/jose.c b/src/jose.c index de93c7bc..7c88cd1e 100644 --- a/src/jose.c +++ b/src/jose.c @@ -67,10 +67,6 @@ #include #endif -#ifdef WIN32 -#define snprintf _snprintf -#endif - #include "util.h" /* diff --git a/src/metrics.c b/src/metrics.c index 0350f0f2..16f80334 100644 --- a/src/metrics.c +++ b/src/metrics.c @@ -237,7 +237,7 @@ static oidc_metrics_bucket_t _oidc_metric_buckets[] = { */ static inline char *_json_int2str(apr_pool_t *pool, json_int_t n) { char s[255]; - sprintf(s, "%" JSON_INTEGER_FORMAT, n); + snprintf(s, 255, "%" JSON_INTEGER_FORMAT, n); return apr_pstrdup(pool, s); } diff --git a/test/test.c b/test/test.c index 63a4f40a..b5ca8cad 100644 --- a/test/test.c +++ b/test/test.c @@ -61,23 +61,23 @@ static int TST_RC; #define TST_ASSERT(message, expression) \ TST_RC = (expression); \ if (!TST_RC) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%d"), __FUNCTION__, message, TST_RC, 1); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d"), __FUNCTION__, message, TST_RC, 1); \ return TST_ERR_MSG; \ } #define TST_ASSERT_ERR(message, expression, pool, err) \ TST_RC = (expression); \ if (!TST_RC) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1, \ - oidc_jose_e2s(pool, err)); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1, \ + oidc_jose_e2s(pool, err)); \ return TST_ERR_MSG; \ } #define TST_ASSERT_CJOSE_ERR(message, expression, pool, cjose_err) \ TST_RC = (expression); \ if (!TST_RC) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1, \ - oidc_cjose_e2s(pool, cjose_err)); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1, \ + oidc_cjose_e2s(pool, cjose_err)); \ return TST_ERR_MSG; \ } @@ -85,8 +85,8 @@ static int TST_RC; TST_RC = \ (result && expected) ? (_oidc_strcmp(result, expected) != 0) : ((result != NULL) || (expected != NULL)); \ if (TST_RC) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)", \ - expected ? expected : "(null)"); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)", \ + expected ? expected : "(null)"); \ return TST_ERR_MSG; \ } @@ -94,21 +94,21 @@ static int TST_RC; TST_RC = (result && expected) ? (_oidc_strncmp(result, expected, len) != 0) \ : ((result != NULL) || (expected != NULL)); \ if (TST_RC) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)", \ - expected ? expected : "(null)"); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)", \ + expected ? expected : "(null)"); \ return TST_ERR_MSG; \ } #define TST_ASSERT_LONG(message, result, expected) \ if (result != expected) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%ld"), __FUNCTION__, message, result, expected); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%ld"), __FUNCTION__, message, result, expected); \ return TST_ERR_MSG; \ } #define TST_ASSERT_BYTE(message, result, expected) \ if (result != expected) { \ - sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? "TRUE" : "FALSE", \ - expected ? "TRUE" : "FALSE"); \ + snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? "TRUE" : "FALSE", \ + expected ? "TRUE" : "FALSE"); \ return TST_ERR_MSG; \ } @@ -140,8 +140,8 @@ static char *test_private_key_parse(apr_pool_t *pool) { const char ecPrivateKeyFile[512]; char *dir = getenv("srcdir") ? getenv("srcdir") : "."; - sprintf((char *)rsaPrivateKeyFile, "%s/%s", dir, "/test/private.pem"); - sprintf((char *)ecPrivateKeyFile, "%s/%s", dir, "/test/ecpriv.key"); + snprintf((char *)rsaPrivateKeyFile, 512, "%s/%s", dir, "/test/private.pem"); + snprintf((char *)ecPrivateKeyFile, 512, "%s/%s", dir, "/test/ecpriv.key"); input = BIO_new(BIO_s_file()); TST_ASSERT_ERR("test_private_key_parse_BIO_new_RSA_private_key", input != NULL, pool, err); @@ -204,9 +204,9 @@ static char *test_public_key_parse(apr_pool_t *pool) { const char certificateFile[512]; const char ecCertificateFile[512]; char *dir = getenv("srcdir") ? getenv("srcdir") : "."; - sprintf((char *)publicKeyFile, "%s/%s", dir, "/test/public.pem"); - sprintf((char *)certificateFile, "%s/%s", dir, "/test/certificate.pem"); - sprintf((char *)ecCertificateFile, "%s/%s", dir, "/test/eccert.pem"); + snprintf((char *)publicKeyFile, 512, "%s/%s", dir, "/test/public.pem"); + snprintf((char *)certificateFile, 512, "%s/%s", dir, "/test/certificate.pem"); + snprintf((char *)ecCertificateFile, 512, "%s/%s", dir, "/test/eccert.pem"); input = BIO_new(BIO_s_file()); TST_ASSERT_ERR("test_public_key_parse_BIO_new_public_key", input != NULL, pool, err);