use snprintf instead of sprintf

zandbelt · zandbelt · commit 4b5a6b191834 · 2024-12-10T16:35:12.000+01:00
- move _snprintf define to const.h
- bump to 2.4.16.7dev

Signed-off-by: Hans Zandbelt &lt;hans.zandbelt@openidc.com&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,9 @@
+12/10/2024
+- github: add SonarQube analysis to Github workflows
+- code: use snprintf instead of sprintf
+- code: move _snprintf define to const.h
+- bump to 2.4.16.7dev
+
 12/09/2024
 - release 2.4.16.6
 
diff --git a/configure.ac b/configure.ac
@@ -1,4 +1,4 @@
-AC_INIT([mod_auth_openidc],[2.4.16.6],[hans.zandbelt@openidc.com])
+AC_INIT([mod_auth_openidc],[2.4.16.7dev],[hans.zandbelt@openidc.com])
 
 AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())
 
diff --git a/src/const.h b/src/const.h
@@ -104,6 +104,10 @@ static inline int _oidc_str_to_int(const char *s, const int default_value) {
 	return v;
 }
 
+#ifdef WIN32
+#define snprintf _snprintf
+#endif
+
 #define HAVE_APACHE_24 MODULE_MAGIC_NUMBER_MAJOR >= 20100714
 
 #ifndef OIDC_DEBUG
diff --git a/src/jose.c b/src/jose.c
@@ -67,10 +67,6 @@
 #include <openssl/core_names.h>
 #endif
 
-#ifdef WIN32
-#define snprintf _snprintf
-#endif
-
 #include "util.h"
 
 /*
diff --git a/src/metrics.c b/src/metrics.c
@@ -237,7 +237,7 @@ static oidc_metrics_bucket_t _oidc_metric_buckets[] = {
  */
 static inline char *_json_int2str(apr_pool_t *pool, json_int_t n) {
 	char s[255];
-	sprintf(s, "%" JSON_INTEGER_FORMAT, n);
+	snprintf(s, 255, "%" JSON_INTEGER_FORMAT, n);
 	return apr_pstrdup(pool, s);
 }
 
diff --git a/test/test.c b/test/test.c
@@ -61,54 +61,54 @@ static int TST_RC;
 #define TST_ASSERT(message, expression)                                                                                \
 	TST_RC = (expression);                                                                                         \
 	if (!TST_RC) {                                                                                                 \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%d"), __FUNCTION__, message, TST_RC, 1);                              \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d"), __FUNCTION__, message, TST_RC, 1);                       \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_ERR(message, expression, pool, err)                                                                 \
 	TST_RC = (expression);                                                                                         \
 	if (!TST_RC) {                                                                                                 \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1,                         \
-			oidc_jose_e2s(pool, err));                                                                     \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1,                  \
+			 oidc_jose_e2s(pool, err));                                                                    \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_CJOSE_ERR(message, expression, pool, cjose_err)                                                     \
 	TST_RC = (expression);                                                                                         \
 	if (!TST_RC) {                                                                                                 \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1,                         \
-			oidc_cjose_e2s(pool, cjose_err));                                                              \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%d") " %s", __FUNCTION__, message, TST_RC, 1,                  \
+			 oidc_cjose_e2s(pool, cjose_err));                                                             \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_STR(message, result, expected)                                                                      \
 	TST_RC =                                                                                                       \
 	    (result && expected) ? (_oidc_strcmp(result, expected) != 0) : ((result != NULL) || (expected != NULL));   \
 	if (TST_RC) {                                                                                                  \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)",              \
-			expected ? expected : "(null)");                                                               \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)",       \
+			 expected ? expected : "(null)");                                                              \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_STRN(message, result, expected, len)                                                                \
 	TST_RC = (result && expected) ? (_oidc_strncmp(result, expected, len) != 0)                                    \
 				      : ((result != NULL) || (expected != NULL));                                      \
 	if (TST_RC) {                                                                                                  \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)",              \
-			expected ? expected : "(null)");                                                               \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? result : "(null)",       \
+			 expected ? expected : "(null)");                                                              \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_LONG(message, result, expected)                                                                     \
 	if (result != expected) {                                                                                      \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%ld"), __FUNCTION__, message, result, expected);                      \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%ld"), __FUNCTION__, message, result, expected);               \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
 #define TST_ASSERT_BYTE(message, result, expected)                                                                     \
 	if (result != expected) {                                                                                      \
-		sprintf(TST_ERR_MSG, TST_FORMAT("%s"), __FUNCTION__, message, result ? "TRUE" : "FALSE",               \
-			expected ? "TRUE" : "FALSE");                                                                  \
+		snprintf(TST_ERR_MSG, 4096, TST_FORMAT("%s"), __FUNCTION__, message, result ? "TRUE" : "FALSE",        \
+			 expected ? "TRUE" : "FALSE");                                                                 \
 		return TST_ERR_MSG;                                                                                    \
 	}
 
@@ -140,8 +140,8 @@ static char *test_private_key_parse(apr_pool_t *pool) {
 	const char ecPrivateKeyFile[512];
 
 	char *dir = getenv("srcdir") ? getenv("srcdir") : ".";
-	sprintf((char *)rsaPrivateKeyFile, "%s/%s", dir, "/test/private.pem");
-	sprintf((char *)ecPrivateKeyFile, "%s/%s", dir, "/test/ecpriv.key");
+	snprintf((char *)rsaPrivateKeyFile, 512, "%s/%s", dir, "/test/private.pem");
+	snprintf((char *)ecPrivateKeyFile, 512, "%s/%s", dir, "/test/ecpriv.key");
 
 	input = BIO_new(BIO_s_file());
 	TST_ASSERT_ERR("test_private_key_parse_BIO_new_RSA_private_key", input != NULL, pool, err);
@@ -204,9 +204,9 @@ static char *test_public_key_parse(apr_pool_t *pool) {
 	const char certificateFile[512];
 	const char ecCertificateFile[512];
 	char *dir = getenv("srcdir") ? getenv("srcdir") : ".";
-	sprintf((char *)publicKeyFile, "%s/%s", dir, "/test/public.pem");
-	sprintf((char *)certificateFile, "%s/%s", dir, "/test/certificate.pem");
-	sprintf((char *)ecCertificateFile, "%s/%s", dir, "/test/eccert.pem");
+	snprintf((char *)publicKeyFile, 512, "%s/%s", dir, "/test/public.pem");
+	snprintf((char *)certificateFile, 512, "%s/%s", dir, "/test/certificate.pem");
+	snprintf((char *)ecCertificateFile, 512, "%s/%s", dir, "/test/eccert.pem");
 
 	input = BIO_new(BIO_s_file());
 	TST_ASSERT_ERR("test_public_key_parse_BIO_new_public_key", input != NULL, pool, err);

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-AC_INIT([mod_auth_openidc],[2.4.16.6],[[email protected]])`
	`1`	`+AC_INIT([mod_auth_openidc],[2.4.16.7dev],[[email protected]])`
`2`	`2`
`3`	`3`	`AC_SUBST(NAMEVER, AC_PACKAGE_TARNAME()-AC_PACKAGE_VERSION())`
`4`	`4`
Original file line number	Diff line number	Diff line change
`@@ -104,6 +104,10 @@ static inline int _oidc_str_to_int(const char *s, const int default_value) {`
`104`	`104`	`return v;`
`105`	`105`	`}`
`106`	`106`
	`107`	`+#ifdef WIN32`
	`108`	`+#define snprintf _snprintf`
	`109`	`+#endif`
	`110`	`+`
`107`	`111`	`#define HAVE_APACHE_24 MODULE_MAGIC_NUMBER_MAJOR >= 20100714`
`108`	`112`
`109`	`113`	`#ifndef OIDC_DEBUG`
Original file line number	Diff line number	Diff line change
`@@ -237,7 +237,7 @@ static oidc_metrics_bucket_t _oidc_metric_buckets[] = {`
`237`	`237`	`*/`
`238`	`238`	`static inline char _json_int2str(apr_pool_t pool, json_int_t n) {`
`239`	`239`	`char s[255];`
`240`		`- sprintf(s, "%" JSON_INTEGER_FORMAT, n);`
	`240`	`+ snprintf(s, 255, "%" JSON_INTEGER_FORMAT, n);`
`241`	`241`	`return apr_pstrdup(pool, s);`
`242`	`242`	`}`
`243`	`243`