Replace sprintf with snprintf

libimobiledevice · Sep 18, 2024 · ad46e14 · ad46e14
1 parent 17c65b2
commit ad46e14
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 28 deletions.
diff --git a/src/idevicerestore.c b/src/idevicerestore.c
@@ -393,7 +393,7 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 		}
 
 		char wtfname[256];
-		sprintf(wtfname, "Firmware/dfu/WTF.s5l%04xxall.RELEASE.dfu", cpid);
+		snprintf(wtfname, sizeof(wtfname), "Firmware/dfu/WTF.s5l%04xxall.RELEASE.dfu", cpid);
 		unsigned char* wtftmp = NULL;
 		unsigned int wtfsize = 0;
 
@@ -876,7 +876,7 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 				x++;
 			}
 
-			sprintf(p_all_flash, "Firmware/all_flash/all_flash.%s.%s", lcmodel, "production");
+			snprintf(p_all_flash, sizeof(p_all_flash), "Firmware/all_flash/all_flash.%s.%s", lcmodel, "production");
 			strcpy(tmpstr, p_all_flash);
 			strcat(tmpstr, "/manifest");
 
@@ -926,15 +926,15 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 			}
 
 			// add iBSS
-			sprintf(tmpstr, "Firmware/dfu/iBSS.%s.%s.dfu", lcmodel, "RELEASE");
+			snprintf(tmpstr, sizeof(tmpstr), "Firmware/dfu/iBSS.%s.%s.dfu", lcmodel, "RELEASE");
 			inf = plist_new_dict();
 			plist_dict_set_item(inf, "Path", plist_new_string(tmpstr));
 			comp = plist_new_dict();
 			plist_dict_set_item(comp, "Info", inf);
 			plist_dict_set_item(manifest, "iBSS", comp);
 
 			// add iBEC
-			sprintf(tmpstr, "Firmware/dfu/iBEC.%s.%s.dfu", lcmodel, "RELEASE");
+			snprintf(tmpstr, sizeof(tmpstr), "Firmware/dfu/iBEC.%s.%s.dfu", lcmodel, "RELEASE");
 			inf = plist_new_dict();
 			plist_dict_set_item(inf, "Path", plist_new_string(tmpstr));
 			comp = plist_new_dict();
@@ -1300,7 +1300,7 @@ int idevicerestore_start(struct idevicerestore_client_t* client)
 					strcpy(zfn, "shsh");
 				}
 				mkdir_with_parents(zfn, 0755);
-				sprintf(zfn+strlen(zfn), "/%" PRIu64 "-%s-%s.shsh", client->ecid, client->device->product_type, client->version);
+				snprintf(&zfn[0]+strlen(zfn), sizeof(zfn)-strlen(zfn), "/%" PRIu64 "-%s-%s.shsh", client->ecid, client->device->product_type, client->version);
 				struct stat fst;
 				if (stat(zfn, &fst) != 0) {
 					gzFile zf = gzopen(zfn, "wb");
@@ -1755,8 +1755,9 @@ int main(int argc, char* argv[]) {
 				if (!p || *(p+1) == '\0') {
 					// no path component, add default path
 					const char default_path[] = "/TSS/controller?action=2";
-					char* newurl = malloc(strlen(optarg)+sizeof(default_path));
-					sprintf(newurl, "%s%s", optarg, (p) ? default_path+1 : default_path);
+					size_t usize = strlen(optarg)+sizeof(default_path);
+					char* newurl = malloc(usize);
+					snprintf(newurl, usize, "%s%s", optarg, (p) ? default_path+1 : default_path);
 					client->tss_url = newurl;
 				} else {
 					client->tss_url = strdup(optarg);
@@ -2202,9 +2203,9 @@ int get_tss_response(struct idevicerestore_client_t* client, plist_t build_ident
 		char zfn[1024];
 		if (client->version) {
 			if (client->cache_dir) {
-				sprintf(zfn, "%s/shsh/%" PRIu64 "-%s-%s.shsh", client->cache_dir, client->ecid, client->device->product_type, client->version);
+				snprintf(zfn, sizeof(zfn), "%s/shsh/%" PRIu64 "-%s-%s.shsh", client->cache_dir, client->ecid, client->device->product_type, client->version);
 			} else {
-				sprintf(zfn, "shsh/%" PRIu64 "-%s-%s.shsh", client->ecid, client->device->product_type, client->version);
+				snprintf(zfn, sizeof(zfn), "shsh/%" PRIu64 "-%s-%s.shsh", client->ecid, client->device->product_type, client->version);
 			}
 			struct stat fst;
 			if (stat(zfn, &fst) == 0) {

diff --git a/src/img4.c b/src/img4.c
@@ -448,7 +448,7 @@ int img4_stitch_component(const char* component_name, const unsigned char* compo
 	unsigned char *additional_data = NULL;
 	unsigned int additional_size = 0;
 	char *tbm_key = malloc(strlen(component_name) + 5);
-	sprintf(tbm_key, "%s-TBM", component_name);
+	snprintf(tbm_key, strlen(component_name)+5, "%s-TBM", component_name);
 	plist_t tbm_dict = plist_dict_get_item(tss_response, tbm_key);
 	free(tbm_key);
 	if (tbm_dict) {

diff --git a/src/ipsw.c b/src/ipsw.c
@@ -76,13 +76,13 @@ int ipsw_print_info(const char* path)
 	char thepath[PATH_MAX];
 
 	if (S_ISDIR(fst.st_mode)) {
-		sprintf(thepath, "%s/BuildManifest.plist", path);
+		snprintf(thepath, sizeof(thepath), "%s/BuildManifest.plist", path);
 		if (stat(thepath, &fst) != 0) {
 			error("ERROR: '%s': %s\n", thepath, strerror(errno));
 			return -1;
 		}
 	} else {
-		sprintf(thepath, "%s", path);
+		snprintf(thepath, sizeof(thepath), "%s", path);
 	}
 
 	FILE* f = fopen(thepath, "r");
@@ -1169,7 +1169,7 @@ int ipsw_get_latest_fw(plist_t version_data, const char* product, char** fwurl,
 	}
 
 	char majstr[32]; // should be enough for a uint64_t value
-	sprintf(majstr, "%"PRIu64, (uint64_t)major);
+	snprintf(majstr, sizeof(majstr), "%"PRIu64, (uint64_t)major);
 	n1 = plist_access_path(version_data, 7, "MobileDeviceSoftwareVersionsByVersion", majstr, "MobileDeviceSoftwareVersions", product, "Unknown", "Universal", "Restore");
 	if (!n1) {
 		error("%s: ERROR: Can't get Unknown/Universal/Restore node?!\n", __func__);
@@ -1277,13 +1277,13 @@ int ipsw_download_fw(const char *fwurl, unsigned char* isha1, const char* todir,
 
 	char fwlfn[PATH_MAX - 5];
 	if (todir) {
-		sprintf(fwlfn, "%s/%s", todir, fwfn);
+		snprintf(fwlfn, sizeof(fwlfn), "%s/%s", todir, fwfn);
 	} else {
-		sprintf(fwlfn, "%s", fwfn);
+		snprintf(fwlfn, sizeof(fwlfn), "%s", fwfn);
 	}
 
 	char fwlock[PATH_MAX];
-	sprintf(fwlock, "%s.lock", fwlfn);
+	snprintf(fwlock, sizeof(fwlock), "%s.lock", fwlfn);
 
 	lock_info_t lockinfo;
 

diff --git a/src/restore.c b/src/restore.c
@@ -1501,7 +1501,7 @@ int restore_send_component(struct idevicerestore_client_t* client, plist_t messa
 	dict = plist_new_dict();
 	blob = plist_new_data((char*)data, size);
 	char compkeyname[256];
-	sprintf(compkeyname, "%sFile", component_name);
+	snprintf(compkeyname, sizeof(compkeyname), "%sFile", component_name);
 	plist_dict_set_item(dict, compkeyname, blob);
 	free(data);
 
@@ -3418,25 +3418,25 @@ static plist_t restore_get_timer_firmware_data(struct idevicerestore_client_t* c
 			plist_dict_set_item(parameters, "TicketName", plist_copy(node));
 		}
 
-		sprintf(key, "Timer,ChipID,%u", tag);
+		snprintf(key, sizeof(key), "Timer,ChipID,%u", tag);
 		plist_dict_copy_uint(parameters, hwid, key, "ChipID");
 
-		sprintf(key, "Timer,BoardID,%u", tag);
+		snprintf(key, sizeof(key), "Timer,BoardID,%u", tag);
 		plist_dict_copy_uint(parameters, hwid, key, "BoardID");
 
-		sprintf(key, "Timer,ECID,%u", tag);
+		snprintf(key, sizeof(key), "Timer,ECID,%u", tag);
 		plist_dict_copy_uint(parameters, hwid, key, "ECID");
 
-		sprintf(key, "Timer,Nonce,%u", tag);
+		snprintf(key, sizeof(key), "Timer,Nonce,%u", tag);
 		plist_dict_copy_data(parameters, hwid, key, "Nonce");
 
-		sprintf(key, "Timer,SecurityMode,%u", tag);
+		snprintf(key, sizeof(key), "Timer,SecurityMode,%u", tag);
 		plist_dict_copy_bool(parameters, hwid, key, "SecurityMode");
 
-		sprintf(key, "Timer,SecurityDomain,%u", tag);
+		snprintf(key, sizeof(key), "Timer,SecurityDomain,%u", tag);
 		plist_dict_copy_uint(parameters, hwid, key, "SecurityDomain");
 
-		sprintf(key, "Timer,ProductionMode,%u", tag);
+		snprintf(key, sizeof(key), "Timer,ProductionMode,%u", tag);
 		plist_dict_copy_uint(parameters, hwid, key, "ProductionStatus");
 	}
 	plist_t ap_info = plist_dict_get_item(p_info, "APInfo");
@@ -3473,7 +3473,7 @@ static plist_t restore_get_timer_firmware_data(struct idevicerestore_client_t* c
 		return response;
 	}
 
-	sprintf(comp_name, "Timer,RTKitOS,%u", tag);
+	snprintf(comp_name, sizeof(comp_name), "Timer,RTKitOS,%u", tag);
 	if (build_identity_has_component(client->restore->build_identity, comp_name)) {
 		if (build_identity_get_component_path(client->restore->build_identity, comp_name, &comp_path) < 0) {
 			plist_free(response);
@@ -3504,7 +3504,7 @@ static plist_t restore_get_timer_firmware_data(struct idevicerestore_client_t* c
 		info("NOTE: Build identity does not have a '%s' component.\n", comp_name);
 	}
 
-	sprintf(comp_name, "Timer,RestoreRTKitOS,%u", tag);
+	snprintf(comp_name, sizeof(comp_name), "Timer,RestoreRTKitOS,%u", tag);
 	if (build_identity_has_component(client->restore->build_identity, comp_name)) {
 		if (build_identity_get_component_path(client->restore->build_identity, comp_name, &comp_path) < 0) {
 			ftab_free(ftab);
@@ -4121,8 +4121,9 @@ static char* extract_global_manifest_path(plist_t build_identity, char *variant)
 	}
 
 	// The path of the global manifest is hardcoded. There's no pointer to in the build manifest.
-	char *ticket_path = malloc((42+strlen(macos_variant)+strlen(device_class)+1)*sizeof(char));
-	sprintf(ticket_path, "Firmware/Manifests/restore/%s/apticket.%s.im4m", macos_variant, device_class);
+	size_t psize = 42+strlen(macos_variant)+strlen(device_class)+1;
+	char *ticket_path = malloc(psize);
+	snprintf(ticket_path, psize, "Firmware/Manifests/restore/%s/apticket.%s.im4m", macos_variant, device_class);
 
 	free(device_class);
 	free(macos_variant);