Mobile, pardon the top post. I am going to whip up a patch to to use snprintf. See below. -Jason The functions snprintf() and vsnprintf() write at most size bytes (including the terminating null byte ('\0')) to str. The functions vprintf(), vfprintf(), vsprintf(), vsnprintf() are equivalent to the functions printf(), fprintf(), sprintf(), snprintf(), respectively, except that they are called with a va_list instead of a variable number of arguments. These functions do not call the va_end macro. Because they invoke the va_arg macro, the value of ap is undefined after the call. See stdarg(3). These eight functions write the output under the control of a format string that specifies how subsequent arguments (or arguments accessed via the variable-length argument facilities of stdarg(3)) are converted for output. C99 and POSIX.1-2001 specify that the results are undefined if a call to sprintf(), snprintf(), vsprintf(), or vsnprintf() would cause copying to take place between objects that overlap (e.g., if the target string array and one of the supplied input arguments refer to the same buffer). See NOTES. Return value Upon successful return, these functions return the number of characters printed (excluding the null byte used to end output to strings). The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available. Thus, a return value of size or more means that the output was truncated. (See also below under NOTES.) If an output error is encountered, a negative value is returned. ----- Original Message ----- From: Jason Pyeron <jpyeron@xxxxxxxx> To: ciphershed@xxxxxxxxxxxxx <ciphershed@xxxxxxxxxxxxx> Sent: Mon Jun 30 13:36:49 2014 Subject: [ciphershed] Re: Finished review of rebranding patch > -----Original Message----- > From: ciphershed-bounce@xxxxxxxxxxxxx > [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Bill Cox > Sent: Monday, June 30, 2014 10:09 > To: ciphershed@xxxxxxxxxxxxx > Subject: [ciphershed] Finished review of rebranding patch > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I got time yesterday on the plane to finish reviewing the patch. I > cannot promise it did not introduce any bugs, but I did not find any. > I took some notes on the code where there were changes: > > All the sprintf code in Mount/Mount.c scares me. Windows setup code > also has scary fixed length arrays for paths. 1024 is hardcoded. > We've added 1 to the path length, which in theory could cause someone > out there to have a buffer overflow or path truncation where before it > worked. I think we just live with it for now. I will look at that file Tuesday. > > I see checks for Windows 2000, which I doubt we will test. Can we > claim to support OS versions we don't test? I can set up some win2k systems for testing. > > I am willing to sign that I have reviewed and trust this patch. I saw > nothing resembling code for a new back-door. The git commit # I > reviewed is: > > 1ca13ed2271d60ba93d40bcc8db17ced8545f172 Can you check(verify) 258e0a237cb69aaa587b0a4fb528bb0316b1b776 ? You can find it at https://github.com/pdinc-oss/CipherShed/tree/master-merge-and-cherrypick-fro m-sr guglielmo There should be no differences (except the PKCS11 merge on master already), it is a git metadata clean up. pyeron@black /tmp $ diff -u foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/ foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/ Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Boot and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Boot Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Build and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Build Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Common and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Common Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Core and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Core Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Crypto and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Crypto Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Driver and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Driver Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Format and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Format Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Main and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Main diff -u foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Makefile foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Makefile --- foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Makefile 2014-06-30 13:32:30.182790800 -0400 +++ foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Makefile 2014-06-30 13:24:28.183449500 -0400 @@ -37,7 +37,7 @@ export CFLAGS := -Wall export CXXFLAGS := -Wall -Wno-unused-parameter -C_CXX_FLAGS := -MMD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -I$(BASE_DIR) -I$(BASE_DIR)/Crypto +C_CXX_FLAGS := -MMD -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGE_FILES -I$(BASE_DIR) -I$(BASE_DIR)/Crypto -I$(BASE_DIR)/Pkcs11 export ASFLAGS := -Ox -D __GNUC__ export LFLAGS := Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Mount and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Mount Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Pkcs11 and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Pkcs11 Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Platform and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Platform Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Release and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Release Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Resources and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Resources Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Setup and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Setup Common subdirectories: foo-1ca13ed2271d60ba93d40bcc8db17ced8545f172/Volume and foo-258e0a237cb69aaa587b0a4fb528bb0316b1b776/Volume Thanks, Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.