safer snprintf construct with more paranoid length calculation

ok millert

lib/libcurses/tinfo/comp_expand.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: comp_expand.c,v 1.5 2003/03/17 19:16:59 millert Exp $	*/
+/*	$OpenBSD: comp_expand.c,v 1.6 2007/06/02 01:29:11 pvalchev Exp $	*/
 
 /****************************************************************************
  * Copyright (c) 1998,2000 Free Software Foundation, Inc.                   *
@@ -173,10 +173,10 @@ _nc_tic_expand
 	else if (REALCTL(str) && ch != '\\'
 		 && (!islong || isdigit(CharOf(str[1])))) {
 	    (void) snprintf(buffer + bufp, length - bufp, "^%c", UnCtl(ch));
-	    bufp += 2;
+	    bufp += strlen(buffer + bufp);
 	} else {
 	    (void) snprintf(buffer + bufp, length - bufp, "\\%03o", ch);
-	    bufp += 4;
+	    bufp += strlen(buffer + bufp);
 	}
 
 	str++;

sbin/dhclient/dhclient.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dhclient.c,v 1.111 2007/02/25 18:10:43 krw Exp $	*/
+/*	$OpenBSD: dhclient.c,v 1.112 2007/06/02 01:29:11 pvalchev Exp $	*/
 
 /*
  * Copyright 2004 Henning Brauer <henning@openbsd.org>
@@ -2088,9 +2088,11 @@ option_as_string(unsigned int code, unsigned char *data, int len)
 	for (; dp < data + len; dp++) {
 		if (!isascii(*dp) || !isprint(*dp)) {
 			if (dp + 1 != data + len || *dp != 0) {
+				size_t oplen;
 				snprintf(op, opleft, "\\%03o", *dp);
-				op += 4;
-				opleft -= 4;
+				oplen = strlen(op);
+				op += oplen;
+				opleft -= oplen;
 			}
 		} else if (*dp == '"' || *dp == '\'' || *dp == '$' ||
 		    *dp == '`' || *dp == '\\') {

sbin/dhclient/options.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: options.c,v 1.35 2007/05/31 23:24:15 pvalchev Exp $	*/
+/*	$OpenBSD: options.c,v 1.36 2007/06/02 01:29:11 pvalchev Exp $	*/
 
 /* DHCP options parsing and reassembly. */
 
@@ -297,10 +297,12 @@ pretty_print_option(unsigned int code, unsigned char *data, int len,
 					    !isprint(*dp)) {
 						if (dp + 1 != data + len ||
 						    *dp != 0) {
+							size_t oplen;
 							snprintf(op, opleft,
 							    "\\%03o", *dp);
-							op += 4;
-							opleft -= 4;
+							oplen = strlen(op);
+							op += oplen;
+							opleft -= oplen;
 						}
 					} else if (*dp == '"' ||
 					    *dp == '\'' ||

sbin/isakmpd/log.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.59 2006/09/19 10:48:41 otto Exp $	 */
+/* $OpenBSD: log.c,v 1.60 2007/06/02 01:29:11 pvalchev Exp $	 */
 /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $	 */
 
 /*
@@ -259,7 +259,7 @@ log_debug_buf(int cls, int level, const char *header, const u_int8_t *buf,
 	log_debug(cls, level, "%s:", header);
 	for (i = j = 0; i < sz;) {
 		snprintf(s + j, sizeof s - j, "%02x", buf[i++]);
-		j += 2;
+		j += strlen(s + j);
 		if (i % 4 == 0) {
 			if (i % 32 == 0) {
 				s[j] = '\0';

sbin/isakmpd/message.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: message.c,v 1.125 2007/04/16 13:01:39 moritz Exp $	 */
+/* $OpenBSD: message.c,v 1.126 2007/06/02 01:29:11 pvalchev Exp $	 */
 /* $EOM: message.c,v 1.156 2000/10/10 12:36:39 provos Exp $	 */
 
 /*
@@ -1931,7 +1931,7 @@ message_dump_raw(char *header, struct message *msg, int class)
 		for (j = 0; j < msg->iov[i].iov_len; j++) {
 			snprintf(p, sizeof buf - (int) (p - buf), "%02x",
 			    ((u_int8_t *) msg->iov[i].iov_base)[j]);
-			p += 2;
+			p += strlen(p);
 			if (++k % 32 == 0) {
 				*p = '\0';
 				LOG_DBG((class, 70, "%s: %s", header, buf));

sbin/isakmpd/sa.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.111 2007/04/16 13:01:39 moritz Exp $	 */
+/* $OpenBSD: sa.c,v 1.112 2007/06/02 01:29:12 pvalchev Exp $	 */
 /* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $	 */
 
 /*
@@ -463,7 +463,7 @@ report_spi(FILE *fd, const u_int8_t *buf, size_t sz, int spi)
 
 	for (i = j = 0; i < sz;) {
 		snprintf(s + j, sizeof s - j, "%02x", buf[i++]);
-		j += 2;
+		j += strlen(s + j);
 		if (i % 4 == 0) {
 			if (i % 32 == 0) {
 				s[j] = '\0';

usr.bin/infocmp/infocmp.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: infocmp.c,v 1.18 2006/12/06 04:59:58 ray Exp $	*/
+/*	$OpenBSD: infocmp.c,v 1.19 2007/06/02 01:29:12 pvalchev Exp $	*/
 
 /****************************************************************************
  * Copyright (c) 1998,1999,2000 Free Software Foundation, Inc.              *
@@ -1043,7 +1043,7 @@ dump_initializers(TERMTYPE * term)
 		    *tp++ = *sp;
 		else {
 		    (void) snprintf(tp, buf + sizeof buf - tp, "\\%03o", CharOf(*sp));
-		    tp += 4;
+		    tp += strlen(tp);
 		}
 	    }
 	    *tp++ = '"';

usr.sbin/cron/misc.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: misc.c,v 1.37 2005/06/08 18:34:00 millert Exp $	*/
+/*	$OpenBSD: misc.c,v 1.38 2007/06/02 01:29:11 pvalchev Exp $	*/
 
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * All rights reserved
@@ -22,7 +22,7 @@
  */
 
 #if !defined(lint) && !defined(LINT)
-static char const rcsid[] = "$OpenBSD: misc.c,v 1.37 2005/06/08 18:34:00 millert Exp $";
+static char const rcsid[] = "$OpenBSD: misc.c,v 1.38 2007/06/02 01:29:11 pvalchev Exp $";
 #endif
 
 /* vix 26jan87 [RCS has the rest of the log]
@@ -614,7 +614,7 @@ mkprint(dst, src, len)
 			*dst++ = '?';
 		} else {			/* parity character */
 			snprintf(dst, 5, "\\%03o", ch);
-			dst += 4;
+			dst += strlen(dst);
 		}
 	}
 	*dst = '\0';

usr.sbin/ppp/ppp/log.c

@@ -23,7 +23,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *	$OpenBSD: log.c,v 1.18 2005/09/21 16:28:47 brad Exp $
+ *	$OpenBSD: log.c,v 1.19 2007/06/02 01:29:11 pvalchev Exp $
  */
 
 #include <sys/types.h>
@@ -369,7 +369,7 @@ log_DumpBp(int lev, const char *hdr, const struct mbuf *bp)
 	snprintf(b, buf + sizeof buf - b, " %02x", (int) *ptr);
         *c++ = isprint(*ptr) ? *ptr : '.';
         ptr++;
-        b += 3;
+        b += strlen(b);
         if (b == buf + 48) {
           memset(b, ' ', 2);
           *c = '\0';