From 14d514e5acda3018e8ccf17270db339778ca0443 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Tue, 17 Oct 2023 20:14:53 -0600
Subject: [PATCH] Avoid using %zu or %zd with printf() and fprintf().

This prevents problems on systems where the system printf(3) is not
C99-compliant.  We use our own snprintf() on such systems so that
is safe.
---
 lib/eventlog/regress/logwrap/check_wrap.c | 20 ++++++++++----------
 lib/util/mksiglist.c                      |  9 +++++++--
 lib/util/mksigname.c                      |  9 +++++++--
 logsrvd/sendlog.c                         |  2 +-
 plugins/python/regress/iohelpers.c        |  8 +++++---
 plugins/sudoers/tsdump.c                  |  6 +++---
 6 files changed, 33 insertions(+), 21 deletions(-)

diff --git a/lib/eventlog/regress/logwrap/check_wrap.c b/lib/eventlog/regress/logwrap/check_wrap.c
index bcd520e3c..15134f073 100644
--- a/lib/eventlog/regress/logwrap/check_wrap.c
+++ b/lib/eventlog/regress/logwrap/check_wrap.c
@@ -47,7 +47,7 @@ main(int argc, char *argv[])
     int ch, lineno = 0, which = 0;
     char *line, lines[2][2048];
     const char *infile;
-    size_t len;
+    unsigned int len;
     FILE *fp;
 
     initprogname(argc > 0 ? argv[0] : "check_wrap");
@@ -83,35 +83,35 @@ main(int argc, char *argv[])
     while ((line = fgets(lines[which], sizeof(lines[which]), fp)) != NULL) {
 	char *cp, *last;
 
-	len = strcspn(line, "\n");
-	line[len] = '\0';
+	line[strcspn(line, "\n")] = '\0';
 
 	/* If we read the 2nd line, parse list of line lengths and check. */
 	if (which) {
 	    lineno++;
 	    for (cp = strtok_r(lines[1], ",", &last); cp != NULL; cp = strtok_r(NULL, ",", &last)) {
+		unsigned int maxlen;
 		const char *errstr;
 		char *dash;
-		size_t maxlen;
 
 		/* May be either a number or a range. */
 		dash = strchr(cp, '-');
 		if (dash != NULL) {
 		    *dash = '\0';
-		    len = (size_t)sudo_strtonum(cp, 0, INT_MAX, &errstr);
+		    len = (unsigned int)sudo_strtonum(cp, 0, INT_MAX, &errstr);
 		    if (errstr == NULL)
-			maxlen = (size_t)sudo_strtonum(dash + 1, 0, INT_MAX, &errstr);
+			maxlen = (unsigned int)sudo_strtonum(dash + 1, 0, INT_MAX, &errstr);
 		} else {
-		    len = maxlen = (size_t)sudo_strtonum(cp, 0, INT_MAX, &errstr);
+		    len = maxlen = (unsigned int)sudo_strtonum(cp, 0, INT_MAX, &errstr);
 		}
 		if (errstr != NULL) {
 		    sudo_fatalx("%s: invalid length on line %d", infile, lineno);
 		}
 		while (len <= maxlen) {
-		    if (len == 0)
+		    if (len == 0) {
 			puts("# word wrap disabled");
-		    else
-			printf("# word wrap at %zu characters\n", len);
+		    } else {
+			printf("# word wrap at %u characters\n", len);
+		    }
 		    eventlog_writeln(stdout, lines[0], strlen(lines[0]), len);
 		    len++;
 		}
diff --git a/lib/util/mksiglist.c b/lib/util/mksiglist.c
index 813bdef45..977a782d0 100644
--- a/lib/util/mksiglist.c
+++ b/lib/util/mksiglist.c
@@ -34,16 +34,21 @@ sudo_dso_public int main(int argc, char *argv[]);
 int
 main(int argc, char *argv[])
 {
-    size_t i;
+    unsigned int i;
 
 #include "mksiglist.h"
 
+    /*
+     * For portability we must not use %zu below.
+     * This program is compiled with the host C compiler,
+     * so it cannot use any of the functions in libsudo_util.
+     */
     puts("const char *const sudo_sys_siglist[] = {");
     for (i = 0; i < nitems(sudo_sys_siglist); i++) {
 	if (sudo_sys_siglist[i] != NULL) {
 	    printf("    \"%s\",\n", sudo_sys_siglist[i]);
 	} else {
-	    printf("    \"Signal %zu\",\n", i);
+	    printf("    \"Signal %u\",\n", i);
 	}
     }
     puts("};");
diff --git a/lib/util/mksigname.c b/lib/util/mksigname.c
index 2e8398115..c6cee88d6 100644
--- a/lib/util/mksigname.c
+++ b/lib/util/mksigname.c
@@ -34,16 +34,21 @@ sudo_dso_public int main(int argc, char *argv[]);
 int
 main(int argc, char *argv[])
 {
-    size_t i;
+    unsigned int i;
 
 #include "mksigname.h"
 
+    /*
+     * For portability we must not use %zu below.
+     * This program is compiled with the host C compiler,
+     * so it cannot use any of the functions in libsudo_util.
+     */
     puts("const char *const sudo_sys_signame[] = {");
     for (i = 0; i < nitems(sudo_sys_signame); i++) {
 	if (sudo_sys_signame[i] != NULL) {
 	    printf("    \"%s\",\n", sudo_sys_signame[i]);
 	} else {
-	    printf("    \"Signal %zu\",\n", i);
+	    printf("    \"Signal %u\",\n", i);
 	}
     }
     puts("};");
diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c
index 5e33b301c..81e093db6 100644
--- a/logsrvd/sendlog.c
+++ b/logsrvd/sendlog.c
@@ -1118,7 +1118,7 @@ handle_server_hello(ServerHello *msg, struct client_closure *closure)
         if (msg->redirect != NULL && msg->redirect[0] != '\0')
             printf("Redirect: %s\n", msg->redirect);
         for (n = 0; n < msg->n_servers; n++) {
-            printf("Server %zu: %s\n", n + 1, msg->servers[n]);
+            printf("Server %u: %s\n", (unsigned int)n + 1, msg->servers[n]);
         }
     }
 
diff --git a/plugins/python/regress/iohelpers.c b/plugins/python/regress/iohelpers.c
index 4ae4bb269..7b858142a 100644
--- a/plugins/python/regress/iohelpers.c
+++ b/plugins/python/regress/iohelpers.c
@@ -22,6 +22,7 @@
  */
 
 #include "iohelpers.h"
+#include <sudo_fatal.h>
 
 int
 rmdir_recursive(const char *path)
@@ -69,7 +70,7 @@ freadall(const char *file_path, char *output, size_t max_len)
     int rc = false;
     FILE *file = fopen(file_path, "rb");
     if (file == NULL) {
-        printf("Failed to open file '%s'\n", file_path);
+	sudo_warn_nodebug("failed to open file '%s'", file_path);
         goto cleanup;
     }
 
@@ -77,12 +78,13 @@ freadall(const char *file_path, char *output, size_t max_len)
     output[len] = '\0';
 
     if (ferror(file) != 0) {
-        printf("Failed to read file '%s' (Error %d)\n", file_path, ferror(file));
+        sudo_warn_nodebug("failed to read file '%s'", file_path);
         goto cleanup;
     }
 
     if (!feof(file)) {
-        printf("File '%s' was bigger than allocated buffer %zu", file_path, max_len);
+        sudo_warn_nodebug("file '%s' was bigger than allocated buffer %zu",
+	    file_path, max_len);
         goto cleanup;
     }
 
diff --git a/plugins/sudoers/tsdump.c b/plugins/sudoers/tsdump.c
index d41dd9626..3ac39d39f 100644
--- a/plugins/sudoers/tsdump.c
+++ b/plugins/sudoers/tsdump.c
@@ -163,20 +163,20 @@ valid_entry(union timestamp_entry_storage *u, off_t pos)
     switch (entry->version) {
     case 1:
 	if (entry->size != sizeof(struct timestamp_entry_v1)) {
-	    printf("wrong sized v1 record @ %lld, got %hu, expected %zu\n",
+	    sudo_warn("wrong sized v1 record @ %lld, got %hu, expected %zu",
 		(long long)pos, entry->size, sizeof(struct timestamp_entry_v1));
 	    debug_return_bool(false);
 	}
 	break;
     case 2:
 	if (entry->size != sizeof(struct timestamp_entry)) {
-	    printf("wrong sized v2 record @ %lld, got %hu, expected %zu\n",
+	    sudo_warn("wrong sized v2 record @ %lld, got %hu, expected %zu",
 		(long long)pos, entry->size, sizeof(struct timestamp_entry));
 	    debug_return_bool(false);
 	}
 	break;
     default:
-	printf("unknown time stamp entry version %d @ %lld\n",
+	sudo_warn("unknown time stamp entry version %d @ %lld",
 	    (int)entry->version, (long long)pos);
 	debug_return_bool(false);
 	break;