Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid

problems on systems where the system printf(3) is not C99-compliant. We use our own snprintf() on such systems.
2025-08-22 01:49:11 +00:00 · 2023-10-17 20:09:16 -06:00 · 2023-10-17 20:09:16 -06:00 · 58d6554a78
commit 58d6554a78
parent cf9fc5317e
2 changed files with 44 additions and 4 deletions
--- a/plugins/sudoers/sudo_printf.c
+++ b/plugins/sudoers/sudo_printf.c
@ -24,10 +24,12 @@
 #include <config.h>

 #include <stdio.h>
+#include <stdlib.h>
 #include <stdarg.h>
 #include <errno.h>

 #include <sudo_compat.h>
+#include <sudo_util.h>
 #include <sudo_plugin.h>
 #include <sudo_debug.h>
 #include <pathnames.h>
@ -37,6 +39,8 @@ sudo_printf_int(int msg_type, const char * restrict fmt, ...)
 {
    FILE *fp = stdout;
    FILE *ttyfp = NULL;
+    char sbuf[8192];
+    char *buf = sbuf;
    va_list ap;
    int len;

@ -50,9 +54,26 @@ sudo_printf_int(int msg_type, const char * restrict fmt, ...)
 	fp = stderr;
 	FALLTHROUGH;
    case SUDO_CONV_INFO_MSG:
+	/*
+	 * We use vsnprintf() instead of vfprintf() here to avoid
+	 * problems on systems where the system printf(3) is not
+	 * C99-compliant.  We use our own snprintf() on such systems.
+	 */
 	va_start(ap, fmt);
-	len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
+	len = vsnprintf(sbuf, sizeof(sbuf), fmt, ap);
 	va_end(ap);
+	if (len < 0 || len >= ssizeof(sbuf)) {
+	    /* Try again with a dynamically-sized buffer. */
+	    va_start(ap, fmt);
+	    len = vasprintf(&buf, fmt, ap);
+	    va_end(ap);
+	}
+	if (len != -1) {
+	    if (fwrite(buf, 1, len, ttyfp ? ttyfp : fp) == 0)
+		len = -1;
+	    if (buf != sbuf)
+		free(buf);
+	}
 	break;
    default:
 	len = -1;
--- a/src/conversation.c
+++ b/src/conversation.c
@ -163,6 +163,8 @@ sudo_conversation_printf(int msg_type, const char * restrict fmt, ...)
    FILE *ttyfp = NULL;
    FILE *fp = stdout;
    char fmt2[1024];
+    char sbuf[8192];
+    char *buf = sbuf;
    va_list ap;
    int len;
    const int conv_debug_instance = sudo_debug_get_active_instance();
@ -201,9 +203,26 @@ sudo_conversation_printf(int msg_type, const char * restrict fmt, ...)
 		}
 	    }
 	}
-	va_start(ap, fmt);
-	len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
-	va_end(ap);
+        /*
+         * We use vsnprintf() instead of vfprintf() here to avoid
+         * problems on systems where the system printf(3) is not
+         * C99-compliant.  We use our own snprintf() on such systems.
+         */
+        va_start(ap, fmt);
+        len = vsnprintf(sbuf, sizeof(sbuf), fmt, ap);
+        va_end(ap);
+        if (len < 0 || len >= ssizeof(sbuf)) {
+            /* Try again with a dynamically-sized buffer. */
+            va_start(ap, fmt);
+            len = vasprintf(&buf, fmt, ap);
+            va_end(ap);
+        }
+        if (len != -1) {
+            if (fwrite(buf, 1, len, ttyfp ? ttyfp : fp) == 0)
+                len = -1;
+            if (buf != sbuf)
+                free(buf);
+        }
 	break;
    default:
 	len = -1;