1--- misc/nss-3.25/nss/cmd/signtool/sign.c 2016-06-20 14:11:28.000000000 -0300 2+++ misc/build/nss-3.25/nss/cmd/signtool/sign.c 2019-11-01 13:32:56.496828470 -0300 3@@ -8,6 +8,10 @@ 4 #include "blapi.h" 5 #include "sechash.h" /* for HASH_GetHashObject() */ 6 7+#if defined(_MSC_VER) && _MSC_VER < 1900 8+#define snprintf _snprintf 9+#endif 10+ 11 static int create_pk7(char *dir, char *keyName, int *keyType); 12 static int jar_find_key_type(CERTCertificate *cert); 13 static int manifesto(char *dirname, char *install_script, PRBool recurse); 14@@ -43,6 +47,7 @@ SignArchive(char *tree, char *keyName, c 15 int status; 16 char tempfn[FNSIZE], fullfn[FNSIZE]; 17 int keyType = rsaKey; 18+ int count; 19 20 metafile = meta_file; 21 optimize = _optimize; 22@@ -81,11 +86,18 @@ SignArchive(char *tree, char *keyName, c 23 } 24 25 /* rsa/dsa to zip */ 26- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? 27- "dsa" 28- : 29- "rsa")); 30- sprintf(fullfn, "%s/%s", tree, tempfn); 31+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 32+ if (count >= sizeof(tempfn)) { 33+ PR_fprintf(errorFD, "unable to write key metadata\n"); 34+ errorCount++; 35+ exit(ERRX); 36+ } 37+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 38+ if (count >= sizeof(fullfn)) { 39+ PR_fprintf(errorFD, "unable to write key metadata\n"); 40+ errorCount++; 41+ exit(ERRX); 42+ } 43 JzipAdd(fullfn, tempfn, zipfile, compression_level); 44 45 /* Loop through all files & subdirectories, add to archive */ 46@@ -95,22 +107,44 @@ SignArchive(char *tree, char *keyName, c 47 } 48 /* mf to zip */ 49 strcpy(tempfn, "META-INF/manifest.mf"); 50- sprintf(fullfn, "%s/%s", tree, tempfn); 51+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 52+ if (count >= sizeof(fullfn)) { 53+ PR_fprintf(errorFD, "unable to write manifest\n"); 54+ errorCount++; 55+ exit(ERRX); 56+ } 57 JzipAdd(fullfn, tempfn, zipfile, compression_level); 58 59 /* sf to zip */ 60- sprintf(tempfn, "META-INF/%s.sf", base); 61- sprintf(fullfn, "%s/%s", tree, tempfn); 62+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base); 63+ if (count >= sizeof(tempfn)) { 64+ PR_fprintf(errorFD, "unable to write sf metadata\n"); 65+ errorCount++; 66+ exit(ERRX); 67+ } 68+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 69+ if (count >= sizeof(fullfn)) { 70+ PR_fprintf(errorFD, "unable to write sf metadata\n"); 71+ errorCount++; 72+ exit(ERRX); 73+ } 74 JzipAdd(fullfn, tempfn, zipfile, compression_level); 75 76 /* Add the rsa/dsa file to the zip archive normally */ 77 if (!xpi_arc) { 78 /* rsa/dsa to zip */ 79- sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? 80- "dsa" 81- : 82- "rsa")); 83- sprintf(fullfn, "%s/%s", tree, tempfn); 84+ count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa")); 85+ if (count >= sizeof(tempfn)) { 86+ PR_fprintf(errorFD, "unable to write key metadata\n"); 87+ errorCount++; 88+ exit(ERRX); 89+ } 90+ count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn); 91+ if (count >= sizeof(fullfn)) { 92+ PR_fprintf(errorFD, "unable to write key metadata\n"); 93+ errorCount++; 94+ exit(ERRX); 95+ } 96 JzipAdd(fullfn, tempfn, zipfile, compression_level); 97 } 98 99@@ -413,6 +447,7 @@ static int 100 manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg) 101 { 102 char fullname[FNSIZE]; 103+ int count; 104 105 if (verbosity >= 0) { 106 PR_fprintf(outputFD, "--> %s\n", relpath); 107@@ -426,7 +461,10 @@ manifesto_xpi_fn(char *relpath, char *ba 108 if (!PL_HashTableLookup(extensions, ext)) 109 return 0; 110 } 111- sprintf(fullname, "%s/%s", basedir, relpath); 112+ count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath); 113+ if (count >= sizeof(fullname)) { 114+ return 1; 115+ } 116 JzipAdd(fullname, relpath, zipfile, compression_level); 117 118 return 0; 119