use vsnprintf instead of vsprintf in pline.c

doc/fixes36.5

@@ -15,6 +15,7 @@ fix potential buffer overflow in sym_val()
 fix potential buffer overflow in pline(), raw_printf(), and config_error_add()
 	via bad config file values or command line arguments
 fix potential buffer overflow in choose_windows()
+use vsnprintf instead of vsprintf in pline.c where possible
 
 
 Fixes to Post-3.6.4 Problems that Were Exposed Via git Repository

include/vmsconf.h

@@ -168,6 +168,11 @@ PANICTRACE_GDB=2  #at conclusion of panic, show a call traceback and then
 
 #define FCMASK 0660 /* file creation mask */
 
+/*
+ * 
+ */
+#define NO_VSNPRINTF /* Avoid vsnprintf, use less-safe vsprintf instead. */
+
 /*
  * The remainder of the file should not need to be changed.
  */

src/pline.c

@@ -125,6 +125,9 @@ VA_DECL(const char *, line)
     char pbuf[BIGBUFSZ]; /* will get chopped down to BUFSZ-1 if longer */
     int ln;
     int msgtyp;
+#if !defined(NO_VSNPRINTF)
+    int vlen = 0;
+#endif
     boolean no_repeat;
     /* Do NOT use VA_START and VA_END in here... see above */
 
@@ -138,7 +141,16 @@ VA_DECL(const char *, line)
         return;
 
     if (index(line, '%')) {
+#if !defined(NO_VSNPRINTF)
+        vlen = vsnprintf(pbuf, sizeof pbuf, line, VA_ARGS);
+#if (NH_DEVEL_STATUS != NH_STATUS_RELEASED) && defined(DEBUG)
+        if (vlen >= (int) sizeof pbuf)
+            panic("pline", "truncation of buffer at %zu of %d bytes",
+                  sizeof pbuf, vlen);
+#endif
+#else
         Vsprintf(pbuf, line, VA_ARGS);
+#endif
         line = pbuf;
     }
     if ((ln = (int) strlen(line)) > BUFSZ - 1) {
@@ -447,11 +459,23 @@ void raw_printf
 VA_DECL(const char *, line)
 #endif
 {
+#if !defined(NO_VSNPRINTF)
+    int vlen = 0;
+#endif
     char pbuf[BIGBUFSZ]; /* will be chopped down to BUFSZ-1 if longer */
     /* Do NOT use VA_START and VA_END in here... see above */
 
     if (index(line, '%')) {
+#if !defined(NO_VSNPRINTF)
+        vlen = vsnprintf(pbuf, sizeof pbuf, line, VA_ARGS);
+#if (NH_DEVEL_STATUS != NH_STATUS_RELEASED) && defined(DEBUG)
+        if (vlen >= (int) sizeof pbuf)
+            panic("raw_printf", "truncation of buffer at %zu of %d bytes",
+                  sizeof pbuf, vlen);
+#endif
+#else
         Vsprintf(pbuf, line, VA_ARGS);
+#endif
         line = pbuf;
     }
     if ((int) strlen(line) > BUFSZ - 1) {
@@ -473,6 +497,9 @@ VA_DECL(const char *, line)
 void impossible
 VA_DECL(const char *, s)
 {
+#if !defined(NO_VSNPRINTF)
+    int vlen = 0;
+#endif
     char pbuf[BIGBUFSZ]; /* will be chopped down to BUFSZ-1 if longer */
 
     VA_START(s);
@@ -481,7 +508,16 @@ VA_DECL(const char *, s)
         panic("impossible called impossible");
 
     program_state.in_impossible = 1;
+#if !defined(NO_VSNPRINTF)
+    vlen = vsnprintf(pbuf, sizeof pbuf, s, VA_ARGS);
+#if (NH_DEVEL_STATUS != NH_STATUS_RELEASED) && defined(DEBUG)
+    if (vlen >= (int) sizeof pbuf)
+        panic("impossible", "truncation of buffer at %zu of %d bytes",
+              sizeof pbuf, vlen);
+#endif
+#else
     Vsprintf(pbuf, s, VA_ARGS);
+#endif
     pbuf[BUFSZ - 1] = '\0'; /* sanity */
     paniclog("impossible", pbuf);
     if (iflags.debug_fuzzer)
@@ -574,9 +610,21 @@ config_error_add
 VA_DECL(const char *, str)
 #endif /* ?(USE_STDARG || USE_VARARG) */
 {       /* start of vconf...() or of nested block in USE_OLDARG's conf...() */
+#if !defined(NO_VSNPRINTF)
+    int vlen = 0;
+#endif
     char buf[BIGBUFSZ]; /* will be chopped down to BUFSZ-1 if longer */
 
+#if !defined(NO_VSNPRINTF)
+    vlen = vsnprintf(buf, sizeof buf, str, VA_ARGS);
+#if (NH_DEVEL_STATUS != NH_STATUS_RELEASED) && defined(DEBUG)
+    if (vlen >= (int) sizeof buf)
+        panic("config_error_add", "truncation of buffer at %zu of %d bytes",
+              sizeof buf, vlen);
+#endif
+#else
     Vsprintf(buf, str, VA_ARGS);
+#endif
     buf[BUFSZ - 1] = '\0';
     config_erradd(buf);