From a8b65e6506e595d1ef4de1f7ccdcc819aa96abd3 Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Fri, 18 Feb 2011 22:09:50 -0800 Subject: [PATCH] getting rid of sprintf where I can --- src/pflib/NATCompiler_ipf.cpp | 79 +++++++++++----------------- src/pflib/NATCompiler_pf.cpp | 32 +++++------ src/pflib/NATCompiler_pf_writers.cpp | 25 +++------ src/pflib/PolicyCompiler_pf.cpp | 34 ++++++------ test/pf/pf_cluster_4_rc.conf.local | 2 +- 5 files changed, 73 insertions(+), 99 deletions(-) diff --git a/src/pflib/NATCompiler_ipf.cpp b/src/pflib/NATCompiler_ipf.cpp index 3e2a0de9d..ac3b8cb77 100644 --- a/src/pflib/NATCompiler_ipf.cpp +++ b/src/pflib/NATCompiler_ipf.cpp @@ -41,6 +41,8 @@ #include "fwbuilder/Firewall.h" #include "fwbuilder/AddressTable.h" +#include + #include #include @@ -408,75 +410,58 @@ bool NATCompiler_ipf::appProxy::processNext() bool pptp_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_pptp_proxy"); bool irc_proxy = compiler->getCachedFwOpt()->getBool("ipf_nat_irc_proxy"); - char ipsec_proxy_str[64]; - char ftp_proxy_str[64]; - char rcmd_proxy_str[64]; - char krcmd_proxy_str[64]; - char ekshell_proxy_str[64]; - char raudio_proxy_str[64]; - char h323_proxy_str[64]; - char pptp_proxy_str[64]; - char irc_proxy_str[64]; - - sprintf(ipsec_proxy_str, "proxy port %d ipsec/udp ", ISAKMP_PORT); - sprintf(ftp_proxy_str, "proxy port %d ftp/tcp ", FTP_PORT); - sprintf(rcmd_proxy_str, "proxy port %d rcmd/tcp ", RCMD_PORT); - sprintf(krcmd_proxy_str, "proxy port %d rcmd/tcp ", KRCMD_PORT); - sprintf(ekshell_proxy_str,"proxy port %d rcmd/tcp ", EKSHELL_PORT); - sprintf(raudio_proxy_str, "proxy port %d raudio/tcp ", RAUDIO_PORT); - sprintf(h323_proxy_str, "proxy port %d h323/tcp ", H323_PORT); - sprintf(pptp_proxy_str, "proxy port %d pptp/tcp ", PPTP_PORT); - sprintf(irc_proxy_str, "proxy port %d irc/tcp ", IRC_PORT); + QString ipsec_proxy_str = QString("proxy port %1 ipsec/udp ").arg(ISAKMP_PORT); + QString ftp_proxy_str = QString("proxy port %1 ftp/tcp ").arg(FTP_PORT); + QString rcmd_proxy_str = QString("proxy port %1 rcmd/tcp ").arg(RCMD_PORT); + QString krcmd_proxy_str = QString("proxy port %1 rcmd/tcp ").arg(KRCMD_PORT); + QString ekshell_proxy_str = QString("proxy port %1 rcmd/tcp ").arg(EKSHELL_PORT); + QString raudio_proxy_str = QString("proxy port %1 raudio/tcp ").arg(RAUDIO_PORT); + QString h323_proxy_str = QString("proxy port %1 h323/tcp ").arg(H323_PORT); + QString pptp_proxy_str = QString("proxy port %1 pptp/tcp ").arg(PPTP_PORT); + QString irc_proxy_str = QString("proxy port %1 irc/tcp ").arg(IRC_PORT); if (rule->getRuleType()==NATRule::SNAT || rule->getRuleType()==NATRule::NONAT) { - Service *osrv=compiler->getFirstOSrv(rule); + Service *osrv = compiler->getFirstOSrv(rule); if (UDPService::isA(osrv)) { UDPService *s=UDPService::cast(osrv); if (ipsec_proxy && - s->getDstRangeStart()==ISAKMP_PORT && s->getDstRangeEnd()==ISAKMP_PORT) - rule->setStr("nat_rule_proxy",ipsec_proxy_str); + rule->setStr("nat_rule_proxy", ipsec_proxy_str.toStdString()); } if (TCPService::isA(osrv)) { - TCPService *s=TCPService::cast(osrv); - if (ftp_proxy && - s->getDstRangeStart()==FTP_PORT && s->getDstRangeEnd()==FTP_PORT ) - rule->setStr("nat_rule_proxy",ftp_proxy_str); + TCPService *s = TCPService::cast(osrv); + int range_start = s->getDstRangeStart(); + int range_end = s->getDstRangeEnd(); + if (ftp_proxy && range_start==FTP_PORT && range_end==FTP_PORT) + rule->setStr("nat_rule_proxy", ftp_proxy_str.toStdString()); - if (rcmd_proxy && - s->getDstRangeStart()==RCMD_PORT && s->getDstRangeEnd()==RCMD_PORT ) - rule->setStr("nat_rule_proxy",rcmd_proxy_str); + if (rcmd_proxy && range_start==RCMD_PORT && range_end==RCMD_PORT) + rule->setStr("nat_rule_proxy", rcmd_proxy_str.toStdString()); - if (krcmd_proxy && - s->getDstRangeStart()==KRCMD_PORT && s->getDstRangeEnd()==KRCMD_PORT ) - rule->setStr("nat_rule_proxy",krcmd_proxy_str); + if (krcmd_proxy && range_start==KRCMD_PORT && range_end==KRCMD_PORT ) + rule->setStr("nat_rule_proxy", krcmd_proxy_str.toStdString()); - if (ekshell_proxy && - s->getDstRangeStart()==EKSHELL_PORT && s->getDstRangeEnd()==EKSHELL_PORT ) - rule->setStr("nat_rule_proxy",ekshell_proxy_str); + if (ekshell_proxy && range_start==EKSHELL_PORT && range_end==EKSHELL_PORT ) + rule->setStr("nat_rule_proxy", ekshell_proxy_str.toStdString()); - if (raudio_proxy && - s->getDstRangeStart()==RAUDIO_PORT && s->getDstRangeEnd()==RAUDIO_PORT ) - rule->setStr("nat_rule_proxy",raudio_proxy_str); + if (raudio_proxy && range_start==RAUDIO_PORT && range_end==RAUDIO_PORT ) + rule->setStr("nat_rule_proxy", raudio_proxy_str.toStdString()); - if (h323_proxy && - s->getDstRangeStart()==H323_PORT && s->getDstRangeEnd()==H323_PORT ) - rule->setStr("nat_rule_proxy",h323_proxy_str); + if (h323_proxy && range_start==H323_PORT && range_end==H323_PORT ) + rule->setStr("nat_rule_proxy", h323_proxy_str.toStdString()); - if (pptp_proxy && - s->getDstRangeStart()==PPTP_PORT && s->getDstRangeEnd()==PPTP_PORT ) - rule->setStr("nat_rule_proxy",pptp_proxy_str); + if (pptp_proxy && range_start==PPTP_PORT && range_end==PPTP_PORT ) + rule->setStr("nat_rule_proxy", pptp_proxy_str.toStdString()); - if (irc_proxy && - s->getDstRangeStart()==IRC_PORT && s->getDstRangeEnd()==IRC_PORT ) - rule->setStr("nat_rule_proxy",irc_proxy_str); + if (irc_proxy && range_start==IRC_PORT && range_end==IRC_PORT ) + rule->setStr("nat_rule_proxy", irc_proxy_str.toStdString()); } } tmp_queue.push_back(rule); diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp index ce124c895..b489e1d15 100644 --- a/src/pflib/NATCompiler_pf.cpp +++ b/src/pflib/NATCompiler_pf.cpp @@ -889,11 +889,12 @@ bool NATCompiler_pf::ReplaceFirewallObjectsTSrc::processNext() * happened if all external interfaces are unnumbered */ if (rel->size()==0) { - char errmsg[1024]; - sprintf(errmsg, -"Could not find suitable interface for the NAT rule %s. Perhaps all interfaces are unnumbered?", - rule->getLabel().c_str() ); - compiler->abort(rule, errmsg); + QString err( + "Could not find suitable interface for the NAT rule %1. " + "Perhaps all interfaces are unnumbered?"); + compiler->abort( + rule, + err.arg(rule->getLabel().c_str()).toStdString()); } } } @@ -940,10 +941,9 @@ bool NATCompiler_pf::ReplaceObjectsTDst::processNext() if (loopback_address==NULL) { - char errstr[1024]; - sprintf(errstr, "Can not configure redirection NAT rule %s because loopback interface is missing." , - rule->getLabel().c_str() ); - compiler->abort(rule, errstr); + compiler->abort(rule, + "Can not configure redirection for the NAT rule " + "because loopback interface is missing."); } rel->clearChildren(); @@ -1142,13 +1142,13 @@ void NATCompiler_pf::checkForDynamicInterfacesOfOtherObjects::findDynamicInterfa if (ifs && ifs->isDyn() && ! ifs->isChildOf(compiler->fw)) { - char errstr[2048]; - sprintf(errstr, - "Can not build rule using dynamic interface '%s' of the object '%s' because its address is unknown.", - ifs->getName().c_str(), - ifs->getParent()->getName().c_str()); - - compiler->abort(rule, errstr); + QString err( + "Can not build rule using dynamic interface '%1' " + "of the object '%2' because its address is unknown."); + compiler->abort( + rule, err + .arg(ifs->getName().c_str()) + .arg(ifs->getParent()->getName().c_str()).toStdString()); } } } diff --git a/src/pflib/NATCompiler_pf_writers.cpp b/src/pflib/NATCompiler_pf_writers.cpp index eb5320954..d90042f84 100644 --- a/src/pflib/NATCompiler_pf_writers.cpp +++ b/src/pflib/NATCompiler_pf_writers.cpp @@ -138,26 +138,17 @@ bool NATCompiler_pf::PrintRule::processNext() Address *tdst = compiler->getFirstTDst(rule); //assert(tdst); Service *tsrv = compiler->getFirstTSrv(rule); //assert(tsrv); - char errstr[1024]; - if (osrc==NULL || odst==NULL || osrv==NULL || tsrc==NULL || tdst==NULL || tsrv==NULL) { - if (osrc==NULL) - sprintf(errstr,"NAT rule %s: osrc==NULL", rule->getLabel().c_str()); - if (odst==NULL) - sprintf(errstr,"NAT rule %s: odst==NULL", rule->getLabel().c_str()); - if (osrv==NULL) - sprintf(errstr,"NAT rule %s: osrv==NULL", rule->getLabel().c_str()); - - if (tsrc==NULL) - sprintf(errstr,"NAT rule %s: tsrc==NULL", rule->getLabel().c_str()); - if (tdst==NULL) - sprintf(errstr,"NAT rule %s: tdst==NULL", rule->getLabel().c_str()); - if (tsrv==NULL) - sprintf(errstr,"NAT rule %s: tsrv==NULL", rule->getLabel().c_str()); - - compiler->abort(rule, errstr); + QString err; + if (osrc==NULL) err = QString("NAT rule %1: osrc==NULL"); + if (odst==NULL) err = QString("NAT rule %1: odst==NULL"); + if (osrv==NULL) err = QString("NAT rule %1: osrv==NULL"); + if (tsrc==NULL) err = QString("NAT rule %1: tsrc==NULL"); + if (tdst==NULL) err = QString("NAT rule %1: tdst==NULL"); + if (tsrv==NULL) err = QString("NAT rule %1: tsrv==NULL"); + compiler->abort(rule, err.arg(rule->getLabel().c_str()).toStdString()); } switch ( rule->getRuleType() ) diff --git a/src/pflib/PolicyCompiler_pf.cpp b/src/pflib/PolicyCompiler_pf.cpp index 4c3762c5c..c348968d5 100644 --- a/src/pflib/PolicyCompiler_pf.cpp +++ b/src/pflib/PolicyCompiler_pf.cpp @@ -74,11 +74,11 @@ int PolicyCompiler_pf::prolog() list l3=iface->getByType(IPv4::TYPENAME); if (l3.size()>0) { - char errstr[256]; - sprintf(errstr, - "Dynamic interface %s should not have an IP address object attached to it. This IP address object will be ignored.", - iface->getName().c_str() ); - warning(errstr ); + QString err( + "Dynamic interface %1 should not have an IP " + "address object attached to it. This IP address " + "object will be ignored."); + warning(err.arg(iface->getName().c_str()).toStdString()); for (list::iterator j=l3.begin(); j!=l3.end(); ++j) iface->remove(*j); } @@ -444,11 +444,8 @@ void PolicyCompiler_pf::addDefaultPolicyRule() } } catch(FWException &ex) { - char errstr[256]; - sprintf(errstr, - "Invalid address for the backup ssh access: '%s'", - mgmt_addr.c_str()); - abort(errstr); + QString err("Invalid address for the backup ssh access: '%1'"); + abort(err.arg(mgmt_addr.c_str()).toStdString()); } Network *mgmt_workstation = dbcopy->createNetwork(); @@ -829,13 +826,14 @@ void PolicyCompiler_pf::checkForDynamicInterfacesOfOtherObjects::findDynamicInte ifs->getParent()->getId()!=compiler->fw->getId() && ! ifs->getParent()->getBool("pf_table") ) { - char errstr[2048]; - sprintf(errstr,"Can not build rule using dynamic interface '%s' of the object '%s' because its address in unknown. Rule %s", - ifs->getName().c_str(), - ifs->getParent()->getName().c_str(), - rule->getLabel().c_str() ); - - compiler->abort(rule, errstr); + QString err( + "Can not build rule using dynamic interface '%1' " + "of the object '%2' because its address in unknown."); + compiler->abort( + rule, + err + .arg(ifs->getName().c_str()) + .arg(ifs->getParent()->getName().c_str()).toStdString()); } } } @@ -1204,7 +1202,7 @@ void PolicyCompiler_pf::insertPfsyncRule() * PolicyCompiler has no visibility into platform-specific * options and can not do this. */ -bool PolicyCompiler_pf::checkForShadowingPlatformSpecific(PolicyRule *r1, +bool PolicyCompiler_pf::checkForShadowingPlatformSpecific(PolicyRule *, PolicyRule *r2) { bool quick = r2->getBool("quick"); diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local index c9aa88539..12f4b5af4 100755 --- a/test/pf/pf_cluster_4_rc.conf.local +++ b/test/pf/pf_cluster_4_rc.conf.local @@ -3,7 +3,7 @@ # # Firewall Builder fwb_pf v4.2.0.3482 # -# Generated Fri Feb 18 18:53:30 2011 PST by vadim +# Generated Fri Feb 18 22:08:46 2011 PST by vadim # # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local # files: pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf