afpd,testsuite: replace unsafe strcpy/sprintf with bounded equivalents

Replace remaining sprintf/strcpy/strcat calls flagged by the OpenBSD
linker with snprintf/strlcpy/strlcat/memcpy throughout afpd and the
test suite. Key fixes beyond mechanical substitution:

- dtfile(): build the creator/hex suffix in a fixed local buffer and
  append via strlcat, closing a buffer overflow in the *p++ writes
  that could follow a near-full snprintf result
- appl.c afp_addappl/afp_rmvappl: guard against NULL return from
  dtfile() before passing dtf to strlcpy; rmvappl also closes sdt_fd
  on this new error path to match existing cleanup
- file.c set_name: save strlen(name) into tp_len at the strdup site
  so the restore memcpy uses tp_len+1 instead of a redundant strlen

Author: rdmark

etc/afpd/appl.c

@@ -272,6 +272,11 @@ int afp_addappl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_,
     }
 
     dtf = dtfile(vol, creator, ".appl.temp");
+
+    if (!dtf) {
+        return AFPERR_PARAM;
+    }
+
     tempfile = obj->oldtmp;
     strlcpy(tempfile, dtf, AFPOBJ_TMPSIZ + 1);
 
@@ -400,6 +405,13 @@ int afp_rmvappl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_,
     }
 
     dtf = dtfile(vol, creator, ".appl.temp");
+
+    if (!dtf) {
+        close(sa.sdt_fd);
+        sa.sdt_fd = -1;
+        return AFPERR_PARAM;
+    }
+
     /* Use existing tempfile buffers but check if the path fits */
     tempfile = obj->oldtmp;
 

etc/afpd/desktop.c

@@ -69,7 +69,7 @@ typedef void (*desk_entry_fn)(const char *path, void *ctx);
 static void desk_foreach(DIR *desk, desk_entry_fn fn, void *ctx)
 {
     char          modbuf[12 + 1], *m;
-    struct dirent *deskp, *subp;
+    const struct dirent *deskp, *subp;
     DIR           *sub;
 
     for (deskp = readdir(desk); deskp != NULL; deskp = readdir(desk)) {
@@ -805,7 +805,6 @@ static const char		hexdig[] = "0123456789abcdef";
 char *dtfile(const struct vol *vol, uint8_t creator[], char *ext)
 {
     static char	path[MAXPATHLEN + 1];
-    char	*p;
     unsigned int i;
 
     if (vol == NULL || vol->v_dbpath == NULL) {
@@ -819,29 +818,36 @@ char *dtfile(const struct vol *vol, uint8_t creator[], char *ext)
         return NULL;
     }
 
-    for (p = path; *p != '\0'; p++)
-        ;
+    /* Build "X/CCCC" suffix (2-char hex dir + '/' + up to 8-char creator + NUL) */
+    char suffix[12];
+    char *q = suffix;
 
     if (!isprint(creator[0]) || creator[0] == '/') {
-        *p++ = hexdig[(creator[0] & 0xf0) >> 4];
-        *p++ = hexdig[creator[0] & 0x0f];
+        *q++ = hexdig[(creator[0] & 0xf0) >> 4];
+        *q++ = hexdig[creator[0] & 0x0f];
     } else {
-        *p++ = creator[0];
+        *q++ = creator[0];
     }
 
-    *p++ = '/';
+    *q++ = '/';
 
     for (i = 0; i < sizeof(CreatorType); i++) {
         if (!isprint(creator[i]) || creator[i] == '/') {
-            *p++ = hexdig[(creator[i] & 0xf0) >> 4];
-            *p++ = hexdig[creator[i] & 0x0f];
+            *q++ = hexdig[(creator[i] & 0xf0) >> 4];
+            *q++ = hexdig[creator[i] & 0x0f];
         } else {
-            *p++ = creator[i];
+            *q++ = creator[i];
         }
     }
 
-    *p = '\0';
-    strlcat(path, ext, sizeof(path));
+    *q = '\0';
+
+    if (strlcat(path, suffix, sizeof(path)) >= sizeof(path) ||
+            strlcat(path, ext, sizeof(path)) >= sizeof(path)) {
+        LOG(log_error, logtype_afpd, "dtfile: path too long");
+        return NULL;
+    }
+
     return path;
 }
 

etc/afpd/file.c

@@ -158,6 +158,7 @@ char *set_name(const struct vol *vol, char *data, cnid_t pid, char *name,
                cnid_t id, uint32_t utf8)
 {
     uint32_t   aint;
+    uint32_t   tp_len = 0;
     char        *tp = NULL;
     char        *src = name;
     aint = strlen(name);
@@ -168,6 +169,7 @@ char *set_name(const struct vol *vol, char *data, cnid_t pid, char *name,
             /* but name is an utf8 mac name */
             char *u, *m;
             /* global static variable... */
+            tp_len = aint;
             tp = strdup(name);
 
             if (!(u = mtoupath(vol, name, pid, 1)) || !(m = utompath(vol, u, id, 0))) {
@@ -203,7 +205,7 @@ char *set_name(const struct vol *vol, char *data, cnid_t pid, char *name,
     data += aint;
 
     if (tp) {
-        strcpy(name, tp);
+        memcpy(name, tp, tp_len + 1);
         free(tp);
     }
 

test/testsuite/FPGetFileDirParms.c

@@ -615,13 +615,13 @@ STATIC void test308()
         }
     }
 
-    sprintf(temp, "t307#%X", ntohl(dir));
+    snprintf(temp, sizeof(temp), "t307#%X", ntohl(dir));
 
     if (!FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, 0, bitmap)) {
         test_failed();
     }
 
-    sprintf(temp, "t308#%X", ntohl(dir));
+    snprintf(temp, sizeof(temp), "t308#%X", ntohl(dir));
 
     if (!FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, 0, bitmap)) {
         test_failed();
@@ -683,10 +683,10 @@ STATIC void test324()
         test_nottested();
     }
 
-    sprintf(temp1, "#%X.txt", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X.txt", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
@@ -738,10 +738,10 @@ STATIC void test326()
         goto test_exit;
     }
 
-    sprintf(temp1, "#%X.txt", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X.txt", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
     ret = FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0);
 
     if ((Conn->afp_version >= 30 && ret != ntohl(AFPERR_NOOBJ))
@@ -789,19 +789,19 @@ STATIC void test333()
         test_nottested();
     }
 
-    sprintf(temp1, "#%X.txt", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X.txt", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
     }
 
-    sprintf(temp1, "#0%X.txt", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#0%X.txt", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (!FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
@@ -846,19 +846,19 @@ STATIC void test334()
         test_nottested();
     }
 
-    sprintf(temp1, "#%X", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
     }
 
-    sprintf(temp1, "#%X.", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X.", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (!FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
@@ -912,10 +912,10 @@ STATIC void test335()
         test_nottested();
     }
 
-    sprintf(temp1, "#%X.txt", ntohl(id));
+    snprintf(temp1, sizeof(temp1), "#%X.txt", ntohl(id));
     memset(temp, 0, sizeof(temp));
     strncpy(temp, name, 31 - strlen(temp1));
-    strcat(temp, temp1);
+    strlcat(temp, temp1, sizeof(temp));
 
     if (FPGetFileDirParams(Conn, vol, DIRDID_ROOT, temp, bitmap, 0)) {
         test_failed();
@@ -1250,7 +1250,6 @@ static void do_pdinfo_test(char *fname, const char *fourcc, uint8_t expect_type,
     int ofs = 3 * sizeof(uint16_t);
     const DSI *dsi = &Conn->dsi;
     struct afp_filedir_parms filedir = { 0 };
-    const unsigned char *buf;
     const char *creator = "pdos";
     uint8_t prodos_type;
     uint16_t prodos_aux;
@@ -1343,7 +1342,6 @@ STATIC void test441()
     int ofs = 3 * sizeof(uint16_t);
     const DSI *dsi = &Conn->dsi;
     struct afp_filedir_parms filedir = { 0 };
-    const unsigned char *buf;
     uint8_t prodos_type;
     uint16_t prodos_aux;
     ENTER_TEST
@@ -1404,7 +1402,6 @@ STATIC void test442()
     int ofs = 3 * sizeof(uint16_t);
     const DSI *dsi = &Conn->dsi;
     struct afp_filedir_parms filedir = { 0 };
-    const unsigned char *buf;
     uint8_t prodos_type;
     uint16_t prodos_aux;
     int dir;

test/testsuite/FPSetFileParms.c

@@ -513,7 +513,7 @@ STATIC void test433()
     uint16_t bitmap_date = (1 << FILPBIT_CDATE) | (1 << FILPBIT_BDATE) |
                            (1 << FILPBIT_MDATE);
     int ofs = 3 * sizeof(uint16_t);
-    DSI *dsi = &Conn->dsi;
+    const DSI *dsi = &Conn->dsi;
     struct afp_filedir_parms filedir;
     ENTER_TEST
 
@@ -600,7 +600,7 @@ STATIC void test434()
     uint16_t bitmap_date = (1 << FILPBIT_CDATE) | (1 << FILPBIT_BDATE) |
                            (1 << FILPBIT_MDATE);
     int ofs = 3 * sizeof(uint16_t);
-    DSI *dsi = &Conn->dsi;
+    const DSI *dsi = &Conn->dsi;
     struct afp_filedir_parms filedir;
     ENTER_TEST