bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent buffer overflow (use std::string instead arrays with fixed length)

Browse Source
This commit is contained in:
Stas Degteff 2011-02-23 01:57:45 +00:00
parent 9d28684468
commit ed7246e101
1 changed files with 30 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
golded3/geusrbse.cpp
View File

@ -29,6 +29,7 @@
#include <golded.h> #include <golded.h>
#include <geusrbse.h> #include <geusrbse.h>
#include <gftnnl.h> #include <gftnnl.h>
#include <gstrall.h>
// ------------------------------------------------------------------ // ------------------------------------------------------------------
@ -211,35 +212,52 @@ void guserbase::do_delayed() {
void guserbase::print_line(uint idx, uint pos, bool isbar) { void guserbase::print_line(uint idx, uint pos, bool isbar) {
char buf[200]; char buf[200];
char buf2[100]; const size_t buflen=199;
buf[buflen]='\0';
// char buf2[100];
// const size_t buf2len=199;
// buf2[buf2len]='\0';
read_entry(idx); read_entry(idx);
*buf2 = NUL; // *buf2 = NUL;
std::string useraddr;
if(AA->isinternet() or not entry.fidoaddr.valid()) { if(AA->isinternet() or not entry.fidoaddr.valid()) {
if(*entry.iaddr) { if(*entry.iaddr) {
strcat(buf2, "<"); // strcat(buf2, "<");
strcat(buf2, entry.iaddr); // strcat(buf2, entry.iaddr);
strcat(buf2, ">"); // strcat(buf2, ">");
/* gsprintf(PRINTF_DECLARE_BUFFER(buf2), "<%s>", entry.iaddr); */
((useraddr = "<") + entry.iaddr) + ">";
} }
} }
else { else {
if(entry.fidoaddr.valid()) { if(entry.fidoaddr.valid()) {
*buf2 = '('; // *buf2 = '(';
entry.fidoaddr.make_string(buf2+1); // entry.fidoaddr.make_string(buf2+1);
strcat(buf2, ")"); // strcat(buf2, ")");
entry.fidoaddr.make_string(useraddr);
useraddr.insert(useraddr.begin(),'(');
useraddr.push_back(')');
} }
} }
sprintf(buf, "%c %-*.*s %-*.*s %s ", // sprintf(buf, "%c %-*.*s %-*.*s %s ",
gsprintf(PRINTF_DECLARE_BUFFER(buf), "%c %-*.*s %-*.*s %s ",
entry.is_deleted ? 'D' : ' ', entry.is_deleted ? 'D' : ' ',
cwidth, (int)cwidth, entry.name, cwidth, (int)cwidth, entry.name,
(cwidth*2)/3, (int)(cwidth*2)/3, entry.organisation, (cwidth*2)/3, (int)(cwidth*2)/3, entry.organisation,
buf2); // buf2);
useraddr.c_str() );
strsetsz(buf, xlen); // strsetsz(buf, xlen);
window.prints(pos, 0, isbar ? sattr : wattr, buf); /* strsetsz(buf, buflen>xlen?xlen:buflen); */
// window.prints(pos, 0, isbar ? sattr : wattr, buf);
std::string line_to_print(buf);
line_to_print.resize(xlen,' ');
window.prints(pos, 0, isbar ? sattr : wattr, line_to_print.c_str());
} }