bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 12:41:57 +00:00
parent 62dbe6534f
commit 109480dde1
3 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
mbfido/msg.c
View File

@ -103,7 +103,7 @@ int toss_onemsg(char *msgname)
{
int rc = 0, islocal, empty = TRUE;
char *temp, *dospath, *flagstr = NULL, *l, *r, *msgid = NULL;
char fromUserName[36], toUserName[36], subject[72], DateTime[20];
char fromUserName[37], toUserName[37], subject[73], DateTime[21];
FILE *fp, *np;
faddr *ta;
unsigned char buf[0xbe];
@ -114,7 +114,7 @@ int toss_onemsg(char *msgname)
net_msgs++;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/%s", CFG.msgs_path, msgname);
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname);
if ((fp = fopen(temp, "r")) == NULL) {
WriteError("$Can't open %s", temp);
@ -315,7 +315,7 @@ int toss_onemsg(char *msgname)
(strncasecmp(toUserName, "postmaster", 10) == 0) ||
(strncasecmp(toUserName, "coordinator", 11) == 0)) {
Syslog('+', " Readdress from %s to %s", toUserName, CFG.sysop_name);
sprintf(toUserName, "%s", CFG.sysop_name);
snprintf(toUserName, 36, "%s", CFG.sysop_name);
strcpy(Msg.To, toUserName);
}
net_imp++;
@ -328,19 +328,19 @@ int toss_onemsg(char *msgname)
Msg.Netmail = TRUE;
if (origPoint)
sprintf(Msg.FromAddress, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain);
snprintf(Msg.FromAddress, 100, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain);
else
sprintf(Msg.FromAddress, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain);
snprintf(Msg.FromAddress, 100, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain);
if (SearchFidonet(destZone)) {
if (destPoint)
sprintf(Msg.ToAddress, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain);
snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain);
else
sprintf(Msg.ToAddress, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain);
snprintf(Msg.ToAddress, 100, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain);
} else {
if (destPoint)
sprintf(Msg.ToAddress, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint);
snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint);
else
sprintf(Msg.ToAddress, "%d:%d/%d", destZone, destNet, destNode);
snprintf(Msg.ToAddress, 100, "%d:%d/%d", destZone, destNet, destNode);
}
/*
@ -367,7 +367,7 @@ int toss_onemsg(char *msgname)
if (!islocal) {
do_scan = TRUE;
sprintf(temp, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
if ((np = fopen(temp, "a")) != NULL) {
fprintf(np, "%s %lu\n", msgs.Base, Msg.Id);
fclose(np);
@ -385,7 +385,7 @@ int toss_onemsg(char *msgname)
if (rc == 0) {
net_in++;
sprintf(temp, "%s/%s", CFG.msgs_path, msgname);
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname);
if (unlink(temp) != 0)
WriteError("Can't remove %s", temp);
}

20
mbfido/msgutil.c
View File

@ -72,7 +72,7 @@ void Msg_Id(fidoaddr aka)
unsigned long crc = -1;
temp = calloc(81, sizeof(char));
sprintf(temp, "\001MSGID: %s %08lx", aka2str(aka), sequencer());
snprintf(temp, 80, "\001MSGID: %s %08lx", aka2str(aka), sequencer());
MsgText_Add2(temp);
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
Msg.ReplyCRC = 0xffffffff;
@ -87,16 +87,16 @@ void Msg_Pid(void)
time_t tt;
temp = calloc(81, sizeof(char));
sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
snprintf(temp, 80, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
MsgText_Add2(temp);
if (msgs.Charset != FTNC_NONE) {
sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset));
snprintf(temp, 80, "\001CHRS: %s", getftnchrs(msgs.Charset));
} else {
sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
snprintf(temp, 80, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
}
MsgText_Add2(temp);
tt = time(NULL);
sprintf(temp, "\001TZUTC: %s", gmtoffset(tt));
snprintf(temp, 80, "\001TZUTC: %s", gmtoffset(tt));
MsgText_Add2(temp);
free(temp);
}
@ -168,7 +168,7 @@ long Msg_Top(char *template, int language, fidoaddr aka)
hasmodems = TRUE;
}
sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) != NULL) {
fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fp);
while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) {
@ -220,11 +220,11 @@ void Msg_Bot(fidoaddr UseAka, char *Org, char *template)
MsgText_Add2(TearLine());
if (UseAka.point)
sprintf(aka, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point);
snprintf(aka, 39, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point);
else
sprintf(aka, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node);
snprintf(aka, 39, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node);
sprintf(temp, " * Origin: %s %s", Org, aka);
snprintf(temp, 80, " * Origin: %s %s", Org, aka);
MsgText_Add2(temp);
free(aka);
free(temp);
@ -238,7 +238,7 @@ void CountPosted(char *Base)
FILE *fp;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r+")) != NULL) {
fread(&msgshdr, sizeof(msgshdr), 1, fp);

14
mbfido/newspost.c
View File

@ -60,7 +60,7 @@ int newspost(void)
* a file, try to post the articles. They may be
* still here if the newsserver wasn't available.
*/
sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT"));
snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT"));
if ((nfp = fopen(buf, "r")) == NULL) {
if (newsopen)
WriteError("$Can't reopen %s", buf);
@ -115,7 +115,7 @@ int newspost(void)
*/
if ((CFG.newsfeed == FEEDUUCP) || (CFG.newsfeed == FEEDRNEWS)) {
Syslog('+', "Posting news articles to the news batchfile");
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
if ((ofp = fopen(buf, "w+")) == NULL) {
WriteError("$Can't create %s", buf);
free(buf);
@ -178,7 +178,7 @@ int newspost(void)
} else
Syslog('+', "Articles send through %s", CFG.rnewspath);
fclose(ofp);
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
unlink(buf);
}
@ -194,7 +194,7 @@ int newspost(void)
return TRUE;
}
sprintf(buf, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr);
snprintf(buf, 10239, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr);
if ((nb = fopen(buf, "a")) == NULL) {
WriteError("Can't create %s", buf);
newsopen = FALSE;
@ -204,7 +204,7 @@ int newspost(void)
fprintf(nb, "E D.%s%lx D.%s%lx news -C D.%s%lx 0666 \"\" 0 rnews\n",
utsbuf.nodename, seqnr, utsbuf.nodename, seqnr, utsbuf.nodename, seqnr);
fclose(nb);
sprintf(buf, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr);
snprintf(buf, 10239, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr);
if ((nb = fopen(buf, "a")) == NULL) {
WriteError("Can't create %s", buf);
newsopen = FALSE;
@ -215,12 +215,12 @@ int newspost(void)
}
Syslog('+', "Articles placed in %s", CFG.rnewspath);
fclose(ofp);
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
unlink(buf);
}
if (! news_bad) {
sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT"));
snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT"));
unlink(buf);
}