Secured sprintf with snprintf
This commit is contained in:
Michiel Broek
parent
a1bd379fdd
commit
1fe9a6332f
@ -58,7 +58,7 @@ void dlcount(void)
|
||||
* Check if we have a mark when we did this the last time.
|
||||
* If not, create one and don't do anything. Run the next time.
|
||||
*/
|
||||
sprintf(temp, "%s/var/dlcount.stat", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX, "%s/var/dlcount.stat", getenv("MBSE_ROOT"));
|
||||
if ((lastcheck = file_time(temp)) == -1) {
|
||||
Syslog('+', "Checking WWW downloads never done before, creating timestamp");
|
||||
if ((fp = fopen(temp, "a"))) {
|
||||
@ -108,7 +108,7 @@ void dlcount(void)
|
||||
strncpy(date, p+1, q - p - 1);
|
||||
// Syslog('f', "\"%s\"", date);
|
||||
tm.tm_mday = atoi(strtok(date, "/\0"));
|
||||
sprintf(month, "%s", strtok(NULL, "/\0"));
|
||||
snprintf(month, 20, "%s", strtok(NULL, "/\0"));
|
||||
for (i = 0; i < 12; i++)
|
||||
if (strncasecmp(months[i], month, 3) == 0)
|
||||
break;
|
||||
@ -131,7 +131,7 @@ void dlcount(void)
|
||||
// Syslog('f', "\"%s\"", file);
|
||||
if (strncmp(file, "GET ", 4) == 0) {
|
||||
if ((p = strstr(file, CFG.www_link2ftp))) {
|
||||
sprintf(base, "%s%s", CFG.ftp_base, p + strlen(CFG.www_link2ftp));
|
||||
snprintf(base, PATH_MAX, "%s%s", CFG.ftp_base, p + strlen(CFG.www_link2ftp));
|
||||
for (i = strlen(base); i; i--) {
|
||||
if (base[i] == ' ') {
|
||||
base[i] = '\0';
|
||||
@ -204,7 +204,7 @@ void dlcount(void)
|
||||
if (p == NULL)
|
||||
break;
|
||||
|
||||
sprintf(base, "%s", p);
|
||||
snprintf(base, PATH_MAX, "%s", p);
|
||||
if (date_ok) {
|
||||
/*
|
||||
* So far it seems that the file is possible downloaded from the bbs.
|
||||
@ -236,12 +236,12 @@ void count_download(char *filename, time_t filedate, off_t filesize, char *dltyp
|
||||
struct FILE_record frec;
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((dfp = fopen(temp, "r"))) {
|
||||
|
||||
fread(&areahdr, sizeof(areahdr), 1, dfp);
|
||||
sprintf(temp, "%s", filename);
|
||||
snprintf(temp, PATH_MAX, "%s", filename);
|
||||
for (j = strlen(temp); j; j--)
|
||||
if (temp[j] == '/') {
|
||||
temp[j] = '\0';
|
||||
@ -253,7 +253,7 @@ void count_download(char *filename, time_t filedate, off_t filesize, char *dltyp
|
||||
while (fread(&area, areahdr.recsize, 1, dfp) == 1) {
|
||||
i++;
|
||||
if (area.Available && (strcmp(temp, area.Path) == 0)) {
|
||||
sprintf(temp, "%s", basename(filename));
|
||||
snprintf(temp, PATH_MAX, "%s", basename(filename));
|
||||
// Syslog('f', "Download area %d %s", i, temp);
|
||||
|
||||
if ((fdb_area = mbsedb_OpenFDB(i, 30))) {
|
||||
|
||||
@ -274,14 +274,14 @@ void Masterlist()
|
||||
int AreaNr = 0, z, x = 0, New;
|
||||
unsigned long AllFiles = 0, AllKBytes = 0, NewFiles = 0, NewKBytes = 0;
|
||||
unsigned long AllAreaFiles, AllAreaBytes, popdown, down, NewAreaFiles, NewAreaBytes;
|
||||
char *sAreas, temp[81], pop[81];
|
||||
char *sAreas, temp[PATH_MAX], pop[81];
|
||||
struct _fdbarea *fdb_area = NULL;
|
||||
|
||||
sAreas = calloc(PATH_MAX, sizeof(char));
|
||||
|
||||
IsDoing("Create Allfiles list");
|
||||
|
||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if(( pAreas = fopen (sAreas, "r")) == NULL) {
|
||||
WriteError("Can't open File Areas File: %s", sAreas);
|
||||
@ -305,14 +305,14 @@ void Masterlist()
|
||||
|
||||
TopBox(fp, TRUE);
|
||||
TopBox(np, TRUE);
|
||||
sprintf(temp, "All available files at %s", CFG.bbs_name);
|
||||
snprintf(temp, 81, "All available files at %s", CFG.bbs_name);
|
||||
MidLine(temp, fp, TRUE);
|
||||
sprintf(temp, "New available files since %d days at %s", CFG.newdays, CFG.bbs_name);
|
||||
snprintf(temp, 81, "New available files since %d days at %s", CFG.newdays, CFG.bbs_name);
|
||||
MidLine(temp, np, TRUE);
|
||||
BotBox(fp, TRUE);
|
||||
BotBox(np, TRUE);
|
||||
|
||||
sprintf(temp, "%s/etc/header.txt", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX, "%s/etc/header.txt", getenv("MBSE_ROOT"));
|
||||
if (( pHeader = fopen(temp, "r")) != NULL) {
|
||||
Syslog('+', "Inserting %s", temp);
|
||||
|
||||
@ -353,7 +353,7 @@ void Masterlist()
|
||||
down = fdb.TimesDL;
|
||||
if (down > popdown) {
|
||||
popdown = down;
|
||||
sprintf(pop, "%s", fdb.Name);
|
||||
snprintf(pop, 81, "%s", fdb.Name);
|
||||
}
|
||||
if (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays) {
|
||||
NewFiles++;
|
||||
@ -373,20 +373,20 @@ void Masterlist()
|
||||
TopBox(fp, TRUE);
|
||||
TopBox(np, NewAreaFiles);
|
||||
|
||||
sprintf(temp, "Area %d - %s", AreaNr, area.Name);
|
||||
snprintf(temp, 81, "Area %d - %s", AreaNr, area.Name);
|
||||
MidLine(temp, fp, TRUE);
|
||||
MidLine(temp, np, NewAreaFiles);
|
||||
|
||||
sprintf(temp, "File Requests allowed");
|
||||
snprintf(temp, 81, "File Requests allowed");
|
||||
MidLine(temp, fp, area.FileReq);
|
||||
MidLine(temp, np, area.FileReq && NewAreaFiles);
|
||||
|
||||
sprintf(temp, "%ld KBytes in %ld files", AllAreaBytes / 1024, AllAreaFiles);
|
||||
snprintf(temp, 81, "%ld KBytes in %ld files", AllAreaBytes / 1024, AllAreaFiles);
|
||||
MidLine(temp, fp, TRUE);
|
||||
sprintf(temp, "%ld KBytes in %ld files", NewAreaBytes / 1024, NewAreaFiles);
|
||||
snprintf(temp, 81, "%ld KBytes in %ld files", NewAreaBytes / 1024, NewAreaFiles);
|
||||
MidLine(temp, np, NewAreaFiles);
|
||||
if (popdown) {
|
||||
sprintf(temp, "Most popular file is %s", pop);
|
||||
snprintf(temp, 81, "Most popular file is %s", pop);
|
||||
MidLine(temp, fp, TRUE);
|
||||
}
|
||||
|
||||
@ -397,7 +397,7 @@ void Masterlist()
|
||||
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
||||
if (!fdb.Deleted) {
|
||||
New = (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays);
|
||||
sprintf(temp, "%-12s%10lu K %s [%04ld] Uploader: %s",
|
||||
snprintf(temp, 81, "%-12s%10lu K %s [%04ld] Uploader: %s",
|
||||
fdb.Name, (long)(fdb.Size / 1024), StrDateDMY(fdb.UploadDate), fdb.TimesDL,
|
||||
strlen(fdb.Uploader)?fdb.Uploader:"");
|
||||
fprintf(fp, "%s\r\n", temp);
|
||||
@ -434,22 +434,22 @@ void Masterlist()
|
||||
|
||||
TopBox(fp, TRUE);
|
||||
TopBox(np, TRUE);
|
||||
sprintf(temp, "Total %ld files, %ld KBytes", AllFiles, AllKBytes);
|
||||
snprintf(temp, 81, "Total %ld files, %ld KBytes", AllFiles, AllKBytes);
|
||||
MidLine(temp, fp, TRUE);
|
||||
sprintf(temp, "Total %ld files, %ld KBytes", NewFiles, NewKBytes);
|
||||
snprintf(temp, 81, "Total %ld files, %ld KBytes", NewFiles, NewKBytes);
|
||||
MidLine(temp, np, TRUE);
|
||||
|
||||
MidLine((char *)"", fp, TRUE);
|
||||
MidLine((char *)"", np, TRUE);
|
||||
|
||||
sprintf(temp, "Created by MBSE BBS v%s (%s-%s) at %s", VERSION, OsName(), OsCPU(), StrDateDMY(t_start));
|
||||
snprintf(temp, 81, "Created by MBSE BBS v%s (%s-%s) at %s", VERSION, OsName(), OsCPU(), StrDateDMY(t_start));
|
||||
MidLine(temp, fp, TRUE);
|
||||
MidLine(temp, np, TRUE);
|
||||
|
||||
BotBox(fp, TRUE);
|
||||
BotBox(np, TRUE);
|
||||
|
||||
sprintf(temp, "%s/etc/footer.txt", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX, "%s/etc/footer.txt", getenv("MBSE_ROOT"));
|
||||
if(( pHeader = fopen(temp, "r")) != NULL) {
|
||||
Syslog('+', "Inserting %s", temp);
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Language Compiler
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -49,15 +49,15 @@ int main(int argc, char **argv)
|
||||
exit(MBERR_COMMANDLINE);
|
||||
}
|
||||
|
||||
sprintf(temp1, "%s", *(argv + 1));
|
||||
snprintf(temp1, PATH_MAX, "%s", *(argv + 1));
|
||||
unlink(temp1);
|
||||
|
||||
sprintf(temp, "%s", *(argv + 2));
|
||||
snprintf(temp, PATH_MAX, "%s", *(argv + 2));
|
||||
if ((fp1 = fopen(temp, "r")) == NULL) {
|
||||
printf("\nUnable to open %s\n", temp);
|
||||
exit(MBERR_COMMANDLINE);
|
||||
}
|
||||
sprintf(temp1, "%s", *(argv + 1));
|
||||
snprintf(temp1, PATH_MAX, "%s", *(argv + 1));
|
||||
if ((fp = fopen(temp1, "a+")) == NULL) {
|
||||
printf("\nUnable to open %s\n", temp1);
|
||||
exit(MBERR_COMMANDLINE);
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Show contents of toberep.data
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -46,7 +46,7 @@ int main(int argc, char **argv)
|
||||
}
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/etc/toberep.data", BBSpath);
|
||||
snprintf(temp, PATH_MAX, "%s/etc/toberep.data", BBSpath);
|
||||
|
||||
if ((fp = fopen(temp, "r")) == NULL) {
|
||||
printf("File %s not found\n", temp);
|
||||
|
||||
@ -181,8 +181,8 @@ void UserPack(int days, int level, int pack)
|
||||
|
||||
fnin = calloc(PATH_MAX, sizeof(char));
|
||||
fnout = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(fnin, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||
sprintf(fnout, "%s/etc/users.temp", getenv("MBSE_ROOT"));
|
||||
snprintf(fnin, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||
snprintf(fnout, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT"));
|
||||
|
||||
/*
|
||||
* First copy the users database, all packing will be done
|
||||
|
||||
Reference in New Issue
Block a user