Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-28 12:54:10 +00:00
parent 109480dde1
commit 240e2f72f9
5 changed files with 41 additions and 41 deletions

View File

@ -78,7 +78,7 @@ void A_Help(faddr *t, char *replyid)
subject = calloc(255, sizeof(char));
sprintf(subject,"AreaMgr Help");
GetRpSubject("areamgr.help",subject);
GetRpSubject("areamgr.help",subject,254);
if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject , replyid)) != NULL) {
if ((fi = OpenMacro("areamgr.help", nodes.Language, FALSE)) != NULL ) {
@ -133,22 +133,22 @@ void A_List(faddr *t, char *replyid, int Notify)
switch (Notify) {
case LIST_NOTIFY: Mgrlog("AreaMgr: Notify to %s", ascfnode(t, 0xff));
sprintf(subject,"AreaMgr Notify");
GetRpSubject("areamgr.notify.list",subject);
GetRpSubject("areamgr.notify.list",subject,254);
fi = OpenMacro("areamgr.notify.list", nodes.Language, FALSE);
break;
case LIST_LIST: Mgrlog("AreaMgr: List");
sprintf(subject,"AreaMgr list");
GetRpSubject("areamgr.list",subject);
GetRpSubject("areamgr.list",subject,254);
fi = OpenMacro("areamgr.list", nodes.Language, FALSE);
break;
case LIST_QUERY: Mgrlog("AreaMgr: Query");
sprintf(subject,"AreaMgr Query");
GetRpSubject("areamgr.query",subject);
GetRpSubject("areamgr.query",subject,254);
fi = OpenMacro("areamgr.query", nodes.Language, FALSE);
break;
case LIST_UNLINK: Mgrlog("AreaMgr: Unlinked");
sprintf(subject,"AreaMgr: Unlinked areas");
GetRpSubject("areamgr.unlink",subject);
GetRpSubject("areamgr.unlink",subject,254);
fi = OpenMacro("areamgr.unlink", nodes.Language, FALSE);
break;
}
@ -334,12 +334,12 @@ void A_Flow(faddr *t, char *replyid, int Notify)
if (Notify) {
Mgrlog("AreaMgr: Flow report to %s", ascfnode(t, 0xff));
sprintf(subject,"AreaMgr Notify Flow Report");
GetRpSubject("areamgr.notify.flow",subject);
GetRpSubject("areamgr.notify.flow",subject,254);
fi = OpenMacro("areamgr.notify.flow", nodes.Language, FALSE);
} else {
Mgrlog("AreaMgr: Flow report");
sprintf(subject,"AreaMgr Flow Report");
GetRpSubject("areamgr.flow",subject);
GetRpSubject("areamgr.flow",subject,254);
fi = OpenMacro("areamgr.flow", nodes.Language, FALSE);
}
@ -512,7 +512,7 @@ void A_Status(faddr *t, char *replyid)
MacroVars("y", "s", ascfnode(ta, 0xf));
tidy_faddr(ta);
GetRpSubject("areamgr.status",subject);
GetRpSubject("areamgr.status",subject,254);
if ((fi = OpenMacro("areamgr.status", nodes.Language, FALSE)) == NULL ){
MacroClear();
@ -1134,7 +1134,7 @@ int AreaMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Areamgr");
MacroVars("RABCDE", "ssssss","","","","","","");
sprintf(subject,"Your AreaMgr request");
GetRpSubject("areamgr.responses",subject);
GetRpSubject("areamgr.responses",subject,72);
if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject, replyid)) != NULL) {
MacroVars("RABCDE", "ssssss","WELLCOME","","","","","");
MsgResult("areamgr.responses",np,'\r');

View File

@ -72,7 +72,7 @@ void F_Help(faddr *t, char *replyid)
Mgrlog("FileMgr: Help");
subject=calloc(255,sizeof(char));
sprintf(subject,"FileMgr help");
GetRpSubject("filemgr.help",subject);
GetRpSubject("filemgr.help",subject,254);
if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) {
if ((fi = OpenMacro("filemgr.help", nodes.Language, FALSE)) != NULL ){
@ -122,22 +122,22 @@ void F_List(faddr *t, char *replyid, int Notify)
switch (Notify) {
case LIST_NOTIFY: Mgrlog("FileMgr: Notify to %s", ascfnode(t, 0xff));
sprintf(subject,"FileMgr Notify");
GetRpSubject("filemgr.notify.list",subject);
GetRpSubject("filemgr.notify.list",subject,254);
fi=OpenMacro("filemgr.notify.list", nodes.Language, FALSE);
break;
case LIST_LIST: Mgrlog("FileMgr: List");
sprintf(subject,"FileMgr list");
GetRpSubject("filemgr.list",subject);
GetRpSubject("filemgr.list",subject,254);
fi=OpenMacro("filemgr.list", nodes.Language, FALSE);
break;
case LIST_QUERY: Mgrlog("FileMgr: Query");
sprintf(subject,"FileMgr Query");
GetRpSubject("filemgr.query",subject);
GetRpSubject("filemgr.query",subject,254);
fi=OpenMacro("filemgr.query", nodes.Language, FALSE);
break;
default: Mgrlog("FileMgr: Unlinked");
sprintf(subject,"FileMgr: Unlinked areas");
GetRpSubject("filemgr.unlink",subject);
GetRpSubject("filemgr.unlink",subject,254);
fi=OpenMacro("filemgr.unlink", nodes.Language, FALSE);
break;
}
@ -318,7 +318,7 @@ void F_Status(faddr *t, char *replyid)
MacroVars("k", "d", nodes.F_KbRcvd.month[i]);
MacroVars("l", "d", nodes.F_KbRcvd.total);
MacroVars("s", "s", nodes.Sysop);
GetRpSubject("filemgr.status",subject);
GetRpSubject("filemgr.status",subject,254);
if ((fi = OpenMacro("filemgr.status", nodes.Language, FALSE)) == NULL ) {
free(subject);
@ -945,7 +945,7 @@ int FileMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Filemgr");
MacroVars("RABCDE", "ssssss","","","","","","");
sprintf(subject,"Your FileMgr request");
GetRpSubject("filemgr.responses",subject);
GetRpSubject("filemgr.responses",subject,72);
if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) {
MacroVars("RABCDE", "ssssss","WELLCOME","","","","","");
MsgResult("filemgr.responses",np,'\r');

View File

@ -106,7 +106,7 @@ void WriteMailGroups(FILE *fp, faddr *f)
fgetpos(fi,&fileptr);
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
if ((gp = fopen(temp, "r")) == NULL) {
WriteError("$Can't open %s", temp);
@ -165,7 +165,7 @@ void WriteFileGroups(FILE *fp, faddr *f)
fgetpos(fi,&fileptr);
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
if ((gp = fopen(temp, "r")) == NULL) {
WriteError("$Can't open %s", temp);
@ -312,14 +312,14 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
Orig.net = From->net;
Orig.node = From->node;
Orig.point = From->point;
sprintf(Orig.domain, "%s", From->domain);
snprintf(Orig.domain, 12, "%s", From->domain);
memset(&Dest, 0, sizeof(Dest));
Dest.zone = t->zone;
Dest.net = t->net;
Dest.node = t->node;
Dest.point = t->point;
sprintf(Dest.domain, "%s", t->domain);
snprintf(Dest.domain, 12, "%s", t->domain);
if (!SearchNode(Dest)) {
Syslog('+', "Can't find node %s in setup", aka2str(Dest));
@ -365,13 +365,13 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq");
snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold)
sprintf(ext, (char *)"hhh");
snprintf(ext, 3, (char *)"hhh");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(Orig, Dest, (char *)ext)) == NULL)
return 4;
@ -437,7 +437,7 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
void GetRpSubject(const char *report, char* subject)
void GetRpSubject(const char *report, char* subject, size_t size)
{
FILE *fi;
char *temp;
@ -454,7 +454,7 @@ void GetRpSubject(const char *report, char* subject)
res=diesel((char *)"@(getvar,subject)",temp);
if(res==0)
sprintf(subject,"%s",temp);
snprintf(subject,size,"%s",temp);
free(temp);
}
@ -542,7 +542,7 @@ int Areas(void)
temp = calloc(PATH_MAX, sizeof(char));
buf = calloc(4097, sizeof(char));
sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
if ((gp = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
} else {
@ -557,7 +557,7 @@ int Areas(void)
fflush(stdout);
}
Syslog('+', "Checking mail group %s, file %s", mgroup.Name, mgroup.AreaFile);
sprintf(temp, "%s/%s", CFG.alists_path, mgroup.AreaFile);
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.alists_path, mgroup.AreaFile);
if ((ap = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
} else {
@ -577,7 +577,7 @@ int Areas(void)
printf("(check missing areas)\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
fflush(stdout);
}
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
tidy_arealist(&alist);
@ -652,7 +652,7 @@ int Areas(void)
* the area is set to read-only and all links are disconnected.
* If the area is empty, it is removed from the setup.
*/
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r+")) == NULL) {
WriteError("Can't open %s for r/w");
} else {
@ -666,12 +666,12 @@ int Areas(void)
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
if (msgs.Active && !strcmp(msgs.Group, mgroup.Name) && !strcmp(msgs.Tag, tmp->Name)) {
fseek(fp, - msgshdr.recsize, SEEK_CUR);
sprintf(temp, "%s.jhr", msgs.Base);
snprintf(temp, PATH_MAX -1, "%s.jhr", msgs.Base);
if (strlen(msgs.Base) && (file_size(temp) != 1024)) {
Mgrlog("Marking echo %s, group %s, area %d read-only", msgs.Tag, mgroup.Name,
((ftell(fp) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize)) + 1);
msgs.MsgKinds = RONLY; // Area read-only
sprintf(msgs.Group, "DELETED"); // Make groupname invalid
snprintf(msgs.Group, 12, "DELETED"); // Make groupname invalid
} else {
Mgrlog("Removing empty echo %s, group %s, area %d", msgs.Tag, mgroup.Name,
((ftell(fp) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize)) + 1);
@ -740,7 +740,7 @@ int Areas(void)
fclose(gp);
}
sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
if ((gp = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
} else {
@ -755,7 +755,7 @@ int Areas(void)
fflush(stdout);
}
Syslog('+', "Checking tic group %s, file %s", fgroup.Name, fgroup.AreaFile);
sprintf(temp, "%s/%s", CFG.alists_path, fgroup.AreaFile);
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.alists_path, fgroup.AreaFile);
if ((ap = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
} else {
@ -819,7 +819,7 @@ int Areas(void)
printf("(check missing areas)\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
fflush(stdout);
}
sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
tidy_arealist(&alist);
@ -896,7 +896,7 @@ int Areas(void)
* still warned about that by the "mbfile check" command.
*/
Found = FALSE;
sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r+")) == NULL) {
WriteError("Can't open %s for r/w");
} else {
@ -938,7 +938,7 @@ int Areas(void)
/*
* Purge marked records
*/
sprintf(buf, "%s/etc/tic.temp", getenv("MBSE_ROOT"));
snprintf(buf, 4096, "%s/etc/tic.temp", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) {
WriteError("Can't open %s", temp);
} else if ((ap = fopen(buf, "w")) == NULL) {

View File

@ -24,7 +24,7 @@ typedef struct _AreaList {
void MacroRead(FILE *, FILE *);
int MsgResult(const char *, FILE *, char);
void GetRpSubject(const char *, char*);
void GetRpSubject(const char *, char*, size_t);
void WriteMailGroups(FILE *, faddr *);
void WriteFileGroups(FILE *, faddr *);

View File

@ -4,7 +4,7 @@
* Purpose ...............: Bad file mover
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:2801/16
* Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl
@ -43,8 +43,8 @@ void mover(char *fn)
From = calloc(PATH_MAX, sizeof(char));
To = calloc(PATH_MAX, sizeof(char));
sprintf(From, "%s/%s", TIC.Inbound, fn);
sprintf(To, "%s/%s", CFG.badtic, fn);
snprintf(From, PATH_MAX -1, "%s/%s", TIC.Inbound, fn);
snprintf(To, PATH_MAX -1, "%s/%s", CFG.badtic, fn);
Syslog('!', "Moving %s to %s", From, To);
if (mkdirs(To, 0770)) {