Secured sprintf with snprintf
This commit is contained in:
Michiel Broek
parent
111b2970b5
commit
30fa93a8b2
@ -352,7 +352,7 @@ void GetstrP(char *sStr, int iMaxLen, int Position)
|
||||
} else if ((ch > 31 && ch < 127) || traduce(&ch)) {
|
||||
if (iPos <= iMaxLen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxLen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
} else {
|
||||
PUTCHAR('\007');
|
||||
@ -393,7 +393,7 @@ void GetstrC(char *sStr, int iMaxlen)
|
||||
if ((ch > 31) && (ch < 127) && (ch != ',')) {
|
||||
if (iPos <= iMaxlen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
} else
|
||||
PUTCHAR('\007');
|
||||
@ -433,7 +433,7 @@ void GetstrU(char *sStr, int iMaxlen)
|
||||
if (isalnum(ch) || (ch == '@') || (ch == '.') || (ch == '-') || (ch == '_')) {
|
||||
if (iPos <= iMaxlen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
} else
|
||||
PUTCHAR('\007');
|
||||
@ -474,7 +474,7 @@ void GetPhone(char *sStr, int iMaxlen)
|
||||
if ((ch >= '0' && ch <= '9') || (ch == '-') || (ch == '+')) {
|
||||
if (iPos <= iMaxlen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
} else
|
||||
PUTCHAR('\007');
|
||||
@ -516,7 +516,7 @@ void Getnum(char *sStr, int iMaxlen)
|
||||
|
||||
if (iPos <= iMaxlen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
} else
|
||||
PUTCHAR('\007');
|
||||
@ -563,11 +563,11 @@ void GetDate(char *sStr, int iMaxlen)
|
||||
if (ch >= '0' && ch <= '9') {
|
||||
if (iPos < iMaxlen) {
|
||||
iPos++;
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
PUTCHAR(ch);
|
||||
if (iPos == 2 || iPos == 5) {
|
||||
PUTCHAR('-');
|
||||
sprintf(sStr, "%s-", sStr);
|
||||
snprintf(sStr, iMaxlen, "%s-", sStr);
|
||||
iPos++;
|
||||
}
|
||||
} else
|
||||
@ -628,7 +628,7 @@ void Getname(char *sStr, int iMaxlen)
|
||||
if (iPos == 1 && CFG.iCapUserName)
|
||||
ch = toupper(ch);
|
||||
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
printf("%c", ch);
|
||||
} else
|
||||
putchar('\007');
|
||||
@ -688,7 +688,7 @@ void GetnameNE(char *sStr, int iMaxlen)
|
||||
if (iPos == 1)
|
||||
ch = toupper(ch);
|
||||
|
||||
sprintf(sStr, "%s%c", sStr, ch);
|
||||
snprintf(sStr, iMaxlen, "%s%c", sStr, ch);
|
||||
printf("%c", ch);
|
||||
} else
|
||||
putchar('\007');
|
||||
@ -755,7 +755,7 @@ void Pause()
|
||||
string = malloc(81);
|
||||
|
||||
/* Press (Enter) to continue: */
|
||||
sprintf(string, "\r%s", (char *) Language(375));
|
||||
snprintf(string, 81, "\r%s", (char *) Language(375));
|
||||
colour(CFG.CRColourF, CFG.CRColourB);
|
||||
PUTSTR(string);
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Language functions.
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -67,7 +67,7 @@ int Keystroke(int lRecord, int Pos)
|
||||
char temp[30];
|
||||
|
||||
memset(&temp, 0, sizeof(temp));
|
||||
sprintf(temp, "%s", *(mKeystroke + lRecord));
|
||||
snprintf(temp, 30, "%s", *(mKeystroke + lRecord));
|
||||
|
||||
if ((Pos < 0) || (Pos > strlen(temp))) {
|
||||
WriteError("Keystroke(%d, %d): Range Error", lRecord, Pos);
|
||||
@ -88,7 +88,7 @@ void Set_Language(int iLanguage)
|
||||
char *temp;
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/etc/language.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX, "%s/etc/language.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((pLang = fopen(temp, "rb")) == NULL) {
|
||||
WriteError("Language: Can't open file: %s", temp);
|
||||
@ -126,7 +126,7 @@ void InitLanguage()
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
|
||||
sprintf(temp, "%s/etc/%s", getenv("MBSE_ROOT"), CFG.current_language);
|
||||
snprintf(temp, PATH_MAX, "%s/etc/%s", getenv("MBSE_ROOT"), CFG.current_language);
|
||||
if ((pLang = fopen(temp, "rb")) == NULL) {
|
||||
WriteError("$FATAL: Can't open %s", temp);
|
||||
ExitClient(MBERR_INIT_ERROR);
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Display Last Callers
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -69,20 +69,20 @@ void LastCallers(char *OpData)
|
||||
|
||||
clear();
|
||||
|
||||
sprintf(sFileName,"%s/etc/lastcall.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sFileName, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT"));
|
||||
if ((pLC = fopen(sFileName,"r")) == NULL)
|
||||
WriteError("$LastCallers: Can't open %s", sFileName);
|
||||
else {
|
||||
fread(&lcallhdr, sizeof(lcallhdr), 1, pLC);
|
||||
colour(WHITE, BLACK);
|
||||
/* Todays callers to */
|
||||
sprintf(Heading, "%s%s", (char *) Language(84), CFG.bbs_name);
|
||||
snprintf(Heading, 81, "%s%s", (char *) Language(84), CFG.bbs_name);
|
||||
Center(Heading);
|
||||
|
||||
x = strlen(Heading);
|
||||
|
||||
for(i = 0; i < x; i++)
|
||||
sprintf(Underline, "%s%c", Underline, exitinfo.GraphMode ? 196 : 45);
|
||||
snprintf(Underline, 81, "%s%c", Underline, exitinfo.GraphMode ? 196 : 45);
|
||||
|
||||
colour(LIGHTRED, BLACK);
|
||||
Center(Underline);
|
||||
@ -101,32 +101,32 @@ void LastCallers(char *OpData)
|
||||
count++;
|
||||
|
||||
colour(WHITE, BLACK);
|
||||
sprintf(Heading, "%-5d", count);
|
||||
snprintf(Heading, 81, "%-5d", count);
|
||||
PUTSTR(Heading);
|
||||
|
||||
colour(LIGHTCYAN, BLACK);
|
||||
if ((strcasecmp(OpData, "/H")) == 0) {
|
||||
if ((strcmp(lcall.Handle, "") != 0 && *(lcall.Handle) != ' '))
|
||||
sprintf(Heading, "%-20s", lcall.Handle);
|
||||
snprintf(Heading, 81, "%-20s", lcall.Handle);
|
||||
else
|
||||
sprintf(Heading, "%-20s", lcall.UserName);
|
||||
snprintf(Heading, 81, "%-20s", lcall.UserName);
|
||||
} else if (strcasecmp(OpData, "/U") == 0) {
|
||||
sprintf(Heading, "%-20s", lcall.Name);
|
||||
snprintf(Heading, 81, "%-20s", lcall.Name);
|
||||
} else {
|
||||
sprintf(Heading, "%-20s", lcall.UserName);
|
||||
snprintf(Heading, 81, "%-20s", lcall.UserName);
|
||||
}
|
||||
PUTSTR(Heading);
|
||||
|
||||
sprintf(Heading, "%-8s", lcall.Device);
|
||||
snprintf(Heading, 81, "%-8s", lcall.Device);
|
||||
pout(LIGHTBLUE, BLACK, Heading);
|
||||
|
||||
sprintf(Heading, "%-8s", lcall.TimeOn);
|
||||
snprintf(Heading, 81, "%-8s", lcall.TimeOn);
|
||||
pout(LIGHTMAGENTA, BLACK, Heading);
|
||||
|
||||
sprintf(Heading, "%-7d", lcall.Calls);
|
||||
snprintf(Heading, 81, "%-7d", lcall.Calls);
|
||||
pout(YELLOW, BLACK, Heading);
|
||||
|
||||
sprintf(Heading, "%-32s", lcall.Location);
|
||||
snprintf(Heading, 81, "%-32s", lcall.Location);
|
||||
pout(LIGHTRED, BLACK, Heading);
|
||||
Enter(1);
|
||||
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Message line editor.
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -72,7 +72,7 @@ void Line_Edit_Append()
|
||||
}
|
||||
|
||||
while (TRUE) {
|
||||
sprintf(msg, "%-2d : ", Line);
|
||||
snprintf(msg, 41, "%-2d : ", Line);
|
||||
pout(LIGHTGREEN, BLACK, msg);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
alarm_on();
|
||||
@ -102,7 +102,7 @@ void Line_Edit_Delete()
|
||||
while (TRUE) {
|
||||
Enter(2);
|
||||
/* Delete starting at line */
|
||||
sprintf(temp, "%s#(1 - %d): ", (char *) Language(176), (Line - 1) );
|
||||
snprintf(temp, 81, "%s#(1 - %d): ", (char *) Language(176), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -117,7 +117,7 @@ void Line_Edit_Delete()
|
||||
if (start > (Line - 1)) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d)", (char *) Language(178), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d)", (char *) Language(178), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
} else
|
||||
break;
|
||||
@ -125,7 +125,7 @@ void Line_Edit_Delete()
|
||||
|
||||
while (TRUE) {
|
||||
/* Delete ending at line */
|
||||
sprintf(temp, "%s# (1 - %d): ", (char *) Language(179), (Line - 1) );
|
||||
snprintf(temp, 81, "%s# (1 - %d): ", (char *) Language(179), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -141,7 +141,7 @@ void Line_Edit_Delete()
|
||||
if(end > (Line - 1)) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d)", (char *) Language(179), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d)", (char *) Language(179), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
Enter(2);
|
||||
} else
|
||||
@ -179,7 +179,7 @@ void Line_Edit_Edit()
|
||||
while (TRUE) {
|
||||
Enter(1);
|
||||
/* Enter line # to edit */
|
||||
sprintf(temp, "%s(1 - %d): ", (char *) Language(181), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d): ", (char *) Language(181), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -191,14 +191,14 @@ void Line_Edit_Edit()
|
||||
if (edit > Line) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d) ", (char *) Language(178), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d) ", (char *) Language(178), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
} else
|
||||
break;
|
||||
}
|
||||
|
||||
Enter(1);
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
PUTSTR(Message[edit]);
|
||||
@ -227,7 +227,7 @@ void Line_Edit_Insert()
|
||||
while (TRUE) {
|
||||
Enter(2);
|
||||
/* Enter line # to insert text before */
|
||||
sprintf(temp, "%s(1 - %d): ", (char *) Language(183), (Line - 1));
|
||||
snprintf(temp, 81, "%s(1 - %d): ", (char *) Language(183), (Line - 1));
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -242,7 +242,7 @@ void Line_Edit_Insert()
|
||||
if (start > (Line - 1)) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d)", (char *) Language(178), (Line - 1));
|
||||
snprintf(temp, 81, "%s(1 - %d)", (char *) Language(178), (Line - 1));
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
} else
|
||||
break;
|
||||
@ -250,7 +250,7 @@ void Line_Edit_Insert()
|
||||
|
||||
Enter(1);
|
||||
j = start;
|
||||
sprintf(temp, "%-2d : ", start);
|
||||
snprintf(temp, 81, "%-2d : ", start);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -283,7 +283,7 @@ void Line_Edit_Replace()
|
||||
while (TRUE) {
|
||||
Enter(2);
|
||||
/* Enter line # to replace */
|
||||
sprintf(temp, "%s(1 - %d): ", (char *) Language(185), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d): ", (char *) Language(185), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -295,7 +295,7 @@ void Line_Edit_Replace()
|
||||
if (edit > Line) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d) ", (char *) Language(178), (Line - 1));
|
||||
snprintf(temp, 81, "%s(1 - %d) ", (char *) Language(178), (Line - 1));
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
} else
|
||||
break;
|
||||
@ -306,13 +306,13 @@ void Line_Edit_Replace()
|
||||
pout(WHITE, BLACK, (char *) Language(186));
|
||||
Enter(1);
|
||||
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
PUTSTR(Message[edit]);
|
||||
Enter(2);
|
||||
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -329,7 +329,7 @@ void Line_Edit_Replace()
|
||||
pout(WHITE, BLACK, (char *) Language(188));
|
||||
Enter(1);
|
||||
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
@ -348,7 +348,7 @@ void Line_Edit_Text()
|
||||
while (TRUE) {
|
||||
Enter(2);
|
||||
/* Enter line # to edit */
|
||||
sprintf(temp, "%s(1 - %d): ", (char *) Language(194), (Line - 1));
|
||||
snprintf(temp, 81, "%s(1 - %d): ", (char *) Language(194), (Line - 1));
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.InputColourF, CFG.InputColourB);
|
||||
GetstrC(temp, 80);
|
||||
@ -360,7 +360,7 @@ void Line_Edit_Text()
|
||||
if (edit > Line) {
|
||||
Enter(1);
|
||||
/* Please enter a number in the range of */
|
||||
sprintf(temp, "%s(1 - %d) ", (char *) Language(178), (Line - 1) );
|
||||
snprintf(temp, 81, "%s(1 - %d) ", (char *) Language(178), (Line - 1) );
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
} else
|
||||
break;
|
||||
@ -370,7 +370,7 @@ void Line_Edit_Text()
|
||||
/* Line reads: */
|
||||
pout(WHITE, BLACK, (char *) Language(186));
|
||||
Enter(1);
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
PUTSTR(Message[edit]);
|
||||
@ -391,7 +391,7 @@ void Line_Edit_Text()
|
||||
/* Line now reads: */
|
||||
pout(WHITE, BLACK, (char *) Language(197));
|
||||
Enter(1);
|
||||
sprintf(temp, "%d : ", edit);
|
||||
snprintf(temp, 81, "%d : ", edit);
|
||||
pout(LIGHTGREEN, BLACK, temp);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
PUTSTR(Message[edit]);
|
||||
@ -407,7 +407,7 @@ void Line_Edit_Center()
|
||||
|
||||
Enter(2);
|
||||
/* Enter line # to center */
|
||||
sprintf(temp, "%s(1 - %d): ", (char *) Language(203), (Line - 1));
|
||||
snprintf(temp, 81, "%s(1 - %d): ", (char *) Language(203), (Line - 1));
|
||||
pout(WHITE, BLACK, temp);
|
||||
GetstrC(temp, 80);
|
||||
if ((strcmp(temp, "")) == 0)
|
||||
@ -462,7 +462,7 @@ int Line_Edit()
|
||||
while (TRUE) {
|
||||
Enter(1);
|
||||
/* Functions available: (Current Message: */ /* Lines) */
|
||||
sprintf(msg, "%s%d %s", (char *) Language(167), (Line - 1), (char *) Language(168));
|
||||
snprintf(msg, 81, "%s%d %s", (char *) Language(167), (Line - 1), (char *) Language(168));
|
||||
pout(YELLOW, BLACK, msg);
|
||||
Enter(2);
|
||||
|
||||
@ -482,7 +482,7 @@ int Line_Edit()
|
||||
pout(LIGHTCYAN, BLACK, (char *) Language(172));
|
||||
Enter(2);
|
||||
|
||||
sprintf(msg, "%s [", (char *) Language(173));
|
||||
snprintf(msg, 81, "%s [", (char *) Language(173));
|
||||
pout(WHITE, BLACK, msg);
|
||||
for (i = 0; i < 10; i++)
|
||||
PUTCHAR(Keystroke(172, i));
|
||||
@ -516,7 +516,7 @@ int Line_Edit()
|
||||
Enter(2);
|
||||
|
||||
for (i = 1; i < Line; i++) {
|
||||
sprintf(msg, "%d: ", i);
|
||||
snprintf(msg, 81, "%d: ", i);
|
||||
pout(LIGHTGREEN, BLACK, msg);
|
||||
colour(CFG.MsgInputColourF, CFG.MsgInputColourB);
|
||||
PUTSTR(Message[i]);
|
||||
|
||||
Reference in New Issue
Block a user