Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-28 10:30:41 +00:00
parent 4e1309e0eb
commit 35a7bb72d3
4 changed files with 25 additions and 25 deletions

View File

@ -4,7 +4,7 @@
* Purpose ...............: Attach files to outbound
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -57,7 +57,7 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
flofile = calloc(PATH_MAX, sizeof(char));
thefile = calloc(PATH_MAX, sizeof(char));
sprintf(flofile, "%s", floname(&noden, flavor));
snprintf(flofile, PATH_MAX -1, "%s", floname(&noden, flavor));
/*
* Check if outbound directory exists and
@ -86,33 +86,33 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
case LEAVE:
if (strlen(CFG.dospath)) {
if (CFG.leavecase)
sprintf(thefile, "@%s", Unix2Dos(ofile));
snprintf(thefile, PATH_MAX -1, "@%s", Unix2Dos(ofile));
else
sprintf(thefile, "@%s", tu(Unix2Dos(ofile)));
snprintf(thefile, PATH_MAX -1, "@%s", tu(Unix2Dos(ofile)));
} else {
sprintf(thefile, "@%s", ofile);
snprintf(thefile, PATH_MAX -1, "@%s", ofile);
}
break;
case KFS:
if (strlen(CFG.dospath)) {
if (CFG.leavecase)
sprintf(thefile, "^%s", Unix2Dos(ofile));
snprintf(thefile, PATH_MAX -1, "^%s", Unix2Dos(ofile));
else
sprintf(thefile, "^%s", tu(Unix2Dos(ofile)));
snprintf(thefile, PATH_MAX -1, "^%s", tu(Unix2Dos(ofile)));
} else {
sprintf(thefile, "^%s", ofile);
snprintf(thefile, PATH_MAX -1, "^%s", ofile);
}
break;
case TFS:
if (strlen(CFG.dospath)) {
if (CFG.leavecase)
sprintf(thefile, "#%s", Unix2Dos(ofile));
snprintf(thefile, PATH_MAX -1, "#%s", Unix2Dos(ofile));
else
sprintf(thefile, "#%s", tu(Unix2Dos(ofile)));
snprintf(thefile, PATH_MAX -1, "#%s", tu(Unix2Dos(ofile)));
} else {
sprintf(thefile, "#%s", ofile);
snprintf(thefile, PATH_MAX -1, "#%s", ofile);
}
break;
}
@ -168,7 +168,7 @@ int check_flo(faddr *node, char *filename, char flavor)
flofile = calloc(PATH_MAX, sizeof(char));
ticfile = calloc(PATH_MAX, sizeof(char));
sprintf(flofile, "%s", floname(node, flavor));
snprintf(flofile, PATH_MAX -1, "%s", floname(node, flavor));
Syslog('p', "check_flo: %s", flofile);
if ((fp = fopen(flofile, "r+"))) {
filepos = 0;

View File

@ -4,7 +4,7 @@
* Purpose ...............: Config Database.
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -56,7 +56,7 @@ void LoadConfig(void)
char *FileName;
FileName = calloc(PATH_MAX, sizeof(char));
sprintf(FileName, "%s/etc/config.data", getenv("MBSE_ROOT"));
snprintf(FileName, PATH_MAX -1, "%s/etc/config.data", getenv("MBSE_ROOT"));
if ((pDataFile = fopen(FileName, "r")) == NULL) {
perror("\n\nFATAL ERROR:");
printf(" Can't open %s\n", FileName);

View File

@ -79,7 +79,7 @@ int CheckDupe(unsigned long crc, int idx, int max)
if (!dupes[idx].loaded) {
dfile = calloc(PATH_MAX, sizeof(char));
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
if ((fil = fopen(dfile, "r+")) == NULL) {
/*
* Dupe database doesn't exist yet.
@ -155,7 +155,7 @@ void CloseDdb(int idx)
start = dupes[idx].count - dupes[idx].max;
else
start = 0;
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
if ((fil = fopen(dfile, "w"))) {
for (j = start; j < dupes[idx].count; j++)
fwrite(&dupes[idx].crcs[j], sizeof(unsigned long), 1, fil);

View File

@ -4,7 +4,7 @@
* Purpose ...............: Files database functions
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -50,7 +50,7 @@ struct _fdbarea *mbsedb_OpenFDB(long Area, int Timeout)
temp = calloc(PATH_MAX, sizeof(char));
fdb_area = malloc(sizeof(struct _fdbarea)); /* Will be freed by CloseFDB */
sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
/*
* Open the file database, if it's locked, just wait.
@ -200,12 +200,12 @@ void mbsedb_Temp2Data(unsigned long fdb_area)
* we will give that a new name on disk. Then we move the temp in place.
* Finaly remove the old (still locked) original file.
*/
sprintf(temp2, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
snprintf(temp2, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
rename(temp2, temp1);
sprintf(temp1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
rename(temp1, temp2);
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
unlink(temp1);
free(temp1);
@ -241,7 +241,7 @@ int mbsedb_InsertFDB(struct _fdbarea *fdb_area, struct FILE_record frec, int Add
* There are files, search the insert point.
*/
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
fseek(fdb_area->fp, fdbhdr.hdrsize, SEEK_SET);
Insert = 0;
do {
@ -356,7 +356,7 @@ int mbsedb_PackFDB(struct _fdbarea *fdb_area)
* There are files, copy the remaining entries
*/
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
if ((fp = fopen(temp, "a+")) == NULL) {
WriteError("$Can't create %s", temp);
mbsedb_UnlockFDB(fdb_area);
@ -494,7 +494,7 @@ int mbsedb_SortFDB(struct _fdbarea *fdb_area)
}
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
if ((fp = fopen(temp, "a+")) == NULL) {
WriteError("$Can't create %s", temp);
mbsedb_UnlockFDB(fdb_area);