Secured sprintf with snprintf
This commit is contained in:
parent
4e1309e0eb
commit
35a7bb72d3
24
lib/attach.c
24
lib/attach.c
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Attach files to outbound
|
* Purpose ...............: Attach files to outbound
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -57,7 +57,7 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
|
|||||||
|
|
||||||
flofile = calloc(PATH_MAX, sizeof(char));
|
flofile = calloc(PATH_MAX, sizeof(char));
|
||||||
thefile = calloc(PATH_MAX, sizeof(char));
|
thefile = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(flofile, "%s", floname(&noden, flavor));
|
snprintf(flofile, PATH_MAX -1, "%s", floname(&noden, flavor));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Check if outbound directory exists and
|
* Check if outbound directory exists and
|
||||||
@ -86,33 +86,33 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
|
|||||||
case LEAVE:
|
case LEAVE:
|
||||||
if (strlen(CFG.dospath)) {
|
if (strlen(CFG.dospath)) {
|
||||||
if (CFG.leavecase)
|
if (CFG.leavecase)
|
||||||
sprintf(thefile, "@%s", Unix2Dos(ofile));
|
snprintf(thefile, PATH_MAX -1, "@%s", Unix2Dos(ofile));
|
||||||
else
|
else
|
||||||
sprintf(thefile, "@%s", tu(Unix2Dos(ofile)));
|
snprintf(thefile, PATH_MAX -1, "@%s", tu(Unix2Dos(ofile)));
|
||||||
} else {
|
} else {
|
||||||
sprintf(thefile, "@%s", ofile);
|
snprintf(thefile, PATH_MAX -1, "@%s", ofile);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case KFS:
|
case KFS:
|
||||||
if (strlen(CFG.dospath)) {
|
if (strlen(CFG.dospath)) {
|
||||||
if (CFG.leavecase)
|
if (CFG.leavecase)
|
||||||
sprintf(thefile, "^%s", Unix2Dos(ofile));
|
snprintf(thefile, PATH_MAX -1, "^%s", Unix2Dos(ofile));
|
||||||
else
|
else
|
||||||
sprintf(thefile, "^%s", tu(Unix2Dos(ofile)));
|
snprintf(thefile, PATH_MAX -1, "^%s", tu(Unix2Dos(ofile)));
|
||||||
} else {
|
} else {
|
||||||
sprintf(thefile, "^%s", ofile);
|
snprintf(thefile, PATH_MAX -1, "^%s", ofile);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case TFS:
|
case TFS:
|
||||||
if (strlen(CFG.dospath)) {
|
if (strlen(CFG.dospath)) {
|
||||||
if (CFG.leavecase)
|
if (CFG.leavecase)
|
||||||
sprintf(thefile, "#%s", Unix2Dos(ofile));
|
snprintf(thefile, PATH_MAX -1, "#%s", Unix2Dos(ofile));
|
||||||
else
|
else
|
||||||
sprintf(thefile, "#%s", tu(Unix2Dos(ofile)));
|
snprintf(thefile, PATH_MAX -1, "#%s", tu(Unix2Dos(ofile)));
|
||||||
} else {
|
} else {
|
||||||
sprintf(thefile, "#%s", ofile);
|
snprintf(thefile, PATH_MAX -1, "#%s", ofile);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -168,7 +168,7 @@ int check_flo(faddr *node, char *filename, char flavor)
|
|||||||
flofile = calloc(PATH_MAX, sizeof(char));
|
flofile = calloc(PATH_MAX, sizeof(char));
|
||||||
ticfile = calloc(PATH_MAX, sizeof(char));
|
ticfile = calloc(PATH_MAX, sizeof(char));
|
||||||
|
|
||||||
sprintf(flofile, "%s", floname(node, flavor));
|
snprintf(flofile, PATH_MAX -1, "%s", floname(node, flavor));
|
||||||
Syslog('p', "check_flo: %s", flofile);
|
Syslog('p', "check_flo: %s", flofile);
|
||||||
if ((fp = fopen(flofile, "r+"))) {
|
if ((fp = fopen(flofile, "r+"))) {
|
||||||
filepos = 0;
|
filepos = 0;
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Config Database.
|
* Purpose ...............: Config Database.
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -56,7 +56,7 @@ void LoadConfig(void)
|
|||||||
char *FileName;
|
char *FileName;
|
||||||
|
|
||||||
FileName = calloc(PATH_MAX, sizeof(char));
|
FileName = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(FileName, "%s/etc/config.data", getenv("MBSE_ROOT"));
|
snprintf(FileName, PATH_MAX -1, "%s/etc/config.data", getenv("MBSE_ROOT"));
|
||||||
if ((pDataFile = fopen(FileName, "r")) == NULL) {
|
if ((pDataFile = fopen(FileName, "r")) == NULL) {
|
||||||
perror("\n\nFATAL ERROR:");
|
perror("\n\nFATAL ERROR:");
|
||||||
printf(" Can't open %s\n", FileName);
|
printf(" Can't open %s\n", FileName);
|
||||||
|
@ -79,7 +79,7 @@ int CheckDupe(unsigned long crc, int idx, int max)
|
|||||||
|
|
||||||
if (!dupes[idx].loaded) {
|
if (!dupes[idx].loaded) {
|
||||||
dfile = calloc(PATH_MAX, sizeof(char));
|
dfile = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||||
if ((fil = fopen(dfile, "r+")) == NULL) {
|
if ((fil = fopen(dfile, "r+")) == NULL) {
|
||||||
/*
|
/*
|
||||||
* Dupe database doesn't exist yet.
|
* Dupe database doesn't exist yet.
|
||||||
@ -155,7 +155,7 @@ void CloseDdb(int idx)
|
|||||||
start = dupes[idx].count - dupes[idx].max;
|
start = dupes[idx].count - dupes[idx].max;
|
||||||
else
|
else
|
||||||
start = 0;
|
start = 0;
|
||||||
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||||
if ((fil = fopen(dfile, "w"))) {
|
if ((fil = fopen(dfile, "w"))) {
|
||||||
for (j = start; j < dupes[idx].count; j++)
|
for (j = start; j < dupes[idx].count; j++)
|
||||||
fwrite(&dupes[idx].crcs[j], sizeof(unsigned long), 1, fil);
|
fwrite(&dupes[idx].crcs[j], sizeof(unsigned long), 1, fil);
|
||||||
|
18
lib/dbfdb.c
18
lib/dbfdb.c
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Files database functions
|
* Purpose ...............: Files database functions
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -50,7 +50,7 @@ struct _fdbarea *mbsedb_OpenFDB(long Area, int Timeout)
|
|||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
fdb_area = malloc(sizeof(struct _fdbarea)); /* Will be freed by CloseFDB */
|
fdb_area = malloc(sizeof(struct _fdbarea)); /* Will be freed by CloseFDB */
|
||||||
|
|
||||||
sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
|
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Open the file database, if it's locked, just wait.
|
* Open the file database, if it's locked, just wait.
|
||||||
@ -200,12 +200,12 @@ void mbsedb_Temp2Data(unsigned long fdb_area)
|
|||||||
* we will give that a new name on disk. Then we move the temp in place.
|
* we will give that a new name on disk. Then we move the temp in place.
|
||||||
* Finaly remove the old (still locked) original file.
|
* Finaly remove the old (still locked) original file.
|
||||||
*/
|
*/
|
||||||
sprintf(temp2, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
|
snprintf(temp2, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
|
||||||
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||||
rename(temp2, temp1);
|
rename(temp2, temp1);
|
||||||
sprintf(temp1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
|
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
|
||||||
rename(temp1, temp2);
|
rename(temp1, temp2);
|
||||||
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||||
unlink(temp1);
|
unlink(temp1);
|
||||||
|
|
||||||
free(temp1);
|
free(temp1);
|
||||||
@ -241,7 +241,7 @@ int mbsedb_InsertFDB(struct _fdbarea *fdb_area, struct FILE_record frec, int Add
|
|||||||
* There are files, search the insert point.
|
* There are files, search the insert point.
|
||||||
*/
|
*/
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||||
fseek(fdb_area->fp, fdbhdr.hdrsize, SEEK_SET);
|
fseek(fdb_area->fp, fdbhdr.hdrsize, SEEK_SET);
|
||||||
Insert = 0;
|
Insert = 0;
|
||||||
do {
|
do {
|
||||||
@ -356,7 +356,7 @@ int mbsedb_PackFDB(struct _fdbarea *fdb_area)
|
|||||||
* There are files, copy the remaining entries
|
* There are files, copy the remaining entries
|
||||||
*/
|
*/
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||||
if ((fp = fopen(temp, "a+")) == NULL) {
|
if ((fp = fopen(temp, "a+")) == NULL) {
|
||||||
WriteError("$Can't create %s", temp);
|
WriteError("$Can't create %s", temp);
|
||||||
mbsedb_UnlockFDB(fdb_area);
|
mbsedb_UnlockFDB(fdb_area);
|
||||||
@ -494,7 +494,7 @@ int mbsedb_SortFDB(struct _fdbarea *fdb_area)
|
|||||||
}
|
}
|
||||||
|
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||||
if ((fp = fopen(temp, "a+")) == NULL) {
|
if ((fp = fopen(temp, "a+")) == NULL) {
|
||||||
WriteError("$Can't create %s", temp);
|
WriteError("$Can't create %s", temp);
|
||||||
mbsedb_UnlockFDB(fdb_area);
|
mbsedb_UnlockFDB(fdb_area);
|
||||||
|
Reference in New Issue
Block a user