Secured sprintf with snprintf
This commit is contained in:
parent
4e1309e0eb
commit
35a7bb72d3
24
lib/attach.c
24
lib/attach.c
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Attach files to outbound
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -57,7 +57,7 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
|
||||
|
||||
flofile = calloc(PATH_MAX, sizeof(char));
|
||||
thefile = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(flofile, "%s", floname(&noden, flavor));
|
||||
snprintf(flofile, PATH_MAX -1, "%s", floname(&noden, flavor));
|
||||
|
||||
/*
|
||||
* Check if outbound directory exists and
|
||||
@ -86,33 +86,33 @@ int attach(faddr noden, char *ofile, int mode, char flavor)
|
||||
case LEAVE:
|
||||
if (strlen(CFG.dospath)) {
|
||||
if (CFG.leavecase)
|
||||
sprintf(thefile, "@%s", Unix2Dos(ofile));
|
||||
snprintf(thefile, PATH_MAX -1, "@%s", Unix2Dos(ofile));
|
||||
else
|
||||
sprintf(thefile, "@%s", tu(Unix2Dos(ofile)));
|
||||
snprintf(thefile, PATH_MAX -1, "@%s", tu(Unix2Dos(ofile)));
|
||||
} else {
|
||||
sprintf(thefile, "@%s", ofile);
|
||||
snprintf(thefile, PATH_MAX -1, "@%s", ofile);
|
||||
}
|
||||
break;
|
||||
|
||||
case KFS:
|
||||
if (strlen(CFG.dospath)) {
|
||||
if (CFG.leavecase)
|
||||
sprintf(thefile, "^%s", Unix2Dos(ofile));
|
||||
snprintf(thefile, PATH_MAX -1, "^%s", Unix2Dos(ofile));
|
||||
else
|
||||
sprintf(thefile, "^%s", tu(Unix2Dos(ofile)));
|
||||
snprintf(thefile, PATH_MAX -1, "^%s", tu(Unix2Dos(ofile)));
|
||||
} else {
|
||||
sprintf(thefile, "^%s", ofile);
|
||||
snprintf(thefile, PATH_MAX -1, "^%s", ofile);
|
||||
}
|
||||
break;
|
||||
|
||||
case TFS:
|
||||
if (strlen(CFG.dospath)) {
|
||||
if (CFG.leavecase)
|
||||
sprintf(thefile, "#%s", Unix2Dos(ofile));
|
||||
snprintf(thefile, PATH_MAX -1, "#%s", Unix2Dos(ofile));
|
||||
else
|
||||
sprintf(thefile, "#%s", tu(Unix2Dos(ofile)));
|
||||
snprintf(thefile, PATH_MAX -1, "#%s", tu(Unix2Dos(ofile)));
|
||||
} else {
|
||||
sprintf(thefile, "#%s", ofile);
|
||||
snprintf(thefile, PATH_MAX -1, "#%s", ofile);
|
||||
}
|
||||
break;
|
||||
}
|
||||
@ -168,7 +168,7 @@ int check_flo(faddr *node, char *filename, char flavor)
|
||||
flofile = calloc(PATH_MAX, sizeof(char));
|
||||
ticfile = calloc(PATH_MAX, sizeof(char));
|
||||
|
||||
sprintf(flofile, "%s", floname(node, flavor));
|
||||
snprintf(flofile, PATH_MAX -1, "%s", floname(node, flavor));
|
||||
Syslog('p', "check_flo: %s", flofile);
|
||||
if ((fp = fopen(flofile, "r+"))) {
|
||||
filepos = 0;
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Config Database.
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -56,7 +56,7 @@ void LoadConfig(void)
|
||||
char *FileName;
|
||||
|
||||
FileName = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(FileName, "%s/etc/config.data", getenv("MBSE_ROOT"));
|
||||
snprintf(FileName, PATH_MAX -1, "%s/etc/config.data", getenv("MBSE_ROOT"));
|
||||
if ((pDataFile = fopen(FileName, "r")) == NULL) {
|
||||
perror("\n\nFATAL ERROR:");
|
||||
printf(" Can't open %s\n", FileName);
|
||||
|
@ -79,7 +79,7 @@ int CheckDupe(unsigned long crc, int idx, int max)
|
||||
|
||||
if (!dupes[idx].loaded) {
|
||||
dfile = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||
if ((fil = fopen(dfile, "r+")) == NULL) {
|
||||
/*
|
||||
* Dupe database doesn't exist yet.
|
||||
@ -155,7 +155,7 @@ void CloseDdb(int idx)
|
||||
start = dupes[idx].count - dupes[idx].max;
|
||||
else
|
||||
start = 0;
|
||||
sprintf(dfile, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||
snprintf(dfile, PATH_MAX -1, "%s/etc/%s.dupe", getenv("MBSE_ROOT"), files[idx]);
|
||||
if ((fil = fopen(dfile, "w"))) {
|
||||
for (j = start; j < dupes[idx].count; j++)
|
||||
fwrite(&dupes[idx].crcs[j], sizeof(unsigned long), 1, fil);
|
||||
|
18
lib/dbfdb.c
18
lib/dbfdb.c
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Files database functions
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -50,7 +50,7 @@ struct _fdbarea *mbsedb_OpenFDB(long Area, int Timeout)
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
fdb_area = malloc(sizeof(struct _fdbarea)); /* Will be freed by CloseFDB */
|
||||
|
||||
sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
|
||||
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area);
|
||||
|
||||
/*
|
||||
* Open the file database, if it's locked, just wait.
|
||||
@ -200,12 +200,12 @@ void mbsedb_Temp2Data(unsigned long fdb_area)
|
||||
* we will give that a new name on disk. Then we move the temp in place.
|
||||
* Finaly remove the old (still locked) original file.
|
||||
*/
|
||||
sprintf(temp2, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
|
||||
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||
snprintf(temp2, PATH_MAX -1, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), fdb_area);
|
||||
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||
rename(temp2, temp1);
|
||||
sprintf(temp1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
|
||||
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area);
|
||||
rename(temp1, temp2);
|
||||
sprintf(temp1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||
snprintf(temp1, PATH_MAX -1, "%s/var/fdb/file%ld.xxxx", getenv("MBSE_ROOT"), fdb_area);
|
||||
unlink(temp1);
|
||||
|
||||
free(temp1);
|
||||
@ -241,7 +241,7 @@ int mbsedb_InsertFDB(struct _fdbarea *fdb_area, struct FILE_record frec, int Add
|
||||
* There are files, search the insert point.
|
||||
*/
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
fseek(fdb_area->fp, fdbhdr.hdrsize, SEEK_SET);
|
||||
Insert = 0;
|
||||
do {
|
||||
@ -356,7 +356,7 @@ int mbsedb_PackFDB(struct _fdbarea *fdb_area)
|
||||
* There are files, copy the remaining entries
|
||||
*/
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
if ((fp = fopen(temp, "a+")) == NULL) {
|
||||
WriteError("$Can't create %s", temp);
|
||||
mbsedb_UnlockFDB(fdb_area);
|
||||
@ -494,7 +494,7 @@ int mbsedb_SortFDB(struct _fdbarea *fdb_area)
|
||||
}
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%ld.temp", getenv("MBSE_ROOT"), fdb_area->area);
|
||||
if ((fp = fopen(temp, "a+")) == NULL) {
|
||||
WriteError("$Can't create %s", temp);
|
||||
mbsedb_UnlockFDB(fdb_area);
|
||||
|
Reference in New Issue
Block a user