From 3db0afe33508dc9cbe57cc1476bcb3a701cbb40e Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sat, 27 Aug 2005 18:04:18 +0000 Subject: [PATCH] Secured sprintf into snprintf --- lib/charset.c | 2 +- lib/clcomm.c | 26 +++++++++++++------------- lib/client.c | 4 ++-- lib/strutil.c | 16 ++++++++-------- 4 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/charset.c b/lib/charset.c index 619d6bd6..24e28780 100644 --- a/lib/charset.c +++ b/lib/charset.c @@ -305,7 +305,7 @@ int charset_read_bin(void) char *name; name = calloc(PATH_MAX, sizeof(char)); - sprintf(name, "%s/etc/charset.bin", getenv("MBSE_ROOT")); + snprintf(name, PATH_MAX -1, "%s/etc/charset.bin", getenv("MBSE_ROOT")); if ((fp = fopen(name, "r")) == NULL) { WriteError("$Can't open %s", name); free(name); diff --git a/lib/clcomm.c b/lib/clcomm.c index 6b14807a..665e7679 100644 --- a/lib/clcomm.c +++ b/lib/clcomm.c @@ -109,15 +109,15 @@ void InitClient(char *user, char *myname, char *where, char *logfname, long logg exit(MBERR_INIT_ERROR); } - sprintf(progname, "%s", myname); - sprintf(logfile, "%s", logfname); - sprintf(errfile, "%s", err); - sprintf(mgrfile, "%s", mgr); - sprintf(logdebug, "%s", debug); + snprintf(progname, 20, "%s", myname); + snprintf(logfile, PATH_MAX -1, "%s", logfname); + snprintf(errfile, PATH_MAX -1, "%s", err); + snprintf(mgrfile, PATH_MAX -1, "%s", mgr); + snprintf(logdebug, PATH_MAX -1, "%s", debug); loggrade = loggr; - sprintf(cpath, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid()); - sprintf(spath, "%s/tmp/mbtask", getenv("MBSE_ROOT")); + snprintf(cpath, 107, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid()); + snprintf(spath, 107, "%s/tmp/mbtask", getenv("MBSE_ROOT")); /* * Store my pid in case a child process is forked and wants to do @@ -181,7 +181,7 @@ char *SockR(const char *format, ...) va_end(va_ptr); if (socket_send(out) == 0) - sprintf(buf, "%s", socket_receive()); + snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive()); free(out); return buf; @@ -207,7 +207,7 @@ void WriteError(const char *format, ...) outputstr[i] = ' '; if (*outputstr == '$') - sprintf(outputstr+strlen(outputstr), ": %s", strerror(errno)); + snprintf(outputstr+strlen(outputstr), 10239, ": %s", strerror(errno)); if (strlen(outputstr) > (SS_BUFSIZE - 64)) { outputstr[SS_BUFSIZE - 65] = ';'; @@ -451,7 +451,7 @@ unsigned long sequencer() unsigned long seq = 0; buf = calloc(SS_BUFSIZE, sizeof(char)); - sprintf(buf, "SSEQ:0;"); + snprintf(buf, SS_BUFSIZE -1, "SSEQ:0;"); if (socket_send(buf) == 0) { free(buf); @@ -477,10 +477,10 @@ int enoughspace(unsigned long needed) unsigned long avail = 0L; buf = calloc(SS_BUFSIZE, sizeof(char)); - sprintf(buf, "DSPC:1,%ld;", needed); + snprintf(buf, SS_BUFSIZE -1, "DSPC:1,%ld;", needed); if (socket_send(buf) == 0) { - sprintf(buf, "%s", socket_receive()); + snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive()); res = strtok(buf, ":"); cnt = atoi(strtok(NULL, ",")); if (cnt == 1) { @@ -535,7 +535,7 @@ char *printable(char *s, int l) case '\n': *p++='\\'; *p++='n'; break; case '\t': *p++='\\'; *p++='t'; break; case '\b': *p++='\\'; *p++='b'; break; - default: sprintf(p,"\\%02x", (*s & 0xff)); p+=3; break; + default: snprintf(p, 5, "\\%02x", (*s & 0xff)); p+=3; break; } s++; } diff --git a/lib/client.c b/lib/client.c index 073bb06a..5d5a6e7e 100644 --- a/lib/client.c +++ b/lib/client.c @@ -117,7 +117,7 @@ int socket_connect(char *user, char *prg, char *city) /* * Send the information to the server. */ - sprintf(buf, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city); + snprintf(buf, SS_BUFSIZE -1, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city); if (socket_send(buf) != 0) { sock = -1; return -1; @@ -198,7 +198,7 @@ int socket_shutdown(pid_t pid) if (sock == -1) return 0; - sprintf(buf, "ACLO:1,%d;", pid); + snprintf(buf, SS_BUFSIZE -1, "ACLO:1,%d;", pid); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strncmp(buf, "107:0;", 6) != 0) { diff --git a/lib/strutil.c b/lib/strutil.c index 827715cc..f86a35ce 100644 --- a/lib/strutil.c +++ b/lib/strutil.c @@ -262,7 +262,7 @@ char *StrTimeHM(time_t date) struct tm *l_d; l_d = localtime(&date); - sprintf(ttime, "%02d:%02d", l_d->tm_hour, l_d->tm_min); + snprintf(ttime, 5, "%02d:%02d", l_d->tm_hour, l_d->tm_min); return ttime; } @@ -277,7 +277,7 @@ char *StrTimeHMS(time_t date) struct tm *l_d; l_d = localtime(&date); - sprintf(ttime, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec); + snprintf(ttime, 8, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec); return ttime; } @@ -292,7 +292,7 @@ char *GetLocalHM() time_t T_Now; T_Now = time(NULL); - sprintf(gettime,"%s", StrTimeHM(T_Now)); + snprintf(gettime, 14, "%s", StrTimeHM(T_Now)); return(gettime); } @@ -308,7 +308,7 @@ char *GetLocalHMS() time_t T_Now; T_Now = time(NULL); - sprintf(gettime,"%s", StrTimeHMS(T_Now)); + snprintf(gettime, 14, "%s", StrTimeHMS(T_Now)); return(gettime); } @@ -323,7 +323,7 @@ char *StrDateMDY(time_t *Clock) static char cdate[12]; tm = localtime(Clock); - sprintf(cdate,"%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900); + snprintf(cdate, 11, "%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900); return(cdate); } @@ -338,7 +338,7 @@ char *StrDateDMY(time_t date) struct tm *l_d; l_d = localtime(&date); - sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900); + snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900); return tdate; } @@ -357,7 +357,7 @@ char *GetDateDMY() T_Now = time(NULL); l_d = localtime(&T_Now); - sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900); + snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900); return(tdate); } @@ -408,7 +408,7 @@ char *TearLine() { static char tearline[41]; - sprintf(tearline, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(tearline, 40, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU()); return tearline; }