bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 12:12:24 +00:00
parent 9cf1e6ee36
commit 450b9fc276
4 changed files with 59 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
mbfido/rfc2ftn.c
View File

@ -131,7 +131,7 @@ int kludgewrite(char *s, FILE *fp)
*/
int rfc2ftn(FILE *fp, faddr *recipient)
{
char sbe[16], *p, *q, *temp, *origin, newsubj[4 * (MAXSUBJ+1)], *oldsubj, *acup_a = NULL, *charset = NULL;
char sbe[128], *p, *q, *temp, *origin, newsubj[4 * (MAXSUBJ+1)], *oldsubj, *acup_a = NULL, *charset = NULL;
int i, rc, newsmode, seenlen, oldnet;
rfcmsg *msg = NULL, *tmsg, *tmp;
ftnmsg *fmsg = NULL;
@ -161,7 +161,7 @@ int rfc2ftn(FILE *fp, faddr *recipient)
if (newsmode) {
news_in++;
sprintf(currentgroup, "%s", msgs.Newsgroup);
snprintf(currentgroup, 80, "%s", msgs.Newsgroup);
} else
email_in++;
@ -347,7 +347,7 @@ int rfc2ftn(FILE *fp, faddr *recipient)
datasize = 0;
if (splitpart) {
sprintf(newsubj,"[part %d] ",splitpart+1);
snprintf(newsubj,4 * MAXSUBJ,"[part %d] ",splitpart+1);
strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj));
Syslog('+', "Rfc2ftn: split message part %d", splitpart);
} else {
@ -466,7 +466,7 @@ int rfc2ftn(FILE *fp, faddr *recipient)
}
}
if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) {
sprintf(temp, " MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
snprintf(temp, MAXHDRSIZE, " MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
hdrsize += 4 + strlen(temp);
fprintf(ofp, "\1TID:");
kludgewrite(temp, ofp);
@ -634,12 +634,12 @@ int rfc2ftn(FILE *fp, faddr *recipient)
for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL);
}
}
if (msgs.Aka.point == 0) {
sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node);
snprintf(sbe, 127, "%u/%u", msgs.Aka.net, msgs.Aka.node);
fill_list(&sbl, sbe, NULL);
}
@ -655,15 +655,15 @@ int rfc2ftn(FILE *fp, faddr *recipient)
oldnet = sbl->addr->net-1;
for (tmpl = sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node);
snprintf(sbe,127," %u",tmpl->addr->node);
else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXSEEN) {
seenlen = 0;
fprintf(ofp,"\nSEEN-BY:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(ofp,"%s",sbe);
@ -678,7 +678,7 @@ int rfc2ftn(FILE *fp, faddr *recipient)
if (!strcasecmp(tmp->key,"X-FTN-PATH"))
fill_path(&ptl,tmp->val);
if (msgs.Aka.point == 0) {
sprintf(sbe,"%u/%u",msgs.Aka.net, msgs.Aka.node);
snprintf(sbe,127,"%u/%u",msgs.Aka.net, msgs.Aka.node);
fill_path(&ptl,sbe);
}
@ -692,15 +692,15 @@ int rfc2ftn(FILE *fp, faddr *recipient)
oldnet = ptl->addr->net-1;
for (tmpl = ptl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node);
snprintf(sbe,127," %u",tmpl->addr->node);
else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXPATH) {
seenlen = 0;
fprintf(ofp,"\n\1PATH:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(ofp,"%s",sbe);

8
mbfido/rollover.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Statistic rollover util.
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -73,7 +73,7 @@ FILE *OpenData(char *Name)
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/%s", getenv("MBSE_ROOT"), Name);
snprintf(temp, PATH_MAX -1, "%s/etc/%s", getenv("MBSE_ROOT"), Name);
if ((fp = fopen(temp, "r+")) == NULL) {
WriteError("$Can't open %s", temp);
free(temp);
@ -364,7 +364,7 @@ void Rollover()
temp = calloc(PATH_MAX, sizeof(char));
temp1 = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/var/mailer.hist", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/var/mailer.hist", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r"))) {
fread(&history, sizeof(history), 1, fp);
Temp = history.online;
@ -386,7 +386,7 @@ void Rollover()
t->tm_sec = 0;
Now = mktime(t);
Syslog('+', "Packing mailer history since %s", rfcdate(Now));
sprintf(temp1, "%s/var/mailer.temp", getenv("MBSE_ROOT"));
snprintf(temp1, PATH_MAX -1, "%s/var/mailer.temp", getenv("MBSE_ROOT"));
if ((ft = fopen(temp1, "a")) == NULL) {
WriteError("$Can't create %s", temp1);
fclose(fp);

72
mbfido/scan.c
View File

@ -87,7 +87,7 @@ void ScanMail(int DoAll)
Fname = calloc(PATH_MAX, sizeof(char));
temp = calloc(PATH_MAX, sizeof(char));
sprintf(Fname, "%s/tmp/echomail.jam", getenv("MBSE_ROOT"));
snprintf(Fname, PATH_MAX -1, "%s/tmp/echomail.jam", getenv("MBSE_ROOT"));
if ((fp = fopen(Fname, "r")) != NULL) {
while ((fgets(temp, PATH_MAX - 1, fp)) != NULL) {
path = strtok(temp, " \n\0");
@ -106,7 +106,7 @@ void ScanMail(int DoAll)
unlink(Fname);
}
sprintf(Fname, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
snprintf(Fname, PATH_MAX -1, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
if ((fp = fopen(Fname, "r")) != NULL) {
while ((fgets(temp, PATH_MAX - 1, fp)) != NULL) {
path = strtok(temp, " \n\0");
@ -164,7 +164,7 @@ void ScanFull()
}
sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s/etc/users.data", getenv("MBSE_ROOT"));
snprintf(sAreas, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen(sAreas, "r")) != NULL) {
fread(&usrconfighdr, sizeof(usrconfighdr), 1, pAreas);
@ -179,7 +179,7 @@ void ScanFull()
fflush(stdout);
}
sprintf(sAreas, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name);
snprintf(sAreas, PATH_MAX -1, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name);
if (Msg_Open(sAreas)) {
if ((Total = Msg_Number()) != 0L) {
Number = Msg_Lowest();
@ -218,7 +218,7 @@ void ScanFull()
fclose(pAreas);
}
sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen(sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas);
free(sAreas);
@ -271,7 +271,7 @@ void ScanFull()
if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) &&
(CFG.aka[i].point == 0) && !((msgs.Aka.net == CFG.aka[i].net) &&
(msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL);
}
}
@ -378,7 +378,7 @@ void ScanOne(char *path, unsigned long MsgNum)
}
sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen(sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas);
free(sAreas);
@ -426,7 +426,7 @@ void ScanOne(char *path, unsigned long MsgNum)
for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL);
}
}
@ -576,7 +576,7 @@ int RescanOne(faddr *L, char *marea, unsigned long Num)
void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl)
{
int rc, seenlen, oldnet, flags = 0, kludges = TRUE;
char *p, sbe[16], ext[4];
char *p, sbe[128], ext[4];
fa_list *tmpl;
FILE *qp;
faddr *from, *dest;
@ -600,13 +600,13 @@ void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl)
memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq");
snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold)
sprintf(ext, (char *)"hhh");
snprintf(ext, 3, (char *)"hhh");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(msgs.Aka, L.aka, (char *)ext)) == NULL)
return;
@ -655,15 +655,15 @@ void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl)
oldnet = (*sbl)->addr->net - 1;
for (tmpl = *sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node);
snprintf(sbe, 127, " %u", tmpl->addr->node);
else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXSEEN) {
seenlen = 0;
fprintf(qp, "\rSEEN-BY:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(qp, "%s", sbe);
@ -684,7 +684,7 @@ void ExportNews(unsigned long MsgNum, fa_list **sbl)
{
char *p;
int i, seenlen, oldnet, flags = 0;
char sbe[16];
char sbe[128];
fa_list *tmpl;
FILE *qp;
faddr *from, *dest;
@ -755,15 +755,15 @@ void ExportNews(unsigned long MsgNum, fa_list **sbl)
oldnet = (*sbl)->addr->net - 1;
for (tmpl = *sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node);
snprintf(sbe, 127, " %u", tmpl->addr->node);
else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXSEEN) {
seenlen = 0;
fprintf(qp, "\nSEEN-BY:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(qp, "%s", sbe);
@ -837,7 +837,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate)
for (i = 0; i < strlen(fromname); i++)
if (fromname[i] == ' ')
fromname[i] = '_';
sprintf(MailFrom, "%s@%s", fromname, ascinode(from, 0x2f));
snprintf(MailFrom, 127, "%s@%s", fromname, ascinode(from, 0x2f));
if (Msg_Read(MsgNum, 79)) {
if ((p = (char *)MsgText_First()) != NULL) {
@ -851,7 +851,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate)
q = strtok(p, " ");
q = strtok(NULL, " \n\r\t");
}
sprintf(MailTo, "%s", q);
snprintf(MailTo, 127, "%s", q);
Syslog('m', "Final MailTo \"%s\"", MailTo);
break;
@ -933,11 +933,11 @@ void ExportNet(unsigned long MsgNum, int UUCPgate)
if (Msg.Crash || Msg.Direct || Msg.FileAttach || Msg.Immediate) {
memset(&ext, 0, sizeof(ext));
if (Msg.Immediate)
sprintf(ext, (char *)"ddd");
snprintf(ext, 3, (char *)"ddd");
else if (Msg.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
/*
* If the destination is a point, check if it is our point
@ -981,13 +981,13 @@ void ExportNet(unsigned long MsgNum, int UUCPgate)
*/
memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq");
snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold)
sprintf(ext, (char *)"hhh");
snprintf(ext, 3, (char *)"hhh");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(msgs.Aka, Route, (char *)ext)) == NULL) {
net_bad++;
return;
@ -1064,7 +1064,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate)
ta = parsefnode(Msg.ToAddress);
p = calloc(PATH_MAX, sizeof(char));
sprintf(p, "%s/%d.%d.%d.%d/.filelist", CFG.out_queue, ta->zone, ta->net, ta->node, ta->point);
snprintf(p, PATH_MAX -1, "%s/%d.%d.%d.%d/.filelist", CFG.out_queue, ta->zone, ta->net, ta->node, ta->point);
mkdirs(p, 0750);
if ((fl = fopen(p, "a+")) == NULL) {
@ -1160,26 +1160,26 @@ void ExportEmail(unsigned long MsgNum)
if ((strchr(p, '<') != NULL) && (strchr(p, '>') != NULL)) {
q = strtok(p, "<");
q = strtok(NULL, ">");
sprintf(MailFrom, "%s", q);
snprintf(MailFrom, 127, "%s", q);
} else if (Msg.From[0] == ' ') {
q = strtok(p, " ");
q = strtok(NULL, " \n\r\t");
sprintf(MailFrom, "%s", q);
snprintf(MailFrom, 127, "%s", q);
} else {
sprintf(MailFrom, "%s", Msg.From);
snprintf(MailFrom, 127, "%s", Msg.From);
}
p = Msg.To;
if ((strchr(p, '<') != NULL) && (strchr(p, '>') != NULL)) {
q = strtok(p, "<");
q = strtok(NULL, ">");
sprintf(MailTo, "%s", q);
snprintf(MailTo, 127, "%s", q);
} else if (Msg.To[0] == ' ') {
q = strtok(p, " ");
q = strtok(NULL, " \n\r\t");
sprintf(MailTo, "%s", q);
snprintf(MailTo, 127, "%s", q);
} else {
sprintf(MailTo, "%s", Msg.To);
snprintf(MailTo, 127, "%s", Msg.To);
}
retval = postemail(qp, MailFrom, MailTo);

12
mbfido/scannews.c
View File

@ -109,7 +109,7 @@ void fill_artlist(List **fdp, char *id, long nr, int dupe)
for (tmp = fdp; *tmp; tmp = &((*tmp)->next));
*tmp = (List *)malloc(sizeof(List));
(*tmp)->next = NULL;
sprintf((*tmp)->msgid, "%s", id);
snprintf((*tmp)->msgid, MAX_MSGID_LEN -1, "%s", id);
(*tmp)->nr = nr;
(*tmp)->isdupe = dupe;
}
@ -196,7 +196,7 @@ void ScanNews(void)
}
sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if(( pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("$Can't open Messages Areas File.");
return;
@ -259,7 +259,7 @@ int do_one_group(List **art, char *grpname, char *ftntag, int maxarticles)
Syslog('m', "do_one_group(%s, %s)", grpname, ftntag);
IsDoing((char *)"Scan %s", grpname);
sprintf(temp, "GROUP %s\r\n", grpname);
snprintf(temp, 127, "GROUP %s\r\n", grpname);
nntp_send(temp);
resp = nntp_receive();
retval = atoi(strtok(resp, " "));
@ -341,11 +341,11 @@ int get_article(char *msgid, char *ftntag)
return RETVAL_ERROR;
}
sprintf(dpath, "%s/tmp/scannews.last", getenv("MBSE_ROOT"));
snprintf(dpath, PATH_MAX -1, "%s/tmp/scannews.last", getenv("MBSE_ROOT"));
dp = fopen(dpath, "w");
IsDoing("Article %d", (news_in + 1));
sprintf(cmd, "ARTICLE %s\r\n", msgid);
snprintf(cmd, 80, "ARTICLE %s\r\n", msgid);
fprintf(dp, "ARTICLE %s\n", msgid);
nntp_send(cmd);
resp = nntp_receive();
@ -396,7 +396,7 @@ int get_xover(char *grpname, long startnr, long endnr, List **art)
unsigned long crc;
POverview pov;
sprintf(cmd, "XOVER %ld-%ld\r\n", startnr, endnr);
snprintf(cmd, 80, "XOVER %ld-%ld\r\n", startnr, endnr);
if ((retval = nntp_cmd(cmd, 224))) {
switch (retval) {
case 412: WriteError("No newsgroup selected");