From 4e1309e0eb6877e85fe6ac6e62e92e7d0a2e6403 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 10:03:17 +0000 Subject: [PATCH] Secured sprintf with snprintf --- lib/dbftn.c | 4 ++-- lib/dbmsgs.c | 6 +++--- lib/dbnode.c | 4 ++-- lib/dbtic.c | 6 +++--- lib/dbuser.c | 2 +- lib/diesel.c | 18 +++++++++--------- lib/mbsedb.h | 18 +++++++++--------- 7 files changed, 29 insertions(+), 29 deletions(-) diff --git a/lib/dbftn.c b/lib/dbftn.c index c339ccb0..fd64d71b 100644 --- a/lib/dbftn.c +++ b/lib/dbftn.c @@ -4,7 +4,7 @@ * Purpose ...............: Fidonetrecord Access * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -43,7 +43,7 @@ int InitFidonet(void) memset(&fidonet, 0, sizeof(fidonet)); LoadConfig(); - sprintf(fidonet_fil, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(fidonet_fil, PATH_MAX -1, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fil = fopen(fidonet_fil, "r")) == NULL) return FALSE; diff --git a/lib/dbmsgs.c b/lib/dbmsgs.c index e2b2c0c0..ff287456 100644 --- a/lib/dbmsgs.c +++ b/lib/dbmsgs.c @@ -4,7 +4,7 @@ * Purpose ...............: Message areas record Access * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -53,7 +53,7 @@ int InitMsgs(void) LoadConfig(); sysstart = -1; - sprintf(msgs_fil, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(msgs_fil, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((fil = fopen(msgs_fil, "r")) == NULL) return FALSE; @@ -62,7 +62,7 @@ int InitMsgs(void) msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize); fclose(fil); - sprintf(mgrp_fil, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(mgrp_fil, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); return TRUE; } diff --git a/lib/dbnode.c b/lib/dbnode.c index d6cb2505..dc282307 100644 --- a/lib/dbnode.c +++ b/lib/dbnode.c @@ -4,7 +4,7 @@ * Purpose ...............: Noderecord Access * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -50,7 +50,7 @@ int InitNode(void) memset(&nodes, 0, sizeof(nodes)); LoadConfig(); - sprintf(nodes_fil, "%s/etc/nodes.data", getenv("MBSE_ROOT")); + snprintf(nodes_fil, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT")); if ((fil = fopen(nodes_fil, "r")) == NULL) return FALSE; diff --git a/lib/dbtic.c b/lib/dbtic.c index 1c46effd..b0bda6ca 100644 --- a/lib/dbtic.c +++ b/lib/dbtic.c @@ -4,7 +4,7 @@ * Purpose ...............: Tic areas record Access * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -54,7 +54,7 @@ int InitTic(void) LoadConfig(); sysstart = -1; - sprintf(tic_fil, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(tic_fil, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((fil = fopen(tic_fil, "r")) == NULL) return FALSE; @@ -63,7 +63,7 @@ int InitTic(void) tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize); fclose(fil); - sprintf(tgrp_fil, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(tgrp_fil, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); return TRUE; } diff --git a/lib/dbuser.c b/lib/dbuser.c index 65a25f23..c10ce26f 100644 --- a/lib/dbuser.c +++ b/lib/dbuser.c @@ -43,7 +43,7 @@ int InitUser(void) memset(&usr, 0, sizeof(usr)); LoadConfig(); - sprintf(usr_fil, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(usr_fil, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fil = fopen(usr_fil, "r")) == NULL) return FALSE; diff --git a/lib/diesel.c b/lib/diesel.c index 4a969396..fe332701 100644 --- a/lib/diesel.c +++ b/lib/diesel.c @@ -4,7 +4,7 @@ * Purpose ...............: TURBODIESEL Macro language * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -441,7 +441,7 @@ static void mledreal(double r, char *edbuf) { int sprec; - V sprintf(edbuf, "%.12f", r); + V snprintf(edbuf, MAXSTR -1, "%.12f", r); if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) { /* Trim redundant trailing zeroes off the number. */ for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) { @@ -495,7 +495,7 @@ static int rarg(char *argstr, double *realres) #define Dsarg(s) char s[MAXSTR] /* Declare string argument */ #define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE -#define Rint(n) V sprintf(output, "%d", (n)); return TRUE/* Return int */ +#define Rint(n) V snprintf(output, MAXSTR -1, "%d", (n)); return TRUE/* Return int */ #define Rreal(n) mledreal((n), output); return TRUE /* Return double */ #define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */ @@ -910,7 +910,7 @@ Mfunc(f_edtime) for (i = 0; i < ELEMENTS(pictab); i++) { if (strncasecmp(pp, pictab[i].pname, strlen(pictab[i].pname)) == 0) { - V sprintf(output + strlen(output), pictab[i].pfmt, + V snprintf(output + strlen(output), MAXSTR -1, pictab[i].pfmt, *pictab[i].pitem); pp += strlen(pictab[i].pname); foundit = TRUE; @@ -1321,7 +1321,7 @@ Mfunc(f_time) { ArgCount(0, 0); - V sprintf(output, "%ld", (long) time((time_t *) NULL)); + V snprintf(output, MAXSTR -1, "%ld", (long) time((time_t *) NULL)); return TRUE; } #endif /* UNIXTENSIONS */ @@ -1627,7 +1627,7 @@ static int macrovalue(int nargs, char *args, char *output) message, make up a general-purpose message here. */ if (mstat == FALSE) { - V sprintf(output, " @(%s,%c%c) ", macname, '?', '?'); + V snprintf(output, MAXSTR -1, " @(%s,%c%c) ", macname, '?', '?'); } if (mstat != TRUE) { #ifdef DIESEL_TRACE @@ -1645,7 +1645,7 @@ static int macrovalue(int nargs, char *args, char *output) return TRUE; } } - V sprintf(output, " @(%s)?? ", macname); + V snprintf(output, MAXSTR -1, " @(%s)?? ", macname); #ifdef DIESEL_TRACE if (tracing) { V printf("Err: %s\n", output); @@ -1673,7 +1673,7 @@ static int macroeval(char **in, char **out) #ifdef ECHOMAC *op++ = ' '; *op++ = '<'; - V sprintf(op, "(%d)", mstat); + V snprintf(op, MAXSTR -1, "(%d)", mstat); op += strlen(op); ma = margs; while (mstat-- > 0) { @@ -1779,7 +1779,7 @@ main() /* Cheap way to be insensitive to EOL conventions. */ - sprintf(out,"%s",ParseMacro(in,&err)); + snprintf(out, MAXSTR, "%s",ParseMacro(in,&err)); if (err) { V printf("=> %s\n", in); V printf("---"); diff --git a/lib/mbsedb.h b/lib/mbsedb.h index 674906a0..2c244c96 100644 --- a/lib/mbsedb.h +++ b/lib/mbsedb.h @@ -4,7 +4,7 @@ * Purpose ...............: MBSE BBS database library header * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -51,10 +51,10 @@ void CloseDupes(void); /* * Fidonet database */ -struct _fidonethdr fidonethdr; /* Header record */ -struct _fidonet fidonet; /* Fidonet datarecord */ -int fidonet_cnt; /* Fidonet records in database */ -char fidonet_fil[81];/* Fidonet database filename */ +struct _fidonethdr fidonethdr; /* Header record */ +struct _fidonet fidonet; /* Fidonet datarecord */ +int fidonet_cnt; /* Fidonet records in database */ +char fidonet_fil[PATH_MAX]; /* Fidonet database filename */ int InitFidonet(void); /* Initialize fidonet database */ int TestFidonet(unsigned short); /* Test if zone is in memory */ @@ -102,10 +102,10 @@ void UpdateTic(void); /* Update current messages record */ /* * User records */ -struct userhdr usrhdr; /* Header record */ -struct userrec usr; /* User datarecord */ -int usr_cnt; /* User records in database */ -char usr_fil[81]; /* User database filename */ +struct userhdr usrhdr; /* Header record */ +struct userrec usr; /* User datarecord */ +int usr_cnt; /* User records in database */ +char usr_fil[PATH_MAX]; /* User database filename */ int InitUser(void); /* Initialize user database */ int TestUser(char *); /* Test if user is in memory */