From 59532fc79d9fabe291101fc837025c0c3ad5fced Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 17:27:35 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbsebbs/userlist.c | 30 ++++++++++++------------ mbsebbs/whoson.c | 58 +++++++++++++++++++++++----------------------- mbsebbs/ymsend.c | 6 ++--- mbsebbs/zmrecv.c | 4 ++-- mbsebbs/zmsend.c | 3 ++- 5 files changed, 51 insertions(+), 50 deletions(-) diff --git a/mbsebbs/userlist.c b/mbsebbs/userlist.c index 3d6613b8..6c63751f 100644 --- a/mbsebbs/userlist.c +++ b/mbsebbs/userlist.c @@ -4,7 +4,7 @@ * Purpose ...............: Display Userlist * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -59,7 +59,7 @@ void UserList(char *OpData) Enter(1); LineCount = 1; - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((pUsrConfig = fopen(temp, "rb")) == NULL) { WriteError("UserList: Can't open file: %s", temp); return; @@ -84,27 +84,27 @@ void UserList(char *OpData) while (fread(&u, uhdr.recsize, 1, pUsrConfig) == 1) { if ((strcmp(Name,"")) != 0) { if (((strcasecmp(OpData, "/H")) == 0) && strlen(u.sHandle)) - sprintf(User, "%s", u.sHandle); + snprintf(User, 36, "%s", u.sHandle); else if ((strcasecmp(OpData, "/U")) == 0) - sprintf(User, "%s", u.Name); + snprintf(User, 36, "%s", u.Name); else - sprintf(User, "%s", u.sUserName); + snprintf(User, 36, "%s", u.sUserName); if ((strstr(tl(User), tl(Name)) != NULL)) { if ((!u.Hidden) && (!u.Deleted)) { if ((strcasecmp(OpData, "/H")) == 0) { if ((strcmp(u.sHandle, "") != 0 && *(u.sHandle) != ' ')) - sprintf(msg, "%-25s", u.sHandle); + snprintf(msg, 81, "%-25s", u.sHandle); else - sprintf(msg, "%-25s", u.sUserName); + snprintf(msg, 81, "%-25s", u.sUserName); } else if (strcasecmp(OpData, "/U") == 0) { - sprintf(msg, "%-25s", u.Name); + snprintf(msg, 81, "%-25s", u.Name); } else { - sprintf(msg, "%-25s", u.sUserName); + snprintf(msg, 81, "%-25s", u.sUserName); } PUTSTR(msg); - sprintf(msg, "%-30s%-14s%-10d", u.sLocation, StrDateDMY(u.tLastLoginDate), u.iTotalCalls); + snprintf(msg, 81, "%-30s%-14s%-10d", u.sLocation, StrDateDMY(u.tLastLoginDate), u.iTotalCalls); PUTSTR(msg); iFoundName = TRUE; LineCount++; @@ -115,17 +115,17 @@ void UserList(char *OpData) } else if ((!u.Hidden) && (!u.Deleted) && (strlen(u.sUserName) > 0)) { if ((strcmp(OpData, "/H")) == 0) { if ((strcasecmp(u.sHandle, "") != 0 && *(u.sHandle) != ' ')) - sprintf(msg, "%-25s", u.sHandle); + snprintf(msg, 81, "%-25s", u.sHandle); else - sprintf(msg, "%-25s", u.sUserName); + snprintf(msg, 81, "%-25s", u.sUserName); } else if (strcasecmp(OpData, "/U") == 0) { - sprintf(msg, "%-25s", u.Name); + snprintf(msg, 81, "%-25s", u.Name); } else { - sprintf(msg, "%-25s", u.sUserName); + snprintf(msg, 81, "%-25s", u.sUserName); } PUTSTR(msg); - sprintf(msg, "%-30s%-14s%-10d", u.sLocation, StrDateDMY(u.tLastLoginDate), u.iTotalCalls); + snprintf(msg, 81, "%-30s%-14s%-10d", u.sLocation, StrDateDMY(u.tLastLoginDate), u.iTotalCalls); PUTSTR(msg); iFoundName = TRUE; LineCount++; diff --git a/mbsebbs/whoson.c b/mbsebbs/whoson.c index 7ebcf116..7af1a98e 100644 --- a/mbsebbs/whoson.c +++ b/mbsebbs/whoson.c @@ -4,7 +4,7 @@ * Purpose ...............: Who's online functions * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -66,12 +66,12 @@ void WhosOn(char *OpData) Enter(1); colour(WHITE, BLACK); /* Callers On-Line to */ - sprintf(Heading, "%s%s", (char *) Language(414), CFG.bbs_name); + snprintf(Heading, 81, "%s%s", (char *) Language(414), CFG.bbs_name); Center(Heading); x = strlen(Heading); for(i = 0; i < x; i++) - sprintf(Underline, "%s%c", Underline, exitinfo.GraphMode ? 196 : 45); + snprintf(Underline, 81, "%s%c", Underline, exitinfo.GraphMode ? 196 : 45); colour(LIGHTRED, BLACK); Center(Underline); Enter(1); @@ -84,9 +84,9 @@ void WhosOn(char *OpData) while (TRUE) { if (Start) - sprintf(buf, "GMON:1,1;"); + snprintf(buf, 128, "GMON:1,1;"); else - sprintf(buf, "GMON:1,0;"); + snprintf(buf, 128, "GMON:1,0;"); Start = FALSE; if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); @@ -107,7 +107,7 @@ void WhosOn(char *OpData) * want the handle or real name instead. */ temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp,"rb")) != NULL) { fread(&ushdr, sizeof(ushdr), 1, fp); @@ -127,11 +127,11 @@ void WhosOn(char *OpData) } free(temp); } - sprintf(msg, "%-30s", fullname); + snprintf(msg, 81, "%-30s", fullname); pout(LIGHTCYAN, BLACK, msg); free(fullname); - sprintf(msg, "%-9s", device); + snprintf(msg, 81, "%-9s", device); pout(LIGHTBLUE, BLACK, msg); free(device); @@ -141,37 +141,37 @@ void WhosOn(char *OpData) if (strstr(isdoing, "Browsing")) /* Browseng */ - sprintf(msg, "%-15s", (char *) Language(418)); + snprintf(msg, 81, "%-15s", (char *) Language(418)); else if (strstr(isdoing, "Downloading")) /* Downloading */ - sprintf(msg, "%-15s", (char *) Language(419)); + snprintf(msg, 81, "%-15s", (char *) Language(419)); else if (strstr(isdoing, "Uploading")) /* Uploading */ - sprintf(msg, "%-15s", (char *) Language(420)); + snprintf(msg, 81, "%-15s", (char *) Language(420)); else if (strstr(isdoing, "Read")) /* Msg Section */ - sprintf(msg, "%-15s", (char *) Language(421)); + snprintf(msg, 81, "%-15s", (char *) Language(421)); else if (strstr(isdoing, "External")) /* External Door */ - sprintf(msg, "%-15s", (char *) Language(422)); + snprintf(msg, 81, "%-15s", (char *) Language(422)); else if (strstr(isdoing, "Chat")) /* Chatting */ - sprintf(msg, "%-15s", (char *) Language(423)); + snprintf(msg, 81, "%-15s", (char *) Language(423)); else if (strstr(isdoing, "Files")) /* Listing Files */ - sprintf(msg, "%-15s", (char *) Language(424)); + snprintf(msg, 81, "%-15s", (char *) Language(424)); else if (strstr(isdoing, "Time")) /* Banking Door */ - sprintf(msg, "%-15s", (char *) Language(426)); + snprintf(msg, 81, "%-15s", (char *) Language(426)); else if (strstr(isdoing, "Safe")) /* Safe Door */ - sprintf(msg, "%-15s", (char *) Language(427)); + snprintf(msg, 81, "%-15s", (char *) Language(427)); else if (strstr(isdoing, "Whoson")) /* WhosOn List */ - sprintf(msg, "%-15s", (char *) Language(428)); + snprintf(msg, 81, "%-15s", (char *) Language(428)); else if (strstr(isdoing, "Offline")) /* Offline Reader */ - sprintf(msg, "%-15s", (char *) Language(429)); + snprintf(msg, 81, "%-15s", (char *) Language(429)); else { /* * This is default when nothing matches, with doors this @@ -179,11 +179,11 @@ void WhosOn(char *OpData) */ if (strlen(isdoing) > 15) isdoing[15] = '\0'; - sprintf(msg, "%-15s", isdoing); + snprintf(msg, 81, "%-15s", isdoing); } pout(WHITE, BLACK, msg); - sprintf(msg, "%-25s", location); + snprintf(msg, 81, "%-25s", location); pout(LIGHTRED, BLACK, msg); Enter(1); free(location); @@ -292,17 +292,17 @@ void SendOnlineMsg(char *OpData) * users unix name to send to mbtask. */ if ((strcasecmp(OpData, "/H") == 0) || (strlen(OpData) == 0)) { - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "rb")) != NULL) { fread(&ushdr, sizeof(ushdr), 1, fp); Syslog('-', "Using translate"); while (fread(&us, ushdr.recsize, 1, fp) == 1) { if ((strcasecmp(OpData, "/H") == 0) && strlen(us.sHandle) && (strcasecmp(User, us.sHandle) == 0)) { - sprintf(User, "%s", us.Name); + snprintf(User, 36, "%s", us.Name); break; } else if ((strlen(OpData) == 0) && (strcasecmp(User, us.sUserName) == 0)) { - sprintf(User, "%s", us.Name); + snprintf(User, 36, "%s", us.Name); break; } } @@ -320,11 +320,11 @@ void SendOnlineMsg(char *OpData) if ((strcmp(String, "")) != 0) { buf[0] = '\0'; if ((strcasecmp(OpData, "/H") == 0) && strlen(exitinfo.sHandle)) - sprintf(buf, "CSPM:3,%s,%s,%s;", exitinfo.sHandle, User, String); + snprintf(buf, 128, "CSPM:3,%s,%s,%s;", exitinfo.sHandle, User, String); else if (strcasecmp(OpData, "/U") == 0) - sprintf(buf, "CSPM:3,%s,%s,%s;", exitinfo.Name, User, String); + snprintf(buf, 128, "CSPM:3,%s,%s,%s;", exitinfo.Name, User, String); else - sprintf(buf, "CSPM:3,%s,%s,%s;", exitinfo.sUserName, User, String); + snprintf(buf, 128, "CSPM:3,%s,%s,%s;", exitinfo.sUserName, User, String); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); @@ -332,7 +332,7 @@ void SendOnlineMsg(char *OpData) if (strncmp(buf, "100:1,3;", 8) == 0) { Enter(1); /* Sorry, there is no user on */ - sprintf(temp, "%s %s", (char *) Language(431), User); + snprintf(temp, PATH_MAX, "%s %s", (char *) Language(431), User); PUTSTR(temp); Enter(1); } @@ -344,7 +344,7 @@ void SendOnlineMsg(char *OpData) if (strncmp(buf, "100:1,1;", 8) == 0) { Enter(1); /* doesn't wish to be disturbed */ - sprintf(temp, "%s %s", User, (char *) Language(432)); + snprintf(temp, PATH_MAX, "%s %s", User, (char *) Language(432)); pout(LIGHTRED, BLACK, temp); Enter(1); } diff --git a/mbsebbs/ymsend.c b/mbsebbs/ymsend.c index 9fbab882..f0eb8dea 100644 --- a/mbsebbs/ymsend.c +++ b/mbsebbs/ymsend.c @@ -4,7 +4,7 @@ * Purpose ...............: Ymodem sender * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -184,7 +184,7 @@ static int wctxpn(char *fname) if (protocol == ZM_XMODEM) { if (*fname) { - sprintf(name2, "Sending %s, %ld blocks: ", fname, (long) (f.st_size >> 7)); + snprintf(name2, PATH_MAX +1, "Sending %s, %ld blocks: ", fname, (long) (f.st_size >> 7)); PUTSTR(name2); Enter(1); } @@ -222,7 +222,7 @@ static int wctxpn(char *fname) * int. But i believe sending %lo instead of %o _could_ break compatability */ if ((input_f != stdin) && *fname) - sprintf(p, "%lu %lo %o 0 %d %ld", (long) f.st_size, (long) f.st_mtime, + snprintf(p, MAXBLOCK + 1024, "%lu %lo %o 0 %d %ld", (long) f.st_size, (long) f.st_mtime, (unsigned int)((no_unixmode) ? 0 : f.st_mode), Filesleft, Totalleft); Totalleft -= f.st_size; diff --git a/mbsebbs/zmrecv.c b/mbsebbs/zmrecv.c index 28e494e5..70e83033 100644 --- a/mbsebbs/zmrecv.c +++ b/mbsebbs/zmrecv.c @@ -4,7 +4,7 @@ * Purpose ...............: Zmodem receive * ***************************************************************************** - * Copyright (C) 1997-2003 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -617,7 +617,7 @@ long getfree(void) char *temp; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name); + snprintf(temp, PATH_MAX, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name); if (statfs(temp, &sfs) != 0) { WriteError("$cannot statfs \"%s\", assume enough space", temp); diff --git a/mbsebbs/zmsend.c b/mbsebbs/zmsend.c index 6e913f89..87e35057 100644 --- a/mbsebbs/zmsend.c +++ b/mbsebbs/zmsend.c @@ -213,7 +213,8 @@ static int sendzfile(char *rn) Syslog('+', "Zmodem: size %lu bytes, dated %s", (unsigned long)st.st_size, rfcdate(st.st_mtime)); gettimeofday(&starttime, &tz); - sprintf(txbuf,"%s %lu %lo %o 0 0 0", rn,(unsigned long)st.st_size, (long)st.st_mtime+(st.st_mtime%2), st.st_mode); + snprintf(txbuf,MAXBLOCK + 1024,"%s %lu %lo %o 0 0 0", rn, + (unsigned long)st.st_size, (long)st.st_mtime+(st.st_mtime%2), st.st_mode); bufl = strlen(txbuf); *(strchr(txbuf,' ')) = '\0'; /*hope no blanks in filename*/