bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 12:35:18 +00:00
parent 107b01699a
commit 62dbe6534f
3 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mbfido/notify.c
View File

@ -68,7 +68,7 @@ int Notify(char *Options)
}
if (strlen(Options)) {
sprintf(Opt, "%s~", Options);
snprintf(Opt, 43, "%s~", Options);
if (strchr(Opt, '.') != NULL) {
temp = strdup(strtok(Opt, ":"));
if (atoi(temp))
@ -111,8 +111,8 @@ int Notify(char *Options)
}
Syslog('m', "Parsing nodes %d:%d/%d.%d", Zones, Nets, Nodes, Points);
temp = calloc(128, sizeof(char));
sprintf(temp, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
temp = calloc(PATH_MAX, sizeof(char));
snprintf(temp, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
if ((np = fopen(temp, "r")) == NULL) {
WriteError("$Can't open %s", temp);
return FALSE;

32
mbfido/post.c
View File

@ -69,7 +69,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
}
sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s//etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(sAreas, PATH_MAX -1, "%s//etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(sAreas, "r")) == NULL) {
WriteError("$Can't open %s", sAreas);
free(sAreas);
@ -163,8 +163,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
/*
* Start writing the message
*/
sprintf(Msg.From, CFG.sysop_name);
sprintf(Msg.To, To);
snprintf(Msg.From, 100, CFG.sysop_name);
snprintf(Msg.To, 100, To);
/*
* If netmail, clean the To field.
@ -180,8 +180,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
}
}
sprintf(Msg.Subject, "%s", Subj);
sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka));
snprintf(Msg.Subject, 100, "%s", Subj);
snprintf(Msg.FromAddress, 100, "%s", aka2str(msgs.Aka));
Msg.Written = time(NULL);
Msg.Arrived = time(NULL);
Msg.Local = TRUE;
@ -200,7 +200,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
case NETMAIL:
Msg.Netmail = TRUE;
sprintf(Msg.ToAddress, "%s", ascfnode(parsefaddr(To), 0xff));
snprintf(Msg.ToAddress, 100, "%s", ascfnode(parsefaddr(To), 0xff));
break;
case ECHOMAIL:
@ -213,19 +213,19 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
}
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer());
snprintf(temp, PATH_MAX -1, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer());
MsgText_Add2(temp);
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
Msg.ReplyCRC = 0xffffffff;
sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
snprintf(temp, PATH_MAX -1, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
MsgText_Add2(temp);
if (msgs.Charset != FTNC_NONE) {
sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset));
snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(msgs.Charset));
} else {
sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
}
MsgText_Add2(temp);
sprintf(temp, "\001TZUTC: %s", gmtoffset(tt));
snprintf(temp, PATH_MAX -1, "\001TZUTC: %s", gmtoffset(tt));
MsgText_Add2(temp);
while ((Fgets(temp, PATH_MAX -1, tp)) != NULL) {
@ -255,14 +255,14 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
aka = calloc(40, sizeof(char));
if (msgs.Aka.point)
sprintf(aka, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point);
snprintf(aka, 39, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point);
else
sprintf(aka, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node);
snprintf(aka, 39, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node);
if (strlen(msgs.Origin))
sprintf(temp, " * Origin: %s %s", msgs.Origin, aka);
snprintf(temp, 80, " * Origin: %s %s", msgs.Origin, aka);
else
sprintf(temp, " * Origin: %s %s", CFG.origin, aka);
snprintf(temp, 80, " * Origin: %s %s", CFG.origin, aka);
MsgText_Add2(temp);
free(aka);
@ -273,7 +273,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
Syslog('+', "Posted message %ld", Msg.Id);
if (msgs.Type != LOCALMAIL) {
sprintf(temp, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net");
snprintf(temp, PATH_MAX -1, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net");
if ((fp = fopen(temp, "a")) != NULL) {
fprintf(fp, "%s %lu\n", msgs.Base, Msg.Id);
fclose(fp);

30
mbfido/postecho.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Post echomail message.
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -79,13 +79,13 @@ int EchoOut(fidoaddr aka, char *toname, char *fromname, char *subj, FILE *fp, in
*/
memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq");
snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold)
sprintf(ext, (char *)"hhh");
snprintf(ext, 3, (char *)"hhh");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(msgs.Aka, aka, (char *)ext)) == NULL) {
WriteError("EchoOut(): OpenPkt failed");
@ -346,7 +346,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
*/
Syslog('m', "Gated echomail, clean SB");
tidy_falist(&sbl);
sprintf(sbe, "%u/%u", Link.aka.net, Link.aka.node);
snprintf(sbe, 15, "%u/%u", Link.aka.net, Link.aka.node);
Syslog('m', "Add gate SB %s", sbe);
fill_list(&sbl, sbe, NULL);
}
@ -358,7 +358,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
snprintf(sbe, 15, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL);
}
}
@ -368,7 +368,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
/*
* Add our system to the path for later export.
*/
sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node);
snprintf(sbe, 15, "%u/%u", msgs.Aka.net, msgs.Aka.node);
fill_path(&ptl, sbe);
uniq_list(&ptl); /* remove possible duplicate own aka */
@ -399,7 +399,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
*/
for (tmpq = qal; tmpq; tmpq = tmpq->next) {
if (tmpq->send) {
sprintf(sbe, "%u/%u", tmpq->aka.net, tmpq->aka.node);
snprintf(sbe, 15, "%u/%u", tmpq->aka.net, tmpq->aka.node);
fill_list(&sbl, sbe, NULL);
}
}
@ -437,15 +437,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
oldnet = sbl->addr->net - 1;
for (tmpl = sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node);
snprintf(sbe, 15, " %u", tmpl->addr->node);
else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXSEEN) {
seenlen = 0;
fprintf(nfp, "\nSEEN-BY:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(nfp, "%s", sbe);
@ -458,15 +458,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
oldnet = ptl->addr->net - 1;
for (tmpl = ptl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node);
snprintf(sbe, 15, " %u", tmpl->addr->node);
else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXPATH) {
seenlen = 0;
fprintf(nfp, "\n\001PATH:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node);
snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(nfp, "%s", sbe);