bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 17:18:02 +00:00
parent 7cf920c591
commit 7f6afcf775
5 changed files with 26 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mbnntp/auth.c
View File

@ -3,7 +3,7 @@
* $Id$
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -95,7 +95,7 @@ void auth_pass(char *cmd)
p = strtok(NULL, " \0");
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp,"r+")) == NULL) {
/*
* This should not happen

13
mbnntp/commands.c
View File

@ -100,7 +100,7 @@ char *make_msgid(char *msgid)
{
static char buf[100];
sprintf(buf, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain);
snprintf(buf, 100, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain);
return buf;
}
@ -216,6 +216,7 @@ void command_abhs(char *buf)
send_nntp("Newsgroups: %s", currentgroup);
asprintf(&subj,"Subject: %s", Msg.Subject);
send_xlat(subj);
free(subj);
send_nntp("Date: %s", rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)));
send_nntp("Message-ID: %s", make_msgid(Msg.Msgid));
if (strlen(Msg.Replyid))
@ -308,7 +309,7 @@ void command_group(char *cmd)
}
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r"))) {
fread(&msgshdr, sizeof(msgshdr), 1, fp);
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
@ -322,7 +323,7 @@ void command_group(char *cmd)
Msg_Highest();
Msg_Lowest();
send_nntp("211 %lu %lu %lu %s", MsgBase.Total, MsgBase.Lowest, MsgBase.Highest, msgs.Newsgroup);
sprintf(currentgroup, "%s", msgs.Newsgroup);
snprintf(currentgroup, 81, "%s", msgs.Newsgroup);
} else {
send_nntp("411 No such news group");
}
@ -363,7 +364,7 @@ void command_list(char *cmd)
if ((opt == NULL) || (strcasecmp(opt, "ACTIVE") == 0) || (strcasecmp(opt, "NEWSGROUPS") == 0)) {
send_nntp("215 Information follows");
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r"))) {
fread(&msgshdr, sizeof(msgshdr), 1, fp);
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
@ -625,10 +626,10 @@ void command_xover(char *cmd)
} while ((p = (char *)MsgText_Next()) != NULL);
}
}
sprintf(msgid, "%s", make_msgid(Msg.Msgid));
snprintf(msgid, 100, "%s", make_msgid(Msg.Msgid));
reply[0] = 0;
if (strlen(Msg.Replyid))
sprintf(reply, "%s", make_msgid(Msg.Replyid));
snprintf(reply, 100, "%s", make_msgid(Msg.Replyid));
send_nntp("%lu\t%s\t%s <%s>\t%s\t%s\t%s\t%d\t%d", i, Msg.Subject, Msg.From, Msg.FromAddress,
rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)), msgid, reply, bytecount, linecount);
}

4
mbnntp/hash.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: MBSE BBS Mail Gate
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -46,7 +46,7 @@ void hash_update_n(unsigned long *id, unsigned long mod)
{
char buf[32];
sprintf(buf,"%030lu",mod);
snprintf(buf,32,"%030lu",mod);
*id ^= lh_strhash(buf);
}

4
mbnntp/mbnntp.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: MBSE NNTP Server
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -237,7 +237,7 @@ void send_nntp(const char *format, ...)
out = calloc(4096, sizeof(char));
va_start(va_ptr, format);
vsprintf(out, format, va_ptr);
vsnprintf(out, 4096, format, va_ptr);
va_end(va_ptr);
Syslog('n', "> \"%s\"", printable(out, 0));

26
mbnntp/rfc2ftn.c
View File

@ -374,7 +374,7 @@ int rfc2ftn(FILE *fp)
datasize = 0;
if (splitpart) {
sprintf(newsubj,"[part %d] ",splitpart+1);
snprintf(newsubj,4 * (MAXSUBJ+1),"[part %d] ",splitpart+1);
strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj));
} else {
strncpy(newsubj,fmsg->subj,MAXSUBJ);
@ -465,7 +465,7 @@ int rfc2ftn(FILE *fp)
}
if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) {
sprintf(temp, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU());
snprintf(temp, 4096, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU());
hdrsize += 4 + strlen(temp);
fprintf(ofp, "\1TID:");
kludgewrite(temp, ofp);
@ -623,12 +623,12 @@ int rfc2ftn(FILE *fp)
for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
snprintf(sbe, 16, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL);
}
}
if (msgs.Aka.point == 0) {
sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node);
snprintf(sbe, 16, "%u/%u", msgs.Aka.net, msgs.Aka.node);
fill_list(&sbl, sbe, NULL);
}
@ -644,15 +644,15 @@ int rfc2ftn(FILE *fp)
oldnet = sbl->addr->net-1;
for (tmpl = sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node);
snprintf(sbe,16," %u",tmpl->addr->node);
else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXSEEN) {
seenlen = 0;
fprintf(ofp,"\nSEEN-BY:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(ofp,"%s",sbe);
@ -667,7 +667,7 @@ int rfc2ftn(FILE *fp)
if (!strcasecmp(tmp->key,"X-FTN-PATH"))
fill_path(&ptl,tmp->val);
if (msgs.Aka.point == 0) {
sprintf(sbe,"%u/%u",msgs.Aka.net, msgs.Aka.node);
snprintf(sbe,16,"%u/%u",msgs.Aka.net, msgs.Aka.node);
fill_path(&ptl,sbe);
}
@ -681,15 +681,15 @@ int rfc2ftn(FILE *fp)
oldnet = ptl->addr->net-1;
for (tmpl = ptl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node);
snprintf(sbe,16," %u",tmpl->addr->node);
else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net;
seenlen += strlen(sbe);
if (seenlen > MAXPATH) {
seenlen = 0;
fprintf(ofp,"\n\1PATH:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node);
snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe);
}
fprintf(ofp,"%s",sbe);
@ -744,7 +744,7 @@ int rfc2ftn(FILE *fp)
/*
* Create fast scan index
*/
sprintf(temp, "%s/tmp/echomail.jam", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/tmp/echomail.jam", getenv("MBSE_ROOT"));
if ((qfp = fopen(temp, "a")) != NULL) {
fprintf(qfp, "%s %lu\n", msgs.Base, Msg.Id);
fclose(qfp);
@ -776,7 +776,7 @@ int rfc2ftn(FILE *fp)
mgroup.MsgsSent.month[l_date->tm_mon]++;
UpdateMsgs();
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((qfp = fopen(temp, "r+"))) {
fread(&usrconfighdr, sizeof(usrconfighdr), 1, qfp);
fseek(qfp, usrconfighdr.hdrsize + (grecno * usrconfighdr.recsize), SEEK_SET);