Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-29 19:43:25 +00:00
parent 0aaa4034a6
commit 94899f93eb
2 changed files with 48 additions and 48 deletions

View File

@ -4,7 +4,7 @@
* Purpose ...............: Group Listing utils * Purpose ...............: Group Listing utils
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -60,7 +60,7 @@ void fill_grlist(gr_list **fdp, char *groupname)
tmp = (gr_list *)malloc(sizeof(gr_list)); tmp = (gr_list *)malloc(sizeof(gr_list));
tmp->next = *fdp; tmp->next = *fdp;
sprintf(tmp->group, "%s", groupname); snprintf(tmp->group, 13, "%s", groupname);
tmp->tagged = FALSE; tmp->tagged = FALSE;
*fdp = tmp; *fdp = tmp;
} }

View File

@ -75,7 +75,7 @@ void errmsg(const char *format, ...)
t = calloc(256, sizeof(char)); t = calloc(256, sizeof(char));
va_start(va_ptr, format); va_start(va_ptr, format);
vsprintf(t, format, va_ptr); vsnprintf(t, 256, format, va_ptr);
va_end(va_ptr); va_end(va_ptr);
t = xstrcat(t, (char *)", Press any key "); t = xstrcat(t, (char *)", Press any key ");
@ -174,7 +174,7 @@ char *edit_field(int y, int x, int w, int p, char *s_)
unsigned int ch; unsigned int ch;
memset((char *)s, 0, 256); memset((char *)s, 0, 256);
sprintf(s, "%s", s_); snprintf(s, 256, "%s", s_);
curpos = 0; curpos = 0;
first = 1; first = 1;
newinsert(1, YELLOW, BLUE); newinsert(1, YELLOW, BLUE);
@ -339,12 +339,12 @@ char *select_show(int max)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "Select ^\"-\"^ for previous level"); snprintf(help, 81, "Select ^\"-\"^ for previous level");
else else
if (max > 10) if (max > 10)
sprintf(help, "Select ^\"-\"^ for previous level, ^\"P\" or \"N\"^ to page"); snprintf(help, 81, "Select ^\"-\"^ for previous level, ^\"P\" or \"N\"^ to page");
else else
sprintf(help, "Select ^\"-\"^ for previous level"); snprintf(help, 81, "Select ^\"-\"^ for previous level");
showhelp(help); showhelp(help);
/* /*
@ -384,12 +384,12 @@ char *select_record(int max, int items)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "Select ^\"-\"^ for previous level, ^\"A\"^ to append first record"); snprintf(help, 81, "Select ^\"-\"^ for previous level, ^\"A\"^ to append first record");
else else
if (max > items) if (max > items)
sprintf(help, "Record (1..%d), ^\"-\"^ prev. level, ^\"A\"^ Append record, ^\"P\" or \"N\"^ to page", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ prev. level, ^\"A\"^ Append record, ^\"P\" or \"N\"^ to page", max);
else else
sprintf(help, "Select record (1..%d), ^\"-\"^ for previous level, ^\"A\"^ to append a new record", max); snprintf(help, 81, "Select record (1..%d), ^\"-\"^ for previous level, ^\"A\"^ to append a new record", max);
showhelp(help); showhelp(help);
/* /*
@ -436,12 +436,12 @@ char *select_area(int max, int items)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "^\"-\"^ back, ^A^ppend"); snprintf(help, 81, "^\"-\"^ back, ^A^ppend");
else else
if (max > items) if (max > items)
sprintf(help, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^G^lobal, ^M^ove, ^N^ext, ^P^revious", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^G^lobal, ^M^ove, ^N^ext, ^P^revious", max);
else else
sprintf(help, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^G^lobal, ^M^ove", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^G^lobal, ^M^ove", max);
showhelp(help); showhelp(help);
/* /*
@ -488,12 +488,12 @@ char *select_filearea(int max, int items)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "^\"-\"^ back, ^A^ppend"); snprintf(help, 81, "^\"-\"^ back, ^A^ppend");
else else
if (max > items) if (max > items)
sprintf(help, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^M^ove, ^N^ext, ^P^revious", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^M^ove, ^N^ext, ^P^revious", max);
else else
sprintf(help, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^M^ove", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ back, ^A^ppend, ^M^ove", max);
showhelp(help); showhelp(help);
/* /*
@ -538,12 +538,12 @@ char *select_pick(int max, int items)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "Select ^\"-\"^ for previous level"); snprintf(help, 81, "Select ^\"-\"^ for previous level");
else else
if (max > items) if (max > items)
sprintf(help, "Record (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page", max);
else else
sprintf(help, "Select record (1..%d), ^\"-\"^ for previous level", max); snprintf(help, 81, "Select record (1..%d), ^\"-\"^ for previous level", max);
showhelp(help); showhelp(help);
/* /*
@ -586,12 +586,12 @@ char *select_aka(int max, int items)
memset((char *)s, 0, 12); memset((char *)s, 0, 12);
if (max == 0) if (max == 0)
sprintf(help, "Select ^\"-\"^ for previous level"); snprintf(help, 81, "Select ^\"-\"^ for previous level");
else else
if (max > items) if (max > items)
sprintf(help, "Record (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page, ^\"M\"^ move aka", max); snprintf(help, 81, "Record (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page, ^\"M\"^ move aka", max);
else else
sprintf(help, "Select record (1..%d), ^\"-\"^ for previous level ^\"M\"^ move aka", max); snprintf(help, 81, "Select record (1..%d), ^\"-\"^ for previous level ^\"M\"^ move aka", max);
showhelp(help); showhelp(help);
/* /*
@ -649,18 +649,18 @@ int select_menu_sub(int max, int items, int allowall, char *hlp)
int pick; int pick;
if (max == 0) if (max == 0)
sprintf(help, "Select ^\"-\"^ for previous level"); snprintf(help, 81, "Select ^\"-\"^ for previous level");
else { else {
if (allowall) { if (allowall) {
if (max > items) if (max > items)
sprintf(help, "%s (1..%d), ^\"-\"^ prev. level, ^\"*\"^ (de)select all, ^\"P\" or \"N\"^ to page", hlp, max); snprintf(help, 81, "%s (1..%d), ^\"-\"^ prev. level, ^\"*\"^ (de)select all, ^\"P\" or \"N\"^ to page", hlp, max);
else else
sprintf(help, "%s (1..%d), ^\"-\"^ for previous level, ^\"*\"^ (de)select all", hlp, max); snprintf(help, 81, "%s (1..%d), ^\"-\"^ for previous level, ^\"*\"^ (de)select all", hlp, max);
} else { } else {
if (max > items) if (max > items)
sprintf(help, "%s (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page", hlp, max); snprintf(help, 81, "%s (1..%d), ^\"-\"^ prev. level, ^\"P\" or \"N\"^ to page", hlp, max);
else else
sprintf(help, "%s (1..%d), ^\"-\"^ for previous level", hlp, max); snprintf(help, 81, "%s (1..%d), ^\"-\"^ for previous level", hlp, max);
} }
} }
showhelp(help); showhelp(help);
@ -789,27 +789,27 @@ char *edit_jam(int y, int x, int l, char *line, char *help)
working(5, 0, 0); working(5, 0, 0);
from = calloc(PATH_MAX, sizeof(char)); from = calloc(PATH_MAX, sizeof(char));
too = calloc(PATH_MAX, sizeof(char)); too = calloc(PATH_MAX, sizeof(char));
sprintf(from, "%s.jhr", line); snprintf(from, PATH_MAX, "%s.jhr", line);
if (access(from, R_OK | W_OK) == 0) { if (access(from, R_OK | W_OK) == 0) {
/* /*
* Old message base does exist, copy message base. * Old message base does exist, copy message base.
*/ */
if (mkdirs(s, 0770)) { if (mkdirs(s, 0770)) {
sprintf(too, "%s.jhr", s); snprintf(too, PATH_MAX, "%s.jhr", s);
rc = file_cp(from, too); rc = file_cp(from, too);
if (rc == 0) { if (rc == 0) {
sprintf(from, "%s.jdt", line); snprintf(from, PATH_MAX, "%s.jdt", line);
sprintf(too, "%s.jdt", s); snprintf(too, PATH_MAX, "%s.jdt", s);
rc = file_cp(from, too); rc = file_cp(from, too);
} }
if (rc == 0) { if (rc == 0) {
sprintf(from, "%s.jdx", line); snprintf(from, PATH_MAX, "%s.jdx", line);
sprintf(too, "%s.jdx", s); snprintf(too, PATH_MAX, "%s.jdx", s);
rc = file_cp(from, too); rc = file_cp(from, too);
} }
if (rc == 0) { if (rc == 0) {
sprintf(from, "%s.jlr", line); snprintf(from, PATH_MAX, "%s.jlr", line);
sprintf(too, "%s.jlr", s); snprintf(too, PATH_MAX, "%s.jlr", s);
rc = file_cp(from, too); rc = file_cp(from, too);
} }
if (rc == 0) { if (rc == 0) {
@ -817,11 +817,11 @@ char *edit_jam(int y, int x, int l, char *line, char *help)
* All files copied successfull * All files copied successfull
*/ */
file_rm(from); file_rm(from);
sprintf(from, "%s.jdx", line); snprintf(from, PATH_MAX, "%s.jdx", line);
file_rm(from); file_rm(from);
sprintf(from, "%s.jdt", line); snprintf(from, PATH_MAX, "%s.jdt", line);
file_rm(from); file_rm(from);
sprintf(from, "%s.jhr", line); snprintf(from, PATH_MAX, "%s.jhr", line);
file_rm(from); file_rm(from);
Syslog('+', "JAM message base moved to %s", s); Syslog('+', "JAM message base moved to %s", s);
} else { } else {
@ -829,11 +829,11 @@ char *edit_jam(int y, int x, int l, char *line, char *help)
* Copy failed * Copy failed
*/ */
file_rm(too); file_rm(too);
sprintf(too, "%s.jdx", s); snprintf(too, PATH_MAX, "%s.jdx", s);
file_rm(too); file_rm(too);
sprintf(too, "%s.jdt", s); snprintf(too, PATH_MAX, "%s.jdt", s);
file_rm(too); file_rm(too);
sprintf(too, "%s.jhr", s); snprintf(too, PATH_MAX, "%s.jhr", s);
file_rm(too); file_rm(too);
errmsg((char *)"Can't move JAM message base"); errmsg((char *)"Can't move JAM message base");
strcpy(s, line); strcpy(s, line);
@ -1060,7 +1060,7 @@ int edit_int(int y, int x, int val, char *help)
showhelp(help); showhelp(help);
memset((char *)s, 0, sizeof(s)); memset((char *)s, 0, sizeof(s));
sprintf(line, "%d", val); snprintf(line, 7, "%d", val);
strcpy(s, edit_field(y, x, 7, '9', line)); strcpy(s, edit_field(y, x, 7, '9', line));
set_color(WHITE, BLACK); set_color(WHITE, BLACK);
show_int(y, x, atoi(s)); show_int(y, x, atoi(s));
@ -1077,7 +1077,7 @@ int edit_int_range(int y, int x, int val, int min, int max, char *help)
while (TRUE) { while (TRUE) {
showhelp(help); showhelp(help);
memset((char *)s, 0, sizeof(s)); memset((char *)s, 0, sizeof(s));
sprintf(line, "%d", val); snprintf(line, 7, "%d", val);
strcpy(s, edit_field(y, x, 7, '9', line)); strcpy(s, edit_field(y, x, 7, '9', line));
set_color(WHITE, BLACK); set_color(WHITE, BLACK);
show_int(y, x, atoi(s)); show_int(y, x, atoi(s));
@ -1106,7 +1106,7 @@ unsigned short edit_ushort(int y, int x, unsigned short val, char *help)
showhelp(help); showhelp(help);
memset((char *)s, 0, sizeof(s)); memset((char *)s, 0, sizeof(s));
do { do {
sprintf(line, "%d", val); snprintf(line, 7, "%d", val);
strcpy(s, edit_field(y, x, 5, '9', line)); strcpy(s, edit_field(y, x, 5, '9', line));
r = atoi(s); r = atoi(s);
if (r >= 65535L) { if (r >= 65535L) {
@ -1527,7 +1527,7 @@ char *get_secstr(securityrec S)
static char temp[45]; static char temp[45];
memset(&temp, 0, sizeof(temp)); memset(&temp, 0, sizeof(temp));
sprintf(temp, "%-5d %s", S.level, getflag(S.flags, S.notflags)); snprintf(temp, 45, "%-5d %s", S.level, getflag(S.flags, S.notflags));
return temp; return temp;
} }
@ -2043,9 +2043,9 @@ void show_aka(int y, int x, fidoaddr aka)
char temp[24]; char temp[24];
if (aka.point == 0) if (aka.point == 0)
sprintf(temp, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain); snprintf(temp, 24, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain);
else else
sprintf(temp, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain); snprintf(temp, 24, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain);
mbse_mvprintw(y, x, temp); mbse_mvprintw(y, x, temp);
} }
@ -2059,7 +2059,7 @@ void edit_color(int *fg, int *bg, char *title, char *help)
clr_index(); clr_index();
set_color(WHITE, BLACK); set_color(WHITE, BLACK);
mbse_mvprintw(5, 6, title); mbse_mvprintw(5, 6, title);
sprintf(temp, "Change the ^%s^ color with arrow keys, press <Enter> whene done", help); snprintf(temp, 81, "Change the ^%s^ color with arrow keys, press <Enter> whene done", help);
showhelp(temp); showhelp(temp);
for (f = 0; f < 16; f++) for (f = 0; f < 16; f++)