bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 11:56:06 +00:00
parent 22e39869c1
commit 9cf1e6ee36
8 changed files with 63 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
mbfido/makestat.c
View File

@ -49,7 +49,7 @@ FILE *newpage(char *Name, FILE *fi)
later = time(NULL) + 86400;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/stat/%s.temp", CFG.www_root, Name);
snprintf(temp, PATH_MAX -1, "%s/stat/%s.temp", CFG.www_root, Name);
mkdirs(temp, 0755);
if ((fa = fopen(temp, "w")) == NULL) {
@ -79,8 +79,8 @@ void closepage(FILE *fa, char *Name, FILE *fi)
temp2 = calloc(PATH_MAX, sizeof(char));
MacroRead(fi, fa);
fclose(fa);
sprintf(temp1, "%s/stat/%s.html", CFG.www_root, Name);
sprintf(temp2, "%s/stat/%s.temp", CFG.www_root, Name);
snprintf(temp1, PATH_MAX -1, "%s/stat/%s.html", CFG.www_root, Name);
snprintf(temp2, PATH_MAX -1, "%s/stat/%s.temp", CFG.www_root, Name);
rename(temp2, temp1);
chmod(temp1, 0644);
free(temp2);
@ -97,10 +97,10 @@ char *adate(time_t now)
struct tm ptm;
if (now == 0L) {
sprintf(buf, " ");
snprintf(buf, 39, " ");
} else {
ptm = *localtime(&now);
sprintf(buf, "%02d-%02d-%04d %02d:%02d", ptm.tm_mday, ptm.tm_mon +1, ptm.tm_year + 1900, ptm.tm_hour, ptm.tm_min);
snprintf(buf, 39, "%02d-%02d-%04d %02d:%02d", ptm.tm_mday, ptm.tm_mon +1, ptm.tm_year + 1900, ptm.tm_hour, ptm.tm_min);
}
return buf;
}
@ -133,7 +133,7 @@ void MakeStat(void)
else
Lm = Miy -1;
sprintf(name, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("Can't open %s", name);
} else {
@ -147,9 +147,9 @@ void MakeStat(void)
while ((fread(&mgroup, mgrouphdr.recsize, 1, fg)) == 1) {
if (mgroup.Active) {
fseek(fi, fileptr, SEEK_SET);
html_massage(mgroup.Name, name);
html_massage(mgroup.Name, name, PATH_MAX -1);
MacroVars("b", "s", name);
html_massage(mgroup.Comment, name);
html_massage(mgroup.Comment, name, PATH_MAX -1);
MacroVars("c", "s", name);
MacroVars("d", "s", mgroup.UseAka.zone ? aka2str(mgroup.UseAka):" ");
MacroVars("e", "s", adate(mgroup.LastDate));
@ -174,7 +174,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("$Can't open %s", name);
} else {
@ -196,11 +196,11 @@ void MakeStat(void)
}
fseek(fi, fileptr, SEEK_SET);
MacroVars("b", "d", Area);
html_massage(msgs.Name, name);
html_massage(msgs.Name, name, PATH_MAX -1);
MacroVars("c", "s", strlen(name) ? name:" ");
html_massage(msgs.Tag, name);
html_massage(msgs.Tag, name, PATH_MAX -1);
MacroVars("d", "s", strlen(name) ? name:" ");
html_massage(msgs.Group, name);
html_massage(msgs.Group, name, PATH_MAX -1);
MacroVars("e", "s", strlen(name) ? name:" ");
MacroVars("f", "s", adate(msgs.LastRcvd));
MacroVars("g", "d", msgs.Received.lweek);
@ -225,7 +225,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("$Can't open %s", name);
} else {
@ -238,9 +238,9 @@ void MakeStat(void)
while ((fread(&fgroup, fgrouphdr.recsize, 1, fg)) == 1) {
if (fgroup.Active) {
fseek(fi, fileptr, SEEK_SET);
html_massage(fgroup.Name, name);
html_massage(fgroup.Name, name, PATH_MAX -1);
MacroVars("b", "s", name);
html_massage(fgroup.Comment, name);
html_massage(fgroup.Comment, name, PATH_MAX -1);
MacroVars("c", "s", name);
MacroVars("d", "s", fgroup.UseAka.zone ? aka2str(fgroup.UseAka):" ");
MacroVars("e", "s", adate(fgroup.LastDate));
@ -265,7 +265,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/etc/tic.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("$Can't open %s", name);
} else {
@ -278,11 +278,11 @@ void MakeStat(void)
while ((fread(&tic, tichdr.recsize, 1, fg)) == 1) {
if (tic.Active) {
fseek(fi, fileptr, SEEK_SET);
html_massage(tic.Comment, name);
html_massage(tic.Comment, name, PATH_MAX -1);
MacroVars("b", "s", name);
html_massage(tic.Name, name);
html_massage(tic.Name, name, PATH_MAX -1);
MacroVars("c", "s", name);
html_massage(tic.Group, name);
html_massage(tic.Group, name, PATH_MAX -1);
MacroVars("d", "s", name);
MacroVars("e", "s", adate(tic.LastAction));
MacroVars("f", "d", tic.Files.lweek);
@ -307,7 +307,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("$Can't open %s", name);
} else {
@ -328,7 +328,7 @@ void MakeStat(void)
else
q = xstrcpy((char *)"Normal");
MacroVars("b", "s", aka2str(nodes.Aka[0]));
html_massage(nodes.Sysop, name);
html_massage(nodes.Sysop, name, PATH_MAX -1);
MacroVars("c", "s", name);
MacroVars("d", "s", q);
MacroVars("e", "s", p);
@ -355,7 +355,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/var/mailer.hist", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/var/mailer.hist", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) == NULL) {
WriteError("$Can't open %s", name);
} else {
@ -376,11 +376,11 @@ void MakeStat(void)
if (!strcmp(hist.aka.domain, "(null)"))
hist.aka.domain[0] = '\0';
MacroVars("c", "s", hist.aka.zone ? aka2str(hist.aka):" ");
html_massage(hist.system_name, name);
html_massage(hist.system_name, name, PATH_MAX -1);
MacroVars("d", "s", strlen(name) ? name:" ");
html_massage(hist.sysop, name);
html_massage(hist.sysop, name, PATH_MAX -1);
MacroVars("e", "s", strlen(name) ? name:" ");
html_massage(hist.location, name);
html_massage(hist.location, name, PATH_MAX -1);
MacroVars("f", "s", strlen(name) ? name:" ");
MacroVars("g", "s", strlen(hist.tty) ? hist.tty:" ");
MacroVars("h", "s", adate(hist.online));
@ -407,7 +407,7 @@ void MakeStat(void)
printf(".");
fflush(stdout);
}
sprintf(name, "%s/etc/sysinfo.data", getenv("MBSE_ROOT"));
snprintf(name, PATH_MAX -1, "%s/etc/sysinfo.data", getenv("MBSE_ROOT"));
if ((fg = fopen(name, "r")) != NULL ) {
if ((fi = OpenMacro("html.sysinfo", 'E', TRUE)) == NULL) {
Syslog('+', "Can't open macro file, skipping html pages creation");

6
mbfido/mbfindex.c
View File

@ -272,7 +272,7 @@ FILE *newpage(char *Path, char *Name, time_t later, int inArea, int Current, FIL
WriteError("$Can't create %s", linebuf);
} else {
sprintf(linebuf, "%s", Name);
html_massage(linebuf, outbuf);
html_massage(linebuf, outbuf, 1023);
MacroVars("ab", "ss", rfcdate(later), outbuf);
pagelink(fa, Path, inArea, Current);
MacroRead(fi, fa);
@ -722,7 +722,7 @@ void HtmlIndex(char *Lang)
k += 1;
}
sprintf(linebuf, "%s", To_Html(fdb.Desc[j]));
html_massage(linebuf, outbuf);
html_massage(linebuf, outbuf, 1023);
sprintf(desc+k, "%s", outbuf);
k += strlen(outbuf);
}
@ -781,7 +781,7 @@ void HtmlIndex(char *Lang)
}
strcpy(linebuf, area.Name);
html_massage(linebuf, namebuf);
html_massage(linebuf, namebuf, 1023);
sprintf(linebuf, "%s/%s%s/index.html", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base));
if (aSize > 1048576)
sprintf(outbuf, "%ld Mb.", aSize / 1048576);

14
mbfido/sendmail.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Output a netmail to one of our links.
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -60,14 +60,14 @@ FILE *SendMgrMail(faddr *t, int Keep, int FileAttach, char *bymgr, char *subj, c
Orig.net = From.net;
Orig.node = From.node;
Orig.point = From.point;
sprintf(Orig.domain, "%s", From.domain);
snprintf(Orig.domain, 12, "%s", From.domain);
memset(&Dest, 0, sizeof(Dest));
Dest.zone = t->zone;
Dest.net = t->net;
Dest.node = t->node;
Dest.point = t->point;
sprintf(Dest.domain, "%s", t->domain);
snprintf(Dest.domain, 12, "%s", t->domain);
if (!SearchNode(Dest)) {
Syslog('!', "SendMgrMail(): Can't find node %s", aka2str(Dest));
@ -90,13 +90,13 @@ FILE *SendMgrMail(faddr *t, int Keep, int FileAttach, char *bymgr, char *subj, c
memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq");
snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash)
sprintf(ext, (char *)"ccc");
snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold)
sprintf(ext, (char *)"hhh");
snprintf(ext, 3, (char *)"hhh");
else
sprintf(ext, (char *)"nnn");
snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(Orig, Dest, (char *)ext)) == NULL)
return NULL;

12
mbfido/tic.c
View File

@ -173,7 +173,7 @@ int LoadTic(char *inb, char *tfn)
memset(&TIC, 0, sizeof(TIC));
memset(&T_File, 0, sizeof(T_File));
sprintf(TIC.Inbound, "%s", inb);
snprintf(TIC.Inbound, PATH_MAX, "%s", inb);
strncpy(TIC.TicName, tfn, 12);
chdir(inb);
@ -247,7 +247,7 @@ int LoadTic(char *inb, char *tfn)
} else if (strncasecmp(Temp, "crc ", 4) == 0) {
TIC.Crc_Int = strtoul(Temp+4, (char **)NULL, 16);
sprintf(TIC.TicIn.Crc, "%08lX", TIC.Crc_Int);
snprintf(TIC.TicIn.Crc, 8, "%08lX", TIC.Crc_Int);
strcpy(T_File.Crc, TIC.TicIn.Crc);
} else if (strncasecmp(Temp, "pw ", 3) == 0) {
@ -406,7 +406,7 @@ int LoadTic(char *inb, char *tfn)
/*
* Try to move the hatched file to the inbound
*/
sprintf(Temp, "%s/%s", TIC.TicIn.Pth, TIC.TicIn.FullName);
snprintf(Temp, bufsize, "%s/%s", TIC.TicIn.Pth, TIC.TicIn.FullName);
if (file_exist(Temp, R_OK) == 0) {
strcpy(RealName, TIC.TicIn.FullName);
} else {
@ -414,7 +414,7 @@ int LoadTic(char *inb, char *tfn)
tidy_falist(&sbl);
return 2;
}
sprintf(Temp2, "%s/%s", TIC.Inbound, TIC.TicIn.FullName);
snprintf(Temp2, PATH_MAX -1, "%s/%s", TIC.Inbound, TIC.TicIn.FullName);
if ((rc = file_mv(Temp, Temp2))) {
WriteError("Can't move %s to inbound: %s", Temp, strerror(rc));
tidy_falist(&sbl);
@ -467,8 +467,8 @@ int LoadTic(char *inb, char *tfn)
* It may be a LFN but also a case difference. The whole tic
* processing is based on 8.3 filenames.
*/
sprintf(Temp, "%s/%s", TIC.Inbound, RealName);
sprintf(Temp2, "%s/%s", TIC.Inbound, TIC.TicIn.File);
snprintf(Temp, bufsize, "%s/%s", TIC.Inbound, RealName);
snprintf(Temp2, PATH_MAX -1, "%s/%s", TIC.Inbound, TIC.TicIn.File);
if (rename(Temp, Temp2))
WriteError("$Can't rename %s to %s", Temp, Temp2);
else

4
mbfido/toberep.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Add a file to the To-Be-Reported database
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -47,7 +47,7 @@ int Add_ToBeRep(struct _filerecord report)
int rc, Found = FALSE;
fname = calloc(PATH_MAX, sizeof(char));
sprintf(fname, "%s/etc/toberep.data", getenv("MBSE_ROOT"));
snprintf(fname, PATH_MAX -1, "%s/etc/toberep.data", getenv("MBSE_ROOT"));
if ((tbr = fopen(fname, "r+")) == NULL) {
if ((tbr = fopen(fname, "a+")) == NULL) {
WriteError("$Can't create %s", fname);

14
mbfido/tracker.c
View File

@ -168,7 +168,7 @@ int GetTableRoute(char *ftn, fidoaddr *res)
* Check routing table
*/
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/route.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/etc/route.data", getenv("MBSE_ROOT"));
if ((fil = fopen(temp, "r")) == NULL) {
free(temp);
return R_NOROUTE;
@ -327,7 +327,7 @@ int TrackMail(fidoaddr too, fidoaddr *routeto)
routeto->net = nodes.RouteVia.net;
routeto->node = nodes.RouteVia.node;
routeto->point = nodes.RouteVia.point;
sprintf(routeto->domain, "%s", nodes.RouteVia.domain);
snprintf(routeto->domain, 12, "%s", nodes.RouteVia.domain);
} else {
for (i = 0; i < 20; i++)
if (routeto->zone == nodes.Aka[i].zone)
@ -336,7 +336,7 @@ int TrackMail(fidoaddr too, fidoaddr *routeto)
routeto->net = nodes.Aka[i].net;
routeto->node = nodes.Aka[i].node;
routeto->point = nodes.Aka[i].point;
sprintf(routeto->domain, "%s", nodes.Aka[i].domain);
snprintf(routeto->domain, 12, "%s", nodes.Aka[i].domain);
}
Syslog('r', "Final routing to: %s", aka2str(*routeto));
return R_ROUTE;
@ -473,7 +473,7 @@ int GetRoute(char *ftn, fidoaddr *res)
dir.net = dest->net;
dir.node = dest->node;
dir.point = dest->point;
sprintf(dir.domain, "%s", dest->domain);
snprintf(dir.domain, 12, "%s", dest->domain);
/*
* First direct match
@ -557,7 +557,7 @@ int GetRoute(char *ftn, fidoaddr *res)
*/
if (me_host != -1) {
Syslog('r', "We are a host");
sprintf(res->domain, "%s", CFG.aka[me_host].domain);
snprintf(res->domain, 12, "%s", CFG.aka[me_host].domain);
if (((myregion != dnlent->region) && (!(dnlent->pflag & NL_DUMMY))) || (CFG.aka[me_host].zone != dest->zone)) {
res->zone = CFG.aka[me_host].zone;
res->net = myregion;
@ -611,7 +611,7 @@ int GetRoute(char *ftn, fidoaddr *res)
*/
if (me_hub != -1) {
Syslog('r', "We are a hub");
sprintf(res->domain, "%s", CFG.aka[me_hub].domain);
snprintf(res->domain, 12, "%s", CFG.aka[me_hub].domain);
if ((dnlent->upnode == CFG.aka[me_hub].node) && (dnlent->upnet == CFG.aka[me_hub].net) &&
(dnlent->addr.zone == CFG.aka[me_hub].zone)) {
res->zone = dest->zone;
@ -648,7 +648,7 @@ int GetRoute(char *ftn, fidoaddr *res)
res->zone = bnlent->addr.zone;
res->net = bnlent->upnet;
res->node = bnlent->upnode;
sprintf(res->domain, "%s", bnlent->addr.domain);
snprintf(res->domain, 12, "%s", bnlent->addr.domain);
Syslog('+', "R: %s => %s", ascfnode(dest, 0xff), aka2str(*res));
if (bnlent->addr.domain)
free(bnlent->addr.domain);

16
mbfido/utic.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Utilities for tic processing
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -45,7 +45,7 @@ char *MakeTicName()
static char buf[13];
buf[12] = '\0';
sprintf(buf, "%08lx.tic", sequencer());
snprintf(buf, 12, "%08lx.tic", sequencer());
buf[0] = 'm';
buf[1] = 'b';
@ -112,7 +112,7 @@ int Rearc(char *unarc)
Syslog('f' , "NewFile=\"%s\", NewFullName=\"%s\"", TIC.NewFile, TIC.NewFullName);
sprintf(temp, "%s/%s .", TIC.Inbound, TIC.NewFile);
snprintf(temp, PATH_MAX -1, "%s/%s .", TIC.Inbound, TIC.NewFile);
if (execute_str(cmd, temp, (char *)NULL, (char *)"/dev/null", (char *)"/dev/null", (char *)"/dev/null") == 0) {
free(cmd);
return TRUE;
@ -138,7 +138,7 @@ void DeleteVirusWork()
buf = calloc(PATH_MAX, sizeof(char));
temp = calloc(PATH_MAX, sizeof(char));
getcwd(buf, PATH_MAX);
sprintf(temp, "%s/tmp", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/tmp", getenv("MBSE_ROOT"));
if (chdir(temp) == 0) {
Syslog('f', "DeleteVirusWork %s/arc", temp);
@ -160,7 +160,7 @@ void Bad(char *format, ...)
va_list va_ptr;
va_start(va_ptr, format);
vsprintf(outstr, format, va_ptr);
vsnprintf(outstr, 1023, format, va_ptr);
va_end(va_ptr);
WriteError(outstr);
@ -173,7 +173,7 @@ void Bad(char *format, ...)
void ReCalcCrc(char *fn)
{
TIC.Crc_Int = file_crc(fn, CFG.slow_util && do_quiet);
sprintf(TIC.TicIn.Crc, "%08lX", TIC.Crc_Int);
snprintf(TIC.TicIn.Crc, 8, "%08lX", TIC.Crc_Int);
strcpy(T_File.Crc, TIC.TicIn.Crc);
}
@ -187,9 +187,9 @@ int Get_File_Id()
int i, j, lines = 0;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/tmp/FILE_ID.DIZ", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/tmp/FILE_ID.DIZ", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) {
sprintf(temp, "%s/tmp/file_id.diz", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX -1, "%s/tmp/file_id.diz", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) {
free(temp);
return FALSE;

8
mbfido/virscan.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Scan for virusses
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -48,9 +48,9 @@ int VirScan(char *path)
stdlog = calloc(PATH_MAX, sizeof(char));
errlog = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/virscan.data", getenv("MBSE_ROOT"));
sprintf(stdlog, "%s/tmp/stdlog%d", getenv("MBSE_ROOT"), mypid);
sprintf(errlog, "%s/tmp/errlog%d", getenv("MBSE_ROOT"), mypid);
snprintf(temp, PATH_MAX -1, "%s/etc/virscan.data", getenv("MBSE_ROOT"));
snprintf(stdlog, PATH_MAX -1, "%s/tmp/stdlog%d", getenv("MBSE_ROOT"), mypid);
snprintf(errlog, PATH_MAX -1, "%s/tmp/errlog%d", getenv("MBSE_ROOT"), mypid);
if ((fp = fopen(temp, "r")) == NULL) {
WriteError("No virus scanners defined");