From aa738f3abe36ca97a9eb5923a7fe3b8636fd9f2c Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Mon, 29 Aug 2005 14:37:51 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbsetup/m_tty.c | 94 +++++++++++++++++++++++------------------------ mbsetup/m_users.c | 36 +++++++++--------- mbsetup/m_virus.c | 56 ++++++++++++++-------------- 3 files changed, 93 insertions(+), 93 deletions(-) diff --git a/mbsetup/m_tty.c b/mbsetup/m_tty.c index b7470523..cf774619 100644 --- a/mbsetup/m_tty.c +++ b/mbsetup/m_tty.c @@ -4,7 +4,7 @@ * Purpose ...............: Setup Ttyinfo structure. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -53,7 +53,7 @@ int CountTtyinfo(void) char ffile[PATH_MAX]; int count = 0, i; - sprintf(ffile, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { ttyinfohdr.hdrsize = sizeof(ttyinfohdr); @@ -67,13 +67,13 @@ int CountTtyinfo(void) for (i = 0; i < 16; i++) { count++; memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Network port %d", count); - sprintf(ttyinfo.tty, "pts/%d", i); - sprintf(ttyinfo.speed, "10 mbit"); - sprintf(ttyinfo.flags, "IBN,IFC,XX"); + snprintf(ttyinfo.comment, 41, "Network port %d", count); + snprintf(ttyinfo.tty, 7, "pts/%d", i); + snprintf(ttyinfo.speed, 21, "10 mbit"); + snprintf(ttyinfo.flags, 31, "IBN,IFC,XX"); ttyinfo.type = NETWORK; ttyinfo.available = TRUE; - sprintf(ttyinfo.name, "Network port #%d", count); + snprintf(ttyinfo.name, 36, "Network port #%d", count); fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); } #endif @@ -81,13 +81,13 @@ int CountTtyinfo(void) for (i = 0; i < 16; i++) { count++; memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Network port %d", count); - sprintf(ttyinfo.tty, "ttyp%x", i); - sprintf(ttyinfo.speed, "10 mbit"); - sprintf(ttyinfo.flags, "IBN,IFC,XX"); + snprintf(ttyinfo.comment, 41, "Network port %d", count); + snprintf(ttyinfo.tty, 7, "ttyp%x", i); + snprintf(ttyinfo.speed, 21, "10 mbit"); + snprintf(ttyinfo.flags, 31, "IBN,IFC,XX"); ttyinfo.type = NETWORK; ttyinfo.available = TRUE; - sprintf(ttyinfo.name, "Network port #%d", count); + snprintf(ttyinfo.name, 36, "Network port #%d", count); fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); } @@ -97,9 +97,9 @@ int CountTtyinfo(void) */ for (i = 0; i < 6; i++) { memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Console port %d", i+1); - sprintf(ttyinfo.tty, "tty%d", i); - sprintf(ttyinfo.speed, "10 mbit"); + snprintf(ttyinfo.comment, 41, "Console port %d", i+1); + snprintf(ttyinfo.tty, 7, "tty%d", i); + snprintf(ttyinfo.speed, 21, "10 mbit"); ttyinfo.type = LOCAL; ttyinfo.available = TRUE; fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); @@ -113,9 +113,9 @@ int CountTtyinfo(void) */ for (i = 0; i < 8; i++) { memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Console port %d", i+1); - sprintf(ttyinfo.tty, "ttyv%d", i); - sprintf(ttyinfo.speed, "10 mbit"); + snprintf(ttyinfo.comment, 41, "Console port %d", i+1); + snprintf(ttyinfo.tty, 7, "ttyv%d", i); + snprintf(ttyinfo.speed, 21, "10 mbit"); ttyinfo.type = LOCAL; ttyinfo.available = TRUE; fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); @@ -128,9 +128,9 @@ int CountTtyinfo(void) * By default, xxxBSD systems have only one console */ memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Console port 1"); - sprintf(ttyinfo.tty, "console"); - sprintf(ttyinfo.speed, "10 mbit"); + snprintf(ttyinfo.comment, 41, "Console port 1"); + snprintf(ttyinfo.tty, 7, "console"); + snprintf(ttyinfo.speed, 21, "10 mbit"); ttyinfo.type = LOCAL; ttyinfo.available = TRUE; fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); @@ -139,45 +139,45 @@ int CountTtyinfo(void) for (i = 0; i < 4; i++) { memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "ISDN line %d", i+1); + snprintf(ttyinfo.comment, 41, "ISDN line %d", i+1); #if defined(__linux__) - sprintf(ttyinfo.tty, "ttyI%d", i); + snprintf(ttyinfo.tty, 7, "ttyI%d", i); #elif defined(__FreeBSD__) - sprintf(ttyinfo.tty, "cuaia%d", i); + snprintf(ttyinfo.tty, 7, "cuaia%d", i); #elif defined(__NetBSD__) - sprintf(ttyinfo.tty, "ttyi%c", i + 'a'); // NetBSD on a Sparc, how about PC's? + snprintf(ttyinfo.tty, 7, "ttyi%c", i + 'a'); // NetBSD on a Sparc, how about PC's? #elif defined(__OpenBSD__) - sprintf(ttyinfo.tty, "cuaia%d", i); // I think this is wrong! + snprintf(ttyinfo.tty, 7, "cuaia%d", i); // I think this is wrong! #else #error "Don't know the tty name for ISDN on this OS" #endif - sprintf(ttyinfo.speed, "64 kbits"); - sprintf(ttyinfo.flags, "XA,X75,CM"); + snprintf(ttyinfo.speed, 21, "64 kbits"); + snprintf(ttyinfo.flags, 31, "XA,X75,CM"); ttyinfo.type = ISDN; ttyinfo.available = FALSE; ttyinfo.callout = TRUE; ttyinfo.honor_zmh = TRUE; - sprintf(ttyinfo.name, "ISDN line #%d", i+1); + snprintf(ttyinfo.name, 36, "ISDN line #%d", i+1); fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); count++; } for (i = 0; i < 4; i++) { memset(&ttyinfo, 0, sizeof(ttyinfo)); - sprintf(ttyinfo.comment, "Modem line %d", i+1); + snprintf(ttyinfo.comment, 41, "Modem line %d", i+1); #if defined(__linux__) - sprintf(ttyinfo.tty, "ttyS%d", i); + snprintf(ttyinfo.tty, 7, "ttyS%d", i); #elif defined(__FreeBSD__) - sprintf(ttyinfo.tty, "cuaa%d", i); + snprintf(ttyinfo.tty, 7, "cuaa%d", i); #elif defined(__NetBSD__) - sprintf(ttyinfo.tty, "tty%c", i + 'a'); // NetBSD on a Sparc, how about PC's? + snprintf(ttyinfo.tty, 7, "tty%c", i + 'a'); // NetBSD on a Sparc, how about PC's? #elif defined(__OpenBSD__) - sprintf(ttyinfo.tty, "tty0%d", i); + snprintf(ttyinfo.tty, 7, "tty0%d", i); #else #error "Don't know the tty name of the serial ports on this OS" #endif - sprintf(ttyinfo.speed, "33.6 kbits"); - sprintf(ttyinfo.flags, "CM,XA,V32B,V42B,V34"); + snprintf(ttyinfo.speed, 21, "33.6 kbits"); + snprintf(ttyinfo.flags, 31, "CM,XA,V32B,V42B,V34"); ttyinfo.type = POTS; ttyinfo.available = FALSE; ttyinfo.callout = TRUE; @@ -187,7 +187,7 @@ int CountTtyinfo(void) #else ttyinfo.portspeed = 57600; #endif - sprintf(ttyinfo.name, "Modem line #%d", i+1); + snprintf(ttyinfo.name, 36, "Modem line #%d", i+1); fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); count++; } @@ -222,8 +222,8 @@ int OpenTtyinfo(void) char fnin[PATH_MAX], fnout[PATH_MAX]; long oldsize; - sprintf(fnin, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fin); @@ -271,8 +271,8 @@ void CloseTtyinfo(int force) FILE *fi, *fo; st_list *tty = NULL, *tmp; - sprintf(fin, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); if (TtyUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -316,7 +316,7 @@ int AppendTtyinfo(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&ttyinfo, 0, sizeof(ttyinfo)); fwrite(&ttyinfo, sizeof(ttyinfo), 1, fil); @@ -368,7 +368,7 @@ int EditTtyRec(int Area) working(1, 0, 0); IsDoing("Edit Ttyinfo"); - sprintf(mfile, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -501,7 +501,7 @@ void EditTtyinfo(void) mbse_mvprintw( 5, 4, "6. TTY LINES SETUP"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.temp", getenv("MBSE_ROOT")); if ((fil = fopen(temp, "r")) != NULL) { fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fil); x = 2; @@ -520,7 +520,7 @@ void EditTtyinfo(void) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-6s %-25s", o+i, ttyinfo.tty, ttyinfo.comment); + snprintf(temp, 81, "%3d. %-6s %-25s", o+i, ttyinfo.tty, ttyinfo.comment); temp[37] = 0; mbse_mvprintw(y, x, temp); y++; @@ -577,7 +577,7 @@ int tty_doc(FILE *fp, FILE *toc, int page) FILE *wp, *ip, *tty; int j; - sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((tty = fopen(temp, "r")) == NULL) return page; @@ -602,7 +602,7 @@ int tty_doc(FILE *fp, FILE *toc, int page) j = 0; } - sprintf(temp, "ttyinfo_%s.html", ttyinfo.tty); + snprintf(temp, 81, "ttyinfo_%s.html", ttyinfo.tty); fprintf(ip, "%s%s%s\n", temp, ttyinfo.tty, ttyinfo.comment, getboolean(ttyinfo.available)); if ((wp = open_webdoc(temp, (char *)"TTY Line", ttyinfo.comment))) { diff --git a/mbsetup/m_users.c b/mbsetup/m_users.c index 312039e7..ada2669e 100644 --- a/mbsetup/m_users.c +++ b/mbsetup/m_users.c @@ -55,7 +55,7 @@ int CountUsers(void) char ffile[PATH_MAX]; int count; - sprintf(ffile, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { Syslog('+', "Created new %s", ffile); @@ -94,8 +94,8 @@ int OpenUsers(void) char fnin[PATH_MAX], fnout[PATH_MAX]; long oldsize; - sprintf(fnin, "%s/etc/users.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/users.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { fread(&usrconfighdr, sizeof(usrconfighdr), 1, fin); @@ -150,8 +150,8 @@ void CloseUsers(int force) { char fin[PATH_MAX], fout[PATH_MAX]; - sprintf(fin, "%s/etc/users.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/users.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT")); if (UsrUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -176,7 +176,7 @@ int AppendUsers(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/users.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&usrconfig, 0, sizeof(usrconfig)); usrconfig.MailScan = TRUE; @@ -242,17 +242,17 @@ void Fields1(void) now = usrconfig.tFirstLoginDate; ld = localtime(&now); - sprintf(Date, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, + snprintf(Date, 30, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, ld->tm_mon+1, ld->tm_year + 1900, ld->tm_hour, ld->tm_min, ld->tm_sec); show_str(11,17,19, Date); now = usrconfig.tLastLoginDate; ld = localtime(&now); - sprintf(Date, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, + snprintf(Date, 30, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, ld->tm_mon+1, ld->tm_year + 1900, ld->tm_hour, ld->tm_min, ld->tm_sec); show_str(12,17,19, Date); now = usrconfig.tLastPwdChange; ld = localtime(&now); - sprintf(Date, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, + snprintf(Date, 30, "%02d-%02d-%04d %02d:%02d:%02d", ld->tm_mday, ld->tm_mon+1, ld->tm_year + 1900, ld->tm_hour, ld->tm_min, ld->tm_sec); show_str(13,17,19, Date); @@ -333,7 +333,7 @@ void Fields2(void) show_charset(18,17,usrconfig.Charset); show_int( 7,76, usrconfig.iScreenLen); - sprintf(temp, "%c",usrconfig.iLanguage); + snprintf(temp, 4, "%c",usrconfig.iLanguage); show_str( 8,76,1, temp); show_bool( 9,76, usrconfig.HotKeys); show_bool(10,76, usrconfig.GraphMode); @@ -379,7 +379,7 @@ int EditUsrRec2(void) strcpy(usrconfig.Password, temp); usrconfig.tLastPwdChange = time(NULL); Syslog('+', "%s/bin/mbpasswd %s ******", getenv("MBSE_ROOT"), usrconfig.Name); - sprintf(temp, "%s/bin/mbpasswd", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/bin/mbpasswd", getenv("MBSE_ROOT")); memset(args, 0, sizeof(args)); args[0] = temp; args[1] = usrconfig.Name; @@ -454,7 +454,7 @@ void Reset_Time(void) FILE *pLimits; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/limits.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/limits.data", getenv("MBSE_ROOT")); if ((pLimits = fopen(temp,"r")) == NULL) { WriteError("$Can't open %s", temp); } else { @@ -491,7 +491,7 @@ int EditUsrRec(int Area) working(1, 0, 0); IsDoing("Edit Users"); - sprintf(mfile, "%s/etc/users.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -607,7 +607,7 @@ void EditUsers(void) mbse_mvprintw( 5, 3, "15. USERS EDITOR"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/users.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT")); working(1, 0, 0); if ((fil = fopen(temp, "r")) != NULL) { fread(&usrconfighdr, sizeof(usrconfighdr), 1, fil); @@ -627,7 +627,7 @@ void EditUsers(void) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-32s", o + i, usrconfig.sUserName); + snprintf(temp, 81, "%3d. %-32s", o + i, usrconfig.sUserName); temp[37] = 0; mbse_mvprintw(y, x, temp); y++; @@ -685,7 +685,7 @@ void users_doc(void) FILE *wp, *ip, *fp; int nr = 0; - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) return; @@ -697,7 +697,7 @@ void users_doc(void) while (fread(&usrconfig, usrconfighdr.recsize, 1, fp) == 1) { nr++; - sprintf(temp, "user_%d.html", nr); + snprintf(temp, 81, "user_%d.html", nr); fprintf(ip, "
  • %s
    • \n", temp, usrconfig.sUserName); if ((wp = open_webdoc(temp, (char *)"BBS User", usrconfig.sUserName))) { fprintf(wp, "Main Back\n"); @@ -748,7 +748,7 @@ void users_doc(void) add_webtable(wp, (char *)"Archiver", usrconfig.Archiver); add_webtable(wp, (char *)"Character set", getftnchrs(usrconfig.Charset)); add_webdigit(wp, (char *)"Screen length", usrconfig.iScreenLen); - sprintf(temp, "%c", usrconfig.iLanguage); + snprintf(temp, 4, "%c", usrconfig.iLanguage); add_webtable(wp, (char *)"Language", temp); add_webtable(wp, (char *)"Use hotkeys", getboolean(usrconfig.HotKeys)); add_webtable(wp, (char *)"ANSI mode", getboolean(usrconfig.GraphMode)); diff --git a/mbsetup/m_virus.c b/mbsetup/m_virus.c index 99876e1a..69861938 100644 --- a/mbsetup/m_virus.c +++ b/mbsetup/m_virus.c @@ -4,7 +4,7 @@ * Purpose ...............: Setup Virus structure. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -53,7 +53,7 @@ int CountVirus(void) char ffile[PATH_MAX]; int count; - sprintf(ffile, "%s/etc/virscan.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { Syslog('+', "Created new %s", ffile); @@ -65,51 +65,51 @@ int CountVirus(void) * Create some default records but don't enable them. */ memset(&virscan, 0, sizeof(virscan)); - sprintf(virscan.comment, "AntiVir/Linux Scanner"); + snprintf(virscan.comment, 41, "AntiVir/Linux Scanner"); if (strlen(_PATH_ANTIVIR)) { - sprintf(virscan.scanner, "%s", _PATH_ANTIVIR); + snprintf(virscan.scanner, 65, "%s", _PATH_ANTIVIR); virscan.available = TRUE; } else { - sprintf(virscan.scanner, "/usr/bin/antivir"); + snprintf(virscan.scanner, 65, "/usr/bin/antivir"); virscan.available = FALSE; } - sprintf(virscan.options, "-allfiles -s -q"); + snprintf(virscan.options, 65, "-allfiles -s -q"); fwrite(&virscan, sizeof(virscan), 1, fil); memset(&virscan, 0, sizeof(virscan)); - sprintf(virscan.comment, "F-Prot scanner"); + snprintf(virscan.comment, 41, "F-Prot scanner"); if (strlen(_PATH_FPROT)) { - sprintf(virscan.scanner, "%s .", _PATH_FPROT); + snprintf(virscan.scanner, 65, "%s .", _PATH_FPROT); virscan.available = TRUE; } else { - sprintf(virscan.scanner, "/usr/local/bin/f-prot ."); + snprintf(virscan.scanner, 65, "/usr/local/bin/f-prot ."); virscan.available = FALSE; } - sprintf(virscan.options, "-archive -silent"); + snprintf(virscan.options, 65, "-archive -silent"); fwrite(&virscan, sizeof(virscan), 1, fil); memset(&virscan, 0, sizeof(virscan)); - sprintf(virscan.comment, "McAfee VirusScan for Linux"); + snprintf(virscan.comment, 41, "McAfee VirusScan for Linux"); if (strlen(_PATH_UVSCAN)) { - sprintf(virscan.scanner, "%s", _PATH_UVSCAN); + snprintf(virscan.scanner, 65, "%s", _PATH_UVSCAN); virscan.available = TRUE; } else { - sprintf(virscan.scanner, "/usr/local/bin/uvscan"); + snprintf(virscan.scanner, 65, "/usr/local/bin/uvscan"); virscan.available = FALSE; } - sprintf(virscan.options, "--noboot --noexpire -r --secure -"); + snprintf(virscan.options, 65, "--noboot --noexpire -r --secure -"); fwrite(&virscan, sizeof(virscan), 1, fil); memset(&virscan, 0, sizeof(virscan)); - sprintf(virscan.comment, "Clam AntiVirus"); + snprintf(virscan.comment, 41, "Clam AntiVirus"); if (strlen(_PATH_CLAMAV)) { - sprintf(virscan.scanner, "%s", _PATH_CLAMAV); + snprintf(virscan.scanner, 65, "%s", _PATH_CLAMAV); virscan.available = TRUE; } else { - sprintf(virscan.scanner, "/usr/local/bin/clamscan"); + snprintf(virscan.scanner, 65, "/usr/local/bin/clamscan"); virscan.available = FALSE; } - sprintf(virscan.options, "--quiet --recursive"); + snprintf(virscan.options, 65, "--quiet --recursive"); fwrite(&virscan, sizeof(virscan), 1, fil); fclose(fil); @@ -141,8 +141,8 @@ int OpenVirus(void) char fnin[PATH_MAX], fnout[PATH_MAX]; long oldsize; - sprintf(fnin, "%s/etc/virscan.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { fread(&virscanhdr, sizeof(virscanhdr), 1, fin); @@ -190,8 +190,8 @@ void CloseVirus(int force) FILE *fi, *fo; st_list *vir = NULL, *tmp; - sprintf(fin, "%s/etc/virscan.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/virscan.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); if (VirUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -234,7 +234,7 @@ int AppendVirus(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&virscan, 0, sizeof(virscan)); fwrite(&virscan, sizeof(virscan), 1, fil); @@ -262,7 +262,7 @@ int EditVirRec(int Area) working(1, 0, 0); IsDoing("Edit VirScan"); - sprintf(mfile, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -365,7 +365,7 @@ void EditVirus(void) mbse_mvprintw( 5, 4, "4. VIRUS SCANNERS SETUP"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/virscan.temp", getenv("MBSE_ROOT")); if ((fil = fopen(temp, "r")) != NULL) { fread(&virscanhdr, sizeof(virscanhdr), 1, fil); x = 2; @@ -383,7 +383,7 @@ void EditVirus(void) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-32s", i, virscan.comment); + snprintf(temp, 81, "%3d. %-32s", i, virscan.comment); temp[37] = 0; mbse_mvprintw(y, x, temp); y++; @@ -429,7 +429,7 @@ int virus_doc(FILE *fp, FILE *toc, int page) FILE *wp, *ip, *vir; int nr = 0, j; - sprintf(temp, "%s/etc/virscan.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/virscan.data", getenv("MBSE_ROOT")); if ((vir = fopen(temp, "r")) == NULL) return page; @@ -455,7 +455,7 @@ int virus_doc(FILE *fp, FILE *toc, int page) } nr++; - sprintf(temp, "virscan_%d.html", nr); + snprintf(temp, 81, "virscan_%d.html", nr); fprintf(ip, "%d%s%s\n", temp, nr, virscan.comment, getboolean(virscan.available)); if ((wp = open_webdoc(temp, (char *)"Virus Scanner", virscan.comment))) {