From c4bf4a8315b361e47e17bb5666603c4e8416b61c Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 15:48:43 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbfido/addbbs.c | 20 +++++++++--------- mbfido/addpkt.c | 8 ++++---- mbfido/aliasdb.c | 8 ++++---- mbfido/announce.c | 30 +++++++++++++-------------- mbfido/areamgr.c | 52 +++++++++++++++++++++++------------------------ mbfido/createf.c | 16 +++++++-------- mbfido/createm.c | 20 +++++++++--------- 7 files changed, 77 insertions(+), 77 deletions(-) diff --git a/mbfido/addbbs.c b/mbfido/addbbs.c index 01522243..2e9f0cae 100644 --- a/mbfido/addbbs.c +++ b/mbfido/addbbs.c @@ -4,7 +4,7 @@ * Purpose ...............: Add TIC file to the BBS * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -68,8 +68,8 @@ int Add_BBS(qualify **qal) if ((fdb_area = mbsedb_OpenFDB(tic.FileArea, 30))) { while (fread(&frec, fdbhdr.recsize, 1, fdb_area->fp) == 1) { if (strcmp(frec.Name, TIC.NewFile) == 0) { - sprintf(temp1, "%s/%s", TIC.Inbound, TIC.NewFile); - sprintf(temp2, "%s/%s", TIC.BBSpath, TIC.NewFile); + snprintf(temp1, PATH_MAX, "%s/%s", TIC.Inbound, TIC.NewFile); + snprintf(temp2, PATH_MAX, "%s/%s", TIC.BBSpath, TIC.NewFile); mkdirs(temp2, 0755); if ((rc = file_cp(temp1, temp2))) { WriteError("Copy to %s failed: %s", temp2, strerror(rc)); @@ -124,7 +124,7 @@ int Add_BBS(qualify **qal) frec.Size = TIC.FileSize; frec.Crc32 = TIC.Crc_Int; frec.Announced = TRUE; - sprintf(frec.Uploader, "Filemgr"); + snprintf(frec.Uploader, 36, "Filemgr"); frec.UploadDate = time(NULL); frec.FileDate = TIC.FileDate; for (i = 0; i <= TIC.File_Id_Ct; i++) { @@ -136,8 +136,8 @@ int Add_BBS(qualify **qal) strncpy(frec.Magic, TIC.TicIn.Magic, sizeof(frec.Magic) -1); } - sprintf(temp1, "%s/%s", TIC.Inbound, TIC.NewFile); - sprintf(temp2, "%s/%s", TIC.BBSpath, frec.Name); + snprintf(temp1, PATH_MAX, "%s/%s", TIC.Inbound, TIC.NewFile); + snprintf(temp2, PATH_MAX, "%s/%s", TIC.BBSpath, frec.Name); mkdirs(temp2, 0755); if ((rc = file_cp(temp1, temp2))) { @@ -166,7 +166,7 @@ int Add_BBS(qualify **qal) } Found = FALSE; lname = calloc(PATH_MAX, sizeof(char)); - sprintf(lname, "%s/%s", TIC.BBSpath, frec.LName); + snprintf(lname, PATH_MAX, "%s/%s", TIC.BBSpath, frec.LName); if (symlink(temp2, lname)) { WriteError("$Create link %s to %s failed", temp2, lname); } @@ -278,10 +278,10 @@ int Add_BBS(qualify **qal) if ((fdb_area = mbsedb_OpenFDB(tic.FileArea, 30))) { while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) { if (fdb.Deleted) { - sprintf(temp2, "%s/%s", area.Path, fdb.LName); + snprintf(temp2, PATH_MAX, "%s/%s", area.Path, fdb.LName); if (unlink(temp2) != 0) WriteError("$Can't unlink file %s", temp2); - sprintf(temp2, "%s/%s", area.Path, fdb.Name); + snprintf(temp2, PATH_MAX, "%s/%s", area.Path, fdb.Name); /* * With the path to the 8.3 name, we can check if this file @@ -299,7 +299,7 @@ int Add_BBS(qualify **qal) if (unlink(temp2) != 0) WriteError("$Can't unlink file %s", temp2); - sprintf(temp2, "%s/.%s", area.Path, fdb.Name); + snprintf(temp2, PATH_MAX, "%s/.%s", area.Path, fdb.Name); unlink(temp2); /* Thumbnail, no logging if there is an error */ } } diff --git a/mbfido/addpkt.c b/mbfido/addpkt.c index 299c7b83..edf1f582 100644 --- a/mbfido/addpkt.c +++ b/mbfido/addpkt.c @@ -4,7 +4,7 @@ * Purpose ...............: Add mail to .pkt * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -65,7 +65,7 @@ int PrepARC(char *Queue, fidoaddr Dest) } pktfile = calloc(PATH_MAX, sizeof(char)); - sprintf(pktfile, "%s/%d.%d.%d.%d/%08lx.pkt", CFG.out_queue, Dest.zone, Dest.net, Dest.node, Dest.point, sequencer()); + snprintf(pktfile, PATH_MAX, "%s/%d.%d.%d.%d/%08lx.pkt", CFG.out_queue, Dest.zone, Dest.net, Dest.node, Dest.point, sequencer()); Syslog('p', "Rename .pkt to %s", pktfile); if (rename(Queue, pktfile)) { @@ -139,7 +139,7 @@ FILE *CreatePkt(char *Queue, fidoaddr Orig, fidoaddr Dest, char *Extension) memset(&str, 0, 8); /* Packet password */ if (SearchNode(Dest)) { if (strlen(nodes.Epasswd)) { - sprintf(str, "%s", nodes.Epasswd); + snprintf(str, 81, "%s", nodes.Epasswd); } } @@ -186,7 +186,7 @@ FILE *OpenPkt(fidoaddr Orig, fidoaddr Dest, char *Extension) Queue = calloc(PATH_MAX, sizeof(char)); - sprintf(Queue, "%s/%d.%d.%d.%d/mailpkt.%s", CFG.out_queue, Dest.zone, Dest.net, Dest.node, Dest.point, Extension); + snprintf(Queue, PATH_MAX, "%s/%d.%d.%d.%d/mailpkt.%s", CFG.out_queue, Dest.zone, Dest.net, Dest.node, Dest.point, Extension); mkdirs(Queue, 0750); if (file_exist(Queue, R_OK)) diff --git a/mbfido/aliasdb.c b/mbfido/aliasdb.c index aca42ed1..a5f72a0c 100644 --- a/mbfido/aliasdb.c +++ b/mbfido/aliasdb.c @@ -4,7 +4,7 @@ * Purpose ...............: Alias Database * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -66,7 +66,7 @@ static int alias_db_init(void) if (opened) return 0; - sprintf(buf, "%s/var/aliases.data", getenv("MBSE_ROOT")); + snprintf(buf, PATH_MAX, "%s/var/aliases.data", getenv("MBSE_ROOT")); if (stat(buf, &stbuf) != 0) { afp = fopen(buf,"a"); if (afp) @@ -141,8 +141,8 @@ int registrate(char *freename, char *address) } } - sprintf(key.freename, "%s", buf); - sprintf(key.address, "%s", address); + snprintf(key.freename, MAXNAME, "%s", buf); + snprintf(key.address, 128, "%s", address); key.dtime = time(NULL); if (fwrite(&key, sizeof(key), 1, afp) != 1) { diff --git a/mbfido/announce.c b/mbfido/announce.c index a35edc14..cd3826d1 100644 --- a/mbfido/announce.c +++ b/mbfido/announce.c @@ -71,7 +71,7 @@ void Uploads() printf(" Checking uploads...\n"); } - sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(sAreas, "r")) == NULL) { WriteError("$Can't open %s", sAreas); free(sAreas); @@ -102,7 +102,7 @@ void Uploads() if (strlen(fdb.TicArea)) strncpy(T_File.Echo, fdb.TicArea, sizeof(T_File.Echo) -1); else - sprintf(T_File.Echo, "AREA %d", i); + snprintf(T_File.Echo, 21, "AREA %d", i); strncpy(T_File.Group, area.NewGroup, sizeof(T_File.Group) -1); strncpy(T_File.Comment, area.Name, sizeof(T_File.Comment) -1); strncpy(T_File.Name, fdb.Name, sizeof(T_File.Name) -1); @@ -112,12 +112,12 @@ void Uploads() T_File.Size = fdb.Size; T_File.SizeKb = fdb.Size / 1024; T_File.Fdate = fdb.FileDate; - sprintf(T_File.Crc, "%08lx", fdb.Crc32); - sprintf(T_File.Desc, "%s %s %s %s", fdb.Desc[0], fdb.Desc[1], fdb.Desc[2], fdb.Desc[3]); + snprintf(T_File.Crc, 9, "%08lx", fdb.Crc32); + snprintf(T_File.Desc, 256, "%s %s %s %s", fdb.Desc[0], fdb.Desc[1], fdb.Desc[2], fdb.Desc[3]); k = 0; for (j = 0; j < 25; j++) { if (strlen(fdb.Desc[j])) { - sprintf(T_File.LDesc[k], "%s", fdb.Desc[j]); + snprintf(T_File.LDesc[k], 49, "%s", fdb.Desc[j]); T_File.LDesc[k][49] = '\0'; k++; } @@ -173,14 +173,14 @@ long StartMsg(void) CountPosted(newfiles.Area); - sprintf(Msg.From, "%s", newfiles.From); - sprintf(Msg.To, "%s", newfiles.Too); + snprintf(Msg.From, 101, "%s", newfiles.From); + snprintf(Msg.To, 101, "%s", newfiles.Too); if (MsgCount == 1) { - sprintf(Msg.Subject, "%s", newfiles.Subject); + snprintf(Msg.Subject, 101, "%s", newfiles.Subject); TotalSize = TotalFiles = 0; } else - sprintf(Msg.Subject, "%s #%d", newfiles.Subject, MsgCount); - sprintf(Msg.FromAddress, "%s", aka2str(newfiles.UseAka)); + snprintf(Msg.Subject, 101, "%s #%d", newfiles.Subject, MsgCount); + snprintf(Msg.FromAddress, 101, "%s", aka2str(newfiles.UseAka)); Msg.Written = time(NULL); Msg.Arrived = time(NULL); Msg.Local = TRUE; @@ -224,7 +224,7 @@ void FinishMsg(int Final, long filepos) Msg_UnLock(); Syslog('+', "Posted message %ld, %d bytes", Msg.Id, Msg.Size); - sprintf(temp, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "a")) != NULL) { fprintf(fp, "%s %lu\n", newfiles.Area, Msg.Id); fclose(fp); @@ -250,7 +250,7 @@ long Report(gr_list *ta, long filepos) time_t ftime; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/toberep.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/toberep.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); return 0; @@ -381,7 +381,7 @@ int Announce() IsDoing("Announce files"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/toberep.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/toberep.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { Syslog('+', "No new files to announce"); free(temp); @@ -421,7 +421,7 @@ int Announce() * At this point we have a sorted list of groups with a counter * indicating howmany files to report in each group. */ - sprintf(temp, "%s/etc/newfiles.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/newfiles.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); if (!do_quiet) @@ -475,7 +475,7 @@ int Announce() tidy_grlist(&fgr); if (rc) { - sprintf(temp, "%s/etc/toberep.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/toberep.data", getenv("MBSE_ROOT")); unlink(temp); } diff --git a/mbfido/areamgr.c b/mbfido/areamgr.c index 1e9f64ea..69bad1ba 100644 --- a/mbfido/areamgr.c +++ b/mbfido/areamgr.c @@ -4,7 +4,7 @@ * Purpose ...............: AreaMgr * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -77,8 +77,8 @@ void A_Help(faddr *t, char *replyid) Mgrlog("AreaMgr: Help"); subject = calloc(255, sizeof(char)); - sprintf(subject,"AreaMgr Help"); - GetRpSubject("areamgr.help",subject,254); + snprintf(subject,255,"AreaMgr Help"); + GetRpSubject("areamgr.help",subject,255); if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject , replyid)) != NULL) { if ((fi = OpenMacro("areamgr.help", nodes.Language, FALSE)) != NULL ) { @@ -132,23 +132,23 @@ void A_List(faddr *t, char *replyid, int Notify) switch (Notify) { case LIST_NOTIFY: Mgrlog("AreaMgr: Notify to %s", ascfnode(t, 0xff)); - sprintf(subject,"AreaMgr Notify"); - GetRpSubject("areamgr.notify.list",subject,254); + snprintf(subject,255,"AreaMgr Notify"); + GetRpSubject("areamgr.notify.list",subject,255); fi = OpenMacro("areamgr.notify.list", nodes.Language, FALSE); break; case LIST_LIST: Mgrlog("AreaMgr: List"); - sprintf(subject,"AreaMgr list"); - GetRpSubject("areamgr.list",subject,254); + snprintf(subject,255,"AreaMgr list"); + GetRpSubject("areamgr.list",subject,255); fi = OpenMacro("areamgr.list", nodes.Language, FALSE); break; case LIST_QUERY: Mgrlog("AreaMgr: Query"); - sprintf(subject,"AreaMgr Query"); - GetRpSubject("areamgr.query",subject,254); + snprintf(subject,255,"AreaMgr Query"); + GetRpSubject("areamgr.query",subject,255); fi = OpenMacro("areamgr.query", nodes.Language, FALSE); break; case LIST_UNLINK: Mgrlog("AreaMgr: Unlinked"); - sprintf(subject,"AreaMgr: Unlinked areas"); - GetRpSubject("areamgr.unlink",subject,254); + snprintf(subject,255,"AreaMgr: Unlinked areas"); + GetRpSubject("areamgr.unlink",subject,255); fi = OpenMacro("areamgr.unlink", nodes.Language, FALSE); break; } @@ -173,7 +173,7 @@ void A_List(faddr *t, char *replyid, int Notify) fgetpos(fi,&fileptr); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -185,7 +185,7 @@ void A_List(faddr *t, char *replyid, int Notify) fread(&msgshdr, sizeof(msgshdr), 1, mp); Cons = msgshdr.syssize / sizeof(System); - sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -333,13 +333,13 @@ void A_Flow(faddr *t, char *replyid, int Notify) if (Notify) { Mgrlog("AreaMgr: Flow report to %s", ascfnode(t, 0xff)); - sprintf(subject,"AreaMgr Notify Flow Report"); - GetRpSubject("areamgr.notify.flow",subject,254); + snprintf(subject,255,"AreaMgr Notify Flow Report"); + GetRpSubject("areamgr.notify.flow",subject,255); fi = OpenMacro("areamgr.notify.flow", nodes.Language, FALSE); } else { Mgrlog("AreaMgr: Flow report"); - sprintf(subject,"AreaMgr Flow Report"); - GetRpSubject("areamgr.flow",subject,254); + snprintf(subject,255,"AreaMgr Flow Report"); + GetRpSubject("areamgr.flow",subject,255); fi = OpenMacro("areamgr.flow", nodes.Language, FALSE); } @@ -356,7 +356,7 @@ void A_Flow(faddr *t, char *replyid, int Notify) msgptr = ftell(qp); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -368,7 +368,7 @@ void A_Flow(faddr *t, char *replyid, int Notify) fread(&msgshdr, sizeof(msgshdr), 1, mp); Cons = msgshdr.syssize / sizeof(System); - sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -487,7 +487,7 @@ void A_Status(faddr *t, char *replyid) faddr *ta; subject = calloc(255, sizeof(char)); - sprintf(subject,"AreaMgr Status"); + snprintf(subject,255,"AreaMgr Status"); Mgrlog("AreaMgr: Status"); if (Miy == 0) @@ -512,7 +512,7 @@ void A_Status(faddr *t, char *replyid) MacroVars("y", "s", ascfnode(ta, 0xf)); tidy_faddr(ta); - GetRpSubject("areamgr.status",subject,254); + GetRpSubject("areamgr.status",subject,255); if ((fi = OpenMacro("areamgr.status", nodes.Language, FALSE)) == NULL ){ MacroClear(); @@ -656,7 +656,7 @@ void A_Connect(faddr *t, char *Area, FILE *tmp) Syslog('m', " Area not found, trying to create"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -801,7 +801,7 @@ void A_All(faddr *t, int Connect, FILE *tmp, char *Grp) free(temp); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -810,7 +810,7 @@ void A_All(faddr *t, int Connect, FILE *tmp, char *Grp) fread(&msgshdr, sizeof(msgshdr), 1, mp); Cons = msgshdr.syssize / sizeof(Sys); - sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -933,7 +933,7 @@ void A_Pause(faddr *t, int Pause, FILE *tmp) Syslog('m', "Bestaka for %s is %s", ascfnode(t, 0x1f), ascfnode(f, 0x1f)); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -1133,7 +1133,7 @@ int AreaMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla subject=calloc(256,sizeof(char)); MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Areamgr"); MacroVars("RABCDE", "ssssss","","","","","",""); - sprintf(subject,"Your AreaMgr request"); + snprintf(subject,256,"Your AreaMgr request"); GetRpSubject("areamgr.responses",subject,72); if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject, replyid)) != NULL) { MacroVars("RABCDE", "ssssss","WELLCOME","","","","",""); diff --git a/mbfido/createf.c b/mbfido/createf.c index f760a6ae..b63c420f 100644 --- a/mbfido/createf.c +++ b/mbfido/createf.c @@ -46,7 +46,7 @@ int create_ticarea(char *farea, faddr *p_from) Syslog('f', "create_ticarea(%s)", farea); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("Can't open %s", temp); free(temp); @@ -96,7 +96,7 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) temp = calloc(PATH_MAX, sizeof(char)); Syslog('f', "Checking file group \"%s\" \"%s\"", fgroup.Name, fgroup.Comment); - sprintf(temp, "%s/%s", CFG.alists_path , fgroup.AreaFile); + snprintf(temp, PATH_MAX, "%s/%s", CFG.alists_path , fgroup.AreaFile); if ((ap = fopen(temp, "r")) == NULL) { WriteError("Filegroup %s: area taglist %s not found", fgroup.Name, temp); free(temp); @@ -192,9 +192,9 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) */ if (SendUplink && SearchNode(fgroup.UpLink)) { if (nodes.UplFmgrBbbs) - sprintf(temp, "file +%s", tag); + snprintf(temp, PATH_MAX, "file +%s", tag); else - sprintf(temp, "+%s", tag); + snprintf(temp, PATH_MAX, "+%s", tag); From = fido2faddr(fgroup.UseAka); To = fido2faddr(fgroup.UpLink); @@ -215,7 +215,7 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) * Open tic area and set filepointer to the end to append * a new record. */ - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); fclose(ap); @@ -231,7 +231,7 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) /* * Open files area, and find a free slot */ - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); fclose(ap); @@ -309,7 +309,7 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) for (i = 0; i < strlen(temp); i++) if (temp[i] == '.') temp[i] = '/'; - sprintf(area.Path, "%s/%s", fgroup.BasePath, temp); + snprintf(area.Path, 81, "%s/%s", fgroup.BasePath, temp); area.DLSec = fgroup.DLSec; area.UPSec = fgroup.UPSec; area.LTSec = fgroup.LTSec; @@ -324,7 +324,7 @@ int CheckTicGroup(char *Area, int SendUplink, faddr *f) /* * Create download path */ - sprintf(temp, "%s/foobar", area.Path); + snprintf(temp, PATH_MAX, "%s/foobar", area.Path); if (!mkdirs(temp, 0775)) WriteError("Can't create %s", temp); diff --git a/mbfido/createm.c b/mbfido/createm.c index 8221d7a4..c881d765 100644 --- a/mbfido/createm.c +++ b/mbfido/createm.c @@ -49,7 +49,7 @@ int create_msgarea(char *marea, faddr *p_from) Syslog('m', "create_msgarea(%s)", marea); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("Can't open %s", temp); free(temp); @@ -98,7 +98,7 @@ int CheckEchoGroup(char *Area, int SendUplink, faddr *f) temp = calloc(PATH_MAX, sizeof(char)); Syslog('m', "Checking echogroup %s %s", mgroup.Name, mgroup.Comment); - sprintf(temp, "%s/%s", CFG.alists_path , mgroup.AreaFile); + snprintf(temp, PATH_MAX, "%s/%s", CFG.alists_path , mgroup.AreaFile); if ((ap = fopen(temp, "r")) == NULL) { WriteError("Echogroup %s: area taglist %s not found", mgroup.Name, temp); free(temp); @@ -130,9 +130,9 @@ int CheckEchoGroup(char *Area, int SendUplink, faddr *f) */ if (SendUplink && SearchNode(mgroup.UpLink)) { if (nodes.UplAmgrBbbs) - sprintf(temp, "echo +%s", tag); + snprintf(temp, PATH_MAX, "echo +%s", tag); else - sprintf(temp, "+%s", tag); + snprintf(temp, PATH_MAX, "+%s", tag); From = fido2faddr(mgroup.UseAka); To = fido2faddr(mgroup.UpLink); if (UplinkRequest(To, From, FALSE, temp)) { @@ -148,7 +148,7 @@ int CheckEchoGroup(char *Area, int SendUplink, faddr *f) tidy_faddr(To); } - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((mp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); fclose(ap); @@ -256,8 +256,8 @@ int CheckEchoGroup(char *Area, int SendUplink, faddr *f) for (i = 0; i < strlen(tag); i++) if (tag[i] == '.') tag[i] = '/'; - sprintf(msgs.Base, "%s/%s", mgroup.BasePath, tag); - sprintf(msgs.Newsgroup, "%s.%s", GetFidoDomain(msgs.Aka.zone), tag); + snprintf(msgs.Base, 65, "%s/%s", mgroup.BasePath, tag); + snprintf(msgs.Newsgroup, 81, "%s.%s", GetFidoDomain(msgs.Aka.zone), tag); for (i = 0; i < strlen(msgs.Newsgroup); i++) { msgs.Newsgroup[i] = tolower(msgs.Newsgroup[i]); if (msgs.Newsgroup[i] == '/') @@ -309,7 +309,7 @@ void msged_areas(FILE *fp) int i = 0; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((no = fopen(temp, "r")) == NULL) { free(temp); return; @@ -363,7 +363,7 @@ void gold_areas(FILE *fp) int i = 0; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((no = fopen(temp, "r")) == NULL) { free(temp); return; @@ -420,7 +420,7 @@ void gold_akamatch(FILE *fp) faddr *want, *ta; int i; - sprintf(temp, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fido = fopen(temp, "r")) == NULL) return;