Secured sprintf with snprintf
This commit is contained in:
Michiel Broek
parent
4feb9cfa3e
commit
c515cbcd24
@ -67,7 +67,7 @@ void Kill(void)
|
||||
printf("Kill/move files...\n");
|
||||
}
|
||||
|
||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||
WriteError("Can't open %s", sAreas);
|
||||
@ -148,8 +148,8 @@ void Kill(void)
|
||||
if (area.MoveArea) {
|
||||
fseek(pAreas, ((area.MoveArea -1) * areahdr.recsize) + areahdr.hdrsize, SEEK_SET);
|
||||
fread(&darea, areahdr.recsize, 1, pAreas);
|
||||
sprintf(from, "%s/%s", area.Path, fdb.Name);
|
||||
sprintf(to, "%s/%s", darea.Path, fdb.Name);
|
||||
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||
snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
|
||||
if ((rc = file_mv(from, to)) == 0) {
|
||||
Syslog('+', "Move %s, area %d => %d", fdb.Name, i, area.MoveArea);
|
||||
if ((dst_area = mbsedb_OpenFDB(area.MoveArea, 30))) {
|
||||
@ -162,22 +162,22 @@ void Kill(void)
|
||||
/*
|
||||
* Now again if there is a dotted version (thumbnail) of this file.
|
||||
*/
|
||||
sprintf(from, "%s/.%s", area.Path, fdb.Name);
|
||||
sprintf(to, "%s/.%s", darea.Path, fdb.Name);
|
||||
snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||
snprintf(to, PATH_MAX -1, "%s/.%s", darea.Path, fdb.Name);
|
||||
if (file_exist(from, R_OK) == 0)
|
||||
file_mv(from, to);
|
||||
|
||||
/*
|
||||
* Unlink the old symbolic link
|
||||
*/
|
||||
sprintf(from, "%s/%s", area.Path, fdb.LName);
|
||||
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||
unlink(from);
|
||||
|
||||
/*
|
||||
* Create the new symbolic link
|
||||
*/
|
||||
sprintf(from, "%s/%s", darea.Path, fdb.Name);
|
||||
sprintf(to, "%s/%s", darea.Path, fdb.LName);
|
||||
snprintf(from, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
|
||||
snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.LName);
|
||||
symlink(from, to);
|
||||
|
||||
fdb.Deleted = TRUE;
|
||||
@ -199,11 +199,11 @@ void Kill(void)
|
||||
mbsedb_UnlockFDB(fdb_area);
|
||||
}
|
||||
iKilled++;
|
||||
sprintf(from, "%s/%s", area.Path, fdb.LName);
|
||||
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||
unlink(from);
|
||||
sprintf(from, "%s/%s", area.Path, fdb.Name);
|
||||
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||
unlink(from);
|
||||
sprintf(from, "%s/.%s", area.Path, fdb.Name);
|
||||
snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||
unlink(from);
|
||||
}
|
||||
}
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
* Purpose: File Database Maintenance - List areas and totals
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -69,7 +69,7 @@ void ListFileAreas(int Area)
|
||||
sTic = calloc(PATH_MAX, sizeof(char));
|
||||
ticarea = calloc(21, sizeof(char));
|
||||
|
||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||
WriteError("Can't open %s", sAreas);
|
||||
printf("Can't open %s\n", sAreas);
|
||||
@ -83,7 +83,7 @@ void ListFileAreas(int Area)
|
||||
if (Area) {
|
||||
IsDoing("List area %d", Area);
|
||||
|
||||
sprintf(sTic, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sTic, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
if ((pTic = fopen(sTic, "r")) == NULL) {
|
||||
WriteError("Can't open %s", sTic);
|
||||
printf("Can't open %s\n", sTic);
|
||||
@ -121,7 +121,7 @@ void ListFileAreas(int Area)
|
||||
mbse_colour(LIGHTGRAY, BLACK);
|
||||
|
||||
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
||||
sprintf(flags, "---");
|
||||
snprintf(flags, 3, "---");
|
||||
if (fdb.Deleted)
|
||||
flags[0] = 'D';
|
||||
if (fdb.NoKill)
|
||||
|
||||
@ -61,7 +61,7 @@ void PackFileBase(void)
|
||||
printf("Packing file database...\n");
|
||||
}
|
||||
|
||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||
WriteError("Can't open %s", sAreas);
|
||||
@ -102,18 +102,18 @@ void PackFileBase(void)
|
||||
Syslog('+', "Removed double record file \"%s\" from area %d", fdb.LName, i);
|
||||
} else {
|
||||
Syslog('+', "Removed file \"%s\" from area %d", fdb.LName, i);
|
||||
sprintf(fn, "%s/%s", area.Path, fdb.LName);
|
||||
snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||
rc = unlink(fn);
|
||||
if (rc && (errno != ENOENT))
|
||||
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
||||
sprintf(fn, "%s/%s", area.Path, fdb.Name);
|
||||
snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||
rc = unlink(fn);
|
||||
if (rc && (errno != ENOENT))
|
||||
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
||||
/*
|
||||
* If a dotted version (thumbnail) exists, remove it silently
|
||||
*/
|
||||
sprintf(fn, "%s/.%s", area.Path, fdb.Name);
|
||||
snprintf(fn, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||
unlink(fn);
|
||||
}
|
||||
do_index = TRUE;
|
||||
|
||||
@ -90,7 +90,7 @@ void ReArc(int Area, char *File)
|
||||
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
||||
if (re_exec(fdb.LName) || re_exec(fdb.Name)) {
|
||||
Syslog('+', "Will rearc %s", fdb.LName);
|
||||
sprintf(temp, "%s/%s", area.Path, fdb.Name);
|
||||
snprintf(temp, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||
count++;
|
||||
|
||||
rc = rearc(temp, area.Archiver, do_quiet);
|
||||
@ -105,7 +105,7 @@ void ReArc(int Area, char *File)
|
||||
}
|
||||
|
||||
linkpath = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(linkpath, "%s/%s", area.Path, fdb.LName);
|
||||
snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||
unlink(linkpath);
|
||||
|
||||
Syslog('+', "New name %s", temp);
|
||||
@ -129,7 +129,7 @@ void ReArc(int Area, char *File)
|
||||
*p = '\0';
|
||||
else if ((p = strstr(fdb.Name, "HA")))
|
||||
*p = '\0';
|
||||
sprintf(p, "%s", archiver.name);
|
||||
snprintf(p, 5, "%s", archiver.name);
|
||||
if ((p = strstr(fdb.LName, "arc")))
|
||||
*p = '\0';
|
||||
else if ((p = strstr(fdb.LName, "lha")))
|
||||
@ -154,7 +154,7 @@ void ReArc(int Area, char *File)
|
||||
*p = '\0';
|
||||
else if ((p = strstr(fdb.LName, "ha")))
|
||||
*p = '\0';
|
||||
sprintf(p, "%s", tl(archiver.name));
|
||||
snprintf(p, 5, "%s", tl(archiver.name));
|
||||
Syslog('f', "%s %s", fdb.Name, fdb.LName);
|
||||
fdb.Size = file_size(temp);
|
||||
fdb.Crc32 = file_crc(temp, FALSE);
|
||||
@ -172,7 +172,7 @@ void ReArc(int Area, char *File)
|
||||
if (strcmp(fdb.Name, mname)) {
|
||||
Syslog('+', "Converted 8.3 name to %s", mname);
|
||||
strcpy(fdb.Name, mname);
|
||||
sprintf(mname, "%s/%s", area.Path, fdb.Name);
|
||||
snprintf(mname, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||
rename(temp, mname);
|
||||
strcpy(temp, mname);
|
||||
}
|
||||
@ -186,7 +186,7 @@ void ReArc(int Area, char *File)
|
||||
/*
|
||||
* Update symbolic link to long filename
|
||||
*/
|
||||
sprintf(linkpath, "%s/%s", area.Path, fdb.LName);
|
||||
snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||
symlink(temp, linkpath);
|
||||
free(linkpath);
|
||||
if (strlen(fdb.Magic))
|
||||
|
||||
@ -59,7 +59,7 @@ void SortFileBase(int Area)
|
||||
mbse_colour(CYAN, BLACK);
|
||||
}
|
||||
|
||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||
WriteError("Can't open %s", sAreas);
|
||||
|
||||
@ -596,7 +596,7 @@ void ol_doc(void)
|
||||
fread(&olhdr, sizeof(olhdr), 1, fp);
|
||||
while (fread(&ol, olhdr.recsize, 1, fp) == 1) {
|
||||
nr++;
|
||||
html_massage(ol.Oneline, out);
|
||||
html_massage(ol.Oneline, out, 1023);
|
||||
fprintf(wp, "<TR><TD>%d</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD></TR>\n",
|
||||
nr, out, ol.UserName, ol.DateOfEntry, getboolean(ol.Available));
|
||||
}
|
||||
|
||||
@ -211,9 +211,9 @@ void add_webtable(FILE *fp, char *hstr, char *dstr)
|
||||
{
|
||||
char left[1024], right[1024];
|
||||
|
||||
html_massage(hstr, left);
|
||||
html_massage(hstr, left, 1023);
|
||||
if (strlen(dstr))
|
||||
html_massage(dstr, right);
|
||||
html_massage(dstr, right, 1023);
|
||||
else
|
||||
sprintf(right, " ");
|
||||
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%s</TD></TR>\n", left, right);
|
||||
@ -225,7 +225,7 @@ void add_webdigit(FILE *fp, char *hstr, int digit)
|
||||
{
|
||||
char left[1024];
|
||||
|
||||
html_massage(hstr, left);
|
||||
html_massage(hstr, left, 1023);
|
||||
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%d</TD></TR>\n", left, digit);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user