From cfd968dddbafc7b6b722e9a822280532892cd4d8 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 15:33:23 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbfido/dirlock.c | 12 +- mbfido/dirsession.c | 10 +- mbfido/fflist.c | 12 +- mbfido/filefind.c | 30 +-- mbfido/filemgr.c | 36 ++-- mbfido/forward.c | 14 +- mbfido/fsort.c | 6 +- mbfido/ftn2rfc.c | 433 ++++++++++++++++++++++---------------------- 8 files changed, 278 insertions(+), 275 deletions(-) diff --git a/mbfido/dirlock.c b/mbfido/dirlock.c index 484f029e..28b57edf 100644 --- a/mbfido/dirlock.c +++ b/mbfido/dirlock.c @@ -4,7 +4,7 @@ * Purpose ...............: Lock mbfido processing. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -49,10 +49,10 @@ int lockdir(char *directory) Tmpfile = calloc(PATH_MAX, sizeof(char)); lockfile = calloc(PATH_MAX, sizeof(char)); - sprintf(Tmpfile, "%s/", directory); + snprintf(Tmpfile, PATH_MAX, "%s/", directory); strcpy(lockfile, Tmpfile); - sprintf(Tmpfile + strlen(Tmpfile), "%s%u", TMPNAME, getpid()); - sprintf(lockfile + strlen(lockfile), "%s", LCKNAME); + snprintf(Tmpfile + strlen(Tmpfile), PATH_MAX, "%s%u", TMPNAME, getpid()); + snprintf(lockfile + strlen(lockfile), PATH_MAX - strlen(lockfile), "%s", LCKNAME); if ((fp = fopen(Tmpfile, "w")) == NULL) { WriteError("$Can't create lockfile \"%s\"", Tmpfile); @@ -120,8 +120,8 @@ void ulockdir(char *directory) pid_t oldpid; lockfile = calloc(PATH_MAX, sizeof(char)); - sprintf(lockfile, "%s/", directory); - sprintf(lockfile + strlen(lockfile), "%s", LCKNAME); + snprintf(lockfile, PATH_MAX, "%s/", directory); + snprintf(lockfile + strlen(lockfile), PATH_MAX - strlen(lockfile), "%s", LCKNAME); if ((fp = fopen(lockfile, "r")) == NULL) { /* diff --git a/mbfido/dirsession.c b/mbfido/dirsession.c index 10a341c3..812946b5 100644 --- a/mbfido/dirsession.c +++ b/mbfido/dirsession.c @@ -4,7 +4,7 @@ * Purpose ...............: Directory Mail/Files sessions * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -150,7 +150,7 @@ int dirinbound(void) Syslog('m', "Starting directory inbound sessions"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/nodes.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/nodes.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) != NULL) { fread(&nodeshdr, sizeof(nodeshdr), 1, fp); @@ -169,7 +169,7 @@ int dirinbound(void) too = calloc(PATH_MAX, sizeof(char)); while ((de = readdir(dp))) { if (strcmp(de->d_name, ".") && strcmp(de->d_name, "..")) { - sprintf(from, "%s/%s", nodes.Dir_in_path, de->d_name); + snprintf(from, PATH_MAX, "%s/%s", nodes.Dir_in_path, de->d_name); if (access(from, R_OK | W_OK)) { WriteError("$No rights to move %s", from); } else { @@ -178,9 +178,9 @@ int dirinbound(void) * protected or unprotected inbound. */ if (do_unprot) - sprintf(too, "%s/%s", CFG.inbound, de->d_name); + snprintf(too, PATH_MAX, "%s/%s", CFG.inbound, de->d_name); else - sprintf(too, "%s/%s", CFG.pinbound, de->d_name); + snprintf(too, PATH_MAX, "%s/%s", CFG.pinbound, de->d_name); if (access(too, F_OK) == 0) { WriteError("File %s already in inbound, skip", too); } else { diff --git a/mbfido/fflist.c b/mbfido/fflist.c index 329d44d8..4d670feb 100644 --- a/mbfido/fflist.c +++ b/mbfido/fflist.c @@ -4,7 +4,7 @@ * Purpose ...............: Announce new files and FileFind * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:2801/16 * Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl @@ -59,15 +59,15 @@ void fill_fflist(ff_list **fdp) ff_list *tmp, *ta; b = calloc(44, sizeof(char)); - sprintf(b, "%s~", Msg.FromAddress); + snprintf(b, 44, "%s~", Msg.FromAddress); /* * Add a new record */ tmp = (ff_list *)malloc(sizeof(ff_list)); tmp->next = NULL; - sprintf(tmp->from, "%s", Msg.From); - sprintf(tmp->subject, "%s", Msg.Subject); + snprintf(tmp->from, 36, "%s", Msg.From); + snprintf(tmp->subject, 72, "%s", Msg.Subject); if (strchr(b, '.') == NULL) { tmp->zone = atoi(strtok(b, ":")); tmp->net = atoi(strtok(NULL, "/")); @@ -78,7 +78,7 @@ void fill_fflist(ff_list **fdp) tmp->node = atoi(strtok(NULL, ".")); tmp->point = atoi(strtok(NULL, "~")); } - sprintf(tmp->msgid, "%s", Msg.Msgid); + snprintf(tmp->msgid, 81, "%s", Msg.Msgid); tmp->msgnr = Msg.Id; tmp->done = FALSE; @@ -127,7 +127,7 @@ void fill_rflist(rf_list **fdp, char *fname, unsigned long larea) */ tmp = (rf_list *)malloc(sizeof(rf_list)); tmp->next = NULL; - sprintf(tmp->filename, "%s", fname); + snprintf(tmp->filename, 15, "%s", fname); tmp->area = larea; /* diff --git a/mbfido/filefind.c b/mbfido/filefind.c index 62e6f6c8..3531085d 100644 --- a/mbfido/filefind.c +++ b/mbfido/filefind.c @@ -171,16 +171,16 @@ long StartReply(ff_list *ffl) temp = calloc(PATH_MAX, sizeof(char)); - sprintf(Msg.From, "%s", CFG.sysop_name); - sprintf(Msg.To, "%s", ffl->from); - sprintf(Msg.Subject, "Re: %s", ffl->subject); - sprintf(Msg.FromAddress, "%s", aka2str(scanmgr.Aka)); + snprintf(Msg.From, 101, "%s", CFG.sysop_name); + snprintf(Msg.To, 101, "%s", ffl->from); + snprintf(Msg.Subject, 101, "Re: %s", ffl->subject); + snprintf(Msg.FromAddress, 101, "%s", aka2str(scanmgr.Aka)); Msg.Written = time(NULL); Msg.Arrived = time(NULL); Msg.Local = TRUE; if (scanmgr.NetReply){ Msg.Netmail = TRUE; - sprintf(Msg.ToAddress, "%d:%d/%d.%d", ffl->zone, ffl->net, ffl->node, ffl->point); + snprintf(Msg.ToAddress, 101, "%d:%d/%d.%d", ffl->zone, ffl->net, ffl->node, ffl->point); Msg.Private = TRUE; } else Msg.Echomail = TRUE; @@ -189,7 +189,7 @@ long StartReply(ff_list *ffl) * Start message text including kludges */ Msg_Id(scanmgr.Aka); - sprintf(temp, "\001REPLY: %s", ffl->msgid); + snprintf(temp, PATH_MAX, "\001REPLY: %s", ffl->msgid); MsgText_Add2(temp); Msg.ReplyCRC = upd_crc32(temp, crc, strlen(temp)); free(temp); @@ -223,7 +223,7 @@ void FinishReply(int Reported, int Total, long filepos) Msg_UnLock(); Syslog('+', "Posted message %ld", Msg.Id); - sprintf(temp, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), scanmgr.NetReply?"net":"echo"); + snprintf(temp, PATH_MAX, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), scanmgr.NetReply?"net":"echo"); if ((fp = fopen(temp, "a")) != NULL) { if (strlen(scanmgr.ReplBoard)) fprintf(fp, "%s %lu\n", scanmgr.ReplBoard, Msg.Id); @@ -260,10 +260,10 @@ void ScanFiles(ff_list *tmp) } kwd = calloc(81, sizeof(char)); - temp = calloc(1024, sizeof(char)); + temp = calloc(PATH_MAX, sizeof(char)); BigDesc = calloc(1230, sizeof(char)); - sprintf(temp, "%s (%d:%d/%d.%d)", tmp->from, tmp->zone, tmp->net, tmp->node, tmp->point); + snprintf(temp, PATH_MAX, "%s (%d:%d/%d.%d)", tmp->from, tmp->zone, tmp->net, tmp->node, tmp->point); Syslog('+', "ff: %s [%s]", temp, tmp->subject); if (!do_quiet) { @@ -276,7 +276,7 @@ void ScanFiles(ff_list *tmp) fflush(stdout); } - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(temp, "r")) != NULL) { fread(&areahdr, sizeof(areahdr), 1, pAreas); @@ -295,8 +295,8 @@ void ScanFiles(ff_list *tmp) if ((fdb_area = mbsedb_OpenFDB(areanr, 30))) { while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) { for (i = 0; i < 25; i++) - sprintf(BigDesc, "%s%s", BigDesc, *(fdb.Desc + i)); - sprintf(temp, "%s", tmp->subject); + snprintf(BigDesc, 1230, "%s%s", BigDesc, *(fdb.Desc + i)); + snprintf(temp, PATH_MAX, "%s", tmp->subject); Found = FALSE; while (strlen(temp) && (!Found)) { @@ -314,7 +314,7 @@ void ScanFiles(ff_list *tmp) temp[j] = temp[j+i+1]; temp[j] = '\0'; } else { - sprintf(kwd, "%s", temp); + snprintf(kwd, 81, "%s", temp); temp[0] = '\0'; } @@ -371,7 +371,7 @@ void ScanFiles(ff_list *tmp) if (((filepos = StartReply(tmp)) != -1) && ((fi = OpenMacro(scanmgr.template, scanmgr.Language, FALSE)) != NULL)) { areanr = 0; - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(temp, "r")) != NULL) { fread(&areahdr, sizeof(areahdr), 1, pAreas); @@ -494,7 +494,7 @@ int Filefind() Syslog('+', "Processing FileFind requests"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); diff --git a/mbfido/filemgr.c b/mbfido/filemgr.c index 70c021a8..3eb8f8fe 100644 --- a/mbfido/filemgr.c +++ b/mbfido/filemgr.c @@ -4,7 +4,7 @@ * Purpose ...............: FileMgr * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -71,7 +71,7 @@ void F_Help(faddr *t, char *replyid) Mgrlog("FileMgr: Help"); subject=calloc(255,sizeof(char)); - sprintf(subject,"FileMgr help"); + snprintf(subject,255,"FileMgr help"); GetRpSubject("filemgr.help",subject,254); if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) { @@ -121,22 +121,22 @@ void F_List(faddr *t, char *replyid, int Notify) switch (Notify) { case LIST_NOTIFY: Mgrlog("FileMgr: Notify to %s", ascfnode(t, 0xff)); - sprintf(subject,"FileMgr Notify"); - GetRpSubject("filemgr.notify.list",subject,254); + snprintf(subject,255,"FileMgr Notify"); + GetRpSubject("filemgr.notify.list",subject,255); fi=OpenMacro("filemgr.notify.list", nodes.Language, FALSE); break; case LIST_LIST: Mgrlog("FileMgr: List"); - sprintf(subject,"FileMgr list"); - GetRpSubject("filemgr.list",subject,254); + snprintf(subject,255,"FileMgr list"); + GetRpSubject("filemgr.list",subject,255); fi=OpenMacro("filemgr.list", nodes.Language, FALSE); break; case LIST_QUERY: Mgrlog("FileMgr: Query"); - sprintf(subject,"FileMgr Query"); - GetRpSubject("filemgr.query",subject,254); + snprintf(subject,255,"FileMgr Query"); + GetRpSubject("filemgr.query",subject,255); fi=OpenMacro("filemgr.query", nodes.Language, FALSE); break; default: Mgrlog("FileMgr: Unlinked"); - sprintf(subject,"FileMgr: Unlinked areas"); + snprintf(subject,255,"FileMgr: Unlinked areas"); GetRpSubject("filemgr.unlink",subject,254); fi=OpenMacro("filemgr.unlink", nodes.Language, FALSE); break; @@ -161,7 +161,7 @@ void F_List(faddr *t, char *replyid, int Notify) MacroRead(fi, qp); fgetpos(fi,&fileptr); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -173,7 +173,7 @@ void F_List(faddr *t, char *replyid, int Notify) fread(&tichdr, sizeof(tichdr), 1, fp); Cons = tichdr.syssize / sizeof(System); - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -295,7 +295,7 @@ void F_Status(faddr *t, char *replyid) char *subject; subject = calloc(255, sizeof(char)); - sprintf(subject,"FileMgr Status"); + snprintf(subject,255,"FileMgr Status"); Mgrlog("FileMgr: Status"); if (Miy == 0) i = 11; @@ -463,7 +463,7 @@ void F_Connect(faddr *t, char *Area, FILE *tmp) Syslog('f', " Area not found, trying to create"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -605,7 +605,7 @@ void F_All(faddr *t, int Connect, FILE *tmp, char *Grp) f = bestaka_s(t); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -614,7 +614,7 @@ void F_All(faddr *t, int Connect, FILE *tmp, char *Grp) fread(&tichdr, sizeof(tichdr), 1, fp); Cons = tichdr.syssize / sizeof(Sys); - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((gp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -737,7 +737,7 @@ void F_Pause(faddr *t, int Pause, FILE *tmp) Syslog('m', "Bestaka for %s is %s", ascfnode(t, 0x1f), ascfnode(f, 0x1f)); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -944,8 +944,8 @@ int FileMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla subject=calloc(256,sizeof(char)); MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Filemgr"); MacroVars("RABCDE", "ssssss","","","","","",""); - sprintf(subject,"Your FileMgr request"); - GetRpSubject("filemgr.responses",subject,72); + snprintf(subject,256,"Your FileMgr request"); + GetRpSubject("filemgr.responses",subject,256); if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) { MacroVars("RABCDE", "ssssss","WELLCOME","","","","",""); MsgResult("filemgr.responses",np,'\r'); diff --git a/mbfido/forward.c b/mbfido/forward.c index 55a05a68..fee1c775 100644 --- a/mbfido/forward.c +++ b/mbfido/forward.c @@ -4,7 +4,7 @@ * Purpose ...............: File forward to a node * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -59,8 +59,8 @@ void ForwardFile(fidoaddr Node, fa_list *sbl) fwdfile = calloc(PATH_MAX, sizeof(char)); queuedir = calloc(PATH_MAX, sizeof(char)); listfile = calloc(PATH_MAX, sizeof(char)); - sprintf(queuedir, "%s/%d.%d.%d.%d", CFG.out_queue, Node.zone, Node.net, Node.node, Node.point); - sprintf(listfile, "%s/.filelist", queuedir); + snprintf(queuedir, PATH_MAX, "%s/%d.%d.%d.%d", CFG.out_queue, Node.zone, Node.net, Node.node, Node.point); + snprintf(listfile, PATH_MAX, "%s/.filelist", queuedir); mkdirs(listfile, 0750); if ((fl = fopen(listfile, "a+")) == NULL) { WriteError("$Can't open %s", listfile); @@ -74,13 +74,13 @@ void ForwardFile(fidoaddr Node, fa_list *sbl) * Create the full filename */ if (TIC.PassThru || TIC.SendOrg) { - sprintf(fwdfile, "%s/%s", TIC.Inbound, TIC.TicIn.File); + snprintf(fwdfile, PATH_MAX, "%s/%s", TIC.Inbound, TIC.TicIn.File); subject = xstrcpy(TIC.TicIn.File); } else { /* * Make sure the file attach is the 8.3 filename */ - sprintf(fwdfile, "%s/%s", TIC.BBSpath, TIC.NewFile); + snprintf(fwdfile, PATH_MAX, "%s/%s", TIC.BBSpath, TIC.NewFile); subject = xstrcpy(TIC.NewFile); } @@ -101,10 +101,10 @@ void ForwardFile(fidoaddr Node, fa_list *sbl) ticfile = calloc(PATH_MAX, sizeof(char)); ticname = calloc(15, sizeof(char)); if (nodes.Tic) { - sprintf(ticname, "%08lx.tic", sequencer()); + snprintf(ticname, 15, "%08lx.tic", sequencer()); subject = xstrcat(subject, (char *)" "); subject = xstrcat(subject, ticname); - sprintf(ticfile, "%s/%s", CFG.ticout, ticname); + snprintf(ticfile, PATH_MAX, "%s/%s", CFG.ticout, ticname); } free(ticname); diff --git a/mbfido/fsort.c b/mbfido/fsort.c index 7989378f..2528cc24 100644 --- a/mbfido/fsort.c +++ b/mbfido/fsort.c @@ -4,7 +4,7 @@ * Purpose ...............: File sort * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -59,7 +59,7 @@ void fill_fdlist(fd_list **fdp, char *filename, time_t filedate) tmp = (fd_list *)malloc(sizeof(fd_list)); tmp->next = *fdp; - sprintf(tmp->fname, "%s", filename); + snprintf(tmp->fname, 65, "%s", filename); tmp->fdate = filedate; *fdp = tmp; } @@ -130,7 +130,7 @@ char *pull_fdlist(fd_list **fdp) ta = *fdp; memset(&buf, 0, sizeof(buf)); - sprintf(buf, "%s", ta->fname); + snprintf(buf, PATH_MAX, "%s", ta->fname); if (ta->next != NULL) *fdp = ta->next; diff --git a/mbfido/ftn2rfc.c b/mbfido/ftn2rfc.c index e4445831..09287057 100644 --- a/mbfido/ftn2rfc.c +++ b/mbfido/ftn2rfc.c @@ -101,93 +101,96 @@ static char *rbuf; char *rfcmsgid(char *, faddr *); char *rfcmsgid(char *msgid, faddr *bestaka) { - char *p, *q, *r; - unsigned long id = 0L; - faddr *ta = NULL; + char *p, *q, *r; + unsigned long id = 0L; + faddr *ta = NULL; + size_t bufsize; - if (msgid == NULL) - return NULL; + if (msgid == NULL) + return NULL; + /* + * +40 for the additionnal stuff we need to write, should be enough + */ + bufsize = strlen(msgid) + 40; + rbuf = malloc(bufsize); + if ((r = strrchr(msgid,'\n'))) + *r = '\0'; + + /* + * sometimes there is "^aMSGID: 1:23/45@@domain 152ad589" + */ + if ((p = strstr(msgid, "@@"))) { + *p='\0'; + strcat(msgid, p+1); + } else if ((p = strstr(msgid,"@ "))) { /* - * +40 for the additionnal stuff we need to write, should be enough + * other times there is "^aMSGID: 1:23/45@ 152ad589" */ - rbuf = malloc(strlen(msgid) + 40); - if ((r = strrchr(msgid,'\n'))) - *r = '\0'; + *p='\0'; + strcat(msgid,p+1); + } + if ((p=strrchr(msgid,' '))) { /* - * sometimes there is "^aMSGID: 1:23/45@@domain 152ad589" + * here we have a parseable address */ - if ((p = strstr(msgid, "@@"))) { - *p='\0'; - strcat(msgid, p+1); - } else if ((p = strstr(msgid,"@ "))) { - /* - * other times there is "^aMSGID: 1:23/45@ 152ad589" - */ - *p='\0'; - strcat(msgid,p+1); - } + *p = '\0'; + sscanf(p+1, "%lx", &id); + ta = parsefnode(msgid); + *p=' '; + } - if ((p=strrchr(msgid,' '))) { - /* - * here we have a parseable address - */ - *p = '\0'; - sscanf(p+1, "%lx", &id); - ta = parsefnode(msgid); - *p=' '; - } - - if (id != 0L) { - /* if we only check for (ta) a Message-ID like - * <123456.7890@internet.domain> will be recognized as - * a fidonet one (ta->node=123456, ta->point=7890, - * ta->domain="internet", but ta->net=0) which obviously - * isn't the case. By cheking also (ta->net) we avoid that - */ - if ((ta) && (ta->net)) { - sprintf(rbuf, "<%lu@%s.ftn>", id, ascinode(ta,0x1f)); - } else { - p = xstrcpy(msgid); - if ((q = strchr(p,' '))) - *q = '\0'; - /* ### Modified by P.Saratxaga on 18 Aug 1995 */ - if (strstr(p, "@")) { - /* "mid__" are generated by gigo */ - if (!strncmp(p, "mid__<", 6)) { - sprintf(rbuf, "%s", p+6); - while ((q = strstr(rbuf, ">_<"))) - *(q+1) = ' '; - } - /* "mid__local@domain" are also generated by gigo */ - else if (!strncmp(p, "mid__", 5)) - sprintf(rbuf, "<%s>", p+5); - /* "wgmid$" */ - else if (!strncmp(p, "wgmid$<", 7)) - sprintf(rbuf, "%s", p+6); - /* in case we have "" */ - else if (!strncmp(p, "<", 1)) - sprintf(rbuf, "%s", p); - /* or "local@domain" */ - else - sprintf(rbuf, "<%s>", p); - while ((q = strchr(rbuf, '@')) != strrchr(rbuf, '@')) { - /* we (still) have more than one @ */ - *q = '%'; - } - } else { - sprintf(rbuf, "<%lu@%s>", id, p); - } - free(p); - } + if (id != 0L) { + /* if we only check for (ta) a Message-ID like + * <123456.7890@internet.domain> will be recognized as + * a fidonet one (ta->node=123456, ta->point=7890, + * ta->domain="internet", but ta->net=0) which obviously + * isn't the case. By cheking also (ta->net) we avoid that + */ + if ((ta) && (ta->net)) { + snprintf(rbuf, bufsize, "<%lu@%s.ftn>", id, ascinode(ta,0x1f)); } else { - sprintf(rbuf, "<%lu@%s.ftn>", (unsigned long)sequencer(), ascinode(bestaka,0x1f)); + p = xstrcpy(msgid); + if ((q = strchr(p,' '))) + *q = '\0'; + /* ### Modified by P.Saratxaga on 18 Aug 1995 */ + if (strstr(p, "@")) { + /* "mid__" are generated by gigo */ + if (!strncmp(p, "mid__<", 6)) { + snprintf(rbuf, bufsize, "%s", p+6); + while ((q = strstr(rbuf, ">_<"))) + *(q+1) = ' '; + + } + /* "mid__local@domain" are also generated by gigo */ + else if (!strncmp(p, "mid__", 5)) + snprintf(rbuf, bufsize, "<%s>", p+5); + /* "wgmid$" */ + else if (!strncmp(p, "wgmid$<", 7)) + snprintf(rbuf, bufsize, "%s", p+6); + /* in case we have "" */ + else if (!strncmp(p, "<", 1)) + snprintf(rbuf, bufsize, "%s", p); + /* or "local@domain" */ + else + snprintf(rbuf, bufsize, "<%s>", p); + while ((q = strchr(rbuf, '@')) != strrchr(rbuf, '@')) { + /* we (still) have more than one @ */ + *q = '%'; + } + } else { + snprintf(rbuf, bufsize, "<%lu@%s>", id, p); + } + free(p); } - tidy_faddr(ta); - if (r) - *r='\n'; - return rbuf; + } else { + snprintf(rbuf, bufsize, "<%lu@%s.ftn>", (unsigned long)sequencer(), ascinode(bestaka,0x1f)); + } + tidy_faddr(ta); + if (r) + *r='\n'; + return rbuf; } @@ -195,8 +198,8 @@ char *rfcmsgid(char *msgid, faddr *bestaka) /* * check address for localness, substitute alises and replace it *in place* */ -void substitude(char *); -void substitute(char *buf) +void substitude(char *, size_t); +void substitute(char *buf, size_t size) { faddr *fa; char *l,*r,*p=NULL; @@ -223,7 +226,7 @@ void substitute(char *buf) Syslog('m', "it is an ftn address: %s",ascfnode(fa,0x7f)); if (is_local(fa)) { Syslog('m', "it is local"); - sprintf(buf,"%s",fa->name); + snprintf(buf,size, "%s",fa->name); if (!strchr(buf,'@') && (p=strrchr(buf,'%'))) *p='@'; if (!strchr(buf,'@')) { @@ -235,15 +238,15 @@ void substitute(char *buf) if ((p = lookup(buf))) strcpy(buf, p); else if (SearchUser(buf)) - sprintf(buf, "%s@%s", usr.Name, CFG.sysdomain); + snprintf(buf, size, "%s@%s", usr.Name, CFG.sysdomain); else if (!strcasecmp(buf,"sysop")) strcpy(buf,"postmaster"); else - sprintf(buf,"%s",ascinode(fa,0x7f)); + snprintf(buf, size, "%s",ascinode(fa,0x7f)); } } else { WriteError("substitute(%s) it is not local, may not happen", buf); - sprintf(buf,"%s",ascinode(fa,0x7f)); + snprintf(buf,size, "%s",ascinode(fa,0x7f)); } tidy_faddr(fa); } else { @@ -648,8 +651,8 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if (*(p = buf + strlen(buf) -1) == '\n') *p='\0'; } else - sprintf(buf,"%s",ascinode(t,0x7f)); - substitute(buf); + snprintf(buf,4096,"%s",ascinode(t,0x7f)); + substitute(buf,4096); Syslog('+', "mail from %s to %s",ascfnode(f,0x7f),buf); To = xstrcpy(buf); @@ -662,15 +665,15 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if ((CFG.EmailMode == E_PRMISP) && (p == NULL)) p=hdr((char *)"From",msg); if (p) - sprintf(MailFrom, "%s", p); + snprintf(MailFrom, 128, "%s", p); else - sprintf(MailFrom, "%s", ascinode(f,0x7f)); + snprintf(MailFrom, 128, "%s", ascinode(f,0x7f)); Syslog('m', "MailFrom: %s", MailFrom); if (To) - sprintf(MailTo, "%s", To); + snprintf(MailTo, 128, "%s", To); else - sprintf(MailTo, "%s", t->name); + snprintf(MailTo, 128, "%s", t->name); Syslog('m', "MailTo: %s", MailTo); /* @@ -701,7 +704,7 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl */ if (!newsopen) { p = calloc(PATH_MAX, sizeof(char)); - sprintf(p, "%s/tmp/newsout", getenv("MBSE_ROOT")); + snprintf(p, PATH_MAX, "%s/tmp/newsout", getenv("MBSE_ROOT")); if ((nfp = fopen(p, "a")) == NULL) { WriteError("$Can't open %s", p); free(p); @@ -759,7 +762,7 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl q = xstrcat(q, p); } else q = xstrcat(q, (char *)"not-for-mail"); - sprintf(temp, "%s\n", q); + snprintf(temp, 32768, "%s\n", q); Send(newsmode, temp); free(q); } @@ -782,12 +785,12 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if (p) { while (*p && isspace(*p)) p++; - sprintf(temp,"Newsgroups: %s\n",newsgroup); + snprintf(temp,32768,"Newsgroups: %s\n",newsgroup); Send(newsmode, temp); - sprintf(temp,"X-Origin-Newsgroups: %s",p); + snprintf(temp,32768,"X-Origin-Newsgroups: %s",p); Send(newsmode, temp); } else { - sprintf(temp,"Newsgroups: %s\n",newsgroup); + snprintf(temp,32768,"Newsgroups: %s\n",newsgroup); Send(newsmode, temp); } @@ -797,7 +800,7 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if (p == NULL) p=hdr((char *)"To",msg); if ((p) && (strcasecmp(p,"All\n"))) { - sprintf(temp,"X-Comment-To:%s", p); + snprintf(temp,32768,"X-Comment-To:%s", p); Send(newsmode, temp); } else { if (p == NULL) @@ -807,61 +810,61 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if (p == NULL) p=hdr((char *)"RFC-To",kmsg); if ((p) && (strcasecmp(p,"All\n"))) { - sprintf(temp,"X-Comment-To: %s", p); + snprintf(temp,32768,"X-Comment-To: %s", p); Send(newsmode, temp); } else if ((t) && (t->name) && (strcasecmp(t->name,"All"))) { - sprintf(temp,"X-Comment-To: %s\n", t->name); + snprintf(temp,32768,"X-Comment-To: %s\n", t->name); Send(newsmode, temp); } else { - sprintf(temp,"X-Comment-To: All\n"); + snprintf(temp,32768,"X-Comment-To: All\n"); Send(newsmode, temp); } } if ((p=hdr((char *)"Approved",msg))) { - sprintf(temp,"Approved:%s",p); + snprintf(temp,32768,"Approved:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Approved",kmsg))) { - sprintf(temp,"Approved: %s",p); + snprintf(temp,32768,"Approved: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Approved",kmsg))) { - sprintf(temp,"Approved: %s",p); + snprintf(temp,32768,"Approved: %s",p); Send(newsmode, temp); } } else { /* if newsmode */ now = time(NULL); Syslog('m', "Should send Received: header for mbfido"); - sprintf(temp, "Received: from %s\n", ascinode(f, 0x3f)); + snprintf(temp, 32768,"Received: from %s\n", ascinode(f, 0x3f)); Send(FALSE, temp); - sprintf(temp, "\tby %s with FTN (mbfido v.%s) id AA%u\n", ascinode(bestaka,0x3f), VERSION, getpid()); + snprintf(temp, 32768,"\tby %s with FTN (mbfido v.%s) id AA%u\n", ascinode(bestaka,0x3f), VERSION, getpid()); Send(FALSE, temp); - sprintf(temp, "\t%s\n", rfcdate(now)); + snprintf(temp, 32768,"\t%s\n", rfcdate(now)); Send(FALSE, temp); Syslog('m', "Is done now"); for (qmsg = kmsg; qmsg; qmsg = qmsg->next) if (!strcasecmp(qmsg->key,"RFC-Received")) { - sprintf(temp, "%s: %s", qmsg->key+4, qmsg->val); + snprintf(temp, 32768, "%s: %s", qmsg->key+4, qmsg->val); Send(FALSE, temp); } for (qmsg = msg; qmsg; qmsg = qmsg->next) if (!strcasecmp(qmsg->key,"Received")) { - sprintf(temp, "%s:%s", qmsg->key, qmsg->val); + snprintf(temp, 32768, "%s:%s", qmsg->key, qmsg->val); Send(FALSE, temp); } if ((p=hdr((char *)"Apparently-To",msg))) { - sprintf(temp, "Apparently-To: %s\n",p); + snprintf(temp, 32768, "Apparently-To: %s\n",p); Send(FALSE, temp); } else if ((p=hdr((char *)"RFC-Apparently-To",kmsg))) { - sprintf(temp, "Apparently-To: %s\n",p); + snprintf(temp, 32768, "Apparently-To: %s\n",p); Send(FALSE, temp); } else if ((p=hdr((char *)"Apparently-To",kmsg))) { - sprintf(temp, "Apparently-To: %s\n",p); + snprintf(temp, 32768, "Apparently-To: %s\n",p); Send(FALSE, temp); } else if ((is_local(t))) { - sprintf(temp, "Apparently-To: %s\n",buf); + snprintf(temp, 32768, "Apparently-To: %s\n",buf); Send(FALSE, temp); } @@ -873,7 +876,7 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl !hdr((char *)"Return-Receipt-To",msg) && !hdr((char *)"RFC-Notice-Requested-Upon-Delivery-To",kmsg) && !hdr((char *)"Notice-Requested-Upon-Delivery-To",msg)) { - sprintf(temp,"Notice-Requested-Upon-Delivery-To: %s\n",buf); + snprintf(temp,32768,"Notice-Requested-Upon-Delivery-To: %s\n",buf); Send(FALSE, temp); } @@ -883,7 +886,7 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl if (p == NULL) p=hdr((char *)"To",msg); if (p) { - sprintf(temp,"To:%s",p); + snprintf(temp,32768,"To:%s",p); Send(FALSE, temp); } else { if (p == NULL) @@ -892,39 +895,39 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl p=hdr((char *)"RFC-To",kmsg); if (p) { Syslog('m', "2"); - sprintf(temp,"To: %s\n",p); + snprintf(temp,32768,"To: %s\n",p); Send(FALSE, temp); } else if (is_local(t)) { Syslog('m', "3"); - sprintf(temp, "To: %s <%s>\n", t->name, buf); + snprintf(temp, 32768, "To: %s <%s>\n", t->name, buf); Send(FALSE, temp); } else { Syslog('m', "4"); - sprintf(temp,"To: %s\n",ascinode(t,0xff)); + snprintf(temp,32768,"To: %s\n",ascinode(t,0xff)); Send(FALSE, temp); } } } if ((p = hdr((char *)"From",msg))) { - sprintf(temp, "From:%s", p); + snprintf(temp, 32768, "From:%s", p); Send(newsmode, temp); } else if ((p = hdr((char *)"RFC-From",kmsg))) { Syslog('m', "b"); - sprintf(temp, "From: %s", p); + snprintf(temp, 32768, "From: %s", p); Send(newsmode, temp); } else if ((p = hdr((char *)"From\n",kmsg))) { Syslog('m', "c"); - sprintf(temp, "From: %s", p); + snprintf(temp, 32768, "From: %s", p); Send(newsmode, temp); } else if ((p = hdr((char *)"X-PcBoard-FROM",msg))) { if (f->name) { while (isspace(*p)) p++; p[strlen(p)-1] = '\0'; - sprintf(temp,"From: %s <%s>\n", f->name, p); + snprintf(temp,32768,"From: %s <%s>\n", f->name, p); } else { - sprintf(temp,"From:%s\n", p); + snprintf(temp,32768,"From:%s\n", p); } Send(newsmode, temp); } else if ((hdr((char *)"REPLYADDR",kmsg)) && (p=xstrcpy(hdr((char *)"REPLYADDR",kmsg)))) { @@ -951,16 +954,16 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl *r--='\0'; } Syslog('m', "d"); - sprintf(temp,"From: \"%s\" <%s>\n", l, p); + snprintf(temp,32768,"From: \"%s\" <%s>\n", l, p); Send(newsmode, temp); free(q); } else if (f->name) { Syslog('m', "e"); - sprintf(temp,"From: \"%s\" <%s>\n", f->name, p); + snprintf(temp,32768,"From: \"%s\" <%s>\n", f->name, p); Send(newsmode, temp); } else { Syslog('m', "f"); - sprintf(temp,"From: %s\n",p); + snprintf(temp,32768,"From: %s\n",p); Send(newsmode, temp); } free(p); @@ -971,41 +974,41 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl * From: (some GoldED versions, not all) then add one here. */ if (p) - sprintf(temp,"X-FTN-Sender: %s\n", ascinode(f,0xff)); + snprintf(temp,32768,"X-FTN-Sender: %s\n", ascinode(f,0xff)); else - sprintf(temp,"From: %s\n", ascinode(f,0xff)); + snprintf(temp,32768,"From: %s\n", ascinode(f,0xff)); Send(newsmode, temp); if ((p=hdr((char *)"Reply-To",msg))) { - sprintf(temp,"Reply-To:%s",p); + snprintf(temp,32768,"Reply-To:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Reply-To",kmsg))) { - sprintf(temp,"Reply-To: %s",p); + snprintf(temp,32768,"Reply-To: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Reply-To",kmsg))) { - sprintf(temp,"Reply-To: %s",p); + snprintf(temp,32768,"Reply-To: %s",p); Send(newsmode, temp); } else if (((p=backalias(f))) && strlen(CFG.sysdomain)) { - sprintf(temp,"Reply-To: %s@%s\n",p,CFG.sysdomain); + snprintf(temp,32768,"Reply-To: %s@%s\n",p,CFG.sysdomain); Send(newsmode, temp); } else if ((p=hdr((char *)"REPLYADDR",kmsg))) { - sprintf(temp,"Reply-To: %s",p); + snprintf(temp,32768,"Reply-To: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"REPLYTO",kmsg))) { ta = parsefaddr(p); - sprintf(temp,"Reply-To: %s\n",ascinode(ta, 0xff)); + snprintf(temp,32768,"Reply-To: %s\n",ascinode(ta, 0xff)); tidy_faddr(ta); Send(newsmode, temp); } if ((p=hdr((char *)"Date",msg))) { - sprintf(temp,"Date:%s",p); + snprintf(temp,32768,"Date:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Date",kmsg))) { - sprintf(temp,"Date: %s",p); + snprintf(temp,32768,"Date: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Date",kmsg))) { - sprintf(temp,"Date: %s",p); + snprintf(temp,32768,"Date: %s",p); Send(newsmode, temp); } else if (newsmode) { /* @@ -1014,53 +1017,53 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl now = time(NULL); if (mdate > now) { Syslog('+', "Future posting: %s", rfcdate(mdate)); - sprintf(temp,"Date: %s\n", rfcdate(now)); + snprintf(temp,32768,"Date: %s\n", rfcdate(now)); Send(newsmode, temp); - sprintf(temp,"X-Origin-Date: %s\n", rfcdate(mdate)); + snprintf(temp,32768,"X-Origin-Date: %s\n", rfcdate(mdate)); Send(newsmode, temp); } else if ((mdate < now-14*24*60*60) && (mdate > time(&now)-21*24*60*60)) { /* * Restamp old postings */ Syslog('+', "Article too old, restamped: %s", rfcdate(mdate)); - sprintf(temp,"Date: %s\n", rfcdate(now)); + snprintf(temp,32768,"Date: %s\n", rfcdate(now)); Send(newsmode, temp); - sprintf(temp,"X-Origin-Date: %s\n", rfcdate(mdate)); + snprintf(temp,32768,"X-Origin-Date: %s\n", rfcdate(mdate)); Send(newsmode, temp); } else { - sprintf(temp,"Date: %s\n",rfcdate(mdate)); + snprintf(temp,32768,"Date: %s\n",rfcdate(mdate)); Send(newsmode, temp); } } else { - sprintf(temp,"Date: %s\n",rfcdate(mdate)); + snprintf(temp,32768,"Date: %s\n",rfcdate(mdate)); Send(newsmode, temp); } if ((p = hdr((char *)"Subject",msg))) - sprintf(temp, "Subject:%s", p); + snprintf(temp, 32768, "Subject:%s", p); else if ((p = hdr((char *)"RFC-Subject",kmsg))) - sprintf(temp, "Subject: %s", p); + snprintf(temp, 32768, "Subject: %s", p); else if ((p = hdr((char *)"Subject",kmsg))) - sprintf(temp, "Subject: %s", p); + snprintf(temp, 32768, "Subject: %s", p); else if ((p = hdr((char *)"X-PcBoard-SUBJECT",msg))) - sprintf(temp, "Subject:%s", p); + snprintf(temp, 32768, "Subject:%s", p); else if (subj && (strspn(subj," \t\n\r") != strlen(subj))) - sprintf(temp, "Subject: %s\n", subj); + snprintf(temp, 32768, "Subject: %s\n", subj); else - sprintf(temp, "Subject: \n"); + snprintf(temp, 32768, "Subject: \n"); Send(newsmode, temp); if ((p=hdr((char *)"Message-ID",msg))) - sprintf(temp,"Message-ID:%s",p); + snprintf(temp,32768, "Message-ID:%s",p); else if ((p=hdr((char *)"RFC-Message-ID",kmsg))) - sprintf(temp,"Message-ID: %s",p); + snprintf(temp,32768, "Message-ID: %s",p); else if ((p=hdr((char *)"Message-ID",kmsg))) - sprintf(temp,"Message-ID: %s",p); + snprintf(temp,32768, "Message-ID: %s",p); else if ((p=hdr((char *)"RFCID",kmsg))) { if ((p[0]=='<')) { /* "^aRFCID: " */ if ((p[strlen(p)-2]=='>')) { - sprintf(temp,"Message-ID: %s",p); + snprintf(temp,32768, "Message-ID: %s",p); /* "^aRFCID: \n",p); + snprintf(temp,32768, "Message-ID: %s>\n",p); } /* "^aRFCID: local@machine" */ } else { p[strlen(p)-1]='\0'; - sprintf(temp,"Message-ID: <%s>\n",p); + snprintf(temp,32768, "Message-ID: <%s>\n",p); } } else if ((p=hdr((char *)"ORIGID",kmsg))) { - sprintf(temp,"Message-ID: %s",p); + snprintf(temp,32768, "Message-ID: %s",p); } else if ((p = hdr((char *)"MSGID",kmsg))) { q = rfcmsgid(p, bestaka); - sprintf(temp,"Message-ID: %s\n", q); + snprintf(temp,32768, "Message-ID: %s\n", q); free(q); } else { - sprintf(temp,"Message-ID: <%lu@%s.ftn>\n", mdate^(subj?str_crc32(subj):0L), ascinode(f,0x1f)); + snprintf(temp,32768, "Message-ID: <%lu@%s.ftn>\n", mdate^(subj?str_crc32(subj):0L), ascinode(f,0x1f)); } Send(newsmode, temp); if (newsmode) { if ((p=hdr((char *)"References",msg))) { - sprintf(temp,"References:%s",p); + snprintf(temp,32768, "References:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-References",kmsg))) { - sprintf(temp,"References: %s",p); + snprintf(temp,32768, "References: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"References",kmsg))) { - sprintf(temp,"References: %s",p); + snprintf(temp,32768, "References: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"ORIGREF",kmsg))) { - sprintf(temp,"References: %s",p); + snprintf(temp,32768, "References: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"REPLY",kmsg))) { q = rfcmsgid(p, bestaka); - sprintf(temp,"References: %s\n", q); + snprintf(temp,32768, "References: %s\n", q); Send(newsmode, temp); free(q); } } else { if ((p=hdr((char *)"In-Reply-To",msg))) { - sprintf(temp,"In-Reply-To:%s",p); + snprintf(temp,32768, "In-Reply-To:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-In-Reply-To",kmsg))) { - sprintf(temp,"In-Reply-To: %s",p); + snprintf(temp,32768, "In-Reply-To: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"REPLY",kmsg))) { q = rfcmsgid(p,bestaka); - sprintf(temp,"In-Reply-To: %s\n", q); + snprintf(temp,32768, "In-Reply-To: %s\n", q); Send(newsmode, temp); free(q); } } if ((p=hdr((char *)"Organization",msg))) { - sprintf(temp,"Organization:%s",p); + snprintf(temp,32768, "Organization:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Organisation",msg))) { - sprintf(temp,"Organization:%s",p); + snprintf(temp,32768, "Organization:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Organization",kmsg))) { - sprintf(temp,"Organization: %s",p); + snprintf(temp,32768, "Organization: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Organisation",kmsg))) { - sprintf(temp,"Organization: %s",p); + snprintf(temp,32768, "Organization: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Organization",kmsg))) { - sprintf(temp,"Organization: %s",p); + snprintf(temp,32768, "Organization: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Organisation",kmsg))) { - sprintf(temp,"Organization: %s",p); + snprintf(temp,32768, "Organization: %s",p); Send(newsmode, temp); } else if (origline) { - sprintf(temp,"Organization: %s\n",origline); + snprintf(temp,32768, "Organization: %s\n",origline); Send(newsmode, temp); } if ((p=hdr((char *)"Supersedes",msg))) { - sprintf(temp,"Supersedes:%s",p); + snprintf(temp,32768, "Supersedes:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Supersedes",kmsg))) { - sprintf(temp,"Supersedes: %s",p); + snprintf(temp,32768, "Supersedes: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Supersedes",kmsg))) { - sprintf(temp,"Supersedes: %s",p); + snprintf(temp,32768, "Supersedes: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"ACUPDATE",kmsg)) && (strstr(p,"MODIFY"))) { q = rfcmsgid(p+8,bestaka); - sprintf(temp,"Supersedes: %s\n", q); + snprintf(temp,32768, "Supersedes: %s\n", q); Send(newsmode, temp); free(q); } if (CFG.allowcontrol) { if ((p=hdr((char *)"Control",msg))) { - sprintf(temp,"Control:%s",p); + snprintf(temp,32768, "Control:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Control",kmsg))) { - sprintf(temp,"Control: %s",p); + snprintf(temp,32768, "Control: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Control",kmsg))) { - sprintf(temp,"Control: %s",p); + snprintf(temp,32768, "Control: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"ACUPDATE",kmsg)) && (strstr(p,"DELETE"))) { q = rfcmsgid(p+8,bestaka); - sprintf(temp,"Control: cancel %s\n", q); + snprintf(temp,32768, "Control: cancel %s\n", q); Send(newsmode, temp); free(q); } } if ((p=hdr((char *)"Mime-Version",msg))) { - sprintf(temp,(char *)"Mime-Version:%s",p); + snprintf(temp,32768, (char *)"Mime-Version:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Mime-Version",kmsg))) { - sprintf(temp,(char *)"Mime-Version: %s",p); + snprintf(temp,32768, (char *)"Mime-Version: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Mime-Version",kmsg))) { - sprintf(temp,(char *)"Mime-Version: %s",p); + snprintf(temp,32768, (char *)"Mime-Version: %s",p); Send(newsmode, temp); } @@ -1193,64 +1196,64 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl * We have setup translation, send the right charset name */ if ((p=hdr((char *)"Content-Type",msg))) { - sprintf(temp, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); + snprintf(temp, 32768, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Content-Type",kmsg))) { - sprintf(temp, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); + snprintf(temp, 32768, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); Send(newsmode, temp); } else if ((p=hdr((char *)"Content-Type",kmsg))) { - sprintf(temp, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); + snprintf(temp, 32768, "Content-Type: text/plain; charset=%s\n", getrfcchrs(msgs.Charset)); Send(newsmode, temp); } if ((p=hdr((char *)"Content-Length",msg))) { - sprintf(temp,"Content-Length%s",p); + snprintf(temp,32768, "Content-Length%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Content-Length",kmsg))) { - sprintf(temp,"Content-Length: %s",p); + snprintf(temp,32768, "Content-Length: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Content-Length",kmsg))) { - sprintf(temp,"Content-Length: %s",p); + snprintf(temp,32768, "Content-Length: %s",p); Send(newsmode, temp); } if ((p=hdr((char *)"Content-Transfer-Encoding",msg))) { - sprintf(temp,"Content-Transfer-Encoding:%s",p); + snprintf(temp,32768, "Content-Transfer-Encoding:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-Content-Transfer-Encoding",kmsg))) { - sprintf(temp,"Content-Transfer-Encoding: %s",p); + snprintf(temp,32768, "Content-Transfer-Encoding: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"Content-Transfer-Encoding",kmsg))) { - sprintf(temp,"Content-Transfer-Encoding: %s",p); + snprintf(temp,32768, "Content-Transfer-Encoding: %s",p); Send(newsmode, temp); } if (newsmode) { if ((p=hdr((char *)"X-Newsreader",msg))) { - sprintf(temp,"X-Newsreader: %s",p); + snprintf(temp,32768, "X-Newsreader: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-X-Newsreader",kmsg))) { - sprintf(temp,"X-Newsreader: %s",p); + snprintf(temp,32768, "X-Newsreader: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"X-Newsreader",kmsg))) { - sprintf(temp,"X-Newsreader: %s",p); + snprintf(temp,32768, "X-Newsreader: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"PID",kmsg))) { - sprintf(temp,"X-Newsreader: %s",p); + snprintf(temp,32768, "X-Newsreader: %s",p); Send(newsmode, temp); } } else { if ((p=hdr((char *)"X-Mailer",msg))) { - sprintf(temp,"X-Mailer:%s",p); + snprintf(temp,32768, "X-Mailer:%s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"RFC-X-Mailer",kmsg))) { - sprintf(temp,"X-Mailer: %s",p); + snprintf(temp,32768, "X-Mailer: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"X-Mailer",kmsg))) { - sprintf(temp,"X-Mailer: %s",p); + snprintf(temp,32768, "X-Mailer: %s",p); Send(newsmode, temp); } else if ((p=hdr((char *)"PID",kmsg))) { - sprintf(temp,"X-Mailer: %s",p); + snprintf(temp,32768, "X-Mailer: %s",p); Send(newsmode, temp); } } @@ -1260,19 +1263,19 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl * GoldED posts news with plain ftn kludges as rfc headers. */ if ((p = hdr((char *)"CHRS", msg))) { - sprintf(temp, "X-FTN-CHRS:%s", p); + snprintf(temp, 32768, "X-FTN-CHRS:%s", p); Send(newsmode, temp); } if ((p = hdr((char *)"MSGID", msg))) { - sprintf(temp, "X-FTN-MSGID:%s", p); + snprintf(temp, 32768, "X-FTN-MSGID:%s", p); Send(newsmode, temp); } if ((p = hdr((char *)"PID", msg))) { - sprintf(temp, "X-FTN-PID:%s", p); + snprintf(temp, 32768, "X-FTN-PID:%s", p); Send(newsmode, temp); } if ((p = hdr((char *)"TZUTC", msg))) { - sprintf(temp, "X-FTN-TZUTC:%s", p); + snprintf(temp, 32768, "X-FTN-TZUTC:%s", p); Send(newsmode, temp); } @@ -1312,13 +1315,13 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl strcasecmp(qmsg->key,"Distribution") && strcasecmp(qmsg->key,"Approved") && strcasecmp(qmsg->key,"Message-ID")) { - sprintf(temp,"%s:%s",qmsg->key,qmsg->val); + snprintf(temp,32768, "%s:%s",qmsg->key,qmsg->val); Send(newsmode, temp); } } if ((p=compose_flags(flags,hdr((char *)"FLAGS",kmsg)))) { - sprintf(temp,"X-FTN-FLAGS:%s\n",p); + snprintf(temp,32768, "X-FTN-FLAGS:%s\n",p); Send(newsmode, temp); free(p); } @@ -1392,19 +1395,19 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl strcasecmp(qmsg->key,"RFC-Approved") && strcasecmp(qmsg->key,"RFC-Message-ID")) { if (!strncmp(qmsg->key,"RFC-",4)) { - sprintf(temp,"%s: %s",qmsg->key+4,qmsg->val); + snprintf(temp,32768, "%s: %s",qmsg->key+4,qmsg->val); Send(newsmode, temp); } else if ((!strncasecmp(qmsg->key,"X-",2)) || (!strncasecmp(qmsg->key,"NNTP-",5))) { - sprintf(temp,"%s: %s",qmsg->key,qmsg->val); + snprintf(temp,32768, "%s: %s",qmsg->key,qmsg->val); Send(newsmode, temp); } else if ((!strncasecmp(qmsg->key,"ZC-",3))) { - sprintf(temp,"X-%s: %s",qmsg->key,qmsg->val); + snprintf(temp,32768, "X-%s: %s",qmsg->key,qmsg->val); Send(newsmode, temp); } else if ((!strcasecmp(qmsg->key,"Origin")) || (!strcasecmp(qmsg->key,"MOOD"))) { - sprintf(temp,"X-FTN-%s: %s",qmsg->key,qmsg->val); + snprintf(temp,32768, "X-FTN-%s: %s",qmsg->key,qmsg->val); Send(newsmode, temp); } else { - sprintf(temp,"X-FTN-%s: %s",qmsg->key,qmsg->val); + snprintf(temp,32768, "X-FTN-%s: %s",qmsg->key,qmsg->val); Send(newsmode, temp); } } @@ -1429,29 +1432,29 @@ int ftn2rfc(faddr *f, faddr *t, char *subj, char *origline, time_t mdate, int fl q = xstrcpy((char*)"X-FTN-PATH:"); for (tmpl = ptl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe," %u",tmpl->addr->node); + snprintf(sbe,16," %u",tmpl->addr->node); else - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); oldnet=tmpl->addr->net; seenlen+=strlen(sbe); if (seenlen > MAXPATH) { seenlen=0; - sprintf(temp, "%s\n", q); + snprintf(temp, 32768, "%s\n", q); Send(newsmode, temp); free(q); q = xstrcpy((char *)"X-FTN-PATH:"); - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); seenlen=strlen(sbe); } q = xstrcat(q, sbe); } - sprintf(temp,"%s\n", q); + snprintf(temp,32768, "%s\n", q); Send(newsmode, temp); free(q); tidy_falist(&ptl); if ((hdr((char *)"X-FTN-SPTH", msg))) { - sprintf(temp,"X-FTN-SPTH: %s\n", ascfnode(bestaka,0x1f)); + snprintf(temp,32768, "X-FTN-SPTH: %s\n", ascfnode(bestaka,0x1f)); Send(newsmode, temp); } }