From e04af3ed02aed320d36390afdad73a4a136bcf8f Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 13:34:43 +0000 Subject: [PATCH] Secured sprintf with snprintf --- lib/clcomm.c | 22 +++++++++++----------- lib/client.c | 4 ++-- lib/diesel.c | 14 +++++++------- lib/faddr.c | 10 +++++----- lib/ftn.c | 40 ++++++++++++++++++++-------------------- lib/ftnmsg.c | 2 +- lib/getheader.c | 2 +- lib/gmtoffset.c | 14 +++++++------- lib/mangle.c | 2 +- lib/mbdiesel.c | 36 ++++++++++++++++++------------------ lib/nntp.c | 6 +++--- lib/nodelist.c | 22 +++++++++++----------- lib/nodelock.c | 2 +- lib/packet.c | 4 ++-- lib/pktname.c | 8 ++++---- lib/rearc.c | 2 +- lib/rfcdate.c | 2 +- lib/semafore.c | 6 +++--- lib/smtp.c | 4 ++-- lib/strutil.c | 16 ++++++++-------- lib/term.c | 2 +- 21 files changed, 110 insertions(+), 110 deletions(-) diff --git a/lib/clcomm.c b/lib/clcomm.c index 665e7679..06109309 100644 --- a/lib/clcomm.c +++ b/lib/clcomm.c @@ -156,7 +156,7 @@ void SockS(const char *format, ...) out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsnprintf(out, SS_BUFSIZE -1, format, va_ptr); + vsnprintf(out, SS_BUFSIZE, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) @@ -177,11 +177,11 @@ char *SockR(const char *format, ...) out = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsnprintf(out, SS_BUFSIZE -1, format, va_ptr); + vsnprintf(out, SS_BUFSIZE, format, va_ptr); va_end(va_ptr); if (socket_send(out) == 0) - snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive()); + snprintf(buf, SS_BUFSIZE, "%s", socket_receive()); free(out); return buf; @@ -198,7 +198,7 @@ void WriteError(const char *format, ...) outputstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsnprintf(outputstr, 10239, format, va_ptr); + vsnprintf(outputstr, 10240, format, va_ptr); va_end(va_ptr); @@ -207,7 +207,7 @@ void WriteError(const char *format, ...) outputstr[i] = ' '; if (*outputstr == '$') - snprintf(outputstr+strlen(outputstr), 10239, ": %s", strerror(errno)); + snprintf(outputstr+strlen(outputstr), 10240, ": %s", strerror(errno)); if (strlen(outputstr) > (SS_BUFSIZE - 64)) { outputstr[SS_BUFSIZE - 65] = ';'; @@ -248,7 +248,7 @@ void Syslog(int level, const char *format, ...) outstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsnprintf(outstr, 10239, format, va_ptr); + vsnprintf(outstr, 10240, format, va_ptr); va_end(va_ptr); Syslogp(level, outstr); free(outstr); @@ -348,7 +348,7 @@ void Mgrlog(const char *format, ...) outstr = calloc(10240, sizeof(char)); va_start(va_ptr, format); - vsnprintf(outstr, 10239, format, va_ptr); + vsnprintf(outstr, 10240, format, va_ptr); va_end(va_ptr); for (i = 0; i < strlen(outstr); i++) @@ -372,7 +372,7 @@ void IsDoing(const char *format, ...) outputstr = calloc(SS_BUFSIZE, sizeof(char)); va_start(va_ptr, format); - vsnprintf(outputstr, SS_BUFSIZE -1, format, va_ptr); + vsnprintf(outputstr, SS_BUFSIZE, format, va_ptr); va_end(va_ptr); SockS("ADOI:2,%d,%s;", mypid, outputstr); @@ -451,7 +451,7 @@ unsigned long sequencer() unsigned long seq = 0; buf = calloc(SS_BUFSIZE, sizeof(char)); - snprintf(buf, SS_BUFSIZE -1, "SSEQ:0;"); + snprintf(buf, SS_BUFSIZE, "SSEQ:0;"); if (socket_send(buf) == 0) { free(buf); @@ -477,10 +477,10 @@ int enoughspace(unsigned long needed) unsigned long avail = 0L; buf = calloc(SS_BUFSIZE, sizeof(char)); - snprintf(buf, SS_BUFSIZE -1, "DSPC:1,%ld;", needed); + snprintf(buf, SS_BUFSIZE, "DSPC:1,%ld;", needed); if (socket_send(buf) == 0) { - snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive()); + snprintf(buf, SS_BUFSIZE, "%s", socket_receive()); res = strtok(buf, ":"); cnt = atoi(strtok(NULL, ",")); if (cnt == 1) { diff --git a/lib/client.c b/lib/client.c index 5d5a6e7e..b51d7f35 100644 --- a/lib/client.c +++ b/lib/client.c @@ -117,7 +117,7 @@ int socket_connect(char *user, char *prg, char *city) /* * Send the information to the server. */ - snprintf(buf, SS_BUFSIZE -1, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city); + snprintf(buf, SS_BUFSIZE, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city); if (socket_send(buf) != 0) { sock = -1; return -1; @@ -198,7 +198,7 @@ int socket_shutdown(pid_t pid) if (sock == -1) return 0; - snprintf(buf, SS_BUFSIZE -1, "ACLO:1,%d;", pid); + snprintf(buf, SS_BUFSIZE, "ACLO:1,%d;", pid); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strncmp(buf, "107:0;", 6) != 0) { diff --git a/lib/diesel.c b/lib/diesel.c index fe332701..c0e8e716 100644 --- a/lib/diesel.c +++ b/lib/diesel.c @@ -441,7 +441,7 @@ static void mledreal(double r, char *edbuf) { int sprec; - V snprintf(edbuf, MAXSTR -1, "%.12f", r); + V snprintf(edbuf, MAXSTR, "%.12f", r); if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) { /* Trim redundant trailing zeroes off the number. */ for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) { @@ -495,7 +495,7 @@ static int rarg(char *argstr, double *realres) #define Dsarg(s) char s[MAXSTR] /* Declare string argument */ #define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE -#define Rint(n) V snprintf(output, MAXSTR -1, "%d", (n)); return TRUE/* Return int */ +#define Rint(n) V snprintf(output, MAXSTR, "%d", (n)); return TRUE/* Return int */ #define Rreal(n) mledreal((n), output); return TRUE /* Return double */ #define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */ @@ -910,7 +910,7 @@ Mfunc(f_edtime) for (i = 0; i < ELEMENTS(pictab); i++) { if (strncasecmp(pp, pictab[i].pname, strlen(pictab[i].pname)) == 0) { - V snprintf(output + strlen(output), MAXSTR -1, pictab[i].pfmt, + V snprintf(output + strlen(output), MAXSTR, pictab[i].pfmt, *pictab[i].pitem); pp += strlen(pictab[i].pname); foundit = TRUE; @@ -1321,7 +1321,7 @@ Mfunc(f_time) { ArgCount(0, 0); - V snprintf(output, MAXSTR -1, "%ld", (long) time((time_t *) NULL)); + V snprintf(output, MAXSTR, "%ld", (long) time((time_t *) NULL)); return TRUE; } #endif /* UNIXTENSIONS */ @@ -1627,7 +1627,7 @@ static int macrovalue(int nargs, char *args, char *output) message, make up a general-purpose message here. */ if (mstat == FALSE) { - V snprintf(output, MAXSTR -1, " @(%s,%c%c) ", macname, '?', '?'); + V snprintf(output, MAXSTR, " @(%s,%c%c) ", macname, '?', '?'); } if (mstat != TRUE) { #ifdef DIESEL_TRACE @@ -1645,7 +1645,7 @@ static int macrovalue(int nargs, char *args, char *output) return TRUE; } } - V snprintf(output, MAXSTR -1, " @(%s)?? ", macname); + V snprintf(output, MAXSTR, " @(%s)?? ", macname); #ifdef DIESEL_TRACE if (tracing) { V printf("Err: %s\n", output); @@ -1673,7 +1673,7 @@ static int macroeval(char **in, char **out) #ifdef ECHOMAC *op++ = ' '; *op++ = '<'; - V snprintf(op, MAXSTR -1, "(%d)", mstat); + V snprintf(op, MAXSTR, "(%d)", mstat); op += strlen(op); ma = margs; while (mstat-- > 0) { diff --git a/lib/faddr.c b/lib/faddr.c index 07f775a1..c9b6cc78 100644 --- a/lib/faddr.c +++ b/lib/faddr.c @@ -48,14 +48,14 @@ char *aka2str(fidoaddr aka) result[0] = '\0'; if (strlen(aka.domain)) { if (aka.point == 0) - snprintf(result, 42, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain); + snprintf(result, 43, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain); else - snprintf(result, 42, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain); + snprintf(result, 43, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain); } else { if (aka.point == 0) - snprintf(result, 42, "%d:%d/%d", aka.zone, aka.net, aka.node); + snprintf(result, 43, "%d:%d/%d", aka.zone, aka.net, aka.node); else - snprintf(result, 42, "%d:%d/%d.%d", aka.zone, aka.net, aka.node, aka.point); + snprintf(result, 43, "%d:%d/%d.%d", aka.zone, aka.net, aka.node, aka.point); } return result; } @@ -84,7 +84,7 @@ fidoaddr str2aka(char *addr) if (strlen(addr) > 42) return n; - snprintf(b, 42, "%s~", addr); + snprintf(b, 43, "%s~", addr); if ((strchr(b, ':') == NULL) || (strchr(b, '/') == NULL)) return n; diff --git a/lib/ftn.c b/lib/ftn.c index 4880e3bb..914ecddb 100644 --- a/lib/ftn.c +++ b/lib/ftn.c @@ -399,9 +399,9 @@ char *ascinode(faddr *a, int fl) if ((strchr(a->name,'.')) || (strchr(a->name,'@')) || (strchr(a->name,'\'')) || (strchr(a->name,',')) || (strchr(a->name,'<')) || (strchr(a->name,'>'))) - snprintf(buf+strlen(buf), 127, "\"%s\" <", a->name); + snprintf(buf+strlen(buf), 128, "\"%s\" <", a->name); else - snprintf(buf+strlen(buf), 127, "%s <", a->name); + snprintf(buf+strlen(buf), 128, "%s <", a->name); } if ((fl & 0x40) && (a->name)) { @@ -466,33 +466,33 @@ char *ascinode(faddr *a, int fl) } if ((fl & 0x01) && (a->point)) - snprintf(buf+strlen(buf), 127, "p%u.", a->point); + snprintf(buf+strlen(buf), 128, "p%u.", a->point); if (fl & 0x02) - snprintf(buf+strlen(buf), 127, "f%u.", a->node); + snprintf(buf+strlen(buf), 128, "f%u.", a->node); if (fl & 0x04) - snprintf(buf+strlen(buf), 127, "n%u.", a->net); + snprintf(buf+strlen(buf), 128, "n%u.", a->net); if ((fl & 0x08) && (a->zone)) - snprintf(buf+strlen(buf), 127, "z%u.", a->zone); + snprintf(buf+strlen(buf), 128, "z%u.", a->zone); buf[strlen(buf)-1]='\0'; if (fl & 0x10) { if (a->domain) - snprintf(buf+strlen(buf), 127, ".%s", a->domain); + snprintf(buf+strlen(buf), 128, ".%s", a->domain); } if (fl & 0x20) { if (a->domain) { if ((fl & 0x10) == 0) - snprintf(buf+strlen(buf), 127, ".%s", a->domain); + snprintf(buf+strlen(buf), 128, ".%s", a->domain); } else { if (SearchFidonet(a->zone)) - snprintf(buf+strlen(buf), 127, ".%s", fidonet.domain); + snprintf(buf+strlen(buf), 128, ".%s", fidonet.domain); else - snprintf(buf+strlen(buf), 127, ".fidonet"); + snprintf(buf+strlen(buf), 128, ".fidonet"); } p = calloc(128, sizeof(char)); - snprintf(p, 127, "%s/etc/domain.data", getenv("MBSE_ROOT")); + snprintf(p, 128, "%s/etc/domain.data", getenv("MBSE_ROOT")); if ((fp = fopen(p, "r")) == NULL) { WriteError("$Can't open %s", p); } else { @@ -509,11 +509,11 @@ char *ascinode(faddr *a, int fl) } free(p); if (!found) - snprintf(buf + strlen(buf), 127, ".ftn"); + snprintf(buf + strlen(buf), 128, ".ftn"); } if ((fl & 0x80) && (a->name)) - snprintf(buf+strlen(buf), 127, ">"); + snprintf(buf+strlen(buf), 128, ">"); return buf; } @@ -535,17 +535,17 @@ char *ascfnode(faddr *a, int fl) buf[0] = '\0'; if ((fl & 0x40) && (a->name)) - snprintf(buf+strlen(buf),127,"%s of ",a->name); + snprintf(buf+strlen(buf),128,"%s of ",a->name); if ((fl & 0x08) && (a->zone)) - snprintf(buf+strlen(buf),127,"%u:",a->zone); + snprintf(buf+strlen(buf),128,"%u:",a->zone); if (fl & 0x04) - snprintf(buf+strlen(buf),127,"%u/",a->net); + snprintf(buf+strlen(buf),128,"%u/",a->net); if (fl & 0x02) - snprintf(buf+strlen(buf),127,"%u",a->node); + snprintf(buf+strlen(buf),128,"%u",a->node); if ((fl & 0x01) && (a->point)) - snprintf(buf+strlen(buf),127,".%u",a->point); + snprintf(buf+strlen(buf),128,".%u",a->point); if ((fl & 0x10) && (a->domain)) - snprintf(buf+strlen(buf),127,"@%s",a->domain); + snprintf(buf+strlen(buf),128,"@%s",a->domain); return buf; } @@ -600,7 +600,7 @@ fidoaddr *faddr2fido(faddr *aka) Sys->node = aka->node; Sys->point = aka->point; if (aka->domain != NULL) - snprintf(Sys->domain, 12, "%s", aka->domain); + snprintf(Sys->domain, 13, "%s", aka->domain); return Sys; } diff --git a/lib/ftnmsg.c b/lib/ftnmsg.c index 085270a2..f2c40427 100644 --- a/lib/ftnmsg.c +++ b/lib/ftnmsg.c @@ -51,7 +51,7 @@ char *ftndate(time_t t) if (ptm->tm_sec > 59) ptm->tm_sec = 59; - snprintf(buf, 31, "%02d %s %02d %02d:%02d:%02d",ptm->tm_mday, + snprintf(buf, 32, "%02d %s %02d %02d:%02d:%02d",ptm->tm_mday, months[ptm->tm_mon], ptm->tm_year%100, ptm->tm_hour, ptm->tm_min, ptm->tm_sec); return buf; diff --git a/lib/getheader.c b/lib/getheader.c index 685a8e75..4ec6ef02 100644 --- a/lib/getheader.c +++ b/lib/getheader.c @@ -143,7 +143,7 @@ int getheader(faddr *f, faddr *t, FILE *pkt, char *pname, int session) /* * Fill in a default product code in case it doesn't exist */ - snprintf(buf, 4, "%04x", prodx); + snprintf(buf, 5, "%04x", prodx); prodn = xstrcpy((char *)"Unknown 0x"); prodn = xstrcat(prodn, buf); for (i = 0; ftscprod[i].name; i++) diff --git a/lib/gmtoffset.c b/lib/gmtoffset.c index 439aaba7..5943b50c 100644 --- a/lib/gmtoffset.c +++ b/lib/gmtoffset.c @@ -99,9 +99,9 @@ char *gmtoffset(time_t now) min = offset % 60L; if (sign == '-') - snprintf(buf, 5, "%c%02d%02d", sign, hr, min); + snprintf(buf, 6, "%c%02d%02d", sign, hr, min); else - snprintf(buf, 5, "%02d%02d", hr, min); + snprintf(buf, 6, "%02d%02d", hr, min); return(buf); } @@ -119,7 +119,7 @@ char *str_time(time_t total) * 0 .. 59 seconds */ if (total < (time_t)60) { - snprintf(buf, 9, "%2d.00s", (int)total); + snprintf(buf, 10, "%2d.00s", (int)total); return buf; } @@ -129,7 +129,7 @@ char *str_time(time_t total) if (total < (time_t)3600) { h = total / 60; m = total % 60; - snprintf(buf, 9, "%2d:%02d ", h, m); + snprintf(buf, 10, "%2d:%02d ", h, m); return buf; } @@ -139,7 +139,7 @@ char *str_time(time_t total) if (total < (time_t)86400) { h = (total / 60) / 60; m = (total / 60) % 60; - snprintf(buf, 9, "%2d:%02dm", h, m); + snprintf(buf, 10, "%2d:%02dm", h, m); return buf; } @@ -149,11 +149,11 @@ char *str_time(time_t total) if (total < (time_t)2592000) { h = (total / 3600) / 24; m = (total / 3600) % 24; - snprintf(buf, 9, "%2d/%02dh", h, m); + snprintf(buf, 10, "%2d/%02dh", h, m); return buf; } - snprintf(buf, 9, "N/A "); + snprintf(buf, 10, "N/A "); return buf; } diff --git a/lib/mangle.c b/lib/mangle.c index c9258155..5b5e1570 100644 --- a/lib/mangle.c +++ b/lib/mangle.c @@ -427,7 +427,7 @@ void mangle_name_83(char *s) if (crc16 > (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE)) Syslog('!', "WARNING: mangle_name_83() crc16 overflow"); crc16 = crc16 % (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE); - snprintf(s, 8, "%s%c%c%c%c", base, magic_char, + snprintf(s, 9, "%s%c%c%c%c", base, magic_char, mangle(crc16 / (MANGLE_BASE * MANGLE_BASE)), mangle(crc16 / MANGLE_BASE), mangle(crc16)); if ( *extension ) { (void)strcat(s, "."); diff --git a/lib/mbdiesel.c b/lib/mbdiesel.c index cc8af56d..85c99bd7 100644 --- a/lib/mbdiesel.c +++ b/lib/mbdiesel.c @@ -129,16 +129,16 @@ char *ParseMacro( const char *line, int *dieselrc) i++; } i--; - snprintf(tmp2, MAXSTR -1, "@(GETVAR,%c)",code); + snprintf(tmp2, MAXSTR, "@(GETVAR,%c)",code); if (!diesel(tmp2,tmp3)==0){ - snprintf(tmp3, MAXSTR -1, "%c%c",'@',code); + snprintf(tmp3, MAXSTR, "%c%c",'@',code); } if (l>2){ if ( *i != '>') l=-l; - snprintf(&tmp1[strlen(tmp1)], MAXSTR -1, "%*.*s", l, l, tmp3); + snprintf(&tmp1[strlen(tmp1)], MAXSTR, "%*.*s", l, l, tmp3); }else{ - snprintf(&tmp1[strlen(tmp1)], MAXSTR -1, "%s", tmp3); + snprintf(&tmp1[strlen(tmp1)], MAXSTR, "%s", tmp3); } }else{ tmp1[(j=strlen(tmp1))]='@'; @@ -151,7 +151,7 @@ char *ParseMacro( const char *line, int *dieselrc) } i = tmp1; - snprintf(tmp2, MAXSTR -1, "%s", tmp1); + snprintf(tmp2, MAXSTR, "%s", tmp1); if ((tmp1[0]=='@') && (tmp1[1]=='{')){ i++; @@ -163,11 +163,11 @@ char *ParseMacro( const char *line, int *dieselrc) i++; res[0]='\0'; if (j>2) - snprintf(res, MAXSTR -1, "%.*s",j-2, &tmp1[2]); + snprintf(res, MAXSTR, "%.*s",j-2, &tmp1[2]); if ((diesel(res,tmp3)!=0) || (atoi(tmp3)==0)) - snprintf(tmp2, MAXSTR -1, "@!%s",i); + snprintf(tmp2, MAXSTR, "@!%s",i); else - snprintf(tmp2, MAXSTR -1, "%s",i); + snprintf(tmp2, MAXSTR, "%s",i); } } *dieselrc=diesel(tmp2, res); @@ -418,20 +418,20 @@ FILE *OpenMacro(const char *filename, int Language, int htmlmode) if (htmlmode) { MacroVars("O", "s", temp); - snprintf(linebuf, 1023, "%s", CFG.sysop); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", CFG.sysop); + html_massage(linebuf, outbuf, 1024); MacroVars("U", "s", outbuf); - snprintf(linebuf, 1023, "%s", CFG.location); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", CFG.location); + html_massage(linebuf, outbuf, 1024); MacroVars("L", "s", outbuf); - snprintf(linebuf, 1023, "%s", CFG.bbs_name); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", CFG.bbs_name); + html_massage(linebuf, outbuf, 1024); MacroVars("N", "s", outbuf); - snprintf(linebuf, 1023, "%s", CFG.sysop_name); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", CFG.sysop_name); + html_massage(linebuf, outbuf, 1024); MacroVars("S", "s", outbuf); - snprintf(linebuf, 1023, "%s", CFG.comment); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", CFG.comment); + html_massage(linebuf, outbuf, 1024); MacroVars("T", "s", outbuf); } else { MacroVars("L", "s", CFG.location); diff --git a/lib/nntp.c b/lib/nntp.c index 58458472..aff221ee 100644 --- a/lib/nntp.c +++ b/lib/nntp.c @@ -230,7 +230,7 @@ int nntp_cmd(char *cmd, int resp) if (nntp_send(cmd) == -1) return -1; - snprintf(rsp, 5, "%d", resp); + snprintf(rsp, 6, "%d", resp); p = nntp_receive(); if (strncmp(p, "480", 3) == 0) { @@ -273,11 +273,11 @@ int nntp_auth(void) } cmd = calloc(128, sizeof(char)); - snprintf(cmd, 127, "AUTHINFO USER %s\r\n", CFG.nntpuser); + snprintf(cmd, 128, "AUTHINFO USER %s\r\n", CFG.nntpuser); if (nntp_cmd(cmd, 381)) return FALSE; - snprintf(cmd, 127, "AUTHINFO PASS %s\r\n", CFG.nntppass); + snprintf(cmd, 128, "AUTHINFO PASS %s\r\n", CFG.nntppass); if (nntp_cmd(cmd, 281) == 0) { free(cmd); Syslog('+', "NNTP: logged in"); diff --git a/lib/nodelist.c b/lib/nodelist.c index 51a54d26..352737d1 100644 --- a/lib/nodelist.c +++ b/lib/nodelist.c @@ -468,7 +468,7 @@ int initnl(void) * Read all our TCP/IP capabilities and set the global flag. */ if (TCFG.max_tcp) { - snprintf(buf, 255, "%s", CFG.IP_Flags); + snprintf(buf, 256, "%s", CFG.IP_Flags); q = buf; for (p = q; p; p = q) { if ((q = strchr(p, ','))) @@ -491,7 +491,7 @@ int initnl(void) while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) { if (((ttyinfo.type == POTS) || (ttyinfo.type == ISDN)) && (ttyinfo.available) && (ttyinfo.callout)) { - snprintf(buf, 255, "%s", ttyinfo.flags); + snprintf(buf, 256, "%s", ttyinfo.flags); q = buf; for (p = q; p; p = q) { if ((q = strchr(p, ','))) @@ -929,7 +929,7 @@ node *getnlent(faddr *addr) if ((*tmpm)->mask & nodebuf.iflags) { for (tmps = &nl_service; *tmps; tmps=&((*tmps)->next)) { if (strcmp((*tmps)->flag, (*tmpm)->name) == 0) { - snprintf(tbuf, 255, "%s", (*tmps)->service); + snprintf(tbuf, 256, "%s", (*tmps)->service); tport = (*tmps)->tmpport; } } @@ -949,13 +949,13 @@ node *getnlent(faddr *addr) memset(&tbuf, 0, sizeof(tbuf)); if (ndrecord && strlen(nd.Nl_hostname)) { Syslog('n', "getnlent: using override %s for FQDN", nd.Nl_hostname); - snprintf(tbuf, 255, nodebuf.name); + snprintf(tbuf, 256, nodebuf.name); nodebuf.url = xstrcat(nodebuf.url, tbuf); } else { for (tmpa = &nl_search; *tmpa; tmpa=&((*tmpa)->next)) { Syslog('n', "getnlent: search FQDN method %s", (*tmpa)->name); if (strcasecmp((*tmpa)->name, "field3") == 0) { - snprintf(tbuf, 255, nodebuf.name); + snprintf(tbuf, 256, nodebuf.name); if (strchr(tbuf, '.')) { /* * Okay, there are dots, this can be a FQDN or IP address. @@ -971,7 +971,7 @@ node *getnlent(faddr *addr) for (tmpaa = &nl_ipprefix; *tmpaa; tmpaa=&((*tmpaa)->next)) { if (nodebuf.phone && strncmp(nodebuf.phone, (*tmpaa)->name, strlen((*tmpaa)->name)) == 0) { Syslog('n', "getnlent: found %s prefix", (*tmpaa)->name); - snprintf(tbuf, 255, "%s", nodebuf.phone+strlen((*tmpaa)->name)); + snprintf(tbuf, 256, "%s", nodebuf.phone+strlen((*tmpaa)->name)); for (i = 0; i < strlen(tbuf); i++) if (tbuf[i] == '-') tbuf[i] = '.'; @@ -1032,10 +1032,10 @@ node *getnlent(faddr *addr) for (tmpd = &nl_domsuffix; *tmpd; tmpd=&((*tmpd)->next)) { if ((*tmpd)->zone == nodebuf.addr.zone) { if (*r++ == '\0') - snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 256, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name); else - snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 256, "f%d.n%d.z%d.%s.%s%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name, r); Syslog('n', "getnlent: will try default domain \"%s\"", tbuf); nodebuf.url = xstrcat(nodebuf.url, tbuf); @@ -1048,7 +1048,7 @@ node *getnlent(faddr *addr) } if (strchr(r, '.')) { Syslog('n', "getnlent: found a FQDN \"%s\"", MBSE_SS(r)); - snprintf(tbuf, 255, "%s", r); + snprintf(tbuf, 256, "%s", r); nodebuf.url = xstrcat(nodebuf.url, tbuf); break; } @@ -1062,7 +1062,7 @@ node *getnlent(faddr *addr) if (nodebuf.addr.domain) { for (tmpd = &nl_domsuffix; *tmpd; tmpd=&((*tmpd)->next)) { if ((*tmpd)->zone == nodebuf.addr.zone) { - snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 256, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name); Syslog('n', "getnlent: will try default domain \"%s\"", tbuf); nodebuf.url = xstrcat(nodebuf.url, tbuf); @@ -1090,7 +1090,7 @@ node *getnlent(faddr *addr) * No optional port number, add one from the default * for this protocol. */ - snprintf(tbuf, 255, ":%lu", tport); + snprintf(tbuf, 256, ":%lu", tport); nodebuf.url = xstrcat(nodebuf.url, tbuf); } diff --git a/lib/nodelock.c b/lib/nodelock.c index e83cfd0a..0fa03b27 100644 --- a/lib/nodelock.c +++ b/lib/nodelock.c @@ -45,7 +45,7 @@ int nodelock(faddr *addr, pid_t mypid) tfn = xstrcpy(fn); if ((p=strrchr(tfn,'/'))) *++p='\0'; - snprintf(tmp, 15, "aa%d", mypid); + snprintf(tmp, 16, "aa%d", mypid); tfn = xstrcat(tfn, tmp); mkdirs(tfn, 0770); diff --git a/lib/packet.c b/lib/packet.c index 99c67886..7f29fe1d 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -133,10 +133,10 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor, int session) memset(&str, 0, 8); if (session) { if (noderecord(addr) && strlen(nodes.Spasswd)) - snprintf(str, 8, "%s", nodes.Spasswd); + snprintf(str, 9, "%s", nodes.Spasswd); } else { if (noderecord(addr) && strlen(nodes.Epasswd)) - snprintf(str, 8, "%s", nodes.Epasswd); + snprintf(str, 9, "%s", nodes.Epasswd); } for (i = 0; i < 8; i++) buffer[0x1a + i] = toupper(str[i]); /* FSC-0039 only talks about A-Z, 0-9, so force uppercase */ diff --git a/lib/pktname.c b/lib/pktname.c index c265783a..96132f47 100644 --- a/lib/pktname.c +++ b/lib/pktname.c @@ -64,7 +64,7 @@ char *prepbuf(faddr *addr) if ((addr->zone == 0) || (addr->zone == CFG.aka[0].zone)) zpref[0] = '\0'; else - snprintf(zpref, 7, ".%03x", addr->zone); + snprintf(zpref, 8, ".%03x", addr->zone); } else { /* * If we got a 5d address we use the given domain, if @@ -96,7 +96,7 @@ char *prepbuf(faddr *addr) if (CFG.aka[i].zone == addr->zone) zpref[0] = '\0'; else - snprintf(zpref, 7, ".%03x", addr->zone); + snprintf(zpref, 8, ".%03x", addr->zone); } else { /* * this is our primary domain @@ -104,7 +104,7 @@ char *prepbuf(faddr *addr) if ((addr->zone == 0) || (addr->zone == CFG.aka[0].zone)) zpref[0]='\0'; else - snprintf(zpref, 7, ".%03x",addr->zone); + snprintf(zpref, 8, ".%03x",addr->zone); } } @@ -227,7 +227,7 @@ char *dayname(void) tt = time(NULL); ptm = localtime(&tt); - snprintf(buf, 2, "%s", dow[ptm->tm_wday]); + snprintf(buf, 3, "%s", dow[ptm->tm_wday]); return buf; } diff --git a/lib/rearc.c b/lib/rearc.c index bf4a013f..52df2b76 100644 --- a/lib/rearc.c +++ b/lib/rearc.c @@ -113,7 +113,7 @@ int rearc(char *filename, char *arctype, int do_quiet) return -1; } - snprintf(p, 5, "%s", archiver.name); + snprintf(p, 6, "%s", archiver.name); Syslog('f', "new filename %s", newname); arccmd = xstrcpy(archiver.farc); diff --git a/lib/rfcdate.c b/lib/rfcdate.c index 7c599c89..3a545e8b 100644 --- a/lib/rfcdate.c +++ b/lib/rfcdate.c @@ -180,7 +180,7 @@ char *rfcdate(time_t now) hr = offset / 60L; min = offset % 60L; - snprintf(buf, 39, "%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", wdays[ptm.tm_wday], ptm.tm_mday, months[ptm.tm_mon], + snprintf(buf, 40, "%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", wdays[ptm.tm_wday], ptm.tm_mday, months[ptm.tm_mon], ptm.tm_year + 1900, ptm.tm_hour, ptm.tm_min, ptm.tm_sec, sign, hr, min); return(buf); } diff --git a/lib/semafore.c b/lib/semafore.c index e022e023..7770c837 100644 --- a/lib/semafore.c +++ b/lib/semafore.c @@ -36,7 +36,7 @@ void CreateSema(char *sem) { char temp[40]; - snprintf(temp, 39, "%s", SockR("SECR:1,%s;", sem)); + snprintf(temp, 40, "%s", SockR("SECR:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) WriteError("Can't create semafore %s", sem); } @@ -47,7 +47,7 @@ void RemoveSema(char *sem) { char temp[40]; - snprintf(temp, 39, "%s", SockR("SERM:1,%s;", sem)); + snprintf(temp, 40, "%s", SockR("SERM:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) WriteError("Can't remove semafore %s", sem); } @@ -58,7 +58,7 @@ int IsSema(char *sem) { char temp[40]; - snprintf(temp, 39, "%s", SockR("SEST:1,%s;", sem)); + snprintf(temp, 40, "%s", SockR("SEST:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) { WriteError("Can't read semafore %s", sem); return FALSE; diff --git a/lib/smtp.c b/lib/smtp.c index d8bd3d18..05fc6935 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -105,7 +105,7 @@ int smtp_connect(void) Syslog('+', "SMTP: %s", p); - snprintf(temp, 39, "HELO %s\r\n", CFG.sysdomain); + snprintf(temp, 40, "HELO %s\r\n", CFG.sysdomain); if (smtp_cmd(temp, 250)) { smtp_close(); return -1; @@ -193,7 +193,7 @@ int smtp_cmd(char *cmd, int resp) if (smtp_send(cmd) == -1) return -1; - snprintf(rsp, 5, "%d", resp); + snprintf(rsp, 6, "%d", resp); p = smtp_receive(); if (strncmp(p, rsp, strlen(rsp))) { diff --git a/lib/strutil.c b/lib/strutil.c index f86a35ce..7f19f737 100644 --- a/lib/strutil.c +++ b/lib/strutil.c @@ -262,7 +262,7 @@ char *StrTimeHM(time_t date) struct tm *l_d; l_d = localtime(&date); - snprintf(ttime, 5, "%02d:%02d", l_d->tm_hour, l_d->tm_min); + snprintf(ttime, 6, "%02d:%02d", l_d->tm_hour, l_d->tm_min); return ttime; } @@ -277,7 +277,7 @@ char *StrTimeHMS(time_t date) struct tm *l_d; l_d = localtime(&date); - snprintf(ttime, 8, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec); + snprintf(ttime, 9, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec); return ttime; } @@ -292,7 +292,7 @@ char *GetLocalHM() time_t T_Now; T_Now = time(NULL); - snprintf(gettime, 14, "%s", StrTimeHM(T_Now)); + snprintf(gettime, 15, "%s", StrTimeHM(T_Now)); return(gettime); } @@ -308,7 +308,7 @@ char *GetLocalHMS() time_t T_Now; T_Now = time(NULL); - snprintf(gettime, 14, "%s", StrTimeHMS(T_Now)); + snprintf(gettime, 15, "%s", StrTimeHMS(T_Now)); return(gettime); } @@ -323,7 +323,7 @@ char *StrDateMDY(time_t *Clock) static char cdate[12]; tm = localtime(Clock); - snprintf(cdate, 11, "%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900); + snprintf(cdate, 12, "%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900); return(cdate); } @@ -338,7 +338,7 @@ char *StrDateDMY(time_t date) struct tm *l_d; l_d = localtime(&date); - snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900); + snprintf(tdate, 15, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900); return tdate; } @@ -357,7 +357,7 @@ char *GetDateDMY() T_Now = time(NULL); l_d = localtime(&T_Now); - snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900); + snprintf(tdate, 15, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900); return(tdate); } @@ -408,7 +408,7 @@ char *TearLine() { static char tearline[41]; - snprintf(tearline, 40, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(tearline, 41, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU()); return tearline; } diff --git a/lib/term.c b/lib/term.c index e4791670..69ed02cd 100644 --- a/lib/term.c +++ b/lib/term.c @@ -141,7 +141,7 @@ void mbse_mvprintw(int y, int x, const char *format, ...) outputstr = calloc(2048, sizeof(char)); va_start(va_ptr, format); - vsnprintf(outputstr, 2047, format, va_ptr); + vsnprintf(outputstr, 2048, format, va_ptr); va_end(va_ptr); mbse_locate(y, x);