From f6239fe083078f9abb8515869e6575acea002f35 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Mon, 29 Aug 2005 19:19:27 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbsetup/m_fdb.c | 36 ++++++++++++++++++------------------ mbsetup/m_ff.c | 34 +++++++++++++++++----------------- mbsetup/m_fgroup.c | 46 +++++++++++++++++++++++----------------------- mbsetup/m_fido.c | 46 +++++++++++++++++++++++----------------------- 4 files changed, 81 insertions(+), 81 deletions(-) diff --git a/mbsetup/m_fdb.c b/mbsetup/m_fdb.c index 225cc08c..ee180b16 100644 --- a/mbsetup/m_fdb.c +++ b/mbsetup/m_fdb.c @@ -4,7 +4,7 @@ * Purpose ...............: Edit Files DataBase. * ***************************************************************************** - * Copyright (C) 1999-2004 + * Copyright (C) 1999-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -118,7 +118,7 @@ void E_F(long areanr) clr_index(); - sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), areanr); + snprintf(temp, PATH_MAX, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), areanr); if ((fil = fopen(temp, "r+")) == NULL) { working(2, 0, 0); return; @@ -154,7 +154,7 @@ void E_F(long areanr) set_color(WHITE, BLACK); mbse_mvprintw(y, 1, (char *)"%4d.", o + i); - sprintf(temp, "%s/%s", area.Path, fdb.LName); + snprintf(temp, PATH_MAX, "%s/%s", area.Path, fdb.LName); Ondisk = ((stat(temp, &statfile)) != -1); if (fdb.Deleted) @@ -181,7 +181,7 @@ void E_F(long areanr) } set_color(CYAN, BLACK); - sprintf(temp, "%s", fdb.Desc[0]); + snprintf(temp, 81, "%s", fdb.Desc[0]); temp[30] = '\0'; mbse_mvprintw(y,49, (char *)"%s", temp); y++; @@ -190,11 +190,11 @@ void E_F(long areanr) if (records) if (records > 10) - sprintf(help, "^1..%d^ Edit, ^-^ Return, ^N^/^P^ Page", records); + snprintf(help, 81, "^1..%d^ Edit, ^-^ Return, ^N^/^P^ Page", records); else - sprintf(help, "^1..%d^ Edit, ^-^ Return", records); + snprintf(help, 81, "^1..%d^ Edit, ^-^ Return", records); else - sprintf(help, "^-^ Return"); + snprintf(help, 81, "^-^ Return"); showhelp(help); @@ -234,7 +234,7 @@ void E_F(long areanr) crc = upd_crc32((char *)&fdb, crc, fdbhdr.recsize); o = ((atoi(menu) - 1) / 10) * 10; - sprintf(temp, "%s/%s", area.Path, fdb.LName); + snprintf(temp, PATH_MAX, "%s/%s", area.Path, fdb.LName); EditFile(); crc1 = 0xffffffff; @@ -285,7 +285,7 @@ void EditFDB() mbse_mvprintw( 5, 4, "14. EDIT FILES DATABSE"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); working(1, 0, 0); if ((fil = fopen(temp, "r")) != NULL) { fread(&areahdr, sizeof(areahdr), 1, fil); @@ -305,7 +305,7 @@ void EditFDB() set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-32s", o + i, area.Name); + snprintf(temp, 81, "%3d. %-32s", o + i, area.Name); temp[37] = 0; mbse_mvprintw(y, x, temp); y++; @@ -329,7 +329,7 @@ void EditFDB() o = o - 20; if ((atoi(pick) >= 1) && (atoi(pick) <= records)) { - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((fil = fopen(temp, "r")) != NULL) { offset = areahdr.hdrsize + ((atoi(pick) - 1) * areahdr.recsize); fseek(fil, offset, SEEK_SET); @@ -367,19 +367,19 @@ void InitFDB(void) return; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((fil = fopen(temp, "r")) != NULL) { fread(&areahdr, sizeof(areahdr), 1, fil); while (fread(&area, areahdr.recsize, 1, fil)) { Area++; if (area.Available) { - sprintf(temp, "%s/var/fdb/fdb%ld.data", getenv("MBSE_ROOT"), Area); + snprintf(temp, PATH_MAX, "%s/var/fdb/fdb%ld.data", getenv("MBSE_ROOT"), Area); if ((fp1 = fopen(temp, "r")) != NULL) { /* * Old area available, upgrade. */ - sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area); + snprintf(temp, PATH_MAX, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), Area); if ((fp2 = fopen(temp, "w+")) == NULL) { WriteError("$Can't create %s", temp); } else { @@ -392,7 +392,7 @@ void InitFDB(void) memset(&fdb, 0, fdbhdr.recsize); strncpy(fdb.Name, old.Name, sizeof(fdb.Name) -1); strncpy(fdb.LName, old.LName, sizeof(fdb.LName) -1); - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((ft = fopen(temp, "r")) != NULL) { fread(&tichdr, sizeof(tichdr), 1, ft); while (fread(&tic, tichdr.recsize, 1, ft)) { @@ -418,11 +418,11 @@ void InitFDB(void) /* * Search the magic directory to see if this file is a magic file. */ - sprintf(temp, "%s", CFG.req_magic); + snprintf(temp, 81, "%s", CFG.req_magic); if ((dp = opendir(temp)) != NULL) { while ((de = readdir(dp))) { if (de->d_name[0] != '.') { - sprintf(temp, "%s/%s", CFG.req_magic, de->d_name); + snprintf(temp, PATH_MAX, "%s/%s", CFG.req_magic, de->d_name); /* * Only regular files without execute permission are magic requests. */ @@ -452,7 +452,7 @@ void InitFDB(void) Syslog('+', "Upgraded file area database %d", Area); } fclose(fp1); - sprintf(temp, "%s/var/fdb/fdb%ld.data", getenv("MBSE_ROOT"), Area); + snprintf(temp, PATH_MAX, "%s/var/fdb/fdb%ld.data", getenv("MBSE_ROOT"), Area); unlink(temp); } // Old area type upgrade. diff --git a/mbsetup/m_ff.c b/mbsetup/m_ff.c index 5e85a1ed..d1298284 100644 --- a/mbsetup/m_ff.c +++ b/mbsetup/m_ff.c @@ -4,7 +4,7 @@ * Purpose ...............: Filefind Setup * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -53,7 +53,7 @@ int CountFilefind(void) char ffile[PATH_MAX]; int count; - sprintf(ffile, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { Syslog('+', "Created new %s", ffile); @@ -89,8 +89,8 @@ int OpenFilefind(void) char fnin[PATH_MAX], fnout[PATH_MAX]; long oldsize; - sprintf(fnin, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { fread(&scanmgrhdr, sizeof(scanmgrhdr), 1, fin); @@ -117,7 +117,7 @@ int OpenFilefind(void) memset(&scanmgr, 0, sizeof(scanmgr)); while (fread(&scanmgr, oldsize, 1, fin) == 1) { if (!strlen(scanmgr.template)) { - sprintf(scanmgr.template, "filefind"); + snprintf(scanmgr.template, 15, "filefind"); FilefindUpdated = 1; } if (!scanmgr.keywordlen) { @@ -145,8 +145,8 @@ void CloseFilefind(int force) FILE *fi, *fo; st_list *fff = NULL, *tmp; - sprintf(fin, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); if (FilefindUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -190,14 +190,14 @@ int AppendFilefind(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&scanmgr, 0, sizeof(scanmgr)); /* * Fill in default values */ scanmgr.Language = 'E'; - sprintf(scanmgr.template, "filefind"); + snprintf(scanmgr.template, 15, "filefind"); strncpy(scanmgr.Origin, CFG.origin, 50); scanmgr.keywordlen = 3; fwrite(&scanmgr, sizeof(scanmgr), 1, fil); @@ -247,7 +247,7 @@ int EditFfRec(int Area) working(1, 0, 0); IsDoing("Edit Filefind"); - sprintf(mfile, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -273,7 +273,7 @@ int EditFfRec(int Area) show_str( 9,18,35, aka2str(scanmgr.Aka)); show_str( 10,18,50, scanmgr.ScanBoard); show_str( 11,18,50, scanmgr.ReplBoard); - sprintf(temp1, "%c", scanmgr.Language); + snprintf(temp1, 2, "%c", scanmgr.Language); show_str( 12,18,2, temp1); show_str( 13,18,14, scanmgr.template); show_bool(14,18, scanmgr.Active); @@ -359,7 +359,7 @@ void EditFilefind(void) mbse_mvprintw( 5, 4, "13. FILEFIND AREAS"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/scanmgr.temp", getenv("MBSE_ROOT")); working(1, 0, 0); if ((fil = fopen(temp, "r")) != NULL) { fread(&scanmgrhdr, sizeof(scanmgrhdr), 1, fil); @@ -379,7 +379,7 @@ void EditFilefind(void) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-32s", o + i, scanmgr.Comment); + snprintf(temp, 81, "%3d. %-32s", o + i, scanmgr.Comment); temp[37] = 0; mbse_mvprintw(y, x, temp); y++; @@ -436,7 +436,7 @@ int ff_doc(FILE *fp, FILE *toc, int page) FILE *ti, *wp, *ip, *no; int refs, nr, i = 0, j; - sprintf(temp, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/scanmgr.data", getenv("MBSE_ROOT")); if ((no = fopen(temp, "r")) == NULL) return page; @@ -460,7 +460,7 @@ int ff_doc(FILE *fp, FILE *toc, int page) j = 0; } - sprintf(temp, "filefind_%d.html", i); + snprintf(temp, 81, "filefind_%d.html", i); fprintf(ip, "
  • %3d %s
    • \n", temp, i, scanmgr.Comment); if ((wp = open_webdoc(temp, (char *)"Filefind Area", scanmgr.Comment))) { fprintf(wp, "Main Back\n"); @@ -473,7 +473,7 @@ int ff_doc(FILE *fp, FILE *toc, int page) add_webtable(wp, (char *)"Aka to use", aka2str(scanmgr.Aka)); add_webtable(wp, (char *)"Scan msg board", scanmgr.ScanBoard); add_webtable(wp, (char *)"Reply msg board", scanmgr.ReplBoard); - sprintf(temp, "%c", scanmgr.Language); + snprintf(temp, 81, "%c", scanmgr.Language); add_webtable(wp, (char *)"Language", temp); add_webtable(wp, (char *)"Template file", scanmgr.template); add_webtable(wp, (char *)"Active", getboolean(scanmgr.Active)); @@ -486,7 +486,7 @@ int ff_doc(FILE *fp, FILE *toc, int page) fprintf(wp, "
    \n"); fprintf(wp, "

    BBS File Areas Reference

    \n"); nr = refs = 0; - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((ti = fopen(temp, "r"))) { fread(&areahdr, sizeof(areahdr), 1, ti); while ((fread(&area, areahdr.recsize, 1, ti)) == 1) { diff --git a/mbsetup/m_fgroup.c b/mbsetup/m_fgroup.c index 9a6aeab5..8c1d4c01 100644 --- a/mbsetup/m_fgroup.c +++ b/mbsetup/m_fgroup.c @@ -4,7 +4,7 @@ * Purpose ...............: Setup FGroups. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -56,7 +56,7 @@ int CountFGroup(void) char ffile[PATH_MAX]; int count; - sprintf(ffile, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { Syslog('+', "Created new %s", ffile); @@ -94,8 +94,8 @@ int OpenFGroup(void) char fnin[PATH_MAX], fnout[PATH_MAX], temp[13]; long oldsize; - sprintf(fnin, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { FGrpUpdated = 0; @@ -142,7 +142,7 @@ int OpenFGroup(void) fgroup.FileId = TRUE; memset(&temp, 0, sizeof(temp)); strcpy(temp, fgroup.Name); - sprintf(fgroup.BasePath, "%s/ftp/pub/%s", getenv("MBSE_ROOT"), tl(temp)); + snprintf(fgroup.BasePath, 65, "%s/ftp/pub/%s", getenv("MBSE_ROOT"), tl(temp)); } if (FGrpUpdated && !fgroup.LinkSec.level) { fgroup.LinkSec.level = 1; @@ -170,8 +170,8 @@ void CloseFGroup(int force) FILE *fi, *fo; st_list *fgr = NULL, *tmp; - sprintf(fin, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/fgroups.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); if (FGrpUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -216,7 +216,7 @@ int AppendFGroup(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&fgroup, 0, sizeof(fgroup)); fgroup.StartDate = time(NULL); @@ -317,7 +317,7 @@ int EditFGrpRec(int Area) working(1, 0, 0); IsDoing("Edit FileGroup"); - sprintf(mfile, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -407,7 +407,7 @@ int EditFGrpRec(int Area) if (isupper(temp[i])) temp[i] = tolower(temp[i]); } - sprintf(fgroup.BasePath, "%s/%s", CFG.ftp_base, temp); + snprintf(fgroup.BasePath, 65, "%s/%s", CFG.ftp_base, temp); } if (strlen(fgroup.BbsGroup) == 0) strcpy(fgroup.BbsGroup, fgroup.Name); @@ -515,7 +515,7 @@ void EditFGroup(void) mbse_mvprintw( 5, 4, "10.1 FILE GROUPS SETUP"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.temp", getenv("MBSE_ROOT")); working(1, 0, 0); if ((fil = fopen(temp, "r")) != NULL) { fread(&fgrouphdr, sizeof(fgrouphdr), 1, fil); @@ -535,7 +535,7 @@ void EditFGroup(void) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-12s %-18s", o + i, fgroup.Name, fgroup.Comment); + snprintf(temp, 81, "%3d. %-12s %-18s", o + i, fgroup.Name, fgroup.Comment); temp[38] = '\0'; mbse_mvprintw(y, x, temp); y++; @@ -618,11 +618,11 @@ char *PickFGroup(char *shdr) for (;;) { clr_index(); set_color(WHITE, BLACK); - sprintf(temp, "%s. FILE GROUP SELECT", shdr); + snprintf(temp, 81, "%s. FILE GROUP SELECT", shdr); mbse_mvprintw( 5, 4, temp); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); working(1, 0, 0); if ((fil = fopen(temp, "r")) != NULL) { fread(&fgrouphdr, sizeof(fgrouphdr), 1, fil); @@ -642,7 +642,7 @@ char *PickFGroup(char *shdr) set_color(CYAN, BLACK); else set_color(LIGHTBLUE, BLACK); - sprintf(temp, "%3d. %-12s %-18s", o + i, fgroup.Name, fgroup.Comment); + snprintf(temp, 81, "%3d. %-12s %-18s", o + i, fgroup.Name, fgroup.Comment); temp[38] = '\0'; mbse_mvprintw(y, x, temp); y++; @@ -666,7 +666,7 @@ char *PickFGroup(char *shdr) o = o - 20; if ((atoi(pick) >= 1) && (atoi(pick) <= records)) { - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); fil = fopen(temp, "r"); offset = fgrouphdr.hdrsize + ((atoi(pick) - 1) * fgrouphdr.recsize); fseek(fil, offset, 0); @@ -687,7 +687,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) int refs, i, First = TRUE;; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); if ((no = fopen(temp, "r")) == NULL) { free(temp); return page; @@ -714,7 +714,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) fprintf(fp, "\n\n"); } - sprintf(temp, "filegroup_%s.html", fgroup.Name); + snprintf(temp, 81, "filegroup_%s.html", fgroup.Name); fprintf(ip, " %s%s%s\n", temp, fgroup.Name, fgroup.Comment, getboolean(fgroup.Active)); @@ -730,7 +730,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) add_webtable(wp, (char *)"Use Aka", aka2str(fgroup.UseAka)); add_webtable(wp, (char *)"Uplink Aka", aka2str(fgroup.UpLink)); add_webtable(wp, (char *)"Areas file", fgroup.AreaFile); - sprintf(temp, "%ld", fgroup.StartArea); + snprintf(temp, 81, "%ld", fgroup.StartArea); add_webtable(wp, (char *)"Start autocreate BBS area", temp); add_webtable(wp, (char *)"Banner file", fgroup.Banner); add_webtable(wp, (char *)"Default archiver", fgroup.Convert); @@ -756,7 +756,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) fgroup.BbsGroup, fgroup.BbsGroup); fprintf(wp, "Newfiles announce group%s\n", fgroup.AnnGroup); - sprintf(temp, "%d", fgroup.Upload); + snprintf(temp, 81, "%d", fgroup.Upload); add_webtable(wp, (char *)"Upload area", temp); add_webtable(wp, (char *)"Start date", ctime(&fgroup.StartDate)); add_webtable(wp, (char *)"Last active date", ctime(&fgroup.LastDate)); @@ -765,7 +765,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) fprintf(wp, "
    \n"); fprintf(wp, "

    BBS File Areas Reference

    \n"); i = refs = 0; - sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((ti = fopen(temp, "r"))) { fread(&areahdr, sizeof(areahdr), 1, ti); while ((fread(&area, areahdr.recsize, 1, ti)) == 1) { @@ -791,7 +791,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) fprintf(wp, "
    \n"); fprintf(wp, "

    TIC Areas Reference

    \n"); refs = 0; - sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if ((ti = fopen(temp, "r"))) { fread(&tichdr, sizeof(tichdr), 1, ti); fseek(ti, 0, SEEK_SET); @@ -820,7 +820,7 @@ int tic_group_doc(FILE *fp, FILE *toc, int page) fprintf(wp, "
    \n"); fprintf(wp, "

    Nodes Reference

    \n"); refs = 0; - sprintf(temp, "%s/etc/nodes.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/nodes.data", getenv("MBSE_ROOT")); if ((ti = fopen(temp, "r"))) { fread(&nodeshdr, sizeof(nodeshdr), 1, ti); fseek(ti, 0, SEEK_SET); diff --git a/mbsetup/m_fido.c b/mbsetup/m_fido.c index 29393816..fee4c2ae 100644 --- a/mbsetup/m_fido.c +++ b/mbsetup/m_fido.c @@ -4,7 +4,7 @@ * Purpose ...............: Setup Fidonet structure. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -53,7 +53,7 @@ int CountFidonet(void) char ffile[PATH_MAX]; int count; - sprintf(ffile, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "r")) == NULL) { if ((fil = fopen(ffile, "a+")) != NULL) { Syslog('+', "Created new %s", ffile); @@ -64,10 +64,10 @@ int CountFidonet(void) * Fill in the defaults */ memset(&fidonet, 0, sizeof(fidonet)); - sprintf(fidonet.comment, "Fidonet network"); - sprintf(fidonet.domain, "fidonet"); - sprintf(fidonet.nodelist, "NODELIST"); - sprintf(fidonet.seclist[0].nodelist, "REGION28"); + snprintf(fidonet.comment, 41, "Fidonet network"); + snprintf(fidonet.domain, 13, "fidonet"); + snprintf(fidonet.nodelist, 9, "NODELIST"); + snprintf(fidonet.seclist[0].nodelist, 9, "REGION28"); fidonet.seclist[0].zone = 2; fidonet.seclist[0].net = 28; fidonet.zone[0] = 2; @@ -108,8 +108,8 @@ int OpenFidonet(void) char fnin[PATH_MAX], fnout[PATH_MAX]; long oldsize; - sprintf(fnin, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); - sprintf(fnout, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); + snprintf(fnin, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(fnout, PATH_MAX, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); if ((fin = fopen(fnin, "r")) != NULL) { if ((fout = fopen(fnout, "w")) != NULL) { fread(&fidonethdr, sizeof(fidonethdr), 1, fin); @@ -157,8 +157,8 @@ void CloseFidonet(int force) FILE *fi, *fo; st_list *fid = NULL, *tmp; - sprintf(fin, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); - sprintf(fout,"%s/etc/fidonet.temp", getenv("MBSE_ROOT")); + snprintf(fin, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(fout, PATH_MAX, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); if (FidoUpdated == 1) { if (force || (yes_no((char *)"Database is changed, save changes") == 1)) { @@ -171,7 +171,7 @@ void CloseFidonet(int force) while (fread(&fidonet, fidonethdr.recsize, 1, fi) == 1) if (!fidonet.deleted) { - sprintf(temp, "%05d", fidonet.zone[0]); + snprintf(temp, 10, "%05d", fidonet.zone[0]); fill_stlist(&fid, temp, ftell(fi) - fidonethdr.recsize); } sort_stlist(&fid); @@ -206,7 +206,7 @@ int AppendFidonet(void) FILE *fil; char ffile[PATH_MAX]; - sprintf(ffile, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); + snprintf(ffile, PATH_MAX, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); if ((fil = fopen(ffile, "a")) != NULL) { memset(&fidonet, 0, sizeof(fidonet)); fwrite(&fidonet, sizeof(fidonet), 1, fil); @@ -234,7 +234,7 @@ int EditFidoRec(int Area) working(1, 0, 0); IsDoing("Edit Fidonet"); - sprintf(mfile, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); + snprintf(mfile, PATH_MAX, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); if ((fil = fopen(mfile, "r")) == NULL) { working(2, 0, 0); return -1; @@ -283,7 +283,7 @@ int EditFidoRec(int Area) for (i = 0; i < 6; i++) { if ((fidonet.seclist[i].zone) || strlen(fidonet.seclist[i].nodelist)) { show_str(i + 12,26,8, fidonet.seclist[i].nodelist); - sprintf(temp, "%d:%d/%d", fidonet.seclist[i].zone, fidonet.seclist[i].net, fidonet.seclist[i].node); + snprintf(temp, 18, "%d:%d/%d", fidonet.seclist[i].zone, fidonet.seclist[i].net, fidonet.seclist[i].node); show_str(i + 12, 36,17, temp); } else show_str(i + 12,26,27, (char *)" "); @@ -341,7 +341,7 @@ int EditFidoRec(int Area) (char *)"The secondary ^nodelist^ or ^pointlist^ name for this domain")); if (strlen(fidonet.seclist[j-6].nodelist)) { do { - sprintf(temp, "%d:%d/%d", fidonet.seclist[j-6].zone, + snprintf(temp, 18, "%d:%d/%d", fidonet.seclist[j-6].zone, fidonet.seclist[j-6].net, fidonet.seclist[j-6].node); strcpy(temp, edit_str(j+6,36,17, temp, (char *)"The top ^fidonet aka^ for this nodelist (zone:net/node)")); @@ -408,7 +408,7 @@ void EditFidonet(void) mbse_mvprintw( 5, 4, "2. FIDONET SETUP"); set_color(CYAN, BLACK); if (records != 0) { - sprintf(temp, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fidonet.temp", getenv("MBSE_ROOT")); if ((fil = fopen(temp, "r")) != NULL) { fread(&fidonethdr, sizeof(fidonethdr), 1, fil); x = 2; @@ -426,7 +426,7 @@ void EditFidonet(void) x = 42; y = 7; } - sprintf(temp, "%3d. z%d: %-32s", i, fidonet.zone[0], fidonet.comment); + snprintf(temp, 81, "%3d. z%d: %-32s", i, fidonet.zone[0], fidonet.comment); temp[38] = 0; mbse_mvprintw(y, x, temp); y++; @@ -474,7 +474,7 @@ void gold_akamatch(FILE *fp) faddr *want, *ta; int i; - sprintf(temp, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fido = fopen(temp, "r")) == NULL) return; @@ -533,7 +533,7 @@ int fido_doc(FILE *fp, FILE *toc, int page) FILE *wp, *ip, *fido; int i, j; - sprintf(temp, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fido = fopen(temp, "r")) == NULL) return page; @@ -558,7 +558,7 @@ int fido_doc(FILE *fp, FILE *toc, int page) j = 0; } - sprintf(temp, "fidonet_%d.html", fidonet.zone[0]); + snprintf(temp, 81, "fidonet_%d.html", fidonet.zone[0]); fprintf(ip, " %d%s%s\n", temp, fidonet.zone[0], fidonet.comment, getboolean(fidonet.available)); @@ -574,14 +574,14 @@ int fido_doc(FILE *fp, FILE *toc, int page) add_webtable(wp, (char *)"Nodelist", fidonet.nodelist); for (i = 0; i < 6; i++) if (strlen(fidonet.seclist[i].nodelist) || fidonet.seclist[i].zone) { - sprintf(temp, "%d %-8s %d:%d/%d", i+1, fidonet.seclist[i].nodelist, fidonet.seclist[i].zone, + snprintf(temp, 81, "%d %-8s %d:%d/%d", i+1, fidonet.seclist[i].nodelist, fidonet.seclist[i].zone, fidonet.seclist[i].net, fidonet.seclist[i].node); add_webtable(wp, (char *)"Merge list", temp); } - sprintf(temp, "%d", fidonet.zone[0]); + snprintf(temp, 81, "%d", fidonet.zone[0]); for (i = 1; i < 6; i++) if (fidonet.zone[i]) - sprintf(temp, "%s %d", temp, fidonet.zone[i]); + snprintf(temp, 81, "%s %d", temp, fidonet.zone[i]); add_webtable(wp, (char *)"Zone(s)", temp); fprintf(wp, "\n"); fprintf(wp, "\n");