diff --git a/src/bbs.c b/src/bbs.c index 14d56bf..536d7ae 100644 --- a/src/bbs.c +++ b/src/bbs.c @@ -248,7 +248,8 @@ void s_putchar(char c) { ic = iconv_open("UTF-8", "CP437"); inbuf = (char *)malloz(4); outbuf = (char *)malloz(4); - sprintf(inbuf, "%c", c); + inbuf[0] = c; + inbuf[1] = '\0'; inc = 1; ouc = 4; ptr1 = outbuf; @@ -392,7 +393,7 @@ void s_displayansi(char *file) { char buffer[256]; if (strchr(file, '/') == NULL) { - sprintf(buffer, "%s/%s.ans", conf.ansi_path, file); + snprintf(buffer, sizeof buffer, "%s/%s.ans", conf.ansi_path, file); s_displayansi_pause(buffer, 0); } else { s_displayansi_pause(file, 0); @@ -919,7 +920,7 @@ void runbbs_real(int socket, char *ip, int ssh) { // find out which node we are for (i = 1; i <= conf.nodes; i++) { - sprintf(buffer, "%s/nodeinuse.%d", conf.bbs_path, i); + snprintf(buffer, sizeof buffer, "%s/nodeinuse.%d", conf.bbs_path, i); if (stat(buffer, &s) != 0) { mynode = i; diff --git a/src/chat_system.c b/src/chat_system.c index c1f1273..ed2fd7e 100644 --- a/src/chat_system.c +++ b/src/chat_system.c @@ -401,7 +401,7 @@ void chat_system(struct user_record *user) { } else { input_b = encapsulate_quote(inputbuffer); raw("{ \"bbs\": \"%s\", \"nick\": \"%s\", \"msg\": \"%s\" }\n", conf.mgchat_bbstag, user->loginname, input_b); - sprintf(buffer2, "|08(|13%s|08)[|11%s|08]: |07%s", conf.mgchat_bbstag, user->loginname, input_b); + snprintf(buffer2, sizeof buffer2, "|08(|13%s|08)[|11%s|08]: |07%s", conf.mgchat_bbstag, user->loginname, input_b); free(input_b); append_screenbuffer(buffer2); do_update = 1; @@ -454,15 +454,21 @@ void chat_system(struct user_record *user) { } else { for (j = 1; j < r; j++) { if (jsoneq(message, &tokens[j], "bbs") == 0) { - sprintf(msg.bbstag, "%.*s", tokens[j + 1].end - tokens[j + 1].start, message + tokens[j + 1].start); + snprintf(msg.bbstag, sizeof msg.bbstag, "%.*s", + tokens[j + 1].end - tokens[j + 1].start, + message + tokens[j + 1].start); j++; } if (jsoneq(message, &tokens[j], "nick") == 0) { - sprintf(msg.nick, "%.*s", tokens[j + 1].end - tokens[j + 1].start, message + tokens[j + 1].start); + snprintf(msg.nick, sizeof msg.nick, "%.*s", + tokens[j + 1].end - tokens[j + 1].start, + message + tokens[j + 1].start); j++; } if (jsoneq(message, &tokens[j], "msg") == 0) { - sprintf(msg.msg, "%.*s", tokens[j + 1].end - tokens[j + 1].start, message + tokens[j + 1].start); + snprintf(msg.msg, sizeof msg.msg, "%.*s", + tokens[j + 1].end - tokens[j + 1].start, + message + tokens[j + 1].start); j++; } } diff --git a/src/doors.c b/src/doors.c index 39bde87..20f5827 100644 --- a/src/doors.c +++ b/src/doors.c @@ -51,7 +51,7 @@ int write_door32sys(struct user_record *user) { char *ptr; int i; - sprintf(buffer, "%s/node%d", conf.bbs_path, mynode); + snprintf(buffer, sizeof buffer, "%s/node%d", conf.bbs_path, mynode); if (stat(buffer, &s) != 0) { mkdir(buffer, 0755); @@ -82,7 +82,7 @@ int write_door32sys(struct user_record *user) { // create dorinfo1.def - sprintf(buffer, "%s/node%d/dorinfo1.def", conf.bbs_path, mynode); + snprintf(buffer, sizeof buffer, "%s/node%d/dorinfo1.def", conf.bbs_path, mynode); fptr = fopen(buffer, "w"); @@ -125,7 +125,7 @@ int write_door32sys(struct user_record *user) { // create door.sys - sprintf(buffer, "%s/node%d/door.sys", conf.bbs_path, mynode); + snprintf(buffer, sizeof buffer, "%s/node%d/door.sys", conf.bbs_path, mynode); fptr = fopen(buffer, "w"); @@ -203,9 +203,9 @@ void rundoor(struct user_record *user, char *cmd, int stdio, char *codepage) { door_out = gSocket; } arguments[0] = strdup(cmd); - sprintf(buffer, "%d", mynode); + snprintf(buffer, sizeof buffer, "%d", mynode); arguments[1] = strdup(buffer); - sprintf(buffer, "%d", door_out); + snprintf(buffer, sizeof buffer, "%d", door_out); arguments[2] = strdup(buffer); arguments[3] = NULL; diff --git a/src/email.c b/src/email.c index 4af83ec..1d76790 100644 --- a/src/email.c +++ b/src/email.c @@ -149,7 +149,7 @@ void show_email(struct user_record *user, int msgno, int email_count, struct ema s_printf(get_string(57), emails[msgno]->from); s_printf(get_string(58), emails[msgno]->subject); localtime_r(&emails[msgno]->date, &msg_date); - sprintf(buffer, "%s", asctime(&msg_date)); + strlcpy(buffer, asctime(&msg_date), sizeof buffer); buffer[strlen(buffer) - 1] = '\0'; s_printf(get_string(59), buffer); s_printf(get_string(60)); @@ -243,7 +243,7 @@ void show_email(struct user_record *user, int msgno, int email_count, struct ema free(msg_lines); msg_line_count = 0; - sprintf(buffer, "%s/email.sq3", conf.bbs_path); + snprintf(buffer, sizeof buffer, "%s/email.sq3", conf.bbs_path); rc = sqlite3_open(buffer, &db); @@ -281,7 +281,7 @@ void show_email(struct user_record *user, int msgno, int email_count, struct ema replybody = external_editor(user, user->loginname, emails[msgno]->from, emails[msgno]->body, strlen(emails[msgno]->body), emails[msgno]->from, subject, 1, 0); if (replybody != NULL) { - sprintf(buffer, "%s/email.sq3", conf.bbs_path); + snprintf(buffer, sizeof buffer, "%s/email.sq3", conf.bbs_path); rc = sqlite3_open(buffer, &db); if (rc != SQLITE_OK) { @@ -315,7 +315,7 @@ void show_email(struct user_record *user, int msgno, int email_count, struct ema } free(subject); } else if (tolower(c) == 'd') { - sprintf(buffer, "%s/email.sq3", conf.bbs_path); + snprintf(buffer, sizeof buffer, "%s/email.sq3", conf.bbs_path); rc = sqlite3_open(buffer, &db); if (rc != SQLITE_OK) { @@ -620,7 +620,7 @@ int mail_getemailcount(struct user_record *user) { sqlite3_stmt *res; int rc; - sprintf(buffer, "%s/email.sq3", conf.bbs_path); + snprintf(buffer, sizeof buffer, "%s/email.sq3", conf.bbs_path); rc = sqlite3_open(buffer, &db); diff --git a/src/files.c b/src/files.c index 804d872..6c5e6a5 100644 --- a/src/files.c +++ b/src/files.c @@ -444,16 +444,11 @@ char *get_file_id_diz(char *filename) { } } - bpos = 0; - len = strlen(description); - for (i = 0; i < len; i++) { - if (description[i] == '\r') { - continue; - } else { - description[bpos++] = description[i]; - } - } - description[bpos] = '\0'; + char *b = description; + for (char *p = description; p != '\0'; ++p) + if (*p != '\r') + *b++ = *p; + *b = '\0'; snprintf(buffer, sizeof buffer, "%s/node%d/temp", conf.bbs_path, mynode); recursive_delete(buffer); @@ -495,34 +490,31 @@ int do_download(struct user_record *user, char *file) { } return 1; } else { - bpos = 0; - for (i = 0; i < strlen(defproto->download); i++) { - if (defproto->download[i] == '*') { - i++; - if (defproto->download[i] == '*') { - download_command[bpos++] = defproto->download[i]; - download_command[bpos] = '\0'; - continue; - } else if (defproto->download[i] == 'f') { - sprintf(&download_command[bpos], "%s", file); - bpos = strlen(download_command); - - continue; - } else if (defproto->download[i] == 's') { - if (!sshBBS) { - sprintf(&download_command[bpos], "%d", gSocket); - bpos = strlen(download_command); - } else { - s_printf(get_string(209), defproto->name); - return 0; - } - } - - } else { - download_command[bpos++] = defproto->download[i]; - download_command[bpos] = '\0'; + char *b = download_command; + size_t blen = sizeof download_command; + for (const char *p = defproto->download; *p != '\0' && blen > 1; ++p) { + if (*p == '*') { + *b++ = '*'; + --blen; + continue; } + p++; + size_t alen = 0; + if (*p == 'f') { + strlcpy(b, file, blen); + alen = strlen(b); + } else if (*p == 's') { + if (sshBBS) { + s_printf(get_string(209), defproto->name); + return 0; + } + snprintf(b, blen, "%d", gSocket); + alen = strlen(b); + } + b += alen; + blen -= alen; } + *b = '\0'; argc = 1; last_char_space = 0; for (i = 0; i < strlen(download_command); i++) { @@ -596,7 +588,6 @@ int do_upload(struct user_record *user, char *final_path) { timeoutpaused = 0; return 1; } else { - if (defproto->upload_prompt) { s_printf(get_string(210)); s_readstring(buffer3, 256); @@ -612,13 +603,15 @@ int do_upload(struct user_record *user, char *final_path) { continue; } else if (defproto->upload[i] == 'f') { if (defproto->upload_prompt) { - sprintf(&upload_command[bpos], "%s", buffer3); + size_t blen = sizeof(upload_command) - bpos; + strlcpy(upload_command + bpos, buffer3, blen); bpos = strlen(upload_command); } continue; } else if (defproto->upload[i] == 's') { if (!sshBBS) { - sprintf(&upload_command[bpos], "%d", gSocket); + size_t blen = sizeof(upload_command) - bpos; + snprintf(upload_command + bpos, blen, "%d", gSocket); bpos = strlen(upload_command); } else { s_printf(get_string(209), defproto->name); diff --git a/src/lua_glue.c b/src/lua_glue.c index 94d774b..2edd78a 100644 --- a/src/lua_glue.c +++ b/src/lua_glue.c @@ -57,7 +57,7 @@ int l_bbsDisplayAnsiPause(lua_State *L) { char buffer[256]; if (strchr(str, '/') == NULL) { - sprintf(buffer, "%s/%s.ans", conf.ansi_path, str); + snprintf(buffer, sizeof buffer, "%s/%s.ans", conf.ansi_path, str); s_displayansi_pause(buffer, 1); } else { s_displayansi_pause(str, 1); @@ -443,7 +443,7 @@ int l_postMessage(lua_State *L) { JAM_PutSubfield(jsp, &jsf); if (ma->type == TYPE_NEWSGROUP_AREA) { - sprintf(buffer, "ALL"); + strlcpy(buffer, "ALL", sizeof buffer); jsf.LoID = JAMSFLD_RECVRNAME; jsf.HiID = 0; jsf.DatLen = strlen(buffer); diff --git a/src/main_menu.c b/src/main_menu.c index 1b7a433..cfcaa09 100644 --- a/src/main_menu.c +++ b/src/main_menu.c @@ -18,8 +18,7 @@ void display_bulletins() { struct stat s; i = 0; - sprintf(buffer, "%s/bulletin%d.ans", conf.ansi_path, i); - + snprintf(buffer, sizeof buffer, "%s/bulletin%d.ans", conf.ansi_path, i); while (stat(buffer, &s) == 0) { s_printf("\e[2J\e[1;1H"); s_displayansi_pause(buffer, 1); @@ -27,7 +26,7 @@ void display_bulletins() { s_getc(); s_printf("\r\n"); i++; - sprintf(buffer, "%s/bulletin%d.ans", conf.ansi_path, i); + snprintf(buffer, sizeof buffer, "%s/bulletin%d.ans", conf.ansi_path, i); } } diff --git a/src/www_email.c b/src/www_email.c index 69052cc..17b1159 100644 --- a/src/www_email.c +++ b/src/www_email.c @@ -25,7 +25,7 @@ int www_email_delete(struct user_record *user, int id) { char *dsql = "DELETE FROM email WHERE id=? AND recipient LIKE ?"; char *err_msg = 0; - sprintf(buffer, "%s/email.sq3", conf.bbs_path); + snprintf(buffer, sizeof buffer, "%s/email.sq3", conf.bbs_path); rc = sqlite3_open(buffer, &db); if (rc != SQLITE_OK) {