Squash use of strncat(). Replaced by strlcat().
Note that the calls to strncat() did not account for the NUL terminating byte, and for very long queries could have led to a buffer overrun. Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This commit is contained in:
parent
9f4269c74e
commit
588242f68e
22
src/files.c
22
src/files.c
@ -1229,29 +1229,29 @@ void file_search() {
|
|||||||
searchterms[i] = str3dup("%%", searchterms[i], "%%");
|
searchterms[i] = str3dup("%%", searchterms[i], "%%");
|
||||||
}
|
}
|
||||||
if (stype == 0) {
|
if (stype == 0) {
|
||||||
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
|
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
|
||||||
for (i = 1; i < searchterm_count; i++) {
|
for (i = 1; i < searchterm_count; i++) {
|
||||||
strncat(sqlbuffer, " OR filename LIKE ?", 1024);
|
strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
strncat(sqlbuffer, ")", 1024);
|
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
if (stype == 1) {
|
if (stype == 1) {
|
||||||
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
|
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
|
||||||
for (i = 1; i < searchterm_count; i++) {
|
for (i = 1; i < searchterm_count; i++) {
|
||||||
strncat(sqlbuffer, " OR description LIKE ?", 1024);
|
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
strncat(sqlbuffer, ")", 1024);
|
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
if (stype == 2) {
|
if (stype == 2) {
|
||||||
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
|
snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
|
||||||
for (i = 1; i < searchterm_count; i++) {
|
for (i = 1; i < searchterm_count; i++) {
|
||||||
strncat(sqlbuffer, " OR filename LIKE ?", 1024);
|
strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
strncat(sqlbuffer, " OR description LIKE ?", 1024);
|
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
|
||||||
for (i = 1; i < searchterm_count; i++) {
|
for (i = 1; i < searchterm_count; i++) {
|
||||||
strncat(sqlbuffer, " OR description LIKE ?", 1024);
|
strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
strncat(sqlbuffer, ")", 1024);
|
strlcat(sqlbuffer, ")", sizeof sqlbuffer);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!all) {
|
if (!all) {
|
||||||
|
Reference in New Issue
Block a user