Squash use of strncat(). Replaced by strlcat().

Note that the calls to strncat() did not account for the
NUL terminating byte, and for very long queries could have
led to a buffer overrun.

Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This commit is contained in:
Dan Cross 2018-10-15 14:37:50 +00:00 committed by Andrew Pamment
parent 9f4269c74e
commit 588242f68e

View File

@ -1229,29 +1229,29 @@ void file_search() {
searchterms[i] = str3dup("%%", searchterms[i], "%%"); searchterms[i] = str3dup("%%", searchterms[i], "%%");
} }
if (stype == 0) { if (stype == 0) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?"); snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
for (i = 1; i < searchterm_count; i++) { for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR filename LIKE ?", 1024); strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
} }
strncat(sqlbuffer, ")", 1024); strlcat(sqlbuffer, ")", sizeof sqlbuffer);
} }
if (stype == 1) { if (stype == 1) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?"); snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (description LIKE ?");
for (i = 1; i < searchterm_count; i++) { for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR description LIKE ?", 1024); strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
} }
strncat(sqlbuffer, ")", 1024); strlcat(sqlbuffer, ")", sizeof sqlbuffer);
} }
if (stype == 2) { if (stype == 2) {
snprintf(sqlbuffer, 1024, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?"); snprintf(sqlbuffer, sizeof sqlbuffer, "select id, filename, description, size, dlcount, uploaddate from files where approved=1 AND (filename LIKE ?");
for (i = 1; i < searchterm_count; i++) { for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR filename LIKE ?", 1024); strlcat(sqlbuffer, " OR filename LIKE ?", sizeof sqlbuffer);
} }
strncat(sqlbuffer, " OR description LIKE ?", 1024); strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
for (i = 1; i < searchterm_count; i++) { for (i = 1; i < searchterm_count; i++) {
strncat(sqlbuffer, " OR description LIKE ?", 1024); strlcat(sqlbuffer, " OR description LIKE ?", sizeof sqlbuffer);
} }
strncat(sqlbuffer, ")", 1024); strlcat(sqlbuffer, ")", sizeof sqlbuffer);
} }
if (!all) { if (!all) {