bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 17:35:28 +00:00
parent 59532fc79d
commit 00a70ffea9
5 changed files with 59 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mbsebbs/term.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Terminal output routines. * Purpose ...............: Terminal output routines.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -104,7 +104,7 @@ void colour(int fg, int bg)
int att=0, fore=37, back=40; int att=0, fore=37, back=40;
if (fg<0 || fg>31 || bg<0 || bg>7) { if (fg<0 || fg>31 || bg<0 || bg>7) {
sprintf(temp, "ANSI: Illegal colour specified: %i, %i\n", fg, bg); snprintf(temp, 61, "ANSI: Illegal colour specified: %i, %i\n", fg, bg);
PUTSTR(temp); PUTSTR(temp);
return; return;
} }
@ -137,7 +137,7 @@ void colour(int fg, int bg)
else if (bg == LIGHTGRAY) back=47; else if (bg == LIGHTGRAY) back=47;
else back=40; else back=40;
sprintf(temp, "%d;%d;%dm", att, fore, back); snprintf(temp, 61, "%d;%d;%dm", att, fore, back);
PUTSTR(temp); PUTSTR(temp);
} }
} }
@ -192,9 +192,9 @@ void locate(int y, int x)
if (termmode > 0) { if (termmode > 0) {
if (y > termy || x > termx) { if (y > termy || x > termx) {
sprintf(temp, "ANSI: Invalid screen coordinates: %i, %i\n", y, x); snprintf(temp, 61, "ANSI: Invalid screen coordinates: %i, %i\n", y, x);
} else { } else {
sprintf(temp, "\x1B[%i;%iH", y, x); snprintf(temp, 61, "\x1B[%i;%iH", y, x);
} }
PUTSTR(temp); PUTSTR(temp);
} }
@ -238,7 +238,7 @@ void mvprintw(int y, int x, const char *format, ...)
outputstr = calloc(2048, sizeof(char)); outputstr = calloc(2048, sizeof(char));
va_start(va_ptr, format); va_start(va_ptr, format);
vsprintf(outputstr, format, va_ptr); vsnprintf(outputstr, 2048, format, va_ptr);
va_end(va_ptr); va_end(va_ptr);
locate(y, x); locate(y, x);

8
mbsebbs/timecheck.c
View File

@ -56,7 +56,7 @@ void Check_PM(void)
static char buf[200]; static char buf[200];
char resp[128], msg[81]; char resp[128], msg[81];
sprintf(buf, "CIPM:1,%d;", mypid); snprintf(buf, 200, "CIPM:1,%d;", mypid);
if (socket_send(buf) == 0) { if (socket_send(buf) == 0) {
strcpy(buf, socket_receive()); strcpy(buf, socket_receive());
if (strncmp(buf, "100:0;", 6) == 0) if (strncmp(buf, "100:0;", 6) == 0)
@ -70,7 +70,7 @@ void Check_PM(void)
PUTCHAR('\007'); PUTCHAR('\007');
colour(CYAN, BLACK); colour(CYAN, BLACK);
/* ** Message ** from */ /* ** Message ** from */
sprintf(msg, "%s %s:", (char *)Language(434), resp); snprintf(msg, 81, "%s %s:", (char *)Language(434), resp);
poutCR(CYAN, BLACK, msg); poutCR(CYAN, BLACK, msg);
strncpy(resp, strtok(NULL, "\0"), 80); /* The real message */ strncpy(resp, strtok(NULL, "\0"), 80); /* The real message */
resp[strlen(resp)-1] = '\0'; resp[strlen(resp)-1] = '\0';
@ -95,14 +95,14 @@ void TimeCheck(void)
/* /*
* Update the global string for the menu prompt * Update the global string for the menu prompt
*/ */
sprintf(sUserTimeleft, "%d", iUserTimeLeft); snprintf(sUserTimeleft, 7, "%d", iUserTimeLeft);
ReadExitinfo(); ReadExitinfo();
if (iUserTimeLeft != ((Time2Go - Now) / 60)) { if (iUserTimeLeft != ((Time2Go - Now) / 60)) {
Elapsed = iUserTimeLeft - ((Time2Go - Now) / 60); Elapsed = iUserTimeLeft - ((Time2Go - Now) / 60);
iUserTimeLeft -= Elapsed; iUserTimeLeft -= Elapsed;
sprintf(sUserTimeleft, "%d", iUserTimeLeft); snprintf(sUserTimeleft, 7, "%d", iUserTimeLeft);
/* /*
* Update users counter if not chatting * Update users counter if not chatting

20
mbsebbs/timestats.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Time Statistics * Purpose ...............: Time Statistics
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -46,7 +46,7 @@ void TimeStats()
Time_Now = time(NULL); Time_Now = time(NULL);
l_date = localtime(&Time_Now); l_date = localtime(&Time_Now);
sprintf(Logdate, "%02d-%s %02d:%02d:%02d", l_date->tm_mday, GetMonth(l_date->tm_mon+1), snprintf(Logdate, 21, "%02d-%s %02d:%02d:%02d", l_date->tm_mday, GetMonth(l_date->tm_mon+1),
l_date->tm_hour, l_date->tm_min, l_date->tm_sec); l_date->tm_hour, l_date->tm_min, l_date->tm_sec);
clear(); clear();
@ -54,10 +54,10 @@ void TimeStats()
Enter(1); Enter(1);
/* TIME STATISTICS for */ /* TIME STATISTICS for */
sprintf(msg, "%s%s ", (char *) Language(134), exitinfo.sUserName); snprintf(msg, 81, "%s%s ", (char *) Language(134), exitinfo.sUserName);
pout(WHITE, BLACK, msg); pout(WHITE, BLACK, msg);
/* on */ /* on */
sprintf(msg, "%s %s", (char *) Language(135), Logdate); snprintf(msg, 81, "%s %s", (char *) Language(135), Logdate);
poutCR(WHITE, BLACK, msg); poutCR(WHITE, BLACK, msg);
colour(LIGHTRED, BLACK); colour(LIGHTRED, BLACK);
@ -66,28 +66,28 @@ void TimeStats()
Enter(1); Enter(1);
/* Current Time */ /* Current Time */
sprintf(msg, "%s %s", (char *) Language(136), (char *) GetLocalHMS()); snprintf(msg, 81, "%s %s", (char *) Language(136), (char *) GetLocalHMS());
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
/* Current Date */ /* Current Date */
sprintf(msg, "%s %s", (char *) Language(137), (char *) GLCdateyy()); snprintf(msg, 81, "%s %s", (char *) Language(137), (char *) GLCdateyy());
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
Enter(1); Enter(1);
/* Connect time */ /* Connect time */
sprintf(msg, "%s %d %s", (char *) Language(138), exitinfo.iConnectTime, (char *) Language(471)); snprintf(msg, 81, "%s %d %s", (char *) Language(138), exitinfo.iConnectTime, (char *) Language(471));
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
/* Time used today */ /* Time used today */
sprintf(msg, "%s %d %s", (char *) Language(139), exitinfo.iTimeUsed, (char *) Language(471)); snprintf(msg, 81, "%s %d %s", (char *) Language(139), exitinfo.iTimeUsed, (char *) Language(471));
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
/* Time remaining today */ /* Time remaining today */
sprintf(msg, "%s %d %s", (char *) Language(140), exitinfo.iTimeLeft, (char *) Language(471)); snprintf(msg, 81, "%s %d %s", (char *) Language(140), exitinfo.iTimeLeft, (char *) Language(471));
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
/* Daily time limit */ /* Daily time limit */
sprintf(msg, "%s %d %s", (char *) Language(141), exitinfo.iTimeUsed + exitinfo.iTimeLeft, (char *) Language(471)); snprintf(msg, 81, "%s %d %s", (char *) Language(141), exitinfo.iTimeUsed + exitinfo.iTimeLeft, (char *) Language(471));
poutCR(LIGHTGREEN, BLACK, msg); poutCR(LIGHTGREEN, BLACK, msg);
Enter(1); Enter(1);

34
mbsebbs/transfer.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: File Transfers * Purpose ...............: File Transfers
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -178,13 +178,13 @@ int download(down_list *download_list)
chdir("./tag"); chdir("./tag");
for (tmpf = download_list; tmpf; tmpf = tmpf->next) { for (tmpf = download_list; tmpf; tmpf = tmpf->next) {
if (!tmpf->sent && !tmpf->failed) { if (!tmpf->sent && !tmpf->failed) {
sprintf(symFrom, "%s/%s/tag/%s", CFG.bbs_usersdir, exitinfo.Name, tmpf->remote); snprintf(symFrom, PATH_MAX, "%s/%s/tag/%s", CFG.bbs_usersdir, exitinfo.Name, tmpf->remote);
Syslog('b', "test \"%s\" \"%s\"", symFrom, tmpf->local); Syslog('b', "test \"%s\" \"%s\"", symFrom, tmpf->local);
if (strcmp(symFrom, tmpf->local)) { if (strcmp(symFrom, tmpf->local)) {
Syslog('b', "different, need a symlink"); Syslog('b', "different, need a symlink");
unlink(tmpf->remote); unlink(tmpf->remote);
sprintf(symFrom, "%s", tmpf->remote); snprintf(symFrom, PATH_MAX, "%s", tmpf->remote);
sprintf(symTo, "%s", tmpf->local); snprintf(symTo, PATH_MAX, "%s", tmpf->local);
if (symlink(symTo, symFrom)) { if (symlink(symTo, symFrom)) {
WriteError("$Can't create symlink %s %s %d", symTo, symFrom, errno); WriteError("$Can't create symlink %s %s %d", symTo, symFrom, errno);
tmpf->failed = TRUE; tmpf->failed = TRUE;
@ -199,7 +199,7 @@ int download(down_list *download_list)
/* /*
* Check if file or symlink is really there. * Check if file or symlink is really there.
*/ */
sprintf(symFrom, "%s", tmpf->remote); snprintf(symFrom, PATH_MAX, "%s", tmpf->remote);
if ((access(symFrom, F_OK)) != 0) { if ((access(symFrom, F_OK)) != 0) {
WriteError("File or symlink %s check failed, unmarking download", symFrom); WriteError("File or symlink %s check failed, unmarking download", symFrom);
tmpf->failed = TRUE; tmpf->failed = TRUE;
@ -223,11 +223,11 @@ int download(down_list *download_list)
clear(); clear();
/* File(s) : */ /* File(s) : */
pout(YELLOW, BLACK, (char *) Language(349)); sprintf(temp, "%d", Count); PUTSTR(temp); Enter(1); pout(YELLOW, BLACK, (char *) Language(349)); snprintf(temp, PATH_MAX, "%d", Count); PUTSTR(temp); Enter(1);
/* Size : */ /* Size : */
pout( CYAN, BLACK, (char *) Language(350)); sprintf(temp, "%lu", Size); PUTSTR(temp); Enter(1); pout( CYAN, BLACK, (char *) Language(350)); snprintf(temp, PATH_MAX, "%lu", Size); PUTSTR(temp); Enter(1);
/* Protocol : */ /* Protocol : */
pout( CYAN, BLACK, (char *) Language(351)); sprintf(temp, "%s", sProtName); PUTSTR(temp); Enter(1); pout( CYAN, BLACK, (char *) Language(351)); snprintf(temp, PATH_MAX, "%s", sProtName); PUTSTR(temp); Enter(1);
Syslog('+', "Download files start, protocol: %s", sProtName); Syslog('+', "Download files start, protocol: %s", sProtName);
@ -240,7 +240,7 @@ int download(down_list *download_list)
sleep(2); sleep(2);
if (uProtInternal) { if (uProtInternal) {
sprintf(temp, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name); snprintf(temp, PATH_MAX, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
chdir(temp); chdir(temp);
if (strncasecmp(sProtName, "zmodem-8k", 9) == 0) { if (strncasecmp(sProtName, "zmodem-8k", 9) == 0) {
maxrc = zmsndfiles(download_list, TRUE); maxrc = zmsndfiles(download_list, TRUE);
@ -273,7 +273,7 @@ int download(down_list *download_list)
alarm_set(((exitinfo.iTimeLeft + 10) * 60) - 10); alarm_set(((exitinfo.iTimeLeft + 10) * 60) - 10);
Altime((exitinfo.iTimeLeft + 10) * 60); Altime((exitinfo.iTimeLeft + 10) * 60);
sprintf(temp, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name); snprintf(temp, PATH_MAX, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
if ((dirp = opendir(temp)) == NULL) { if ((dirp = opendir(temp)) == NULL) {
WriteError("$Download: Can't open dir: %s", temp); WriteError("$Download: Can't open dir: %s", temp);
free(temp); free(temp);
@ -321,7 +321,7 @@ int download(down_list *download_list)
for (tmpf = download_list; tmpf && (maxrc < 2); tmpf = tmpf->next) { for (tmpf = download_list; tmpf && (maxrc < 2); tmpf = tmpf->next) {
if (!tmpf->sent && !tmpf->failed) { if (!tmpf->sent && !tmpf->failed) {
sprintf(symTo, "./tag/%s", tmpf->remote); snprintf(symTo, PATH_MAX, "./tag/%s", tmpf->remote);
/* /*
* If symlink is gone the file is sent. * If symlink is gone the file is sent.
*/ */
@ -404,12 +404,12 @@ int upload(up_list **upload_list)
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
/* Please start your upload now */ /* Please start your upload now */
sprintf(temp, "%s, %s", sProtAdvice, (char *) Language(283)); snprintf(temp, PATH_MAX, "%s, %s", sProtAdvice, (char *) Language(283));
pout(CFG.HiliteF, CFG.HiliteB, temp); pout(CFG.HiliteF, CFG.HiliteB, temp);
Enter(2); Enter(2);
Syslog('+', "Upload using %s", sProtName); Syslog('+', "Upload using %s", sProtName);
sprintf(temp, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name); snprintf(temp, PATH_MAX, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name);
if (chdir(temp)) { if (chdir(temp)) {
WriteError("$Can't chdir to %s", temp); WriteError("$Can't chdir to %s", temp);
@ -455,7 +455,7 @@ int upload(up_list **upload_list)
if (rc == 0) { if (rc == 0) {
stat(dp->d_name, &statfile); stat(dp->d_name, &statfile);
Syslog('b', "Uploaded \"%s\", %ld bytes", dp->d_name, statfile.st_size); Syslog('b', "Uploaded \"%s\", %ld bytes", dp->d_name, statfile.st_size);
sprintf(temp, "%s/%s/upl/%s", CFG.bbs_usersdir, exitinfo.Name, dp->d_name); snprintf(temp, PATH_MAX, "%s/%s/upl/%s", CFG.bbs_usersdir, exitinfo.Name, dp->d_name);
chmod(temp, 0660); chmod(temp, 0660);
/* /*
@ -524,7 +524,7 @@ int upload(up_list **upload_list)
Syslog('+', "Uploaded \"%s\", %ld bytes", dp->d_name, statfile.st_size); Syslog('+', "Uploaded \"%s\", %ld bytes", dp->d_name, statfile.st_size);
Count++; Count++;
Size += statfile.st_size; Size += statfile.st_size;
sprintf(temp, "%s/%s/upl/%s", CFG.bbs_usersdir, exitinfo.Name, dp->d_name); snprintf(temp, PATH_MAX, "%s/%s/upl/%s", CFG.bbs_usersdir, exitinfo.Name, dp->d_name);
chmod(temp, 0660); chmod(temp, 0660);
/* /*
@ -571,10 +571,10 @@ char *transfertime(struct timeval start, struct timeval end, long bytes, int sen
if (!elapsed) if (!elapsed)
elapsed = 1L; elapsed = 1L;
if (bytes > 1000000) if (bytes > 1000000)
sprintf(resp, "%ld bytes %s in %0.3Lf seconds (%0.3Lf Kb/s)", snprintf(resp, 81, "%ld bytes %s in %0.3Lf seconds (%0.3Lf Kb/s)",
bytes, sent?"sent":"received", elapsed / 1000.000, ((bytes / elapsed) * 1000) / 1024); bytes, sent?"sent":"received", elapsed / 1000.000, ((bytes / elapsed) * 1000) / 1024);
else else
sprintf(resp, "%ld bytes %s in %0.3Lf seconds (%0.3Lf Kb/s)", snprintf(resp, 81, "%ld bytes %s in %0.3Lf seconds (%0.3Lf Kb/s)",
bytes, sent?"sent":"received", elapsed / 1000.000, ((bytes * 1000) / elapsed) / 1024); bytes, sent?"sent":"received", elapsed / 1000.000, ((bytes * 1000) / elapsed) / 1024);
return resp; return resp;
} }

44
mbsebbs/user.c
View File

@ -6,7 +6,7 @@
* does a lot of checking in general. * does a lot of checking in general.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -73,7 +73,7 @@ void GetLastUser(void)
char *sDataFile; char *sDataFile;
sDataFile = calloc(PATH_MAX, sizeof(char)); sDataFile = calloc(PATH_MAX, sizeof(char));
sprintf(sDataFile, "%s/etc/sysinfo.data", getenv("MBSE_ROOT")); snprintf(sDataFile, PATH_MAX, "%s/etc/sysinfo.data", getenv("MBSE_ROOT"));
/* /*
* Fix security in case it is wrong. * Fix security in case it is wrong.
*/ */
@ -180,7 +180,7 @@ void user()
grecno = 0; grecno = 0;
Syslog('+', "Unixmode login: %s", sUnixName); Syslog('+', "Unixmode login: %s", sUnixName);
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((pUsrConfig = fopen(temp,"r+")) == NULL) { if ((pUsrConfig = fopen(temp,"r+")) == NULL) {
/* /*
* This should not happen. * This should not happen.
@ -202,13 +202,13 @@ void user()
if (!FoundName) { if (!FoundName) {
fclose(pUsrConfig); fclose(pUsrConfig);
sprintf(temp, "Unknown username: %s\r\n", sUnixName); snprintf(temp, PATH_MAX, "Unknown username: %s\r\n", sUnixName);
PUTSTR(temp); PUTSTR(temp);
/* FATAL ERROR: You are not in the BBS users file.*/ /* FATAL ERROR: You are not in the BBS users file.*/
sprintf(temp, "%s\r\n", (char *) Language(389)); snprintf(temp, PATH_MAX, "%s\r\n", (char *) Language(389));
PUTSTR(temp); PUTSTR(temp);
/* Please run 'newuser' to create an account */ /* Please run 'newuser' to create an account */
sprintf(temp, "%s\r\n", (char *) Language(390)); snprintf(temp, PATH_MAX, "%s\r\n", (char *) Language(390));
PUTSTR(temp); PUTSTR(temp);
Syslog('?', "FATAL: Could not find user in BBS users file."); Syslog('?', "FATAL: Could not find user in BBS users file.");
Syslog('?', " and system is using unix accounts\n"); Syslog('?', " and system is using unix accounts\n");
@ -265,9 +265,9 @@ void user()
Start = TRUE; Start = TRUE;
while (TRUE) { while (TRUE) {
if (Start) if (Start)
sprintf(buf, "GMON:1,1;"); snprintf(buf, 128, "GMON:1,1;");
else else
sprintf(buf, "GMON:1,0;"); snprintf(buf, 128, "GMON:1,0;");
Start = FALSE; Start = FALSE;
if (socket_send(buf) == 0) { if (socket_send(buf) == 0) {
strcpy(buf, socket_receive()); strcpy(buf, socket_receive());
@ -291,7 +291,7 @@ void user()
if (CFG.max_logins && (logins > CFG.max_logins)) { if (CFG.max_logins && (logins > CFG.max_logins)) {
Syslog('+', "User logins %d, allowed %d, disconnecting", logins, CFG.max_logins); Syslog('+', "User logins %d, allowed %d, disconnecting", logins, CFG.max_logins);
colour(LIGHTRED, BLACK); colour(LIGHTRED, BLACK);
sprintf(temp, "%s %d %s\r\n", (char *) Language(18), CFG.max_logins, (char *) Language(19)); snprintf(temp, PATH_MAX, "%s %d %s\r\n", (char *) Language(18), CFG.max_logins, (char *) Language(19));
PUTSTR(temp); PUTSTR(temp);
Quick_Bye(MBERR_INIT_ERROR); Quick_Bye(MBERR_INIT_ERROR);
} }
@ -350,7 +350,7 @@ void user()
/* /*
* Check to see if user must expire * Check to see if user must expire
*/ */
sprintf(temp,"%s", (char *) GetDateDMY()); snprintf(temp,PATH_MAX, "%s", (char *) GetDateDMY());
SwapDate(temp, usrconfig.sExpiryDate); SwapDate(temp, usrconfig.sExpiryDate);
/* Convert Date1 & Date2 to longs for compare */ /* Convert Date1 & Date2 to longs for compare */
@ -376,7 +376,7 @@ void user()
/* /*
* Copy limits.data into memory * Copy limits.data into memory
*/ */
sprintf(temp, "%s/etc/limits.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/limits.data", getenv("MBSE_ROOT"));
if ((pLimits = fopen(temp,"rb")) == NULL) { if ((pLimits = fopen(temp,"rb")) == NULL) {
WriteError("$Can't open %s", temp); WriteError("$Can't open %s", temp);
@ -400,7 +400,7 @@ void user()
/* /*
* Give user new time limit everyday, also new users get a new limit. * Give user new time limit everyday, also new users get a new limit.
*/ */
sprintf(temp,"%s", (char *) GetDateDMY()); snprintf(temp,PATH_MAX, "%s", (char *) GetDateDMY());
if (((strcmp(StrDateDMY(usrconfig.tLastLoginDate), temp)) != 0) || IsNew) { if (((strcmp(StrDateDMY(usrconfig.tLastLoginDate), temp)) != 0) || IsNew) {
/* /*
* If no timelimit set give user 24 hours. * If no timelimit set give user 24 hours.
@ -434,8 +434,8 @@ void user()
* Set last login Date and Time, copy previous session * Set last login Date and Time, copy previous session
* values in memory. * values in memory.
*/ */
sprintf(LastLoginDate, "%s", StrDateDMY(usrconfig.tLastLoginDate)); snprintf(LastLoginDate, 12, "%s", StrDateDMY(usrconfig.tLastLoginDate));
sprintf(LastLoginTime, "%s", StrTimeHMS(usrconfig.tLastLoginDate)); snprintf(LastLoginTime, 9, "%s", StrTimeHMS(usrconfig.tLastLoginDate));
LastLogin = usrconfig.tLastLoginDate; LastLogin = usrconfig.tLastLoginDate;
usrconfig.tLastLoginDate = ltime; /* Set current login to current date */ usrconfig.tLastLoginDate = ltime; /* Set current login to current date */
usrconfig.iTotalCalls++; usrconfig.iTotalCalls++;
@ -496,23 +496,23 @@ void user()
DisplayFile((char *)"welcome8"); DisplayFile((char *)"welcome8");
DisplayFile((char *)"welcome9"); DisplayFile((char *)"welcome9");
sprintf(temp, "%s", (char *) GetDateDMY() ); snprintf(temp, PATH_MAX, "%s", (char *) GetDateDMY() );
if ((strcmp(exitinfo.sDateOfBirth, temp)) == 0) if ((strcmp(exitinfo.sDateOfBirth, temp)) == 0)
DisplayFile((char *)"birthday"); DisplayFile((char *)"birthday");
/* /*
* Displays file if it exists DD-MM.A?? * Displays file if it exists DD-MM.A??
*/ */
sprintf(temp, "%s", (char *) GetDateDMY()); snprintf(temp, PATH_MAX, "%s", (char *) GetDateDMY());
strcpy(temp1, ""); strcpy(temp1, "");
strncat(temp1, temp, 5); strncat(temp1, temp, 5);
sprintf(temp, "%s", temp1); snprintf(temp, PATH_MAX, "%s", temp1);
DisplayFile(temp); DisplayFile(temp);
/* /*
* Displays users security file if it exists * Displays users security file if it exists
*/ */
sprintf(temp, "sec%d", exitinfo.Security.level); snprintf(temp, PATH_MAX, "sec%d", exitinfo.Security.level);
DisplayFile(temp); DisplayFile(temp);
/* /*
@ -527,18 +527,18 @@ void user()
*/ */
st.st_mtime = 0; st.st_mtime = 0;
if (exitinfo.GraphMode) { if (exitinfo.GraphMode) {
sprintf(temp, "%s/onceonly.ans", lang.TextPath); snprintf(temp, PATH_MAX, "%s/onceonly.ans", lang.TextPath);
stat(temp, &st); stat(temp, &st);
if (st.st_mtime == 0) { if (st.st_mtime == 0) {
sprintf(temp, "%s/onceonly.ans", CFG.bbs_txtfiles); snprintf(temp, PATH_MAX, "%s/onceonly.ans", CFG.bbs_txtfiles);
stat(temp, &st); stat(temp, &st);
} }
} }
if (st.st_mtime == 0) { if (st.st_mtime == 0) {
sprintf(temp, "%s/onceonly.asc", lang.TextPath); snprintf(temp, PATH_MAX, "%s/onceonly.asc", lang.TextPath);
stat(temp, &st); stat(temp, &st);
if (st.st_mtime == 0) { if (st.st_mtime == 0) {
sprintf(temp, "%s/onceonly.asc", CFG.bbs_txtfiles); snprintf(temp, PATH_MAX, "%s/onceonly.asc", CFG.bbs_txtfiles);
stat(temp, &st); stat(temp, &st);
} }
} }