diff --git a/mbfido/msg.c b/mbfido/msg.c index b37d57df..e54363b4 100644 --- a/mbfido/msg.c +++ b/mbfido/msg.c @@ -103,7 +103,7 @@ int toss_onemsg(char *msgname) { int rc = 0, islocal, empty = TRUE; char *temp, *dospath, *flagstr = NULL, *l, *r, *msgid = NULL; - char fromUserName[36], toUserName[36], subject[72], DateTime[20]; + char fromUserName[37], toUserName[37], subject[73], DateTime[21]; FILE *fp, *np; faddr *ta; unsigned char buf[0xbe]; @@ -114,7 +114,7 @@ int toss_onemsg(char *msgname) net_msgs++; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/%s", CFG.msgs_path, msgname); + snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); @@ -315,7 +315,7 @@ int toss_onemsg(char *msgname) (strncasecmp(toUserName, "postmaster", 10) == 0) || (strncasecmp(toUserName, "coordinator", 11) == 0)) { Syslog('+', " Readdress from %s to %s", toUserName, CFG.sysop_name); - sprintf(toUserName, "%s", CFG.sysop_name); + snprintf(toUserName, 36, "%s", CFG.sysop_name); strcpy(Msg.To, toUserName); } net_imp++; @@ -328,19 +328,19 @@ int toss_onemsg(char *msgname) Msg.Netmail = TRUE; if (origPoint) - sprintf(Msg.FromAddress, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain); + snprintf(Msg.FromAddress, 100, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain); else - sprintf(Msg.FromAddress, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain); + snprintf(Msg.FromAddress, 100, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain); if (SearchFidonet(destZone)) { if (destPoint) - sprintf(Msg.ToAddress, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain); + snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain); else - sprintf(Msg.ToAddress, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain); + snprintf(Msg.ToAddress, 100, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain); } else { if (destPoint) - sprintf(Msg.ToAddress, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint); + snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint); else - sprintf(Msg.ToAddress, "%d:%d/%d", destZone, destNet, destNode); + snprintf(Msg.ToAddress, 100, "%d:%d/%d", destZone, destNet, destNode); } /* @@ -367,7 +367,7 @@ int toss_onemsg(char *msgname) if (!islocal) { do_scan = TRUE; - sprintf(temp, "%s/tmp/netmail.jam", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX -1, "%s/tmp/netmail.jam", getenv("MBSE_ROOT")); if ((np = fopen(temp, "a")) != NULL) { fprintf(np, "%s %lu\n", msgs.Base, Msg.Id); fclose(np); @@ -385,7 +385,7 @@ int toss_onemsg(char *msgname) if (rc == 0) { net_in++; - sprintf(temp, "%s/%s", CFG.msgs_path, msgname); + snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname); if (unlink(temp) != 0) WriteError("Can't remove %s", temp); } diff --git a/mbfido/msgutil.c b/mbfido/msgutil.c index 313d3187..258d14c7 100644 --- a/mbfido/msgutil.c +++ b/mbfido/msgutil.c @@ -72,7 +72,7 @@ void Msg_Id(fidoaddr aka) unsigned long crc = -1; temp = calloc(81, sizeof(char)); - sprintf(temp, "\001MSGID: %s %08lx", aka2str(aka), sequencer()); + snprintf(temp, 80, "\001MSGID: %s %08lx", aka2str(aka), sequencer()); MsgText_Add2(temp); Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp)); Msg.ReplyCRC = 0xffffffff; @@ -87,16 +87,16 @@ void Msg_Pid(void) time_t tt; temp = calloc(81, sizeof(char)); - sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(temp, 80, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); MsgText_Add2(temp); if (msgs.Charset != FTNC_NONE) { - sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset)); + snprintf(temp, 80, "\001CHRS: %s", getftnchrs(msgs.Charset)); } else { - sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); + snprintf(temp, 80, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); } MsgText_Add2(temp); tt = time(NULL); - sprintf(temp, "\001TZUTC: %s", gmtoffset(tt)); + snprintf(temp, 80, "\001TZUTC: %s", gmtoffset(tt)); MsgText_Add2(temp); free(temp); } @@ -168,7 +168,7 @@ long Msg_Top(char *template, int language, fidoaddr aka) hasmodems = TRUE; } - sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX -1, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) != NULL) { fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fp); while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) { @@ -220,11 +220,11 @@ void Msg_Bot(fidoaddr UseAka, char *Org, char *template) MsgText_Add2(TearLine()); if (UseAka.point) - sprintf(aka, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point); + snprintf(aka, 39, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point); else - sprintf(aka, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node); + snprintf(aka, 39, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node); - sprintf(temp, " * Origin: %s %s", Org, aka); + snprintf(temp, 80, " * Origin: %s %s", Org, aka); MsgText_Add2(temp); free(aka); free(temp); @@ -238,7 +238,7 @@ void CountPosted(char *Base) FILE *fp; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r+")) != NULL) { fread(&msgshdr, sizeof(msgshdr), 1, fp); diff --git a/mbfido/newspost.c b/mbfido/newspost.c index 1a815f8c..ced8260e 100644 --- a/mbfido/newspost.c +++ b/mbfido/newspost.c @@ -60,7 +60,7 @@ int newspost(void) * a file, try to post the articles. They may be * still here if the newsserver wasn't available. */ - sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT")); + snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT")); if ((nfp = fopen(buf, "r")) == NULL) { if (newsopen) WriteError("$Can't reopen %s", buf); @@ -115,7 +115,7 @@ int newspost(void) */ if ((CFG.newsfeed == FEEDUUCP) || (CFG.newsfeed == FEEDRNEWS)) { Syslog('+', "Posting news articles to the news batchfile"); - sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); + snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); if ((ofp = fopen(buf, "w+")) == NULL) { WriteError("$Can't create %s", buf); free(buf); @@ -178,7 +178,7 @@ int newspost(void) } else Syslog('+', "Articles send through %s", CFG.rnewspath); fclose(ofp); - sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); + snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); unlink(buf); } @@ -194,7 +194,7 @@ int newspost(void) return TRUE; } - sprintf(buf, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr); + snprintf(buf, 10239, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr); if ((nb = fopen(buf, "a")) == NULL) { WriteError("Can't create %s", buf); newsopen = FALSE; @@ -204,7 +204,7 @@ int newspost(void) fprintf(nb, "E D.%s%lx D.%s%lx news -C D.%s%lx 0666 \"\" 0 rnews\n", utsbuf.nodename, seqnr, utsbuf.nodename, seqnr, utsbuf.nodename, seqnr); fclose(nb); - sprintf(buf, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr); + snprintf(buf, 10239, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr); if ((nb = fopen(buf, "a")) == NULL) { WriteError("Can't create %s", buf); newsopen = FALSE; @@ -215,12 +215,12 @@ int newspost(void) } Syslog('+', "Articles placed in %s", CFG.rnewspath); fclose(ofp); - sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); + snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT")); unlink(buf); } if (! news_bad) { - sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT")); + snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT")); unlink(buf); }