Secured sprintf with snprintf
This commit is contained in:
parent
62dbe6534f
commit
109480dde1
22
mbfido/msg.c
22
mbfido/msg.c
@ -103,7 +103,7 @@ int toss_onemsg(char *msgname)
|
|||||||
{
|
{
|
||||||
int rc = 0, islocal, empty = TRUE;
|
int rc = 0, islocal, empty = TRUE;
|
||||||
char *temp, *dospath, *flagstr = NULL, *l, *r, *msgid = NULL;
|
char *temp, *dospath, *flagstr = NULL, *l, *r, *msgid = NULL;
|
||||||
char fromUserName[36], toUserName[36], subject[72], DateTime[20];
|
char fromUserName[37], toUserName[37], subject[73], DateTime[21];
|
||||||
FILE *fp, *np;
|
FILE *fp, *np;
|
||||||
faddr *ta;
|
faddr *ta;
|
||||||
unsigned char buf[0xbe];
|
unsigned char buf[0xbe];
|
||||||
@ -114,7 +114,7 @@ int toss_onemsg(char *msgname)
|
|||||||
|
|
||||||
net_msgs++;
|
net_msgs++;
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/%s", CFG.msgs_path, msgname);
|
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname);
|
||||||
|
|
||||||
if ((fp = fopen(temp, "r")) == NULL) {
|
if ((fp = fopen(temp, "r")) == NULL) {
|
||||||
WriteError("$Can't open %s", temp);
|
WriteError("$Can't open %s", temp);
|
||||||
@ -315,7 +315,7 @@ int toss_onemsg(char *msgname)
|
|||||||
(strncasecmp(toUserName, "postmaster", 10) == 0) ||
|
(strncasecmp(toUserName, "postmaster", 10) == 0) ||
|
||||||
(strncasecmp(toUserName, "coordinator", 11) == 0)) {
|
(strncasecmp(toUserName, "coordinator", 11) == 0)) {
|
||||||
Syslog('+', " Readdress from %s to %s", toUserName, CFG.sysop_name);
|
Syslog('+', " Readdress from %s to %s", toUserName, CFG.sysop_name);
|
||||||
sprintf(toUserName, "%s", CFG.sysop_name);
|
snprintf(toUserName, 36, "%s", CFG.sysop_name);
|
||||||
strcpy(Msg.To, toUserName);
|
strcpy(Msg.To, toUserName);
|
||||||
}
|
}
|
||||||
net_imp++;
|
net_imp++;
|
||||||
@ -328,19 +328,19 @@ int toss_onemsg(char *msgname)
|
|||||||
Msg.Netmail = TRUE;
|
Msg.Netmail = TRUE;
|
||||||
|
|
||||||
if (origPoint)
|
if (origPoint)
|
||||||
sprintf(Msg.FromAddress, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain);
|
snprintf(Msg.FromAddress, 100, "%d:%d/%d.%d@%s", origZone, origNet, origNode, origPoint, fidonet.domain);
|
||||||
else
|
else
|
||||||
sprintf(Msg.FromAddress, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain);
|
snprintf(Msg.FromAddress, 100, "%d:%d/%d@%s", origZone, origNet, origNode, fidonet.domain);
|
||||||
if (SearchFidonet(destZone)) {
|
if (SearchFidonet(destZone)) {
|
||||||
if (destPoint)
|
if (destPoint)
|
||||||
sprintf(Msg.ToAddress, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain);
|
snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d@%s", destZone, destNet, destNode, destPoint, fidonet.domain);
|
||||||
else
|
else
|
||||||
sprintf(Msg.ToAddress, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain);
|
snprintf(Msg.ToAddress, 100, "%d:%d/%d@%s", destZone, destNet, destNode, fidonet.domain);
|
||||||
} else {
|
} else {
|
||||||
if (destPoint)
|
if (destPoint)
|
||||||
sprintf(Msg.ToAddress, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint);
|
snprintf(Msg.ToAddress, 100, "%d:%d/%d.%d", destZone, destNet, destNode, destPoint);
|
||||||
else
|
else
|
||||||
sprintf(Msg.ToAddress, "%d:%d/%d", destZone, destNet, destNode);
|
snprintf(Msg.ToAddress, 100, "%d:%d/%d", destZone, destNet, destNode);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -367,7 +367,7 @@ int toss_onemsg(char *msgname)
|
|||||||
|
|
||||||
if (!islocal) {
|
if (!islocal) {
|
||||||
do_scan = TRUE;
|
do_scan = TRUE;
|
||||||
sprintf(temp, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX -1, "%s/tmp/netmail.jam", getenv("MBSE_ROOT"));
|
||||||
if ((np = fopen(temp, "a")) != NULL) {
|
if ((np = fopen(temp, "a")) != NULL) {
|
||||||
fprintf(np, "%s %lu\n", msgs.Base, Msg.Id);
|
fprintf(np, "%s %lu\n", msgs.Base, Msg.Id);
|
||||||
fclose(np);
|
fclose(np);
|
||||||
@ -385,7 +385,7 @@ int toss_onemsg(char *msgname)
|
|||||||
|
|
||||||
if (rc == 0) {
|
if (rc == 0) {
|
||||||
net_in++;
|
net_in++;
|
||||||
sprintf(temp, "%s/%s", CFG.msgs_path, msgname);
|
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.msgs_path, msgname);
|
||||||
if (unlink(temp) != 0)
|
if (unlink(temp) != 0)
|
||||||
WriteError("Can't remove %s", temp);
|
WriteError("Can't remove %s", temp);
|
||||||
}
|
}
|
||||||
|
@ -72,7 +72,7 @@ void Msg_Id(fidoaddr aka)
|
|||||||
unsigned long crc = -1;
|
unsigned long crc = -1;
|
||||||
|
|
||||||
temp = calloc(81, sizeof(char));
|
temp = calloc(81, sizeof(char));
|
||||||
sprintf(temp, "\001MSGID: %s %08lx", aka2str(aka), sequencer());
|
snprintf(temp, 80, "\001MSGID: %s %08lx", aka2str(aka), sequencer());
|
||||||
MsgText_Add2(temp);
|
MsgText_Add2(temp);
|
||||||
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
|
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
|
||||||
Msg.ReplyCRC = 0xffffffff;
|
Msg.ReplyCRC = 0xffffffff;
|
||||||
@ -87,16 +87,16 @@ void Msg_Pid(void)
|
|||||||
time_t tt;
|
time_t tt;
|
||||||
|
|
||||||
temp = calloc(81, sizeof(char));
|
temp = calloc(81, sizeof(char));
|
||||||
sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
|
snprintf(temp, 80, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
|
||||||
MsgText_Add2(temp);
|
MsgText_Add2(temp);
|
||||||
if (msgs.Charset != FTNC_NONE) {
|
if (msgs.Charset != FTNC_NONE) {
|
||||||
sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset));
|
snprintf(temp, 80, "\001CHRS: %s", getftnchrs(msgs.Charset));
|
||||||
} else {
|
} else {
|
||||||
sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
|
snprintf(temp, 80, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
|
||||||
}
|
}
|
||||||
MsgText_Add2(temp);
|
MsgText_Add2(temp);
|
||||||
tt = time(NULL);
|
tt = time(NULL);
|
||||||
sprintf(temp, "\001TZUTC: %s", gmtoffset(tt));
|
snprintf(temp, 80, "\001TZUTC: %s", gmtoffset(tt));
|
||||||
MsgText_Add2(temp);
|
MsgText_Add2(temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
}
|
}
|
||||||
@ -168,7 +168,7 @@ long Msg_Top(char *template, int language, fidoaddr aka)
|
|||||||
hasmodems = TRUE;
|
hasmodems = TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX -1, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
|
||||||
if ((fp = fopen(temp, "r")) != NULL) {
|
if ((fp = fopen(temp, "r")) != NULL) {
|
||||||
fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fp);
|
fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fp);
|
||||||
while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) {
|
while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) {
|
||||||
@ -220,11 +220,11 @@ void Msg_Bot(fidoaddr UseAka, char *Org, char *template)
|
|||||||
MsgText_Add2(TearLine());
|
MsgText_Add2(TearLine());
|
||||||
|
|
||||||
if (UseAka.point)
|
if (UseAka.point)
|
||||||
sprintf(aka, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point);
|
snprintf(aka, 39, "(%d:%d/%d.%d)", UseAka.zone, UseAka.net, UseAka.node, UseAka.point);
|
||||||
else
|
else
|
||||||
sprintf(aka, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node);
|
snprintf(aka, 39, "(%d:%d/%d)", UseAka.zone, UseAka.net, UseAka.node);
|
||||||
|
|
||||||
sprintf(temp, " * Origin: %s %s", Org, aka);
|
snprintf(temp, 80, " * Origin: %s %s", Org, aka);
|
||||||
MsgText_Add2(temp);
|
MsgText_Add2(temp);
|
||||||
free(aka);
|
free(aka);
|
||||||
free(temp);
|
free(temp);
|
||||||
@ -238,7 +238,7 @@ void CountPosted(char *Base)
|
|||||||
FILE *fp;
|
FILE *fp;
|
||||||
|
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||||
if ((fp = fopen(temp, "r+")) != NULL) {
|
if ((fp = fopen(temp, "r+")) != NULL) {
|
||||||
fread(&msgshdr, sizeof(msgshdr), 1, fp);
|
fread(&msgshdr, sizeof(msgshdr), 1, fp);
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ int newspost(void)
|
|||||||
* a file, try to post the articles. They may be
|
* a file, try to post the articles. They may be
|
||||||
* still here if the newsserver wasn't available.
|
* still here if the newsserver wasn't available.
|
||||||
*/
|
*/
|
||||||
sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT"));
|
snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT"));
|
||||||
if ((nfp = fopen(buf, "r")) == NULL) {
|
if ((nfp = fopen(buf, "r")) == NULL) {
|
||||||
if (newsopen)
|
if (newsopen)
|
||||||
WriteError("$Can't reopen %s", buf);
|
WriteError("$Can't reopen %s", buf);
|
||||||
@ -115,7 +115,7 @@ int newspost(void)
|
|||||||
*/
|
*/
|
||||||
if ((CFG.newsfeed == FEEDUUCP) || (CFG.newsfeed == FEEDRNEWS)) {
|
if ((CFG.newsfeed == FEEDUUCP) || (CFG.newsfeed == FEEDRNEWS)) {
|
||||||
Syslog('+', "Posting news articles to the news batchfile");
|
Syslog('+', "Posting news articles to the news batchfile");
|
||||||
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
||||||
if ((ofp = fopen(buf, "w+")) == NULL) {
|
if ((ofp = fopen(buf, "w+")) == NULL) {
|
||||||
WriteError("$Can't create %s", buf);
|
WriteError("$Can't create %s", buf);
|
||||||
free(buf);
|
free(buf);
|
||||||
@ -178,7 +178,7 @@ int newspost(void)
|
|||||||
} else
|
} else
|
||||||
Syslog('+', "Articles send through %s", CFG.rnewspath);
|
Syslog('+', "Articles send through %s", CFG.rnewspath);
|
||||||
fclose(ofp);
|
fclose(ofp);
|
||||||
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
||||||
unlink(buf);
|
unlink(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -194,7 +194,7 @@ int newspost(void)
|
|||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(buf, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr);
|
snprintf(buf, 10239, "%s/C.%s%lx", CFG.rnewspath, CFG.nntpnode, seqnr);
|
||||||
if ((nb = fopen(buf, "a")) == NULL) {
|
if ((nb = fopen(buf, "a")) == NULL) {
|
||||||
WriteError("Can't create %s", buf);
|
WriteError("Can't create %s", buf);
|
||||||
newsopen = FALSE;
|
newsopen = FALSE;
|
||||||
@ -204,7 +204,7 @@ int newspost(void)
|
|||||||
fprintf(nb, "E D.%s%lx D.%s%lx news -C D.%s%lx 0666 \"\" 0 rnews\n",
|
fprintf(nb, "E D.%s%lx D.%s%lx news -C D.%s%lx 0666 \"\" 0 rnews\n",
|
||||||
utsbuf.nodename, seqnr, utsbuf.nodename, seqnr, utsbuf.nodename, seqnr);
|
utsbuf.nodename, seqnr, utsbuf.nodename, seqnr, utsbuf.nodename, seqnr);
|
||||||
fclose(nb);
|
fclose(nb);
|
||||||
sprintf(buf, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr);
|
snprintf(buf, 10239, "%s/D.%s%lx", CFG.rnewspath, utsbuf.nodename, seqnr);
|
||||||
if ((nb = fopen(buf, "a")) == NULL) {
|
if ((nb = fopen(buf, "a")) == NULL) {
|
||||||
WriteError("Can't create %s", buf);
|
WriteError("Can't create %s", buf);
|
||||||
newsopen = FALSE;
|
newsopen = FALSE;
|
||||||
@ -215,12 +215,12 @@ int newspost(void)
|
|||||||
}
|
}
|
||||||
Syslog('+', "Articles placed in %s", CFG.rnewspath);
|
Syslog('+', "Articles placed in %s", CFG.rnewspath);
|
||||||
fclose(ofp);
|
fclose(ofp);
|
||||||
sprintf(buf, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
snprintf(buf, 10239, "%s/tmp/newsbatch", getenv("MBSE_ROOT"));
|
||||||
unlink(buf);
|
unlink(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (! news_bad) {
|
if (! news_bad) {
|
||||||
sprintf(buf, "%s/tmp/newsout", getenv("MBSE_ROOT"));
|
snprintf(buf, 10239, "%s/tmp/newsout", getenv("MBSE_ROOT"));
|
||||||
unlink(buf);
|
unlink(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user