bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-30 17:45:31 +00:00
parent a1bd379fdd
commit 1fe9a6332f
5 changed files with 31 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mbutils/dlcount.c
View File

@ -58,7 +58,7 @@ void dlcount(void)
* Check if we have a mark when we did this the last time. * Check if we have a mark when we did this the last time.
* If not, create one and don't do anything. Run the next time. * If not, create one and don't do anything. Run the next time.
*/ */
sprintf(temp, "%s/var/dlcount.stat", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/var/dlcount.stat", getenv("MBSE_ROOT"));
if ((lastcheck = file_time(temp)) == -1) { if ((lastcheck = file_time(temp)) == -1) {
Syslog('+', "Checking WWW downloads never done before, creating timestamp"); Syslog('+', "Checking WWW downloads never done before, creating timestamp");
if ((fp = fopen(temp, "a"))) { if ((fp = fopen(temp, "a"))) {
@ -108,7 +108,7 @@ void dlcount(void)
strncpy(date, p+1, q - p - 1); strncpy(date, p+1, q - p - 1);
// Syslog('f', "\"%s\"", date); // Syslog('f', "\"%s\"", date);
tm.tm_mday = atoi(strtok(date, "/\0")); tm.tm_mday = atoi(strtok(date, "/\0"));
sprintf(month, "%s", strtok(NULL, "/\0")); snprintf(month, 20, "%s", strtok(NULL, "/\0"));
for (i = 0; i < 12; i++) for (i = 0; i < 12; i++)
if (strncasecmp(months[i], month, 3) == 0) if (strncasecmp(months[i], month, 3) == 0)
break; break;
@ -131,7 +131,7 @@ void dlcount(void)
// Syslog('f', "\"%s\"", file); // Syslog('f', "\"%s\"", file);
if (strncmp(file, "GET ", 4) == 0) { if (strncmp(file, "GET ", 4) == 0) {
if ((p = strstr(file, CFG.www_link2ftp))) { if ((p = strstr(file, CFG.www_link2ftp))) {
sprintf(base, "%s%s", CFG.ftp_base, p + strlen(CFG.www_link2ftp)); snprintf(base, PATH_MAX, "%s%s", CFG.ftp_base, p + strlen(CFG.www_link2ftp));
for (i = strlen(base); i; i--) { for (i = strlen(base); i; i--) {
if (base[i] == ' ') { if (base[i] == ' ') {
base[i] = '\0'; base[i] = '\0';
@ -204,7 +204,7 @@ void dlcount(void)
if (p == NULL) if (p == NULL)
break; break;
sprintf(base, "%s", p); snprintf(base, PATH_MAX, "%s", p);
if (date_ok) { if (date_ok) {
/* /*
* So far it seems that the file is possible downloaded from the bbs. * So far it seems that the file is possible downloaded from the bbs.
@ -236,12 +236,12 @@ void count_download(char *filename, time_t filedate, off_t filesize, char *dltyp
struct FILE_record frec; struct FILE_record frec;
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((dfp = fopen(temp, "r"))) { if ((dfp = fopen(temp, "r"))) {
fread(&areahdr, sizeof(areahdr), 1, dfp); fread(&areahdr, sizeof(areahdr), 1, dfp);
sprintf(temp, "%s", filename); snprintf(temp, PATH_MAX, "%s", filename);
for (j = strlen(temp); j; j--) for (j = strlen(temp); j; j--)
if (temp[j] == '/') { if (temp[j] == '/') {
temp[j] = '\0'; temp[j] = '\0';
@ -253,7 +253,7 @@ void count_download(char *filename, time_t filedate, off_t filesize, char *dltyp
while (fread(&area, areahdr.recsize, 1, dfp) == 1) { while (fread(&area, areahdr.recsize, 1, dfp) == 1) {
i++; i++;
if (area.Available && (strcmp(temp, area.Path) == 0)) { if (area.Available && (strcmp(temp, area.Path) == 0)) {
sprintf(temp, "%s", basename(filename)); snprintf(temp, PATH_MAX, "%s", basename(filename));
// Syslog('f', "Download area %d %s", i, temp); // Syslog('f', "Download area %d %s", i, temp);
if ((fdb_area = mbsedb_OpenFDB(i, 30))) { if ((fdb_area = mbsedb_OpenFDB(i, 30))) {

32
mbutils/mball.c
View File

@ -274,14 +274,14 @@ void Masterlist()
int AreaNr = 0, z, x = 0, New; int AreaNr = 0, z, x = 0, New;
unsigned long AllFiles = 0, AllKBytes = 0, NewFiles = 0, NewKBytes = 0; unsigned long AllFiles = 0, AllKBytes = 0, NewFiles = 0, NewKBytes = 0;
unsigned long AllAreaFiles, AllAreaBytes, popdown, down, NewAreaFiles, NewAreaBytes; unsigned long AllAreaFiles, AllAreaBytes, popdown, down, NewAreaFiles, NewAreaBytes;
char *sAreas, temp[81], pop[81]; char *sAreas, temp[PATH_MAX], pop[81];
struct _fdbarea *fdb_area = NULL; struct _fdbarea *fdb_area = NULL;
sAreas = calloc(PATH_MAX, sizeof(char)); sAreas = calloc(PATH_MAX, sizeof(char));
IsDoing("Create Allfiles list"); IsDoing("Create Allfiles list");
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if(( pAreas = fopen (sAreas, "r")) == NULL) { if(( pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("Can't open File Areas File: %s", sAreas); WriteError("Can't open File Areas File: %s", sAreas);
@ -305,14 +305,14 @@ void Masterlist()
TopBox(fp, TRUE); TopBox(fp, TRUE);
TopBox(np, TRUE); TopBox(np, TRUE);
sprintf(temp, "All available files at %s", CFG.bbs_name); snprintf(temp, 81, "All available files at %s", CFG.bbs_name);
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
sprintf(temp, "New available files since %d days at %s", CFG.newdays, CFG.bbs_name); snprintf(temp, 81, "New available files since %d days at %s", CFG.newdays, CFG.bbs_name);
MidLine(temp, np, TRUE); MidLine(temp, np, TRUE);
BotBox(fp, TRUE); BotBox(fp, TRUE);
BotBox(np, TRUE); BotBox(np, TRUE);
sprintf(temp, "%s/etc/header.txt", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/header.txt", getenv("MBSE_ROOT"));
if (( pHeader = fopen(temp, "r")) != NULL) { if (( pHeader = fopen(temp, "r")) != NULL) {
Syslog('+', "Inserting %s", temp); Syslog('+', "Inserting %s", temp);
@ -353,7 +353,7 @@ void Masterlist()
down = fdb.TimesDL; down = fdb.TimesDL;
if (down > popdown) { if (down > popdown) {
popdown = down; popdown = down;
sprintf(pop, "%s", fdb.Name); snprintf(pop, 81, "%s", fdb.Name);
} }
if (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays) { if (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays) {
NewFiles++; NewFiles++;
@ -373,20 +373,20 @@ void Masterlist()
TopBox(fp, TRUE); TopBox(fp, TRUE);
TopBox(np, NewAreaFiles); TopBox(np, NewAreaFiles);
sprintf(temp, "Area %d - %s", AreaNr, area.Name); snprintf(temp, 81, "Area %d - %s", AreaNr, area.Name);
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
MidLine(temp, np, NewAreaFiles); MidLine(temp, np, NewAreaFiles);
sprintf(temp, "File Requests allowed"); snprintf(temp, 81, "File Requests allowed");
MidLine(temp, fp, area.FileReq); MidLine(temp, fp, area.FileReq);
MidLine(temp, np, area.FileReq && NewAreaFiles); MidLine(temp, np, area.FileReq && NewAreaFiles);
sprintf(temp, "%ld KBytes in %ld files", AllAreaBytes / 1024, AllAreaFiles); snprintf(temp, 81, "%ld KBytes in %ld files", AllAreaBytes / 1024, AllAreaFiles);
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
sprintf(temp, "%ld KBytes in %ld files", NewAreaBytes / 1024, NewAreaFiles); snprintf(temp, 81, "%ld KBytes in %ld files", NewAreaBytes / 1024, NewAreaFiles);
MidLine(temp, np, NewAreaFiles); MidLine(temp, np, NewAreaFiles);
if (popdown) { if (popdown) {
sprintf(temp, "Most popular file is %s", pop); snprintf(temp, 81, "Most popular file is %s", pop);
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
} }
@ -397,7 +397,7 @@ void Masterlist()
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) { while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
if (!fdb.Deleted) { if (!fdb.Deleted) {
New = (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays); New = (((t_start - fdb.UploadDate) / 84400) <= CFG.newdays);
sprintf(temp, "%-12s%10lu K %s [%04ld] Uploader: %s", snprintf(temp, 81, "%-12s%10lu K %s [%04ld] Uploader: %s",
fdb.Name, (long)(fdb.Size / 1024), StrDateDMY(fdb.UploadDate), fdb.TimesDL, fdb.Name, (long)(fdb.Size / 1024), StrDateDMY(fdb.UploadDate), fdb.TimesDL,
strlen(fdb.Uploader)?fdb.Uploader:""); strlen(fdb.Uploader)?fdb.Uploader:"");
fprintf(fp, "%s\r\n", temp); fprintf(fp, "%s\r\n", temp);
@ -434,22 +434,22 @@ void Masterlist()
TopBox(fp, TRUE); TopBox(fp, TRUE);
TopBox(np, TRUE); TopBox(np, TRUE);
sprintf(temp, "Total %ld files, %ld KBytes", AllFiles, AllKBytes); snprintf(temp, 81, "Total %ld files, %ld KBytes", AllFiles, AllKBytes);
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
sprintf(temp, "Total %ld files, %ld KBytes", NewFiles, NewKBytes); snprintf(temp, 81, "Total %ld files, %ld KBytes", NewFiles, NewKBytes);
MidLine(temp, np, TRUE); MidLine(temp, np, TRUE);
MidLine((char *)"", fp, TRUE); MidLine((char *)"", fp, TRUE);
MidLine((char *)"", np, TRUE); MidLine((char *)"", np, TRUE);
sprintf(temp, "Created by MBSE BBS v%s (%s-%s) at %s", VERSION, OsName(), OsCPU(), StrDateDMY(t_start)); snprintf(temp, 81, "Created by MBSE BBS v%s (%s-%s) at %s", VERSION, OsName(), OsCPU(), StrDateDMY(t_start));
MidLine(temp, fp, TRUE); MidLine(temp, fp, TRUE);
MidLine(temp, np, TRUE); MidLine(temp, np, TRUE);
BotBox(fp, TRUE); BotBox(fp, TRUE);
BotBox(np, TRUE); BotBox(np, TRUE);
sprintf(temp, "%s/etc/footer.txt", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/footer.txt", getenv("MBSE_ROOT"));
if(( pHeader = fopen(temp, "r")) != NULL) { if(( pHeader = fopen(temp, "r")) != NULL) {
Syslog('+', "Inserting %s", temp); Syslog('+', "Inserting %s", temp);

8
mbutils/mblang.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Language Compiler * Purpose ...............: Language Compiler
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -49,15 +49,15 @@ int main(int argc, char **argv)
exit(MBERR_COMMANDLINE); exit(MBERR_COMMANDLINE);
} }
sprintf(temp1, "%s", *(argv + 1)); snprintf(temp1, PATH_MAX, "%s", *(argv + 1));
unlink(temp1); unlink(temp1);
sprintf(temp, "%s", *(argv + 2)); snprintf(temp, PATH_MAX, "%s", *(argv + 2));
if ((fp1 = fopen(temp, "r")) == NULL) { if ((fp1 = fopen(temp, "r")) == NULL) {
printf("\nUnable to open %s\n", temp); printf("\nUnable to open %s\n", temp);
exit(MBERR_COMMANDLINE); exit(MBERR_COMMANDLINE);
} }
sprintf(temp1, "%s", *(argv + 1)); snprintf(temp1, PATH_MAX, "%s", *(argv + 1));
if ((fp = fopen(temp1, "a+")) == NULL) { if ((fp = fopen(temp1, "a+")) == NULL) {
printf("\nUnable to open %s\n", temp1); printf("\nUnable to open %s\n", temp1);
exit(MBERR_COMMANDLINE); exit(MBERR_COMMANDLINE);

4
mbutils/mbtoberep.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Show contents of toberep.data * Purpose ...............: Show contents of toberep.data
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -46,7 +46,7 @@ int main(int argc, char **argv)
} }
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/toberep.data", BBSpath); snprintf(temp, PATH_MAX, "%s/etc/toberep.data", BBSpath);
if ((fp = fopen(temp, "r")) == NULL) { if ((fp = fopen(temp, "r")) == NULL) {
printf("File %s not found\n", temp); printf("File %s not found\n", temp);

4
mbutils/mbuser.c
View File

@ -181,8 +181,8 @@ void UserPack(int days, int level, int pack)
fnin = calloc(PATH_MAX, sizeof(char)); fnin = calloc(PATH_MAX, sizeof(char));
fnout = calloc(PATH_MAX, sizeof(char)); fnout = calloc(PATH_MAX, sizeof(char));
sprintf(fnin, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(fnin, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
sprintf(fnout, "%s/etc/users.temp", getenv("MBSE_ROOT")); snprintf(fnout, PATH_MAX, "%s/etc/users.temp", getenv("MBSE_ROOT"));
/* /*
* First copy the users database, all packing will be done * First copy the users database, all packing will be done