bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-29 12:19:39 +00:00
parent 1bd3ca1df0
commit 21d3e5acca
2 changed files with 53 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
mbsebbs/exitinfo.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Exitinfo functions
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -54,7 +54,7 @@ int InitExitinfo()
long offset;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((pUsrConfig = fopen(temp,"r+b")) == NULL) {
WriteError("$Can't open %s for writing", temp);
@ -75,7 +75,7 @@ int InitExitinfo()
exitinfo = usrconfig;
fclose(pUsrConfig);
sprintf(temp, "%s/%s/exitinfo", CFG.bbs_usersdir, usrconfig.Name);
snprintf(temp, PATH_MAX, "%s/%s/exitinfo", CFG.bbs_usersdir, usrconfig.Name);
if ((pExitinfo = fopen(temp, "w+b")) == NULL) {
WriteError("$Can't open %s for writing", temp);
free(temp);
@ -102,7 +102,7 @@ void ReadExitinfo()
char *temp;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/%s/exitinfo", CFG.bbs_usersdir, sUnixName);
snprintf(temp, PATH_MAX, "%s/%s/exitinfo", CFG.bbs_usersdir, sUnixName);
mkdirs(temp, 0770);
if ((pExitinfo = fopen(temp,"r+b")) == NULL)
InitExitinfo();
@ -127,7 +127,7 @@ void WriteExitinfo()
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/%s/exitinfo", CFG.bbs_usersdir, sUnixName);
snprintf(temp, PATH_MAX, "%s/%s/exitinfo", CFG.bbs_usersdir, sUnixName);
if ((pExitinfo = fopen(temp,"w+b")) == NULL)
WriteError("$WriteExitinfo() failed");
else {

96
mbsebbs/file.c
View File

@ -134,7 +134,7 @@ void File_List()
if (fdb.Deleted) {
/* D E L E T E D */ /* Uploaded by: */
sprintf(temp, " -- %-12s %s [%4ld] %s%s\n", fdb.Name, (char *) Language(239),
snprintf(temp, 81, " -- %-12s %s [%4ld] %s%s\n", fdb.Name, (char *) Language(239),
fdb.TimesDL, (char *) Language(238), fdb.Uploader);
PUTSTR(temp);
}
@ -147,7 +147,7 @@ void File_List()
Enter(1);
/* Total Files: */
sprintf(temp, "%s%d / %d bytes", (char *) Language(242), FileCount, FileBytes);
snprintf(temp, 81, "%s%d / %d bytes", (char *) Language(242), FileCount, FileBytes);
pout(LIGHTCYAN, BLACK, temp);
Enter(2);
@ -178,9 +178,9 @@ void Download(void)
* Clean users tag directory.
*/
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "-rf %s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "-rf %s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
execute_pth((char *)"rm", temp, (char *)"/dev/null", (char *)"/dev/null", (char *)"/dev/null");
sprintf(temp, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/tag", CFG.bbs_usersdir, exitinfo.Name);
CheckDir(temp);
if ((tf = fopen("taglist", "r+")) == NULL) {
@ -219,7 +219,7 @@ void Download(void)
Syslog('b', "Found file %s in area %d", fdb.LName, Tag.Area);
if (fdb.Deleted) {
/* Sorry that file is unavailable for download */
sprintf(temp, "%s (%s)", (char *) Language(248), fdb.LName);
snprintf(temp, 81, "%s (%s)", (char *) Language(248), fdb.LName);
poutCR(CFG.HiliteF, CFG.HiliteB, temp);
Tag.Active = FALSE;
Syslog('+', "File %s in area %d unavailable for download, deleted", fdb.LName, Tag.Area);
@ -233,7 +233,7 @@ void Download(void)
* can unlink it aftwerwards. We also insert CR
* characters to please the poor DOS (M$oft) users.
*/
sprintf(local, "./tag/filedesc.%ld", exitinfo.Downloads % 256);
snprintf(local, PATH_MAX, "./tag/filedesc.%ld", exitinfo.Downloads % 256);
if ((fd = fopen(local, "a")) != NULL) {
fprintf(fd, "%s (%s)\r\n", fdb.LName, fdb.Name);
for (i = 0; i < 25; i++) {
@ -247,7 +247,7 @@ void Download(void)
WriteError("Can't add info to %s", local);
}
sprintf(local, "%s/%s", sAreaPath, Tag.LFile);
snprintf(local, PATH_MAX, "%s/%s", sAreaPath, Tag.LFile);
add_download(&dl, local, Tag.LFile, Tag.Area, fdb.Size, FALSE);
Home();
@ -294,14 +294,14 @@ void Download(void)
/*
* Add descriptions file to the queue.
*/
sprintf(local, "%s/%s/tag/filedesc.%ld", CFG.bbs_usersdir, exitinfo.Name, exitinfo.Downloads % 256);
snprintf(local, PATH_MAX, "%s/%s/tag/filedesc.%ld", CFG.bbs_usersdir, exitinfo.Name, exitinfo.Downloads % 256);
dsize = file_size(local);
sprintf(temp, "filedesc.%ld", exitinfo.Downloads % 256);
snprintf(temp, PATH_MAX, "filedesc.%ld", exitinfo.Downloads % 256);
add_download(&dl, local, temp, 0, dsize, TRUE);
free(local);
/* You have */ /* files( */ /* bytes) marked for download */
sprintf(temp, "%s %d %s%ld %s", (char *) Language(249), Count, (char *) Language(280), Size, (char *) Language(281));
snprintf(temp, PATH_MAX, "%s %d %s%ld %s", (char *) Language(249), Count, (char *) Language(280), Size, (char *) Language(281));
pout(YELLOW, BLACK, temp);
Enter(2);
@ -439,7 +439,7 @@ void File_RawDir(char *OpData)
fLine(78);
while ((dp = readdir( dirp )) != NULL ) {
sprintf(FileName, "%s/%s", temp, dp->d_name);
snprintf(FileName, PATH_MAX, "%s/%s", temp, dp->d_name);
if (*(dp->d_name) != '.') {
iFileCount++;
@ -449,13 +449,13 @@ void File_RawDir(char *OpData)
} else {
iBytes += statfile.st_size;
sprintf(temp2, "%-54s " , dp->d_name);
snprintf(temp2, 81, "%-54s " , dp->d_name);
pout(YELLOW, BLACK, temp2);
sprintf(temp2, "%-12ld", (long)(statfile.st_size));
snprintf(temp2, 81, "%-12ld", (long)(statfile.st_size));
pout(LIGHTMAGENTA, BLACK, temp2);
sprintf(temp2, "%-10s", StrDateDMY(statfile.st_mtime));
snprintf(temp2, 81, "%-10s", StrDateDMY(statfile.st_mtime));
pout(LIGHTGREEN, BLACK, temp2);
}
Enter(1);
@ -471,7 +471,7 @@ void File_RawDir(char *OpData)
colour(CFG.HiliteF, CFG.HiliteB);
fLine(78);
/* Total Files: */ /* Bytes */
sprintf(temp2, "%s %d, %d %s", (char *) Language(242), iFileCount, iBytes, (char *) Language(354));
snprintf(temp2, 81, "%s %d, %d %s", (char *) Language(242), iFileCount, iBytes, (char *) Language(354));
pout(LIGHTGREEN, BLACK, temp2);
Enter(2);
@ -520,7 +520,7 @@ int KeywordScan()
y = strlen(tmpname);
for (z = 0; z < y; z++) {
if (tmpname[z] != '*') {
sprintf(temp, "%c", tmpname[z]);
snprintf(temp, 81, "%c", tmpname[z]);
strcat(Name, temp);
}
}
@ -546,7 +546,7 @@ int KeywordScan()
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
for (i = 0; i < 25; i++)
sprintf(BigDesc, "%s%s", BigDesc, *(fdb.Desc + i));
snprintf(BigDesc, 1230, "%s%s", BigDesc, *(fdb.Desc + i));
if ((strstr(fdb.Name,Name) != NULL) || (strstr(tl(BigDesc), Name) != NULL)) {
@ -932,7 +932,7 @@ int Upload()
temp = calloc(PATH_MAX, sizeof(char));
for (tmpf = up; tmpf; tmpf = tmpf->next) {
sprintf(temp, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name);
chdir(temp);
Syslog('b', "Checking upload %s", tmpf->filename);
@ -1043,7 +1043,7 @@ void List_Home()
iLineCount = 2;
clear();
sprintf(temp, "%s/%s/wrk", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/wrk", CFG.bbs_usersdir, exitinfo.Name);
if ((dirp = opendir(temp)) == NULL) {
WriteError("$List_Home: Can't open dir: %s", temp);
@ -1054,15 +1054,15 @@ void List_Home()
Pause();
} else {
/* Home directory listing for */
sprintf(temp, " %s", (char *) Language(291));
snprintf(temp, 81, " %s", (char *) Language(291));
pout(BLUE, LIGHTGRAY, temp);
sprintf(temp, "%-51s", exitinfo.sUserName);
snprintf(temp, 81, "%-51s", exitinfo.sUserName);
pout(RED, LIGHTGRAY, temp);
Enter(1);
while ((dp = readdir( dirp )) != NULL ) {
sprintf(temp, "%s/%s/wrk", CFG.bbs_usersdir, exitinfo.Name);
sprintf(FileName, "%s/%s", temp, dp->d_name);
snprintf(temp, PATH_MAX, "%s/%s/wrk", CFG.bbs_usersdir, exitinfo.Name);
snprintf(FileName, PATH_MAX, "%s/%s", temp, dp->d_name);
/*
* Check first letter of file for a ".", do not display hidden files
* This includes the current directory and parent directory . & ..
@ -1073,13 +1073,13 @@ void List_Home()
WriteError("$Can't stat file %s",FileName);
} else {
iBytes += statfile.st_size;
sprintf(temp, "%-20s", dp->d_name);
snprintf(temp, 81, "%-20s", dp->d_name);
pout(YELLOW, BLACK, temp);
sprintf(temp, "%-12ld", (long)(statfile.st_size));
snprintf(temp, 81, "%-12ld", (long)(statfile.st_size));
pout(LIGHTMAGENTA, BLACK, temp);
sprintf(temp, "%s ", StrDateDMY(statfile.st_mtime));
snprintf(temp, 81, "%s ", StrDateDMY(statfile.st_mtime));
pout(LIGHTGREEN, BLACK, temp);
sprintf(temp, "%s", StrTimeHMS(statfile.st_mtime));
snprintf(temp, 81, "%s", StrTimeHMS(statfile.st_mtime));
pout(LIGHTCYAN, BLACK, temp);
Enter(1);
}
@ -1090,7 +1090,7 @@ void List_Home()
Enter(2);
/* Total Files: */ /* Bytes */
sprintf(temp, "%s%d / %d %s", (char *) Language(242), iFileCount, iBytes, (char *) Language(354));
snprintf(temp, 81, "%s%d / %d %s", (char *) Language(242), iFileCount, iBytes, (char *) Language(354));
pout(LIGHTCYAN, BLACK, temp);
Enter(1);
Pause();
@ -1114,7 +1114,7 @@ void Delete_Home()
temp = calloc(PATH_MAX, sizeof(char));
temp1 = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/%s/wrk/", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/wrk/", CFG.bbs_usersdir, exitinfo.Name);
Enter(1);
/* Please enter filename to delete: */
@ -1138,7 +1138,7 @@ void Delete_Home()
if ((access(temp, R_OK)) == 0) {
Enter(1);
/* Delete file: */ /* Are you Sure? [Y/n]: */
sprintf(msg, "%s %s, %s", (char *) Language(368), temp1, (char *) Language(369));
snprintf(msg, 81, "%s %s, %s", (char *) Language(368), temp1, (char *) Language(369));
pout(LIGHTGREEN, BLACK, msg);
i = toupper(Readkey());
@ -1219,7 +1219,7 @@ int Download_Home()
/*
* Get path for users home directory
*/
sprintf(temp, "%s/%s/wrk/%s", CFG.bbs_usersdir, exitinfo.Name, File);
snprintf(temp, PATH_MAX, "%s/%s/wrk/%s", CFG.bbs_usersdir, exitinfo.Name, File);
if (stat(temp, &statfile) != 0) {
Enter(2);
@ -1271,7 +1271,7 @@ int Upload_Home()
Enter(2);
for (tmpf = up; tmpf; tmpf = tmpf->next) {
sprintf(temp, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/upl", CFG.bbs_usersdir, exitinfo.Name);
chdir(temp);
Syslog('b', "Checking upload %s", tmpf->filename);
@ -1413,11 +1413,11 @@ void FileArea_List(char *Option)
if ((Access(exitinfo.Security, area.LTSec)) && (area.Available)) {
area.Name[31] = '\0';
sprintf(temp, "%5d", Recno);
snprintf(temp, 81, "%5d", Recno);
pout(WHITE, BLACK, temp);
sprintf(temp, " %c ", 46);
snprintf(temp, 81, " %c ", 46);
pout(LIGHTBLUE, BLACK, temp);
sprintf(temp, "%-31s", area.Name);
snprintf(temp, 81, "%-31s", area.Name);
pout(CYAN, BLACK, temp);
iAreaCount++;
@ -1606,8 +1606,8 @@ void Copy_Home()
Enter(1);
Syslog('+', "Copy homedir, not enough quota");
} else {
sprintf(temp1, "%s/%s", area.Path, fdb.LName); /* Use real longname here */
sprintf(temp2, "%s/%s/wrk/%s", CFG.bbs_usersdir, exitinfo.Name, File);
snprintf(temp1, PATH_MAX, "%s/%s", area.Path, fdb.LName); /* Use real longname here */
snprintf(temp2, PATH_MAX, "%s/%s/wrk/%s", CFG.bbs_usersdir, exitinfo.Name, File);
colour(CFG.TextColourF, CFG.TextColourB);
/* Start copy: */
pout(CFG.HiliteF, CFG.HiliteB, (char *) Language(289));
@ -1684,32 +1684,32 @@ void EditTaglist()
else
Fg = LIGHTGRAY;
sprintf(temp, "%3d ", Count);
snprintf(temp, 81, "%3d ", Count);
pout(Fg, BLACK, temp);
Fg--;
sprintf(temp, "%5ld ", Tag.Area);
snprintf(temp, 81, "%5ld ", Tag.Area);
pout(Fg, BLACK, temp);
Fg--;
if (Tag.Active)
/* Yes */
sprintf(temp, "%-6s ", (char *) Language(356));
snprintf(temp, 81, "%-6s ", (char *) Language(356));
else
/* No */
sprintf(temp, "%-6s ", (char *) Language(357));
snprintf(temp, 81, "%-6s ", (char *) Language(357));
pout(Fg, BLACK, temp);
Fg--;
sprintf(temp, "%-12s", Tag.SFile);
snprintf(temp, 81, "%-12s", Tag.SFile);
pout(Fg, BLACK, temp);
Fg--;
sprintf(temp, " %8ld", (long)(Tag.Size));
snprintf(temp, 81, " %8ld", (long)(Tag.Size));
pout(Fg, BLACK, temp);
Fg--;
sprintf(temp, " %5d", Tag.Cost);
snprintf(temp, 81, " %5d", Tag.Cost);
pout(Fg, BLACK, temp);
Enter(1);
}
@ -1725,7 +1725,7 @@ void EditTaglist()
if (i == Keystroke(358, 0)) {
Enter(2);
/* Enter file number, 1.. */
sprintf(temp, "%s%d ", (char *) Language(359), Count);
snprintf(temp, 81, "%s%d ", (char *) Language(359), Count);
PUTSTR(temp);
GetstrC(temp, 5);
@ -1862,14 +1862,14 @@ void ViewFile(char *name)
return;
}
sprintf(File, "%s/%s", sAreaPath, fdb.LName);
snprintf(File, PATH_MAX, "%s/%s", sAreaPath, fdb.LName);
arc = GetFileType(File);
Syslog('+', "File to view: %s, type %s", fdb.LName, printable(arc, 0));
if (arc != NULL) {
found = FALSE;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/archiver.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/archiver.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) != NULL) {
fread(&archiverhdr, sizeof(archiverhdr), 1, fp);
@ -1898,7 +1898,7 @@ void ViewFile(char *name)
* Archiver viewer is available. Make a temp file which we will
* display to the user.
*/
sprintf(temp, "%s/%s/temptxt", CFG.bbs_usersdir, exitinfo.Name);
snprintf(temp, PATH_MAX, "%s/%s/temptxt", CFG.bbs_usersdir, exitinfo.Name);
rc = execute_str(archiver.varc, File, NULL, (char *)"/dev/null", temp, (char *)"/dev/null");
Syslog('+', "Display temp file %s", temp);
DisplayTextFile(temp);