Secured sprintf with snprintf
This commit is contained in:
parent
109480dde1
commit
240e2f72f9
@ -78,7 +78,7 @@ void A_Help(faddr *t, char *replyid)
|
||||
|
||||
subject = calloc(255, sizeof(char));
|
||||
sprintf(subject,"AreaMgr Help");
|
||||
GetRpSubject("areamgr.help",subject);
|
||||
GetRpSubject("areamgr.help",subject,254);
|
||||
|
||||
if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject , replyid)) != NULL) {
|
||||
if ((fi = OpenMacro("areamgr.help", nodes.Language, FALSE)) != NULL ) {
|
||||
@ -133,22 +133,22 @@ void A_List(faddr *t, char *replyid, int Notify)
|
||||
switch (Notify) {
|
||||
case LIST_NOTIFY: Mgrlog("AreaMgr: Notify to %s", ascfnode(t, 0xff));
|
||||
sprintf(subject,"AreaMgr Notify");
|
||||
GetRpSubject("areamgr.notify.list",subject);
|
||||
GetRpSubject("areamgr.notify.list",subject,254);
|
||||
fi = OpenMacro("areamgr.notify.list", nodes.Language, FALSE);
|
||||
break;
|
||||
case LIST_LIST: Mgrlog("AreaMgr: List");
|
||||
sprintf(subject,"AreaMgr list");
|
||||
GetRpSubject("areamgr.list",subject);
|
||||
GetRpSubject("areamgr.list",subject,254);
|
||||
fi = OpenMacro("areamgr.list", nodes.Language, FALSE);
|
||||
break;
|
||||
case LIST_QUERY: Mgrlog("AreaMgr: Query");
|
||||
sprintf(subject,"AreaMgr Query");
|
||||
GetRpSubject("areamgr.query",subject);
|
||||
GetRpSubject("areamgr.query",subject,254);
|
||||
fi = OpenMacro("areamgr.query", nodes.Language, FALSE);
|
||||
break;
|
||||
case LIST_UNLINK: Mgrlog("AreaMgr: Unlinked");
|
||||
sprintf(subject,"AreaMgr: Unlinked areas");
|
||||
GetRpSubject("areamgr.unlink",subject);
|
||||
GetRpSubject("areamgr.unlink",subject,254);
|
||||
fi = OpenMacro("areamgr.unlink", nodes.Language, FALSE);
|
||||
break;
|
||||
}
|
||||
@ -334,12 +334,12 @@ void A_Flow(faddr *t, char *replyid, int Notify)
|
||||
if (Notify) {
|
||||
Mgrlog("AreaMgr: Flow report to %s", ascfnode(t, 0xff));
|
||||
sprintf(subject,"AreaMgr Notify Flow Report");
|
||||
GetRpSubject("areamgr.notify.flow",subject);
|
||||
GetRpSubject("areamgr.notify.flow",subject,254);
|
||||
fi = OpenMacro("areamgr.notify.flow", nodes.Language, FALSE);
|
||||
} else {
|
||||
Mgrlog("AreaMgr: Flow report");
|
||||
sprintf(subject,"AreaMgr Flow Report");
|
||||
GetRpSubject("areamgr.flow",subject);
|
||||
GetRpSubject("areamgr.flow",subject,254);
|
||||
fi = OpenMacro("areamgr.flow", nodes.Language, FALSE);
|
||||
}
|
||||
|
||||
@ -512,7 +512,7 @@ void A_Status(faddr *t, char *replyid)
|
||||
MacroVars("y", "s", ascfnode(ta, 0xf));
|
||||
tidy_faddr(ta);
|
||||
|
||||
GetRpSubject("areamgr.status",subject);
|
||||
GetRpSubject("areamgr.status",subject,254);
|
||||
|
||||
if ((fi = OpenMacro("areamgr.status", nodes.Language, FALSE)) == NULL ){
|
||||
MacroClear();
|
||||
@ -1134,7 +1134,7 @@ int AreaMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Areamgr");
|
||||
MacroVars("RABCDE", "ssssss","","","","","","");
|
||||
sprintf(subject,"Your AreaMgr request");
|
||||
GetRpSubject("areamgr.responses",subject);
|
||||
GetRpSubject("areamgr.responses",subject,72);
|
||||
if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Areamgr", subject, replyid)) != NULL) {
|
||||
MacroVars("RABCDE", "ssssss","WELLCOME","","","","","");
|
||||
MsgResult("areamgr.responses",np,'\r');
|
||||
|
@ -72,7 +72,7 @@ void F_Help(faddr *t, char *replyid)
|
||||
Mgrlog("FileMgr: Help");
|
||||
subject=calloc(255,sizeof(char));
|
||||
sprintf(subject,"FileMgr help");
|
||||
GetRpSubject("filemgr.help",subject);
|
||||
GetRpSubject("filemgr.help",subject,254);
|
||||
|
||||
if ((fp = SendMgrMail(t, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) {
|
||||
if ((fi = OpenMacro("filemgr.help", nodes.Language, FALSE)) != NULL ){
|
||||
@ -122,22 +122,22 @@ void F_List(faddr *t, char *replyid, int Notify)
|
||||
switch (Notify) {
|
||||
case LIST_NOTIFY: Mgrlog("FileMgr: Notify to %s", ascfnode(t, 0xff));
|
||||
sprintf(subject,"FileMgr Notify");
|
||||
GetRpSubject("filemgr.notify.list",subject);
|
||||
GetRpSubject("filemgr.notify.list",subject,254);
|
||||
fi=OpenMacro("filemgr.notify.list", nodes.Language, FALSE);
|
||||
break;
|
||||
case LIST_LIST: Mgrlog("FileMgr: List");
|
||||
sprintf(subject,"FileMgr list");
|
||||
GetRpSubject("filemgr.list",subject);
|
||||
GetRpSubject("filemgr.list",subject,254);
|
||||
fi=OpenMacro("filemgr.list", nodes.Language, FALSE);
|
||||
break;
|
||||
case LIST_QUERY: Mgrlog("FileMgr: Query");
|
||||
sprintf(subject,"FileMgr Query");
|
||||
GetRpSubject("filemgr.query",subject);
|
||||
GetRpSubject("filemgr.query",subject,254);
|
||||
fi=OpenMacro("filemgr.query", nodes.Language, FALSE);
|
||||
break;
|
||||
default: Mgrlog("FileMgr: Unlinked");
|
||||
sprintf(subject,"FileMgr: Unlinked areas");
|
||||
GetRpSubject("filemgr.unlink",subject);
|
||||
GetRpSubject("filemgr.unlink",subject,254);
|
||||
fi=OpenMacro("filemgr.unlink", nodes.Language, FALSE);
|
||||
break;
|
||||
}
|
||||
@ -318,7 +318,7 @@ void F_Status(faddr *t, char *replyid)
|
||||
MacroVars("k", "d", nodes.F_KbRcvd.month[i]);
|
||||
MacroVars("l", "d", nodes.F_KbRcvd.total);
|
||||
MacroVars("s", "s", nodes.Sysop);
|
||||
GetRpSubject("filemgr.status",subject);
|
||||
GetRpSubject("filemgr.status",subject,254);
|
||||
|
||||
if ((fi = OpenMacro("filemgr.status", nodes.Language, FALSE)) == NULL ) {
|
||||
free(subject);
|
||||
@ -945,7 +945,7 @@ int FileMgr(faddr *f, faddr *t, char *replyid, char *subj, time_t mdate, int fla
|
||||
MacroVars("SsP", "sss", CFG.sysop_name, nodes.Sysop,"Filemgr");
|
||||
MacroVars("RABCDE", "ssssss","","","","","","");
|
||||
sprintf(subject,"Your FileMgr request");
|
||||
GetRpSubject("filemgr.responses",subject);
|
||||
GetRpSubject("filemgr.responses",subject,72);
|
||||
if ((np = SendMgrMail(f, CFG.ct_KeepMgr, FALSE, (char *)"Filemgr", subject, replyid)) != NULL) {
|
||||
MacroVars("RABCDE", "ssssss","WELLCOME","","","","","");
|
||||
MsgResult("filemgr.responses",np,'\r');
|
||||
|
@ -106,7 +106,7 @@ void WriteMailGroups(FILE *fp, faddr *f)
|
||||
fgetpos(fi,&fileptr);
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((gp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("$Can't open %s", temp);
|
||||
@ -165,7 +165,7 @@ void WriteFileGroups(FILE *fp, faddr *f)
|
||||
fgetpos(fi,&fileptr);
|
||||
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
|
||||
if ((gp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("$Can't open %s", temp);
|
||||
@ -312,14 +312,14 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
|
||||
Orig.net = From->net;
|
||||
Orig.node = From->node;
|
||||
Orig.point = From->point;
|
||||
sprintf(Orig.domain, "%s", From->domain);
|
||||
snprintf(Orig.domain, 12, "%s", From->domain);
|
||||
|
||||
memset(&Dest, 0, sizeof(Dest));
|
||||
Dest.zone = t->zone;
|
||||
Dest.net = t->net;
|
||||
Dest.node = t->node;
|
||||
Dest.point = t->point;
|
||||
sprintf(Dest.domain, "%s", t->domain);
|
||||
snprintf(Dest.domain, 12, "%s", t->domain);
|
||||
|
||||
if (!SearchNode(Dest)) {
|
||||
Syslog('+', "Can't find node %s in setup", aka2str(Dest));
|
||||
@ -365,13 +365,13 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
|
||||
|
||||
memset(&ext, 0, sizeof(ext));
|
||||
if (nodes.PackNetmail)
|
||||
sprintf(ext, (char *)"qqq");
|
||||
snprintf(ext, 3, (char *)"qqq");
|
||||
else if (nodes.Crash)
|
||||
sprintf(ext, (char *)"ccc");
|
||||
snprintf(ext, 3, (char *)"ccc");
|
||||
else if (nodes.Hold)
|
||||
sprintf(ext, (char *)"hhh");
|
||||
snprintf(ext, 3, (char *)"hhh");
|
||||
else
|
||||
sprintf(ext, (char *)"nnn");
|
||||
snprintf(ext, 3, (char *)"nnn");
|
||||
|
||||
if ((qp = OpenPkt(Orig, Dest, (char *)ext)) == NULL)
|
||||
return 4;
|
||||
@ -437,7 +437,7 @@ int UplinkRequest(faddr *t, faddr *From, int FileMgr, char *cmd)
|
||||
|
||||
|
||||
|
||||
void GetRpSubject(const char *report, char* subject)
|
||||
void GetRpSubject(const char *report, char* subject, size_t size)
|
||||
{
|
||||
FILE *fi;
|
||||
char *temp;
|
||||
@ -454,7 +454,7 @@ void GetRpSubject(const char *report, char* subject)
|
||||
res=diesel((char *)"@(getvar,subject)",temp);
|
||||
|
||||
if(res==0)
|
||||
sprintf(subject,"%s",temp);
|
||||
snprintf(subject,size,"%s",temp);
|
||||
free(temp);
|
||||
}
|
||||
|
||||
@ -542,7 +542,7 @@ int Areas(void)
|
||||
temp = calloc(PATH_MAX, sizeof(char));
|
||||
buf = calloc(4097, sizeof(char));
|
||||
|
||||
sprintf(temp, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
if ((gp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
} else {
|
||||
@ -557,7 +557,7 @@ int Areas(void)
|
||||
fflush(stdout);
|
||||
}
|
||||
Syslog('+', "Checking mail group %s, file %s", mgroup.Name, mgroup.AreaFile);
|
||||
sprintf(temp, "%s/%s", CFG.alists_path, mgroup.AreaFile);
|
||||
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.alists_path, mgroup.AreaFile);
|
||||
if ((ap = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
} else {
|
||||
@ -577,7 +577,7 @@ int Areas(void)
|
||||
printf("(check missing areas)\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
|
||||
fflush(stdout);
|
||||
}
|
||||
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
if ((fp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
tidy_arealist(&alist);
|
||||
@ -652,7 +652,7 @@ int Areas(void)
|
||||
* the area is set to read-only and all links are disconnected.
|
||||
* If the area is empty, it is removed from the setup.
|
||||
*/
|
||||
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
if ((fp = fopen(temp, "r+")) == NULL) {
|
||||
WriteError("Can't open %s for r/w");
|
||||
} else {
|
||||
@ -666,12 +666,12 @@ int Areas(void)
|
||||
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
|
||||
if (msgs.Active && !strcmp(msgs.Group, mgroup.Name) && !strcmp(msgs.Tag, tmp->Name)) {
|
||||
fseek(fp, - msgshdr.recsize, SEEK_CUR);
|
||||
sprintf(temp, "%s.jhr", msgs.Base);
|
||||
snprintf(temp, PATH_MAX -1, "%s.jhr", msgs.Base);
|
||||
if (strlen(msgs.Base) && (file_size(temp) != 1024)) {
|
||||
Mgrlog("Marking echo %s, group %s, area %d read-only", msgs.Tag, mgroup.Name,
|
||||
((ftell(fp) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize)) + 1);
|
||||
msgs.MsgKinds = RONLY; // Area read-only
|
||||
sprintf(msgs.Group, "DELETED"); // Make groupname invalid
|
||||
snprintf(msgs.Group, 12, "DELETED"); // Make groupname invalid
|
||||
} else {
|
||||
Mgrlog("Removing empty echo %s, group %s, area %d", msgs.Tag, mgroup.Name,
|
||||
((ftell(fp) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize)) + 1);
|
||||
@ -740,7 +740,7 @@ int Areas(void)
|
||||
fclose(gp);
|
||||
}
|
||||
|
||||
sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
if ((gp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
} else {
|
||||
@ -755,7 +755,7 @@ int Areas(void)
|
||||
fflush(stdout);
|
||||
}
|
||||
Syslog('+', "Checking tic group %s, file %s", fgroup.Name, fgroup.AreaFile);
|
||||
sprintf(temp, "%s/%s", CFG.alists_path, fgroup.AreaFile);
|
||||
snprintf(temp, PATH_MAX -1, "%s/%s", CFG.alists_path, fgroup.AreaFile);
|
||||
if ((ap = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
} else {
|
||||
@ -819,7 +819,7 @@ int Areas(void)
|
||||
printf("(check missing areas)\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b");
|
||||
fflush(stdout);
|
||||
}
|
||||
sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
if ((fp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
tidy_arealist(&alist);
|
||||
@ -896,7 +896,7 @@ int Areas(void)
|
||||
* still warned about that by the "mbfile check" command.
|
||||
*/
|
||||
Found = FALSE;
|
||||
sprintf(temp, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
snprintf(temp, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
if ((fp = fopen(temp, "r+")) == NULL) {
|
||||
WriteError("Can't open %s for r/w");
|
||||
} else {
|
||||
@ -938,7 +938,7 @@ int Areas(void)
|
||||
/*
|
||||
* Purge marked records
|
||||
*/
|
||||
sprintf(buf, "%s/etc/tic.temp", getenv("MBSE_ROOT"));
|
||||
snprintf(buf, 4096, "%s/etc/tic.temp", getenv("MBSE_ROOT"));
|
||||
if ((fp = fopen(temp, "r")) == NULL) {
|
||||
WriteError("Can't open %s", temp);
|
||||
} else if ((ap = fopen(buf, "w")) == NULL) {
|
||||
|
@ -24,7 +24,7 @@ typedef struct _AreaList {
|
||||
|
||||
void MacroRead(FILE *, FILE *);
|
||||
int MsgResult(const char *, FILE *, char);
|
||||
void GetRpSubject(const char *, char*);
|
||||
void GetRpSubject(const char *, char*, size_t);
|
||||
|
||||
void WriteMailGroups(FILE *, faddr *);
|
||||
void WriteFileGroups(FILE *, faddr *);
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Bad file mover
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:2801/16
|
||||
* Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl
|
||||
@ -43,8 +43,8 @@ void mover(char *fn)
|
||||
From = calloc(PATH_MAX, sizeof(char));
|
||||
To = calloc(PATH_MAX, sizeof(char));
|
||||
|
||||
sprintf(From, "%s/%s", TIC.Inbound, fn);
|
||||
sprintf(To, "%s/%s", CFG.badtic, fn);
|
||||
snprintf(From, PATH_MAX -1, "%s/%s", TIC.Inbound, fn);
|
||||
snprintf(To, PATH_MAX -1, "%s/%s", CFG.badtic, fn);
|
||||
Syslog('!', "Moving %s to %s", From, To);
|
||||
|
||||
if (mkdirs(To, 0770)) {
|
||||
|
Reference in New Issue
Block a user