Secured sprintf with snprintf
This commit is contained in:
Michiel Broek
parent
94f92ab25b
commit
2806a27734
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Hangup functions
|
* Purpose ...............: Hangup functions
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -74,9 +74,9 @@ void Good_Bye(int onsig)
|
|||||||
/*
|
/*
|
||||||
* Update the users database record.
|
* Update the users database record.
|
||||||
*/
|
*/
|
||||||
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||||
if ((pUsrConfig = fopen(temp,"r+")) != NULL) {
|
if ((pUsrConfig = fopen(temp,"r+")) != NULL) {
|
||||||
sprintf(temp, "%s/%s/exitinfo", CFG.bbs_usersdir, exitinfo.Name);
|
snprintf(temp, PATH_MAX, "%s/%s/exitinfo", CFG.bbs_usersdir, exitinfo.Name);
|
||||||
if ((pExitinfo = fopen(temp,"rb")) != NULL) {
|
if ((pExitinfo = fopen(temp,"rb")) != NULL) {
|
||||||
fread(&usrconfighdr, sizeof(usrconfighdr), 1, pUsrConfig);
|
fread(&usrconfighdr, sizeof(usrconfighdr), 1, pUsrConfig);
|
||||||
fread(&exitinfo, sizeof(exitinfo), 1, pExitinfo);
|
fread(&exitinfo, sizeof(exitinfo), 1, pExitinfo);
|
||||||
@ -143,10 +143,10 @@ void Good_Bye(int onsig)
|
|||||||
* Start shutting down this session
|
* Start shutting down this session
|
||||||
*/
|
*/
|
||||||
socket_shutdown(mypid);
|
socket_shutdown(mypid);
|
||||||
sprintf(temp, "%s/tmp/mbsebbs%d", getenv("MBSE_ROOT"), getpid());
|
snprintf(temp, PATH_MAX, "%s/tmp/mbsebbs%d", getenv("MBSE_ROOT"), getpid());
|
||||||
unlink(temp);
|
unlink(temp);
|
||||||
|
|
||||||
sprintf(temp, "%s/%s/exitinfo", CFG.bbs_usersdir, exitinfo.Name);
|
snprintf(temp, PATH_MAX, "%s/%s/exitinfo", CFG.bbs_usersdir, exitinfo.Name);
|
||||||
unlink(temp);
|
unlink(temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
unlink("taglist");
|
unlink("taglist");
|
||||||
@ -169,7 +169,7 @@ void Quick_Bye(int onsig)
|
|||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
Syslog('+', "Quick_Bye");
|
Syslog('+', "Quick_Bye");
|
||||||
socket_shutdown(mypid);
|
socket_shutdown(mypid);
|
||||||
sprintf(temp, "%s/tmp/mbsebbs%d", getenv("MBSE_ROOT"), getpid());
|
snprintf(temp, PATH_MAX, "%s/tmp/mbsebbs%d", getenv("MBSE_ROOT"), getpid());
|
||||||
unlink(temp);
|
unlink(temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
colour(LIGHTGRAY, BLACK);
|
colour(LIGHTGRAY, BLACK);
|
||||||
|
|||||||
@ -56,10 +56,10 @@ int Chg_Language(int NewMode)
|
|||||||
ReadExitinfo();
|
ReadExitinfo();
|
||||||
|
|
||||||
while(TRUE) {
|
while(TRUE) {
|
||||||
sprintf(temp, "%s/etc/language.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX, "%s/etc/language.data", getenv("MBSE_ROOT"));
|
||||||
if(( pLang = fopen(temp, "r")) == NULL) {
|
if(( pLang = fopen(temp, "r")) == NULL) {
|
||||||
WriteError("$Can't open %s", temp);
|
WriteError("$Can't open %s", temp);
|
||||||
sprintf(temp, "\nFATAL: Can't open language file\n\n");
|
snprintf(temp, 81, "\nFATAL: Can't open language file\n\n");
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
Pause();
|
Pause();
|
||||||
free(temp);
|
free(temp);
|
||||||
@ -69,7 +69,7 @@ int Chg_Language(int NewMode)
|
|||||||
|
|
||||||
colour(CFG.HiliteF, CFG.HiliteB);
|
colour(CFG.HiliteF, CFG.HiliteB);
|
||||||
/* Select your preferred language */
|
/* Select your preferred language */
|
||||||
sprintf(temp, "\r\n%s\r\n\r\n", (char *) Language(378));
|
snprintf(temp, 81, "\r\n%s\r\n\r\n", (char *) Language(378));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
|
|
||||||
iLang = 6;
|
iLang = 6;
|
||||||
@ -77,13 +77,13 @@ int Chg_Language(int NewMode)
|
|||||||
while (fread(&lang, langhdr.recsize, 1, pLang) == 1)
|
while (fread(&lang, langhdr.recsize, 1, pLang) == 1)
|
||||||
if (lang.Available) {
|
if (lang.Available) {
|
||||||
colour(LIGHTMAGENTA, BLACK);
|
colour(LIGHTMAGENTA, BLACK);
|
||||||
sprintf(temp, "(%s)", lang.LangKey);
|
snprintf(temp, 81, "(%s)", lang.LangKey);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
colour(DARKGRAY, BLACK);
|
colour(DARKGRAY, BLACK);
|
||||||
sprintf(temp, " %c ", 46);
|
snprintf(temp, 81, " %c ", 46);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
colour(CYAN, BLACK);
|
colour(CYAN, BLACK);
|
||||||
sprintf(temp, "%-29s ", lang.Name);
|
snprintf(temp, 81, "%-29s ", lang.Name);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
|
|
||||||
iLang++;
|
iLang++;
|
||||||
@ -96,7 +96,7 @@ int Chg_Language(int NewMode)
|
|||||||
|
|
||||||
colour(CFG.HiliteF, CFG.HiliteB);
|
colour(CFG.HiliteF, CFG.HiliteB);
|
||||||
/* Select language: */
|
/* Select language: */
|
||||||
sprintf(temp, "\n%s", (char *) Language(379));
|
snprintf(temp, 81, "\n%s", (char *) Language(379));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
|
|
||||||
alarm_on();
|
alarm_on();
|
||||||
@ -130,7 +130,7 @@ int Chg_Language(int NewMode)
|
|||||||
|
|
||||||
colour(LIGHTGREEN, BLACK);
|
colour(LIGHTGREEN, BLACK);
|
||||||
/* Language now set to" */
|
/* Language now set to" */
|
||||||
sprintf(temp, "\r\n\r\n%s%s\r\n\r\n", (char *) Language(380), lang.Name);
|
snprintf(temp, 81, "\r\n\r\n%s%s\r\n\r\n", (char *) Language(380), lang.Name);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
|
|
||||||
if (!NewMode) {
|
if (!NewMode) {
|
||||||
@ -189,13 +189,13 @@ void Chg_Password()
|
|||||||
} else {
|
} else {
|
||||||
colour(LIGHTRED, BLACK);
|
colour(LIGHTRED, BLACK);
|
||||||
/* Your password must contain at least %d characters! Try again.*/
|
/* Your password must contain at least %d characters! Try again.*/
|
||||||
sprintf(temp2, "\r\n%s%d %s\r\n\r\n", (char *) Language(42), CFG.password_length, (char *) Language(43));
|
snprintf(temp2, PATH_MAX, "\r\n%s%d %s\r\n\r\n", (char *) Language(42), CFG.password_length, (char *) Language(43));
|
||||||
PUTSTR(temp2);
|
PUTSTR(temp2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Syslog('+', "%s/bin/mbpasswd %s ******", getenv("MBSE_ROOT"), exitinfo.Name);
|
Syslog('+', "%s/bin/mbpasswd %s ******", getenv("MBSE_ROOT"), exitinfo.Name);
|
||||||
sprintf(temp1, "%s/bin/mbpasswd", getenv("MBSE_ROOT"));
|
snprintf(temp1, PATH_MAX, "%s/bin/mbpasswd", getenv("MBSE_ROOT"));
|
||||||
memset(args, 0, sizeof(args));
|
memset(args, 0, sizeof(args));
|
||||||
args[0] = temp1;
|
args[0] = temp1;
|
||||||
args[1] = exitinfo.Name;
|
args[1] = exitinfo.Name;
|
||||||
@ -241,7 +241,7 @@ int CheckHandle(char *Name)
|
|||||||
char *temp;
|
char *temp;
|
||||||
|
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||||
if ((fp = fopen(temp,"rb")) != NULL) {
|
if ((fp = fopen(temp,"rb")) != NULL) {
|
||||||
fread(&uhdr, sizeof(uhdr), 1, fp);
|
fread(&uhdr, sizeof(uhdr), 1, fp);
|
||||||
|
|
||||||
@ -401,7 +401,7 @@ void Chg_FsMsged()
|
|||||||
pout(LIGHTMAGENTA, BLACK, (char *)Language(372));
|
pout(LIGHTMAGENTA, BLACK, (char *)Language(372));
|
||||||
/* Line/Fullscreen/External */
|
/* Line/Fullscreen/External */
|
||||||
colour(LIGHTCYAN, BLACK);
|
colour(LIGHTCYAN, BLACK);
|
||||||
sprintf(temp, " %s ", Language(387 + (exitinfo.MsgEditor & 3)));
|
snprintf(temp, 81, " %s ", Language(387 + (exitinfo.MsgEditor & 3)));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
/* Editor */
|
/* Editor */
|
||||||
pout(LIGHTMAGENTA, BLACK, (char *)Language(390));
|
pout(LIGHTMAGENTA, BLACK, (char *)Language(390));
|
||||||
@ -433,7 +433,7 @@ void Chg_FsMsged()
|
|||||||
pout(LIGHTMAGENTA, BLACK, (char *)Language(372));
|
pout(LIGHTMAGENTA, BLACK, (char *)Language(372));
|
||||||
/* Line/Fullscreen/External */
|
/* Line/Fullscreen/External */
|
||||||
colour(LIGHTCYAN, BLACK);
|
colour(LIGHTCYAN, BLACK);
|
||||||
sprintf(temp, " %s ", Language(387 + (exitinfo.MsgEditor & 3)));
|
snprintf(temp, 81, " %s ", Language(387 + (exitinfo.MsgEditor & 3)));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
/* Editor */
|
/* Editor */
|
||||||
pout(LIGHTMAGENTA, BLACK, (char *)Language(390));
|
pout(LIGHTMAGENTA, BLACK, (char *)Language(390));
|
||||||
@ -528,7 +528,7 @@ void Chg_Location()
|
|||||||
Enter(1);
|
Enter(1);
|
||||||
/* Please enter a longer location (min */
|
/* Please enter a longer location (min */
|
||||||
colour(LIGHTRED, BLACK);
|
colour(LIGHTRED, BLACK);
|
||||||
sprintf(temp, "%s%d)", (char *) Language(74), CFG.CityLen);
|
snprintf(temp, 81, "%s%d)", (char *) Language(74), CFG.CityLen);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
Enter(1);
|
Enter(1);
|
||||||
} else {
|
} else {
|
||||||
@ -728,10 +728,10 @@ void Chg_ScreenLen()
|
|||||||
|
|
||||||
if((strcmp(temp, "")) == 0) {
|
if((strcmp(temp, "")) == 0) {
|
||||||
exitinfo.iScreenLen = 24;
|
exitinfo.iScreenLen = 24;
|
||||||
sprintf(temp, "\r\n%s\r\n\r\n", (char *) Language(80));
|
snprintf(temp, 81, "\r\n%s\r\n\r\n", (char *) Language(80));
|
||||||
} else {
|
} else {
|
||||||
exitinfo.iScreenLen = atoi(temp);
|
exitinfo.iScreenLen = atoi(temp);
|
||||||
sprintf(temp, "\r\n%s%d\r\n\r\n", (char *) Language(81), exitinfo.iScreenLen);
|
snprintf(temp, 81, "\r\n%s%d\r\n\r\n", (char *) Language(81), exitinfo.iScreenLen);
|
||||||
}
|
}
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
|
|
||||||
@ -852,7 +852,7 @@ void Chg_Protocol()
|
|||||||
Syslog('+', "Old protocol %s", sProtName);
|
Syslog('+', "Old protocol %s", sProtName);
|
||||||
|
|
||||||
while(TRUE) {
|
while(TRUE) {
|
||||||
sprintf(temp, "%s/etc/protocol.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX, "%s/etc/protocol.data", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
if ((pProtConfig = fopen(temp, "r")) == NULL) {
|
if ((pProtConfig = fopen(temp, "r")) == NULL) {
|
||||||
WriteError("$Can't open %s", temp);
|
WriteError("$Can't open %s", temp);
|
||||||
@ -879,7 +879,7 @@ void Chg_Protocol()
|
|||||||
colour(WHITE, BLACK);
|
colour(WHITE, BLACK);
|
||||||
PUTSTR(PROT.ProtKey);
|
PUTSTR(PROT.ProtKey);
|
||||||
colour(LIGHTBLUE, BLACK);
|
colour(LIGHTBLUE, BLACK);
|
||||||
sprintf(temp, ") %-20s Efficiency %3d %%\r\n", PROT.ProtName, PROT.Efficiency);
|
snprintf(temp, 81, ") %-20s Efficiency %3d %%\r\n", PROT.ProtName, PROT.Efficiency);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -891,7 +891,7 @@ void Chg_Protocol()
|
|||||||
iProt = toupper(Readkey());
|
iProt = toupper(Readkey());
|
||||||
|
|
||||||
PUTCHAR(iProt);
|
PUTCHAR(iProt);
|
||||||
sprintf(Prot, "%c", iProt);
|
snprintf(Prot, 2, "%c", iProt);
|
||||||
|
|
||||||
fseek(pProtConfig, PROThdr.hdrsize, 0);
|
fseek(pProtConfig, PROThdr.hdrsize, 0);
|
||||||
while (fread(&PROT, PROThdr.recsize, 1, pProtConfig) == 1) {
|
while (fread(&PROT, PROThdr.recsize, 1, pProtConfig) == 1) {
|
||||||
@ -947,7 +947,7 @@ void Set_Protocol(char *Protocol)
|
|||||||
memset(&sProtName, 0, sizeof(sProtName));
|
memset(&sProtName, 0, sizeof(sProtName));
|
||||||
temp = calloc(PATH_MAX, sizeof(char));
|
temp = calloc(PATH_MAX, sizeof(char));
|
||||||
|
|
||||||
sprintf(temp, "%s/etc/protocol.data", getenv("MBSE_ROOT"));
|
snprintf(temp, PATH_MAX, "%s/etc/protocol.data", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
if (( pProtConfig = fopen(temp, "rb")) == NULL) {
|
if (( pProtConfig = fopen(temp, "rb")) == NULL) {
|
||||||
WriteError("$Can't open %s", temp);
|
WriteError("$Can't open %s", temp);
|
||||||
@ -1024,13 +1024,13 @@ void Chg_Charset()
|
|||||||
colour(LIGHTBLUE, BLACK);
|
colour(LIGHTBLUE, BLACK);
|
||||||
for (i = (FTNC_NONE + 1); i <= FTNC_MAXCHARS; i++) {
|
for (i = (FTNC_NONE + 1); i <= FTNC_MAXCHARS; i++) {
|
||||||
colour(LIGHTBLUE, BLACK);
|
colour(LIGHTBLUE, BLACK);
|
||||||
sprintf(temp, "%2d ", i);
|
snprintf(temp, 81, "%2d ", i);
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
colour(LIGHTCYAN, BLACK);
|
colour(LIGHTCYAN, BLACK);
|
||||||
sprintf(temp, "%-9s ", getftnchrs(i));
|
snprintf(temp, 81, "%-9s ", getftnchrs(i));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
colour(LIGHTMAGENTA, BLACK);
|
colour(LIGHTMAGENTA, BLACK);
|
||||||
sprintf(temp, "%s\r\n", getchrsdesc(i));
|
snprintf(temp, 81, "%s\r\n", getchrsdesc(i));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1056,7 +1056,7 @@ void Chg_Charset()
|
|||||||
Enter(2);
|
Enter(2);
|
||||||
colour(LIGHTGREEN, BLACK);
|
colour(LIGHTGREEN, BLACK);
|
||||||
/* Character set now set to: */
|
/* Character set now set to: */
|
||||||
sprintf(temp, "%s%s", (char *) Language(25), getftnchrs(i));
|
snprintf(temp, 81, "%s%s", (char *) Language(25), getftnchrs(i));
|
||||||
PUTSTR(temp);
|
PUTSTR(temp);
|
||||||
free(temp);
|
free(temp);
|
||||||
Enter(2);
|
Enter(2);
|
||||||
|
|||||||
Reference in New Issue
Block a user