Secured sprintf into snprintf

lib/charset.c

@@ -305,7 +305,7 @@ int charset_read_bin(void)
     char	    *name;
     
     name = calloc(PATH_MAX, sizeof(char));
-    sprintf(name, "%s/etc/charset.bin", getenv("MBSE_ROOT"));
+    snprintf(name, PATH_MAX -1, "%s/etc/charset.bin", getenv("MBSE_ROOT"));
     if ((fp = fopen(name, "r")) == NULL) {
 	WriteError("$Can't open %s", name);
 	free(name);

lib/clcomm.c

@@ -109,15 +109,15 @@ void InitClient(char *user, char *myname, char *where, char *logfname, long logg
 		exit(MBERR_INIT_ERROR);
 	}
 
-	sprintf(progname, "%s", myname);
-	sprintf(logfile, "%s", logfname);
-	sprintf(errfile, "%s", err);
-	sprintf(mgrfile, "%s", mgr);
-	sprintf(logdebug, "%s", debug);
+	snprintf(progname, 20, "%s", myname);
+	snprintf(logfile, PATH_MAX -1, "%s", logfname);
+	snprintf(errfile, PATH_MAX -1, "%s", err);
+	snprintf(mgrfile, PATH_MAX -1, "%s", mgr);
+	snprintf(logdebug, PATH_MAX -1, "%s", debug);
 	loggrade = loggr;
 
-        sprintf(cpath, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid());
-        sprintf(spath, "%s/tmp/mbtask", getenv("MBSE_ROOT"));
+        snprintf(cpath, 107, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid());
+        snprintf(spath, 107, "%s/tmp/mbtask", getenv("MBSE_ROOT"));
 
         /*
          * Store my pid in case a child process is forked and wants to do
@@ -181,7 +181,7 @@ char *SockR(const char *format, ...)
 	va_end(va_ptr);
 
 	if (socket_send(out) == 0)
-		sprintf(buf, "%s", socket_receive());
+		snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive());
 
 	free(out);
 	return buf;
@@ -207,7 +207,7 @@ void WriteError(const char *format, ...)
 			outputstr[i] = ' ';
 
 	if (*outputstr == '$')
-		sprintf(outputstr+strlen(outputstr), ": %s", strerror(errno));
+		snprintf(outputstr+strlen(outputstr), 10239, ": %s", strerror(errno));
 
 	if (strlen(outputstr) > (SS_BUFSIZE - 64)) {
 		outputstr[SS_BUFSIZE - 65] = ';';
@@ -451,7 +451,7 @@ unsigned long sequencer()
 	unsigned long	seq = 0;
 
 	buf = calloc(SS_BUFSIZE, sizeof(char));
-	sprintf(buf, "SSEQ:0;");
+	snprintf(buf, SS_BUFSIZE -1, "SSEQ:0;");
 
 	if (socket_send(buf) == 0) {
 		free(buf);
@@ -477,10 +477,10 @@ int enoughspace(unsigned long needed)
     unsigned long   avail = 0L;
 
     buf = calloc(SS_BUFSIZE, sizeof(char));
-    sprintf(buf, "DSPC:1,%ld;", needed);
+    snprintf(buf, SS_BUFSIZE -1, "DSPC:1,%ld;", needed);
 
     if (socket_send(buf) == 0) {
-	sprintf(buf, "%s", socket_receive());
+	snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive());
 	res = strtok(buf, ":");
 	cnt = atoi(strtok(NULL, ","));
 	if (cnt == 1) {
@@ -535,7 +535,7 @@ char *printable(char *s, int l)
 		case '\n': *p++='\\'; *p++='n'; break;
 		case '\t': *p++='\\'; *p++='t'; break;
 		case '\b': *p++='\\'; *p++='b'; break;
-		default:   sprintf(p,"\\%02x", (*s & 0xff)); p+=3; break;
+		default:   snprintf(p, 5, "\\%02x", (*s & 0xff)); p+=3; break;
 	    }
 	    s++;
     }

lib/client.c

@@ -117,7 +117,7 @@ int socket_connect(char *user, char *prg, char *city)
     /*
      * Send the information to the server. 
      */
-    sprintf(buf, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city);
+    snprintf(buf, SS_BUFSIZE -1, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city);
     if (socket_send(buf) != 0) {
 	sock = -1;
 	return -1;
@@ -198,7 +198,7 @@ int socket_shutdown(pid_t pid)
     if (sock == -1)
 	return 0;
 
-    sprintf(buf, "ACLO:1,%d;", pid);
+    snprintf(buf, SS_BUFSIZE -1, "ACLO:1,%d;", pid);
     if (socket_send(buf) == 0) {
 	strcpy(buf, socket_receive());
 	if (strncmp(buf, "107:0;", 6) != 0) {

lib/strutil.c

@@ -262,7 +262,7 @@ char *StrTimeHM(time_t date)
 	struct tm	*l_d;
 
 	l_d = localtime(&date);
-	sprintf(ttime, "%02d:%02d", l_d->tm_hour, l_d->tm_min);
+	snprintf(ttime, 5, "%02d:%02d", l_d->tm_hour, l_d->tm_min);
 	return ttime;
 }
 
@@ -277,7 +277,7 @@ char *StrTimeHMS(time_t date)
 	struct tm	*l_d;
 
 	l_d = localtime(&date);
-	sprintf(ttime, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec);
+	snprintf(ttime, 8, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec);
 	return ttime;
 }
 
@@ -292,7 +292,7 @@ char *GetLocalHM()
 	time_t		T_Now;
 
 	T_Now = time(NULL);
-	sprintf(gettime,"%s", StrTimeHM(T_Now));
+	snprintf(gettime, 14, "%s", StrTimeHM(T_Now));
 	return(gettime);
 }
 
@@ -308,7 +308,7 @@ char *GetLocalHMS()
 	time_t		T_Now;
 
 	T_Now = time(NULL);
-	sprintf(gettime,"%s", StrTimeHMS(T_Now));
+	snprintf(gettime, 14, "%s", StrTimeHMS(T_Now));
 	return(gettime);
 }
 
@@ -323,7 +323,7 @@ char *StrDateMDY(time_t *Clock)
 	static char cdate[12];
 	
 	tm = localtime(Clock);
-	sprintf(cdate,"%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900);
+	snprintf(cdate, 11, "%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900);
 	return(cdate);
 }
 
@@ -338,7 +338,7 @@ char *StrDateDMY(time_t date)
 	struct tm	*l_d;
 
 	l_d = localtime(&date);
-	sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900);
+	snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900);
 	return tdate;
 }
 
@@ -357,7 +357,7 @@ char *GetDateDMY()
 
 	T_Now = time(NULL);
 	l_d = localtime(&T_Now);
- 	sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900);
+ 	snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900);
 	return(tdate);
 }
 
@@ -408,7 +408,7 @@ char *TearLine()
 {
     static char	    tearline[41];
 
-    sprintf(tearline, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU());
+    snprintf(tearline, 40, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU());
     return tearline;
 }