Secured sprintf into snprintf
This commit is contained in:
parent
b8c6dd296c
commit
3db0afe335
@ -305,7 +305,7 @@ int charset_read_bin(void)
|
|||||||
char *name;
|
char *name;
|
||||||
|
|
||||||
name = calloc(PATH_MAX, sizeof(char));
|
name = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(name, "%s/etc/charset.bin", getenv("MBSE_ROOT"));
|
snprintf(name, PATH_MAX -1, "%s/etc/charset.bin", getenv("MBSE_ROOT"));
|
||||||
if ((fp = fopen(name, "r")) == NULL) {
|
if ((fp = fopen(name, "r")) == NULL) {
|
||||||
WriteError("$Can't open %s", name);
|
WriteError("$Can't open %s", name);
|
||||||
free(name);
|
free(name);
|
||||||
|
26
lib/clcomm.c
26
lib/clcomm.c
@ -109,15 +109,15 @@ void InitClient(char *user, char *myname, char *where, char *logfname, long logg
|
|||||||
exit(MBERR_INIT_ERROR);
|
exit(MBERR_INIT_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(progname, "%s", myname);
|
snprintf(progname, 20, "%s", myname);
|
||||||
sprintf(logfile, "%s", logfname);
|
snprintf(logfile, PATH_MAX -1, "%s", logfname);
|
||||||
sprintf(errfile, "%s", err);
|
snprintf(errfile, PATH_MAX -1, "%s", err);
|
||||||
sprintf(mgrfile, "%s", mgr);
|
snprintf(mgrfile, PATH_MAX -1, "%s", mgr);
|
||||||
sprintf(logdebug, "%s", debug);
|
snprintf(logdebug, PATH_MAX -1, "%s", debug);
|
||||||
loggrade = loggr;
|
loggrade = loggr;
|
||||||
|
|
||||||
sprintf(cpath, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid());
|
snprintf(cpath, 107, "%s/tmp/%s%d", getenv("MBSE_ROOT"), progname, getpid());
|
||||||
sprintf(spath, "%s/tmp/mbtask", getenv("MBSE_ROOT"));
|
snprintf(spath, 107, "%s/tmp/mbtask", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Store my pid in case a child process is forked and wants to do
|
* Store my pid in case a child process is forked and wants to do
|
||||||
@ -181,7 +181,7 @@ char *SockR(const char *format, ...)
|
|||||||
va_end(va_ptr);
|
va_end(va_ptr);
|
||||||
|
|
||||||
if (socket_send(out) == 0)
|
if (socket_send(out) == 0)
|
||||||
sprintf(buf, "%s", socket_receive());
|
snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive());
|
||||||
|
|
||||||
free(out);
|
free(out);
|
||||||
return buf;
|
return buf;
|
||||||
@ -207,7 +207,7 @@ void WriteError(const char *format, ...)
|
|||||||
outputstr[i] = ' ';
|
outputstr[i] = ' ';
|
||||||
|
|
||||||
if (*outputstr == '$')
|
if (*outputstr == '$')
|
||||||
sprintf(outputstr+strlen(outputstr), ": %s", strerror(errno));
|
snprintf(outputstr+strlen(outputstr), 10239, ": %s", strerror(errno));
|
||||||
|
|
||||||
if (strlen(outputstr) > (SS_BUFSIZE - 64)) {
|
if (strlen(outputstr) > (SS_BUFSIZE - 64)) {
|
||||||
outputstr[SS_BUFSIZE - 65] = ';';
|
outputstr[SS_BUFSIZE - 65] = ';';
|
||||||
@ -451,7 +451,7 @@ unsigned long sequencer()
|
|||||||
unsigned long seq = 0;
|
unsigned long seq = 0;
|
||||||
|
|
||||||
buf = calloc(SS_BUFSIZE, sizeof(char));
|
buf = calloc(SS_BUFSIZE, sizeof(char));
|
||||||
sprintf(buf, "SSEQ:0;");
|
snprintf(buf, SS_BUFSIZE -1, "SSEQ:0;");
|
||||||
|
|
||||||
if (socket_send(buf) == 0) {
|
if (socket_send(buf) == 0) {
|
||||||
free(buf);
|
free(buf);
|
||||||
@ -477,10 +477,10 @@ int enoughspace(unsigned long needed)
|
|||||||
unsigned long avail = 0L;
|
unsigned long avail = 0L;
|
||||||
|
|
||||||
buf = calloc(SS_BUFSIZE, sizeof(char));
|
buf = calloc(SS_BUFSIZE, sizeof(char));
|
||||||
sprintf(buf, "DSPC:1,%ld;", needed);
|
snprintf(buf, SS_BUFSIZE -1, "DSPC:1,%ld;", needed);
|
||||||
|
|
||||||
if (socket_send(buf) == 0) {
|
if (socket_send(buf) == 0) {
|
||||||
sprintf(buf, "%s", socket_receive());
|
snprintf(buf, SS_BUFSIZE -1, "%s", socket_receive());
|
||||||
res = strtok(buf, ":");
|
res = strtok(buf, ":");
|
||||||
cnt = atoi(strtok(NULL, ","));
|
cnt = atoi(strtok(NULL, ","));
|
||||||
if (cnt == 1) {
|
if (cnt == 1) {
|
||||||
@ -535,7 +535,7 @@ char *printable(char *s, int l)
|
|||||||
case '\n': *p++='\\'; *p++='n'; break;
|
case '\n': *p++='\\'; *p++='n'; break;
|
||||||
case '\t': *p++='\\'; *p++='t'; break;
|
case '\t': *p++='\\'; *p++='t'; break;
|
||||||
case '\b': *p++='\\'; *p++='b'; break;
|
case '\b': *p++='\\'; *p++='b'; break;
|
||||||
default: sprintf(p,"\\%02x", (*s & 0xff)); p+=3; break;
|
default: snprintf(p, 5, "\\%02x", (*s & 0xff)); p+=3; break;
|
||||||
}
|
}
|
||||||
s++;
|
s++;
|
||||||
}
|
}
|
||||||
|
@ -117,7 +117,7 @@ int socket_connect(char *user, char *prg, char *city)
|
|||||||
/*
|
/*
|
||||||
* Send the information to the server.
|
* Send the information to the server.
|
||||||
*/
|
*/
|
||||||
sprintf(buf, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city);
|
snprintf(buf, SS_BUFSIZE -1, "AINI:5,%d,%s,%s,%s,%s;", getpid(), tty, user, prg, city);
|
||||||
if (socket_send(buf) != 0) {
|
if (socket_send(buf) != 0) {
|
||||||
sock = -1;
|
sock = -1;
|
||||||
return -1;
|
return -1;
|
||||||
@ -198,7 +198,7 @@ int socket_shutdown(pid_t pid)
|
|||||||
if (sock == -1)
|
if (sock == -1)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
sprintf(buf, "ACLO:1,%d;", pid);
|
snprintf(buf, SS_BUFSIZE -1, "ACLO:1,%d;", pid);
|
||||||
if (socket_send(buf) == 0) {
|
if (socket_send(buf) == 0) {
|
||||||
strcpy(buf, socket_receive());
|
strcpy(buf, socket_receive());
|
||||||
if (strncmp(buf, "107:0;", 6) != 0) {
|
if (strncmp(buf, "107:0;", 6) != 0) {
|
||||||
|
@ -262,7 +262,7 @@ char *StrTimeHM(time_t date)
|
|||||||
struct tm *l_d;
|
struct tm *l_d;
|
||||||
|
|
||||||
l_d = localtime(&date);
|
l_d = localtime(&date);
|
||||||
sprintf(ttime, "%02d:%02d", l_d->tm_hour, l_d->tm_min);
|
snprintf(ttime, 5, "%02d:%02d", l_d->tm_hour, l_d->tm_min);
|
||||||
return ttime;
|
return ttime;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -277,7 +277,7 @@ char *StrTimeHMS(time_t date)
|
|||||||
struct tm *l_d;
|
struct tm *l_d;
|
||||||
|
|
||||||
l_d = localtime(&date);
|
l_d = localtime(&date);
|
||||||
sprintf(ttime, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec);
|
snprintf(ttime, 8, "%02d:%02d:%02d", l_d->tm_hour, l_d->tm_min, l_d->tm_sec);
|
||||||
return ttime;
|
return ttime;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -292,7 +292,7 @@ char *GetLocalHM()
|
|||||||
time_t T_Now;
|
time_t T_Now;
|
||||||
|
|
||||||
T_Now = time(NULL);
|
T_Now = time(NULL);
|
||||||
sprintf(gettime,"%s", StrTimeHM(T_Now));
|
snprintf(gettime, 14, "%s", StrTimeHM(T_Now));
|
||||||
return(gettime);
|
return(gettime);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -308,7 +308,7 @@ char *GetLocalHMS()
|
|||||||
time_t T_Now;
|
time_t T_Now;
|
||||||
|
|
||||||
T_Now = time(NULL);
|
T_Now = time(NULL);
|
||||||
sprintf(gettime,"%s", StrTimeHMS(T_Now));
|
snprintf(gettime, 14, "%s", StrTimeHMS(T_Now));
|
||||||
return(gettime);
|
return(gettime);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -323,7 +323,7 @@ char *StrDateMDY(time_t *Clock)
|
|||||||
static char cdate[12];
|
static char cdate[12];
|
||||||
|
|
||||||
tm = localtime(Clock);
|
tm = localtime(Clock);
|
||||||
sprintf(cdate,"%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900);
|
snprintf(cdate, 11, "%02d-%02d-%04d", tm->tm_mon+1, tm->tm_mday, tm->tm_year+1900);
|
||||||
return(cdate);
|
return(cdate);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -338,7 +338,7 @@ char *StrDateDMY(time_t date)
|
|||||||
struct tm *l_d;
|
struct tm *l_d;
|
||||||
|
|
||||||
l_d = localtime(&date);
|
l_d = localtime(&date);
|
||||||
sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900);
|
snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday, l_d->tm_mon+1, l_d->tm_year+1900);
|
||||||
return tdate;
|
return tdate;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -357,7 +357,7 @@ char *GetDateDMY()
|
|||||||
|
|
||||||
T_Now = time(NULL);
|
T_Now = time(NULL);
|
||||||
l_d = localtime(&T_Now);
|
l_d = localtime(&T_Now);
|
||||||
sprintf(tdate, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900);
|
snprintf(tdate, 14, "%02d-%02d-%04d", l_d->tm_mday,l_d->tm_mon+1,l_d->tm_year+1900);
|
||||||
return(tdate);
|
return(tdate);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -408,7 +408,7 @@ char *TearLine()
|
|||||||
{
|
{
|
||||||
static char tearline[41];
|
static char tearline[41];
|
||||||
|
|
||||||
sprintf(tearline, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU());
|
snprintf(tearline, 40, "--- MBSE BBS v%s (%s-%s)", VERSION, OsName(), OsCPU());
|
||||||
return tearline;
|
return tearline;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user