From 450b9fc27653ce10ba7efe3e974e27a123aaff9b Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 28 Aug 2005 12:12:24 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbfido/rfc2ftn.c | 26 ++++++++--------- mbfido/rollover.c | 8 +++--- mbfido/scan.c | 72 +++++++++++++++++++++++------------------------ mbfido/scannews.c | 12 ++++---- 4 files changed, 59 insertions(+), 59 deletions(-) diff --git a/mbfido/rfc2ftn.c b/mbfido/rfc2ftn.c index 8750be1d..30c4462d 100644 --- a/mbfido/rfc2ftn.c +++ b/mbfido/rfc2ftn.c @@ -131,7 +131,7 @@ int kludgewrite(char *s, FILE *fp) */ int rfc2ftn(FILE *fp, faddr *recipient) { - char sbe[16], *p, *q, *temp, *origin, newsubj[4 * (MAXSUBJ+1)], *oldsubj, *acup_a = NULL, *charset = NULL; + char sbe[128], *p, *q, *temp, *origin, newsubj[4 * (MAXSUBJ+1)], *oldsubj, *acup_a = NULL, *charset = NULL; int i, rc, newsmode, seenlen, oldnet; rfcmsg *msg = NULL, *tmsg, *tmp; ftnmsg *fmsg = NULL; @@ -161,7 +161,7 @@ int rfc2ftn(FILE *fp, faddr *recipient) if (newsmode) { news_in++; - sprintf(currentgroup, "%s", msgs.Newsgroup); + snprintf(currentgroup, 80, "%s", msgs.Newsgroup); } else email_in++; @@ -347,7 +347,7 @@ int rfc2ftn(FILE *fp, faddr *recipient) datasize = 0; if (splitpart) { - sprintf(newsubj,"[part %d] ",splitpart+1); + snprintf(newsubj,4 * MAXSUBJ,"[part %d] ",splitpart+1); strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj)); Syslog('+', "Rfc2ftn: split message part %d", splitpart); } else { @@ -466,7 +466,7 @@ int rfc2ftn(FILE *fp, faddr *recipient) } } if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) { - sprintf(temp, " MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(temp, MAXHDRSIZE, " MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); hdrsize += 4 + strlen(temp); fprintf(ofp, "\1TID:"); kludgewrite(temp, ofp); @@ -634,12 +634,12 @@ int rfc2ftn(FILE *fp, faddr *recipient) for (i = 0; i < 40; i++) { if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) && !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { - sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); + snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); fill_list(&sbl, sbe, NULL); } } if (msgs.Aka.point == 0) { - sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node); + snprintf(sbe, 127, "%u/%u", msgs.Aka.net, msgs.Aka.node); fill_list(&sbl, sbe, NULL); } @@ -655,15 +655,15 @@ int rfc2ftn(FILE *fp, faddr *recipient) oldnet = sbl->addr->net-1; for (tmpl = sbl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe," %u",tmpl->addr->node); + snprintf(sbe,127," %u",tmpl->addr->node); else - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXSEEN) { seenlen = 0; fprintf(ofp,"\nSEEN-BY:"); - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(ofp,"%s",sbe); @@ -678,7 +678,7 @@ int rfc2ftn(FILE *fp, faddr *recipient) if (!strcasecmp(tmp->key,"X-FTN-PATH")) fill_path(&ptl,tmp->val); if (msgs.Aka.point == 0) { - sprintf(sbe,"%u/%u",msgs.Aka.net, msgs.Aka.node); + snprintf(sbe,127,"%u/%u",msgs.Aka.net, msgs.Aka.node); fill_path(&ptl,sbe); } @@ -692,15 +692,15 @@ int rfc2ftn(FILE *fp, faddr *recipient) oldnet = ptl->addr->net-1; for (tmpl = ptl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe," %u",tmpl->addr->node); + snprintf(sbe,127," %u",tmpl->addr->node); else - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXPATH) { seenlen = 0; fprintf(ofp,"\n\1PATH:"); - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,127," %u/%u",tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(ofp,"%s",sbe); diff --git a/mbfido/rollover.c b/mbfido/rollover.c index 208f3863..514926a3 100644 --- a/mbfido/rollover.c +++ b/mbfido/rollover.c @@ -4,7 +4,7 @@ * Purpose ...............: Statistic rollover util. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -73,7 +73,7 @@ FILE *OpenData(char *Name) temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/%s", getenv("MBSE_ROOT"), Name); + snprintf(temp, PATH_MAX -1, "%s/etc/%s", getenv("MBSE_ROOT"), Name); if ((fp = fopen(temp, "r+")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -364,7 +364,7 @@ void Rollover() temp = calloc(PATH_MAX, sizeof(char)); temp1 = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/var/mailer.hist", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX -1, "%s/var/mailer.hist", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r"))) { fread(&history, sizeof(history), 1, fp); Temp = history.online; @@ -386,7 +386,7 @@ void Rollover() t->tm_sec = 0; Now = mktime(t); Syslog('+', "Packing mailer history since %s", rfcdate(Now)); - sprintf(temp1, "%s/var/mailer.temp", getenv("MBSE_ROOT")); + snprintf(temp1, PATH_MAX -1, "%s/var/mailer.temp", getenv("MBSE_ROOT")); if ((ft = fopen(temp1, "a")) == NULL) { WriteError("$Can't create %s", temp1); fclose(fp); diff --git a/mbfido/scan.c b/mbfido/scan.c index aa434519..79b9d624 100644 --- a/mbfido/scan.c +++ b/mbfido/scan.c @@ -87,7 +87,7 @@ void ScanMail(int DoAll) Fname = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(Fname, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); + snprintf(Fname, PATH_MAX -1, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); if ((fp = fopen(Fname, "r")) != NULL) { while ((fgets(temp, PATH_MAX - 1, fp)) != NULL) { path = strtok(temp, " \n\0"); @@ -106,7 +106,7 @@ void ScanMail(int DoAll) unlink(Fname); } - sprintf(Fname, "%s/tmp/netmail.jam", getenv("MBSE_ROOT")); + snprintf(Fname, PATH_MAX -1, "%s/tmp/netmail.jam", getenv("MBSE_ROOT")); if ((fp = fopen(Fname, "r")) != NULL) { while ((fgets(temp, PATH_MAX - 1, fp)) != NULL) { path = strtok(temp, " \n\0"); @@ -164,7 +164,7 @@ void ScanFull() } sAreas = calloc(PATH_MAX, sizeof(char)); - sprintf(sAreas, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(sAreas, "r")) != NULL) { fread(&usrconfighdr, sizeof(usrconfighdr), 1, pAreas); @@ -179,7 +179,7 @@ void ScanFull() fflush(stdout); } - sprintf(sAreas, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name); + snprintf(sAreas, PATH_MAX -1, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name); if (Msg_Open(sAreas)) { if ((Total = Msg_Number()) != 0L) { Number = Msg_Lowest(); @@ -218,7 +218,7 @@ void ScanFull() fclose(pAreas); } - sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(sAreas, "r")) == NULL) { WriteError("Can't open %s", sAreas); free(sAreas); @@ -271,7 +271,7 @@ void ScanFull() if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) && !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { - sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); + snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); fill_list(&sbl, sbe, NULL); } } @@ -378,7 +378,7 @@ void ScanOne(char *path, unsigned long MsgNum) } sAreas = calloc(PATH_MAX, sizeof(char)); - sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen(sAreas, "r")) == NULL) { WriteError("Can't open %s", sAreas); free(sAreas); @@ -426,7 +426,7 @@ void ScanOne(char *path, unsigned long MsgNum) for (i = 0; i < 40; i++) { if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) && !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { - sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); + snprintf(sbe, 127, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); fill_list(&sbl, sbe, NULL); } } @@ -576,7 +576,7 @@ int RescanOne(faddr *L, char *marea, unsigned long Num) void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl) { int rc, seenlen, oldnet, flags = 0, kludges = TRUE; - char *p, sbe[16], ext[4]; + char *p, sbe[128], ext[4]; fa_list *tmpl; FILE *qp; faddr *from, *dest; @@ -600,13 +600,13 @@ void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl) memset(&ext, 0, sizeof(ext)); if (nodes.PackNetmail) - sprintf(ext, (char *)"qqq"); + snprintf(ext, 3, (char *)"qqq"); else if (nodes.Crash) - sprintf(ext, (char *)"ccc"); + snprintf(ext, 3, (char *)"ccc"); else if (nodes.Hold) - sprintf(ext, (char *)"hhh"); + snprintf(ext, 3, (char *)"hhh"); else - sprintf(ext, (char *)"nnn"); + snprintf(ext, 3, (char *)"nnn"); if ((qp = OpenPkt(msgs.Aka, L.aka, (char *)ext)) == NULL) return; @@ -655,15 +655,15 @@ void ExportEcho(sysconnect L, unsigned long MsgNum, fa_list **sbl) oldnet = (*sbl)->addr->net - 1; for (tmpl = *sbl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe, " %u", tmpl->addr->node); + snprintf(sbe, 127, " %u", tmpl->addr->node); else - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXSEEN) { seenlen = 0; fprintf(qp, "\rSEEN-BY:"); - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(qp, "%s", sbe); @@ -684,7 +684,7 @@ void ExportNews(unsigned long MsgNum, fa_list **sbl) { char *p; int i, seenlen, oldnet, flags = 0; - char sbe[16]; + char sbe[128]; fa_list *tmpl; FILE *qp; faddr *from, *dest; @@ -755,15 +755,15 @@ void ExportNews(unsigned long MsgNum, fa_list **sbl) oldnet = (*sbl)->addr->net - 1; for (tmpl = *sbl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe, " %u", tmpl->addr->node); + snprintf(sbe, 127, " %u", tmpl->addr->node); else - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXSEEN) { seenlen = 0; fprintf(qp, "\nSEEN-BY:"); - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 127, " %u/%u", tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(qp, "%s", sbe); @@ -837,7 +837,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate) for (i = 0; i < strlen(fromname); i++) if (fromname[i] == ' ') fromname[i] = '_'; - sprintf(MailFrom, "%s@%s", fromname, ascinode(from, 0x2f)); + snprintf(MailFrom, 127, "%s@%s", fromname, ascinode(from, 0x2f)); if (Msg_Read(MsgNum, 79)) { if ((p = (char *)MsgText_First()) != NULL) { @@ -851,7 +851,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate) q = strtok(p, " "); q = strtok(NULL, " \n\r\t"); } - sprintf(MailTo, "%s", q); + snprintf(MailTo, 127, "%s", q); Syslog('m', "Final MailTo \"%s\"", MailTo); break; @@ -933,11 +933,11 @@ void ExportNet(unsigned long MsgNum, int UUCPgate) if (Msg.Crash || Msg.Direct || Msg.FileAttach || Msg.Immediate) { memset(&ext, 0, sizeof(ext)); if (Msg.Immediate) - sprintf(ext, (char *)"ddd"); + snprintf(ext, 3, (char *)"ddd"); else if (Msg.Crash) - sprintf(ext, (char *)"ccc"); + snprintf(ext, 3, (char *)"ccc"); else - sprintf(ext, (char *)"nnn"); + snprintf(ext, 3, (char *)"nnn"); /* * If the destination is a point, check if it is our point @@ -981,13 +981,13 @@ void ExportNet(unsigned long MsgNum, int UUCPgate) */ memset(&ext, 0, sizeof(ext)); if (nodes.PackNetmail) - sprintf(ext, (char *)"qqq"); + snprintf(ext, 3, (char *)"qqq"); else if (nodes.Crash) - sprintf(ext, (char *)"ccc"); + snprintf(ext, 3, (char *)"ccc"); else if (nodes.Hold) - sprintf(ext, (char *)"hhh"); + snprintf(ext, 3, (char *)"hhh"); else - sprintf(ext, (char *)"nnn"); + snprintf(ext, 3, (char *)"nnn"); if ((qp = OpenPkt(msgs.Aka, Route, (char *)ext)) == NULL) { net_bad++; return; @@ -1064,7 +1064,7 @@ void ExportNet(unsigned long MsgNum, int UUCPgate) ta = parsefnode(Msg.ToAddress); p = calloc(PATH_MAX, sizeof(char)); - sprintf(p, "%s/%d.%d.%d.%d/.filelist", CFG.out_queue, ta->zone, ta->net, ta->node, ta->point); + snprintf(p, PATH_MAX -1, "%s/%d.%d.%d.%d/.filelist", CFG.out_queue, ta->zone, ta->net, ta->node, ta->point); mkdirs(p, 0750); if ((fl = fopen(p, "a+")) == NULL) { @@ -1160,26 +1160,26 @@ void ExportEmail(unsigned long MsgNum) if ((strchr(p, '<') != NULL) && (strchr(p, '>') != NULL)) { q = strtok(p, "<"); q = strtok(NULL, ">"); - sprintf(MailFrom, "%s", q); + snprintf(MailFrom, 127, "%s", q); } else if (Msg.From[0] == ' ') { q = strtok(p, " "); q = strtok(NULL, " \n\r\t"); - sprintf(MailFrom, "%s", q); + snprintf(MailFrom, 127, "%s", q); } else { - sprintf(MailFrom, "%s", Msg.From); + snprintf(MailFrom, 127, "%s", Msg.From); } p = Msg.To; if ((strchr(p, '<') != NULL) && (strchr(p, '>') != NULL)) { q = strtok(p, "<"); q = strtok(NULL, ">"); - sprintf(MailTo, "%s", q); + snprintf(MailTo, 127, "%s", q); } else if (Msg.To[0] == ' ') { q = strtok(p, " "); q = strtok(NULL, " \n\r\t"); - sprintf(MailTo, "%s", q); + snprintf(MailTo, 127, "%s", q); } else { - sprintf(MailTo, "%s", Msg.To); + snprintf(MailTo, 127, "%s", Msg.To); } retval = postemail(qp, MailFrom, MailTo); diff --git a/mbfido/scannews.c b/mbfido/scannews.c index 30e250ab..f3ffdc7f 100644 --- a/mbfido/scannews.c +++ b/mbfido/scannews.c @@ -109,7 +109,7 @@ void fill_artlist(List **fdp, char *id, long nr, int dupe) for (tmp = fdp; *tmp; tmp = &((*tmp)->next)); *tmp = (List *)malloc(sizeof(List)); (*tmp)->next = NULL; - sprintf((*tmp)->msgid, "%s", id); + snprintf((*tmp)->msgid, MAX_MSGID_LEN -1, "%s", id); (*tmp)->nr = nr; (*tmp)->isdupe = dupe; } @@ -196,7 +196,7 @@ void ScanNews(void) } sAreas = calloc(PATH_MAX, sizeof(char)); - sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if(( pAreas = fopen (sAreas, "r")) == NULL) { WriteError("$Can't open Messages Areas File."); return; @@ -259,7 +259,7 @@ int do_one_group(List **art, char *grpname, char *ftntag, int maxarticles) Syslog('m', "do_one_group(%s, %s)", grpname, ftntag); IsDoing((char *)"Scan %s", grpname); - sprintf(temp, "GROUP %s\r\n", grpname); + snprintf(temp, 127, "GROUP %s\r\n", grpname); nntp_send(temp); resp = nntp_receive(); retval = atoi(strtok(resp, " ")); @@ -341,11 +341,11 @@ int get_article(char *msgid, char *ftntag) return RETVAL_ERROR; } - sprintf(dpath, "%s/tmp/scannews.last", getenv("MBSE_ROOT")); + snprintf(dpath, PATH_MAX -1, "%s/tmp/scannews.last", getenv("MBSE_ROOT")); dp = fopen(dpath, "w"); IsDoing("Article %d", (news_in + 1)); - sprintf(cmd, "ARTICLE %s\r\n", msgid); + snprintf(cmd, 80, "ARTICLE %s\r\n", msgid); fprintf(dp, "ARTICLE %s\n", msgid); nntp_send(cmd); resp = nntp_receive(); @@ -396,7 +396,7 @@ int get_xover(char *grpname, long startnr, long endnr, List **art) unsigned long crc; POverview pov; - sprintf(cmd, "XOVER %ld-%ld\r\n", startnr, endnr); + snprintf(cmd, 80, "XOVER %ld-%ld\r\n", startnr, endnr); if ((retval = nntp_cmd(cmd, 224))) { switch (retval) { case 412: WriteError("No newsgroup selected");