Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-28 10:03:17 +00:00
parent 536a52e0ad
commit 4e1309e0eb
7 changed files with 29 additions and 29 deletions

View File

@ -4,7 +4,7 @@
* Purpose ...............: Fidonetrecord Access * Purpose ...............: Fidonetrecord Access
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -43,7 +43,7 @@ int InitFidonet(void)
memset(&fidonet, 0, sizeof(fidonet)); memset(&fidonet, 0, sizeof(fidonet));
LoadConfig(); LoadConfig();
sprintf(fidonet_fil, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); snprintf(fidonet_fil, PATH_MAX -1, "%s/etc/fidonet.data", getenv("MBSE_ROOT"));
if ((fil = fopen(fidonet_fil, "r")) == NULL) if ((fil = fopen(fidonet_fil, "r")) == NULL)
return FALSE; return FALSE;

View File

@ -4,7 +4,7 @@
* Purpose ...............: Message areas record Access * Purpose ...............: Message areas record Access
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -53,7 +53,7 @@ int InitMsgs(void)
LoadConfig(); LoadConfig();
sysstart = -1; sysstart = -1;
sprintf(msgs_fil, "%s/etc/mareas.data", getenv("MBSE_ROOT")); snprintf(msgs_fil, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fil = fopen(msgs_fil, "r")) == NULL) if ((fil = fopen(msgs_fil, "r")) == NULL)
return FALSE; return FALSE;
@ -62,7 +62,7 @@ int InitMsgs(void)
msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize); msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize);
fclose(fil); fclose(fil);
sprintf(mgrp_fil, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); snprintf(mgrp_fil, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
return TRUE; return TRUE;
} }

View File

@ -4,7 +4,7 @@
* Purpose ...............: Noderecord Access * Purpose ...............: Noderecord Access
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -50,7 +50,7 @@ int InitNode(void)
memset(&nodes, 0, sizeof(nodes)); memset(&nodes, 0, sizeof(nodes));
LoadConfig(); LoadConfig();
sprintf(nodes_fil, "%s/etc/nodes.data", getenv("MBSE_ROOT")); snprintf(nodes_fil, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
if ((fil = fopen(nodes_fil, "r")) == NULL) if ((fil = fopen(nodes_fil, "r")) == NULL)
return FALSE; return FALSE;

View File

@ -4,7 +4,7 @@
* Purpose ...............: Tic areas record Access * Purpose ...............: Tic areas record Access
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -54,7 +54,7 @@ int InitTic(void)
LoadConfig(); LoadConfig();
sysstart = -1; sysstart = -1;
sprintf(tic_fil, "%s/etc/tic.data", getenv("MBSE_ROOT")); snprintf(tic_fil, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
if ((fil = fopen(tic_fil, "r")) == NULL) if ((fil = fopen(tic_fil, "r")) == NULL)
return FALSE; return FALSE;
@ -63,7 +63,7 @@ int InitTic(void)
tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize); tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize);
fclose(fil); fclose(fil);
sprintf(tgrp_fil, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); snprintf(tgrp_fil, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
return TRUE; return TRUE;
} }

View File

@ -43,7 +43,7 @@ int InitUser(void)
memset(&usr, 0, sizeof(usr)); memset(&usr, 0, sizeof(usr));
LoadConfig(); LoadConfig();
sprintf(usr_fil, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(usr_fil, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((fil = fopen(usr_fil, "r")) == NULL) if ((fil = fopen(usr_fil, "r")) == NULL)
return FALSE; return FALSE;

View File

@ -4,7 +4,7 @@
* Purpose ...............: TURBODIESEL Macro language * Purpose ...............: TURBODIESEL Macro language
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -441,7 +441,7 @@ static void mledreal(double r, char *edbuf)
{ {
int sprec; int sprec;
V sprintf(edbuf, "%.12f", r); V snprintf(edbuf, MAXSTR -1, "%.12f", r);
if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) { if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) {
/* Trim redundant trailing zeroes off the number. */ /* Trim redundant trailing zeroes off the number. */
for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) { for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) {
@ -495,7 +495,7 @@ static int rarg(char *argstr, double *realres)
#define Dsarg(s) char s[MAXSTR] /* Declare string argument */ #define Dsarg(s) char s[MAXSTR] /* Declare string argument */
#define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE #define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE
#define Rint(n) V sprintf(output, "%d", (n)); return TRUE/* Return int */ #define Rint(n) V snprintf(output, MAXSTR -1, "%d", (n)); return TRUE/* Return int */
#define Rreal(n) mledreal((n), output); return TRUE /* Return double */ #define Rreal(n) mledreal((n), output); return TRUE /* Return double */
#define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */ #define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */
@ -910,7 +910,7 @@ Mfunc(f_edtime)
for (i = 0; i < ELEMENTS(pictab); i++) { for (i = 0; i < ELEMENTS(pictab); i++) {
if (strncasecmp(pp, pictab[i].pname, if (strncasecmp(pp, pictab[i].pname,
strlen(pictab[i].pname)) == 0) { strlen(pictab[i].pname)) == 0) {
V sprintf(output + strlen(output), pictab[i].pfmt, V snprintf(output + strlen(output), MAXSTR -1, pictab[i].pfmt,
*pictab[i].pitem); *pictab[i].pitem);
pp += strlen(pictab[i].pname); pp += strlen(pictab[i].pname);
foundit = TRUE; foundit = TRUE;
@ -1321,7 +1321,7 @@ Mfunc(f_time)
{ {
ArgCount(0, 0); ArgCount(0, 0);
V sprintf(output, "%ld", (long) time((time_t *) NULL)); V snprintf(output, MAXSTR -1, "%ld", (long) time((time_t *) NULL));
return TRUE; return TRUE;
} }
#endif /* UNIXTENSIONS */ #endif /* UNIXTENSIONS */
@ -1627,7 +1627,7 @@ static int macrovalue(int nargs, char *args, char *output)
message, make up a general-purpose message here. */ message, make up a general-purpose message here. */
if (mstat == FALSE) { if (mstat == FALSE) {
V sprintf(output, " @(%s,%c%c) ", macname, '?', '?'); V snprintf(output, MAXSTR -1, " @(%s,%c%c) ", macname, '?', '?');
} }
if (mstat != TRUE) { if (mstat != TRUE) {
#ifdef DIESEL_TRACE #ifdef DIESEL_TRACE
@ -1645,7 +1645,7 @@ static int macrovalue(int nargs, char *args, char *output)
return TRUE; return TRUE;
} }
} }
V sprintf(output, " @(%s)?? ", macname); V snprintf(output, MAXSTR -1, " @(%s)?? ", macname);
#ifdef DIESEL_TRACE #ifdef DIESEL_TRACE
if (tracing) { if (tracing) {
V printf("Err: %s\n", output); V printf("Err: %s\n", output);
@ -1673,7 +1673,7 @@ static int macroeval(char **in, char **out)
#ifdef ECHOMAC #ifdef ECHOMAC
*op++ = ' '; *op++ = ' ';
*op++ = '<'; *op++ = '<';
V sprintf(op, "(%d)", mstat); V snprintf(op, MAXSTR -1, "(%d)", mstat);
op += strlen(op); op += strlen(op);
ma = margs; ma = margs;
while (mstat-- > 0) { while (mstat-- > 0) {
@ -1779,7 +1779,7 @@ main()
/* Cheap way to be insensitive to EOL conventions. */ /* Cheap way to be insensitive to EOL conventions. */
sprintf(out,"%s",ParseMacro(in,&err)); snprintf(out, MAXSTR, "%s",ParseMacro(in,&err));
if (err) { if (err) {
V printf("=> %s\n", in); V printf("=> %s\n", in);
V printf("---"); V printf("---");

View File

@ -4,7 +4,7 @@
* Purpose ...............: MBSE BBS database library header * Purpose ...............: MBSE BBS database library header
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -51,10 +51,10 @@ void CloseDupes(void);
/* /*
* Fidonet database * Fidonet database
*/ */
struct _fidonethdr fidonethdr; /* Header record */ struct _fidonethdr fidonethdr; /* Header record */
struct _fidonet fidonet; /* Fidonet datarecord */ struct _fidonet fidonet; /* Fidonet datarecord */
int fidonet_cnt; /* Fidonet records in database */ int fidonet_cnt; /* Fidonet records in database */
char fidonet_fil[81];/* Fidonet database filename */ char fidonet_fil[PATH_MAX]; /* Fidonet database filename */
int InitFidonet(void); /* Initialize fidonet database */ int InitFidonet(void); /* Initialize fidonet database */
int TestFidonet(unsigned short); /* Test if zone is in memory */ int TestFidonet(unsigned short); /* Test if zone is in memory */
@ -102,10 +102,10 @@ void UpdateTic(void); /* Update current messages record */
/* /*
* User records * User records
*/ */
struct userhdr usrhdr; /* Header record */ struct userhdr usrhdr; /* Header record */
struct userrec usr; /* User datarecord */ struct userrec usr; /* User datarecord */
int usr_cnt; /* User records in database */ int usr_cnt; /* User records in database */
char usr_fil[81]; /* User database filename */ char usr_fil[PATH_MAX]; /* User database filename */
int InitUser(void); /* Initialize user database */ int InitUser(void); /* Initialize user database */
int TestUser(char *); /* Test if user is in memory */ int TestUser(char *); /* Test if user is in memory */