Secured sprintf with snprintf
This commit is contained in:
parent
536a52e0ad
commit
4e1309e0eb
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Fidonetrecord Access
|
* Purpose ...............: Fidonetrecord Access
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -43,7 +43,7 @@ int InitFidonet(void)
|
|||||||
memset(&fidonet, 0, sizeof(fidonet));
|
memset(&fidonet, 0, sizeof(fidonet));
|
||||||
LoadConfig();
|
LoadConfig();
|
||||||
|
|
||||||
sprintf(fidonet_fil, "%s/etc/fidonet.data", getenv("MBSE_ROOT"));
|
snprintf(fidonet_fil, PATH_MAX -1, "%s/etc/fidonet.data", getenv("MBSE_ROOT"));
|
||||||
if ((fil = fopen(fidonet_fil, "r")) == NULL)
|
if ((fil = fopen(fidonet_fil, "r")) == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Message areas record Access
|
* Purpose ...............: Message areas record Access
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -53,7 +53,7 @@ int InitMsgs(void)
|
|||||||
LoadConfig();
|
LoadConfig();
|
||||||
sysstart = -1;
|
sysstart = -1;
|
||||||
|
|
||||||
sprintf(msgs_fil, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
snprintf(msgs_fil, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||||
if ((fil = fopen(msgs_fil, "r")) == NULL)
|
if ((fil = fopen(msgs_fil, "r")) == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
@ -62,7 +62,7 @@ int InitMsgs(void)
|
|||||||
msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize);
|
msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize);
|
||||||
fclose(fil);
|
fclose(fil);
|
||||||
|
|
||||||
sprintf(mgrp_fil, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
snprintf(mgrp_fil, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Noderecord Access
|
* Purpose ...............: Noderecord Access
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -50,7 +50,7 @@ int InitNode(void)
|
|||||||
memset(&nodes, 0, sizeof(nodes));
|
memset(&nodes, 0, sizeof(nodes));
|
||||||
LoadConfig();
|
LoadConfig();
|
||||||
|
|
||||||
sprintf(nodes_fil, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
|
snprintf(nodes_fil, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
|
||||||
if ((fil = fopen(nodes_fil, "r")) == NULL)
|
if ((fil = fopen(nodes_fil, "r")) == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: Tic areas record Access
|
* Purpose ...............: Tic areas record Access
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -54,7 +54,7 @@ int InitTic(void)
|
|||||||
LoadConfig();
|
LoadConfig();
|
||||||
sysstart = -1;
|
sysstart = -1;
|
||||||
|
|
||||||
sprintf(tic_fil, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
snprintf(tic_fil, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||||
if ((fil = fopen(tic_fil, "r")) == NULL)
|
if ((fil = fopen(tic_fil, "r")) == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
@ -63,7 +63,7 @@ int InitTic(void)
|
|||||||
tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize);
|
tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize);
|
||||||
fclose(fil);
|
fclose(fil);
|
||||||
|
|
||||||
sprintf(tgrp_fil, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
snprintf(tgrp_fil, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -43,7 +43,7 @@ int InitUser(void)
|
|||||||
memset(&usr, 0, sizeof(usr));
|
memset(&usr, 0, sizeof(usr));
|
||||||
LoadConfig();
|
LoadConfig();
|
||||||
|
|
||||||
sprintf(usr_fil, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
snprintf(usr_fil, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||||
if ((fil = fopen(usr_fil, "r")) == NULL)
|
if ((fil = fopen(usr_fil, "r")) == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
18
lib/diesel.c
18
lib/diesel.c
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: TURBODIESEL Macro language
|
* Purpose ...............: TURBODIESEL Macro language
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -441,7 +441,7 @@ static void mledreal(double r, char *edbuf)
|
|||||||
{
|
{
|
||||||
int sprec;
|
int sprec;
|
||||||
|
|
||||||
V sprintf(edbuf, "%.12f", r);
|
V snprintf(edbuf, MAXSTR -1, "%.12f", r);
|
||||||
if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) {
|
if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) {
|
||||||
/* Trim redundant trailing zeroes off the number. */
|
/* Trim redundant trailing zeroes off the number. */
|
||||||
for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) {
|
for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) {
|
||||||
@ -495,7 +495,7 @@ static int rarg(char *argstr, double *realres)
|
|||||||
#define Dsarg(s) char s[MAXSTR] /* Declare string argument */
|
#define Dsarg(s) char s[MAXSTR] /* Declare string argument */
|
||||||
#define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE
|
#define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE
|
||||||
|
|
||||||
#define Rint(n) V sprintf(output, "%d", (n)); return TRUE/* Return int */
|
#define Rint(n) V snprintf(output, MAXSTR -1, "%d", (n)); return TRUE/* Return int */
|
||||||
#define Rreal(n) mledreal((n), output); return TRUE /* Return double */
|
#define Rreal(n) mledreal((n), output); return TRUE /* Return double */
|
||||||
#define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */
|
#define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */
|
||||||
|
|
||||||
@ -910,7 +910,7 @@ Mfunc(f_edtime)
|
|||||||
for (i = 0; i < ELEMENTS(pictab); i++) {
|
for (i = 0; i < ELEMENTS(pictab); i++) {
|
||||||
if (strncasecmp(pp, pictab[i].pname,
|
if (strncasecmp(pp, pictab[i].pname,
|
||||||
strlen(pictab[i].pname)) == 0) {
|
strlen(pictab[i].pname)) == 0) {
|
||||||
V sprintf(output + strlen(output), pictab[i].pfmt,
|
V snprintf(output + strlen(output), MAXSTR -1, pictab[i].pfmt,
|
||||||
*pictab[i].pitem);
|
*pictab[i].pitem);
|
||||||
pp += strlen(pictab[i].pname);
|
pp += strlen(pictab[i].pname);
|
||||||
foundit = TRUE;
|
foundit = TRUE;
|
||||||
@ -1321,7 +1321,7 @@ Mfunc(f_time)
|
|||||||
{
|
{
|
||||||
ArgCount(0, 0);
|
ArgCount(0, 0);
|
||||||
|
|
||||||
V sprintf(output, "%ld", (long) time((time_t *) NULL));
|
V snprintf(output, MAXSTR -1, "%ld", (long) time((time_t *) NULL));
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
#endif /* UNIXTENSIONS */
|
#endif /* UNIXTENSIONS */
|
||||||
@ -1627,7 +1627,7 @@ static int macrovalue(int nargs, char *args, char *output)
|
|||||||
message, make up a general-purpose message here. */
|
message, make up a general-purpose message here. */
|
||||||
|
|
||||||
if (mstat == FALSE) {
|
if (mstat == FALSE) {
|
||||||
V sprintf(output, " @(%s,%c%c) ", macname, '?', '?');
|
V snprintf(output, MAXSTR -1, " @(%s,%c%c) ", macname, '?', '?');
|
||||||
}
|
}
|
||||||
if (mstat != TRUE) {
|
if (mstat != TRUE) {
|
||||||
#ifdef DIESEL_TRACE
|
#ifdef DIESEL_TRACE
|
||||||
@ -1645,7 +1645,7 @@ static int macrovalue(int nargs, char *args, char *output)
|
|||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
V sprintf(output, " @(%s)?? ", macname);
|
V snprintf(output, MAXSTR -1, " @(%s)?? ", macname);
|
||||||
#ifdef DIESEL_TRACE
|
#ifdef DIESEL_TRACE
|
||||||
if (tracing) {
|
if (tracing) {
|
||||||
V printf("Err: %s\n", output);
|
V printf("Err: %s\n", output);
|
||||||
@ -1673,7 +1673,7 @@ static int macroeval(char **in, char **out)
|
|||||||
#ifdef ECHOMAC
|
#ifdef ECHOMAC
|
||||||
*op++ = ' ';
|
*op++ = ' ';
|
||||||
*op++ = '<';
|
*op++ = '<';
|
||||||
V sprintf(op, "(%d)", mstat);
|
V snprintf(op, MAXSTR -1, "(%d)", mstat);
|
||||||
op += strlen(op);
|
op += strlen(op);
|
||||||
ma = margs;
|
ma = margs;
|
||||||
while (mstat-- > 0) {
|
while (mstat-- > 0) {
|
||||||
@ -1779,7 +1779,7 @@ main()
|
|||||||
|
|
||||||
/* Cheap way to be insensitive to EOL conventions. */
|
/* Cheap way to be insensitive to EOL conventions. */
|
||||||
|
|
||||||
sprintf(out,"%s",ParseMacro(in,&err));
|
snprintf(out, MAXSTR, "%s",ParseMacro(in,&err));
|
||||||
if (err) {
|
if (err) {
|
||||||
V printf("=> %s\n", in);
|
V printf("=> %s\n", in);
|
||||||
V printf("---");
|
V printf("---");
|
||||||
|
18
lib/mbsedb.h
18
lib/mbsedb.h
@ -4,7 +4,7 @@
|
|||||||
* Purpose ...............: MBSE BBS database library header
|
* Purpose ...............: MBSE BBS database library header
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -51,10 +51,10 @@ void CloseDupes(void);
|
|||||||
/*
|
/*
|
||||||
* Fidonet database
|
* Fidonet database
|
||||||
*/
|
*/
|
||||||
struct _fidonethdr fidonethdr; /* Header record */
|
struct _fidonethdr fidonethdr; /* Header record */
|
||||||
struct _fidonet fidonet; /* Fidonet datarecord */
|
struct _fidonet fidonet; /* Fidonet datarecord */
|
||||||
int fidonet_cnt; /* Fidonet records in database */
|
int fidonet_cnt; /* Fidonet records in database */
|
||||||
char fidonet_fil[81];/* Fidonet database filename */
|
char fidonet_fil[PATH_MAX]; /* Fidonet database filename */
|
||||||
|
|
||||||
int InitFidonet(void); /* Initialize fidonet database */
|
int InitFidonet(void); /* Initialize fidonet database */
|
||||||
int TestFidonet(unsigned short); /* Test if zone is in memory */
|
int TestFidonet(unsigned short); /* Test if zone is in memory */
|
||||||
@ -102,10 +102,10 @@ void UpdateTic(void); /* Update current messages record */
|
|||||||
/*
|
/*
|
||||||
* User records
|
* User records
|
||||||
*/
|
*/
|
||||||
struct userhdr usrhdr; /* Header record */
|
struct userhdr usrhdr; /* Header record */
|
||||||
struct userrec usr; /* User datarecord */
|
struct userrec usr; /* User datarecord */
|
||||||
int usr_cnt; /* User records in database */
|
int usr_cnt; /* User records in database */
|
||||||
char usr_fil[81]; /* User database filename */
|
char usr_fil[PATH_MAX]; /* User database filename */
|
||||||
|
|
||||||
int InitUser(void); /* Initialize user database */
|
int InitUser(void); /* Initialize user database */
|
||||||
int TestUser(char *); /* Test if user is in memory */
|
int TestUser(char *); /* Test if user is in memory */
|
||||||
|
Reference in New Issue
Block a user