Secured sprintf with snprintf
This commit is contained in:
parent
536a52e0ad
commit
4e1309e0eb
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Fidonetrecord Access
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -43,7 +43,7 @@ int InitFidonet(void)
|
||||
memset(&fidonet, 0, sizeof(fidonet));
|
||||
LoadConfig();
|
||||
|
||||
sprintf(fidonet_fil, "%s/etc/fidonet.data", getenv("MBSE_ROOT"));
|
||||
snprintf(fidonet_fil, PATH_MAX -1, "%s/etc/fidonet.data", getenv("MBSE_ROOT"));
|
||||
if ((fil = fopen(fidonet_fil, "r")) == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Message areas record Access
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -53,7 +53,7 @@ int InitMsgs(void)
|
||||
LoadConfig();
|
||||
sysstart = -1;
|
||||
|
||||
sprintf(msgs_fil, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
snprintf(msgs_fil, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
|
||||
if ((fil = fopen(msgs_fil, "r")) == NULL)
|
||||
return FALSE;
|
||||
|
||||
@ -62,7 +62,7 @@ int InitMsgs(void)
|
||||
msgs_cnt = (ftell(fil) - msgshdr.hdrsize) / (msgshdr.recsize + msgshdr.syssize);
|
||||
fclose(fil);
|
||||
|
||||
sprintf(mgrp_fil, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(mgrp_fil, PATH_MAX -1, "%s/etc/mgroups.data", getenv("MBSE_ROOT"));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Noderecord Access
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -50,7 +50,7 @@ int InitNode(void)
|
||||
memset(&nodes, 0, sizeof(nodes));
|
||||
LoadConfig();
|
||||
|
||||
sprintf(nodes_fil, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
|
||||
snprintf(nodes_fil, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
|
||||
if ((fil = fopen(nodes_fil, "r")) == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: Tic areas record Access
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -54,7 +54,7 @@ int InitTic(void)
|
||||
LoadConfig();
|
||||
sysstart = -1;
|
||||
|
||||
sprintf(tic_fil, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
snprintf(tic_fil, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||
if ((fil = fopen(tic_fil, "r")) == NULL)
|
||||
return FALSE;
|
||||
|
||||
@ -63,7 +63,7 @@ int InitTic(void)
|
||||
tic_cnt = (ftell(fil) - tichdr.hdrsize) / (tichdr.recsize + tichdr.syssize);
|
||||
fclose(fil);
|
||||
|
||||
sprintf(tgrp_fil, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
snprintf(tgrp_fil, PATH_MAX -1, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
@ -43,7 +43,7 @@ int InitUser(void)
|
||||
memset(&usr, 0, sizeof(usr));
|
||||
LoadConfig();
|
||||
|
||||
sprintf(usr_fil, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||
snprintf(usr_fil, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT"));
|
||||
if ((fil = fopen(usr_fil, "r")) == NULL)
|
||||
return FALSE;
|
||||
|
||||
|
18
lib/diesel.c
18
lib/diesel.c
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: TURBODIESEL Macro language
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -441,7 +441,7 @@ static void mledreal(double r, char *edbuf)
|
||||
{
|
||||
int sprec;
|
||||
|
||||
V sprintf(edbuf, "%.12f", r);
|
||||
V snprintf(edbuf, MAXSTR -1, "%.12f", r);
|
||||
if ((!strchr(edbuf, 'E')) && strchr(edbuf, '.')) {
|
||||
/* Trim redundant trailing zeroes off the number. */
|
||||
for (sprec = strlen(edbuf) - 1; sprec > 0; sprec--) {
|
||||
@ -495,7 +495,7 @@ static int rarg(char *argstr, double *realres)
|
||||
#define Dsarg(s) char s[MAXSTR] /* Declare string argument */
|
||||
#define Sarg(v,n) if (diesel(argv[(n)], (v)) != 0) return FALSE
|
||||
|
||||
#define Rint(n) V sprintf(output, "%d", (n)); return TRUE/* Return int */
|
||||
#define Rint(n) V snprintf(output, MAXSTR -1, "%d", (n)); return TRUE/* Return int */
|
||||
#define Rreal(n) mledreal((n), output); return TRUE /* Return double */
|
||||
#define Rstr(s) V strcpy(output, (s)); return TRUE /* Return str */
|
||||
|
||||
@ -910,7 +910,7 @@ Mfunc(f_edtime)
|
||||
for (i = 0; i < ELEMENTS(pictab); i++) {
|
||||
if (strncasecmp(pp, pictab[i].pname,
|
||||
strlen(pictab[i].pname)) == 0) {
|
||||
V sprintf(output + strlen(output), pictab[i].pfmt,
|
||||
V snprintf(output + strlen(output), MAXSTR -1, pictab[i].pfmt,
|
||||
*pictab[i].pitem);
|
||||
pp += strlen(pictab[i].pname);
|
||||
foundit = TRUE;
|
||||
@ -1321,7 +1321,7 @@ Mfunc(f_time)
|
||||
{
|
||||
ArgCount(0, 0);
|
||||
|
||||
V sprintf(output, "%ld", (long) time((time_t *) NULL));
|
||||
V snprintf(output, MAXSTR -1, "%ld", (long) time((time_t *) NULL));
|
||||
return TRUE;
|
||||
}
|
||||
#endif /* UNIXTENSIONS */
|
||||
@ -1627,7 +1627,7 @@ static int macrovalue(int nargs, char *args, char *output)
|
||||
message, make up a general-purpose message here. */
|
||||
|
||||
if (mstat == FALSE) {
|
||||
V sprintf(output, " @(%s,%c%c) ", macname, '?', '?');
|
||||
V snprintf(output, MAXSTR -1, " @(%s,%c%c) ", macname, '?', '?');
|
||||
}
|
||||
if (mstat != TRUE) {
|
||||
#ifdef DIESEL_TRACE
|
||||
@ -1645,7 +1645,7 @@ static int macrovalue(int nargs, char *args, char *output)
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
V sprintf(output, " @(%s)?? ", macname);
|
||||
V snprintf(output, MAXSTR -1, " @(%s)?? ", macname);
|
||||
#ifdef DIESEL_TRACE
|
||||
if (tracing) {
|
||||
V printf("Err: %s\n", output);
|
||||
@ -1673,7 +1673,7 @@ static int macroeval(char **in, char **out)
|
||||
#ifdef ECHOMAC
|
||||
*op++ = ' ';
|
||||
*op++ = '<';
|
||||
V sprintf(op, "(%d)", mstat);
|
||||
V snprintf(op, MAXSTR -1, "(%d)", mstat);
|
||||
op += strlen(op);
|
||||
ma = margs;
|
||||
while (mstat-- > 0) {
|
||||
@ -1779,7 +1779,7 @@ main()
|
||||
|
||||
/* Cheap way to be insensitive to EOL conventions. */
|
||||
|
||||
sprintf(out,"%s",ParseMacro(in,&err));
|
||||
snprintf(out, MAXSTR, "%s",ParseMacro(in,&err));
|
||||
if (err) {
|
||||
V printf("=> %s\n", in);
|
||||
V printf("---");
|
||||
|
@ -4,7 +4,7 @@
|
||||
* Purpose ...............: MBSE BBS database library header
|
||||
*
|
||||
*****************************************************************************
|
||||
* Copyright (C) 1997-2004
|
||||
* Copyright (C) 1997-2005
|
||||
*
|
||||
* Michiel Broek FIDO: 2:280/2802
|
||||
* Beekmansbos 10
|
||||
@ -54,7 +54,7 @@ void CloseDupes(void);
|
||||
struct _fidonethdr fidonethdr; /* Header record */
|
||||
struct _fidonet fidonet; /* Fidonet datarecord */
|
||||
int fidonet_cnt; /* Fidonet records in database */
|
||||
char fidonet_fil[81];/* Fidonet database filename */
|
||||
char fidonet_fil[PATH_MAX]; /* Fidonet database filename */
|
||||
|
||||
int InitFidonet(void); /* Initialize fidonet database */
|
||||
int TestFidonet(unsigned short); /* Test if zone is in memory */
|
||||
@ -105,7 +105,7 @@ void UpdateTic(void); /* Update current messages record */
|
||||
struct userhdr usrhdr; /* Header record */
|
||||
struct userrec usr; /* User datarecord */
|
||||
int usr_cnt; /* User records in database */
|
||||
char usr_fil[81]; /* User database filename */
|
||||
char usr_fil[PATH_MAX]; /* User database filename */
|
||||
|
||||
int InitUser(void); /* Initialize user database */
|
||||
int TestUser(char *); /* Test if user is in memory */
|
||||
|
Reference in New Issue
Block a user