bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 13:01:07 +00:00
parent 240e2f72f9
commit 4feb9cfa3e
4 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mbfido/mbftoberep.c
View File

@ -4,7 +4,7 @@
* Purpose: File Database Maintenance - Show toberep database * Purpose: File Database Maintenance - Show toberep database
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -57,7 +57,7 @@ void ToBeRep(void)
mbse_colour(CYAN, BLACK); mbse_colour(CYAN, BLACK);
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/toberep.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/etc/toberep.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) == NULL) { if ((fp = fopen(temp, "r")) == NULL) {
printf("No toberep database present\n"); printf("No toberep database present\n");
} else { } else {

18
mbfido/mbfutil.c
View File

@ -4,7 +4,7 @@
* Purpose: File Database Maintenance - utilities * Purpose: File Database Maintenance - utilities
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -209,7 +209,7 @@ void DeleteVirusWork()
buf = calloc(PATH_MAX, sizeof(char)); buf = calloc(PATH_MAX, sizeof(char));
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
getcwd(buf, PATH_MAX); getcwd(buf, PATH_MAX);
sprintf(temp, "%s/tmp", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/tmp", getenv("MBSE_ROOT"));
if (chdir(temp) == 0) { if (chdir(temp) == 0) {
Syslog('f', "DeleteVirusWork %s/arc", temp); Syslog('f', "DeleteVirusWork %s/arc", temp);
@ -243,7 +243,7 @@ int UnpackFile(char *File)
/* /*
* Check if there is a temp directory to unpack the archive. * Check if there is a temp directory to unpack the archive.
*/ */
sprintf(temp, "%s/tmp/arc", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/tmp/arc", getenv("MBSE_ROOT"));
if ((access(temp, R_OK)) != 0) { if ((access(temp, R_OK)) != 0) {
if (mkdir(temp, 0777)) { if (mkdir(temp, 0777)) {
WriteError("$Can't create %s", temp); WriteError("$Can't create %s", temp);
@ -256,10 +256,10 @@ int UnpackFile(char *File)
/* /*
* Check for stale FILE_ID.DIZ files * Check for stale FILE_ID.DIZ files
*/ */
sprintf(temp, "%s/tmp/arc/FILE_ID.DIZ", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/tmp/arc/FILE_ID.DIZ", getenv("MBSE_ROOT"));
if (!unlink(temp)) if (!unlink(temp))
Syslog('+', "Removed stale %s", temp); Syslog('+', "Removed stale %s", temp);
sprintf(temp, "%s/tmp/arc/file_id.diz", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/tmp/arc/file_id.diz", getenv("MBSE_ROOT"));
if (!unlink(temp)) if (!unlink(temp))
Syslog('+', "Removed stale %s", temp); Syslog('+', "Removed stale %s", temp);
@ -278,7 +278,7 @@ int UnpackFile(char *File)
return FALSE; return FALSE;
} }
sprintf(temp, "%s/tmp/arc", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/tmp/arc", getenv("MBSE_ROOT"));
if (chdir(temp) != 0) { if (chdir(temp) != 0) {
WriteError("$Can't change to %s", temp); WriteError("$Can't change to %s", temp);
die(MBERR_GENERAL); die(MBERR_GENERAL);
@ -367,7 +367,7 @@ int CheckFDB(int Area, char *Path)
int rc = FALSE; int rc = FALSE;
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/var/fdb/file%d.data", getenv("MBSE_ROOT"), Area); snprintf(temp, PATH_MAX -1, "%s/var/fdb/file%d.data", getenv("MBSE_ROOT"), Area);
/* /*
* Open the file database, create new one if it doesn't excist. * Open the file database, create new one if it doesn't excist.
@ -397,7 +397,7 @@ int CheckFDB(int Area, char *Path)
* Now check the download directory * Now check the download directory
*/ */
if (access(Path, W_OK) == -1) { if (access(Path, W_OK) == -1) {
sprintf(temp, "%s/foobar", Path); snprintf(temp, PATH_MAX -1, "%s/foobar", Path);
if (mkdirs(temp, 0775)) if (mkdirs(temp, 0775))
Syslog('+', "Created directory %s", Path); Syslog('+', "Created directory %s", Path);
} }
@ -419,7 +419,7 @@ int LoadAreaRec(int Area)
sAreas = calloc(PATH_MAX, sizeof(char)); sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("$Can't open %s", sAreas); WriteError("$Can't open %s", sAreas);
if (!do_quiet) if (!do_quiet)

12
mbfido/mbindex.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Nodelist Compiler * Purpose ...............: Nodelist Compiler
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -254,7 +254,7 @@ char *fullpath(char *fname)
{ {
static char path[PATH_MAX]; static char path[PATH_MAX];
sprintf(path, "%s/%s", CFG.nodelists, fname); snprintf(path, PATH_MAX -1, "%s/%s", CFG.nodelists, fname);
return path; return path;
} }
@ -686,7 +686,7 @@ void fill_fdlist(fd_list **fdp, char *filename, time_t filedate)
tmp = (fd_list *)malloc(sizeof(fd_list)); tmp = (fd_list *)malloc(sizeof(fd_list));
tmp->next = *fdp; tmp->next = *fdp;
sprintf(tmp->fname, "%s", filename); snprintf(tmp->fname, 64, "%s", filename);
tmp->fdate = filedate; tmp->fdate = filedate;
*fdp = tmp; *fdp = tmp;
} }
@ -757,7 +757,7 @@ char *pull_fdlist(fd_list **fdp)
ta = *fdp; ta = *fdp;
memset(&buf, 0, sizeof(buf)); memset(&buf, 0, sizeof(buf));
sprintf(buf, "%s", ta->fname); snprintf(buf, 64, "%s", ta->fname);
if (ta->next != NULL) if (ta->next != NULL)
*fdp = ta->next; *fdp = ta->next;
@ -825,8 +825,8 @@ int makelist(char *base, unsigned short zo, unsigned short ne, unsigned short no
tidy_fdlist(&fdl); tidy_fdlist(&fdl);
memset(&fdx, 0, sizeof(fdx)); memset(&fdx, 0, sizeof(fdx));
sprintf(fdx.filename, "%s", p); snprintf(fdx.filename, 12, "%s", p);
sprintf(fdx.domain, "%s", fidonet.domain); snprintf(fdx.domain, 12, "%s", fidonet.domain);
fdx.number = filenr; fdx.number = filenr;
fwrite(&fdx, sizeof(fdx), 1, ffp); fwrite(&fdx, sizeof(fdx), 1, ffp);

18
mbfido/mbmsg.c
View File

@ -250,7 +250,7 @@ void DoMsgBase()
int Del = 0; int Del = 0;
sAreas = calloc(PATH_MAX, sizeof(char)); sAreas = calloc(PATH_MAX, sizeof(char));
Name = calloc(PATH_MAX, sizeof(char )); Name = calloc(PATH_MAX, sizeof(char ));
IsDoing("Msg Maintenance"); IsDoing("Msg Maintenance");
@ -264,7 +264,7 @@ void DoMsgBase()
Syslog('-', "------ ------ ------ ------ ------ ----------------------------------"); Syslog('-', "------ ------ ------ ------ ------ ----------------------------------");
} }
sprintf(sAreas, "%s/etc/mareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if(( pAreas = fopen (sAreas, "r")) == NULL) { if(( pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("$Can't open %s", sAreas); WriteError("$Can't open %s", sAreas);
die(MBERR_GENERAL); die(MBERR_GENERAL);
@ -331,7 +331,7 @@ void DoMsgBase()
fclose(pAreas); fclose(pAreas);
if (!do_area) { if (!do_area) {
sprintf(sAreas, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("$Can't open %s", sAreas); WriteError("$Can't open %s", sAreas);
die(MBERR_GENERAL); die(MBERR_GENERAL);
@ -341,13 +341,13 @@ void DoMsgBase()
while (fread(&usrconfig, usrconfighdr.recsize, 1, pAreas) == 1) { while (fread(&usrconfig, usrconfighdr.recsize, 1, pAreas) == 1) {
if (usrconfig.Email && strlen(usrconfig.Name)) { if (usrconfig.Email && strlen(usrconfig.Name)) {
Nopper(); Nopper();
sprintf(Name, "User %s email area: mailbox", usrconfig.Name); snprintf(Name, PATH_MAX -1, "User %s email area: mailbox", usrconfig.Name);
if (!do_quiet) { if (!do_quiet) {
mbse_colour(CYAN, BLACK); mbse_colour(CYAN, BLACK);
printf("\r .. %-40s", Name); printf("\r .. %-40s", Name);
fflush(stdout); fflush(stdout);
} }
sprintf(sAreas, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name); snprintf(sAreas, PATH_MAX -1, "%s/%s/mailbox", CFG.bbs_usersdir, usrconfig.Name);
are_tot++; are_tot++;
processed = FALSE; processed = FALSE;
if (do_kill) if (do_kill)
@ -360,8 +360,8 @@ void DoMsgBase()
LinkArea(sAreas, 0); LinkArea(sAreas, 0);
if (processed) if (processed)
are_proc++; are_proc++;
sprintf(sAreas, "%s/%s/archive", CFG.bbs_usersdir, usrconfig.Name); snprintf(sAreas, PATH_MAX -1, "%s/%s/archive", CFG.bbs_usersdir, usrconfig.Name);
sprintf(Name, "User %s email area: archive", usrconfig.Name); snprintf(Name, 80, "User %s email area: archive", usrconfig.Name);
are_tot++; are_tot++;
processed = FALSE; processed = FALSE;
if (do_kill) if (do_kill)
@ -373,8 +373,8 @@ void DoMsgBase()
LinkArea(sAreas, 0); LinkArea(sAreas, 0);
if (processed) if (processed)
are_proc++; are_proc++;
sprintf(sAreas, "%s/%s/trash", CFG.bbs_usersdir, usrconfig.Name); snprintf(sAreas, PATH_MAX -1, "%s/%s/trash", CFG.bbs_usersdir, usrconfig.Name);
sprintf(Name, "User %s email area: trash", usrconfig.Name); snprintf(Name, 80, "User %s email area: trash", usrconfig.Name);
are_tot++; are_tot++;
processed = FALSE; processed = FALSE;
if (do_kill) if (do_kill)