From 51764922ebff06147828679b829a7bf8dbb41227 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sat, 27 Aug 2005 18:53:32 +0000 Subject: [PATCH] Secured sprintf with snprintf --- lib/nntp.c | 6 +++--- lib/nodelist.c | 44 ++++++++++++++++++++------------------------ lib/nodelock.c | 4 ++-- lib/packet.c | 6 +++--- lib/pktname.c | 38 +++++++++++++++++++------------------- lib/proglock.c | 8 ++++---- lib/rearc.c | 24 +++++++----------------- lib/remask.c | 6 +++--- lib/rfcdate.c | 4 ++-- lib/semafore.c | 8 ++++---- lib/smtp.c | 6 +++--- lib/unpacker.c | 2 +- 12 files changed, 71 insertions(+), 85 deletions(-) diff --git a/lib/nntp.c b/lib/nntp.c index 4b1f59ce..58458472 100644 --- a/lib/nntp.c +++ b/lib/nntp.c @@ -230,7 +230,7 @@ int nntp_cmd(char *cmd, int resp) if (nntp_send(cmd) == -1) return -1; - sprintf(rsp, "%d", resp); + snprintf(rsp, 5, "%d", resp); p = nntp_receive(); if (strncmp(p, "480", 3) == 0) { @@ -273,11 +273,11 @@ int nntp_auth(void) } cmd = calloc(128, sizeof(char)); - sprintf(cmd, "AUTHINFO USER %s\r\n", CFG.nntpuser); + snprintf(cmd, 127, "AUTHINFO USER %s\r\n", CFG.nntpuser); if (nntp_cmd(cmd, 381)) return FALSE; - sprintf(cmd, "AUTHINFO PASS %s\r\n", CFG.nntppass); + snprintf(cmd, 127, "AUTHINFO PASS %s\r\n", CFG.nntppass); if (nntp_cmd(cmd, 281) == 0) { free(cmd); Syslog('+', "NNTP: logged in"); diff --git a/lib/nodelist.c b/lib/nodelist.c index 0859bd55..51a54d26 100644 --- a/lib/nodelist.c +++ b/lib/nodelist.c @@ -389,7 +389,7 @@ int initnl(void) rc = MBERR_INIT_ERROR; } else { while (fread(&fdx, sizeof(fdx), 1, dbf) == 1) { - sprintf(nlpath, "%s/%s", CFG.nodelists, fdx.filename); + snprintf(nlpath, PATH_MAX -1, "%s/%s", CFG.nodelists, fdx.filename); if ((fp = fopen(nlpath, "r")) == NULL) { WriteError("$Can't open %s", nlpath); rc = MBERR_INIT_ERROR; @@ -405,7 +405,7 @@ int initnl(void) /* * Read and parse ~/etc/nodelist.conf */ - sprintf(nlpath, "%s/etc/nodelist.conf", getenv("MBSE_ROOT")); + snprintf(nlpath, PATH_MAX -1, "%s/etc/nodelist.conf", getenv("MBSE_ROOT")); if ((dbf = fopen(nlpath, "r")) == NULL) { WriteError("$Can't open %s", nlpath); rc = MBERR_INIT_ERROR; @@ -456,7 +456,7 @@ int initnl(void) /* * Howmany TCP sessions are allowd */ - sprintf(nlpath, "%s/etc/task.data", getenv("MBSE_ROOT")); + snprintf(nlpath, PATH_MAX -1, "%s/etc/task.data", getenv("MBSE_ROOT")); if ((fp = fopen(nlpath, "r"))) { fread(&TCFG, sizeof(TCFG), 1, fp); fclose(fp); @@ -468,7 +468,7 @@ int initnl(void) * Read all our TCP/IP capabilities and set the global flag. */ if (TCFG.max_tcp) { - sprintf(buf, "%s", CFG.IP_Flags); + snprintf(buf, 255, "%s", CFG.IP_Flags); q = buf; for (p = q; p; p = q) { if ((q = strchr(p, ','))) @@ -484,14 +484,14 @@ int initnl(void) * All lines are ORed so we have a global and total lines * capability. */ - sprintf(nlpath, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(nlpath, PATH_MAX -1, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((fp = fopen(nlpath, "r"))) { fread(&ttyinfohdr, sizeof(ttyinfohdr), 1, fp); while (fread(&ttyinfo, ttyinfohdr.recsize, 1, fp) == 1) { if (((ttyinfo.type == POTS) || (ttyinfo.type == ISDN)) && (ttyinfo.available) && (ttyinfo.callout)) { - sprintf(buf, "%s", ttyinfo.flags); + snprintf(buf, 255, "%s", ttyinfo.flags); q = buf; for (p = q; p; p = q) { if ((q = strchr(p, ','))) @@ -603,7 +603,7 @@ node *getnlent(faddr *addr) * Search domainname for the requested aka, should not fail. */ path = calloc(PATH_MAX, sizeof(char)); - sprintf(path, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); + snprintf(path, PATH_MAX -1, "%s/etc/fidonet.data", getenv("MBSE_ROOT")); if ((fp = fopen(path, "r"))) { fread(&fidonethdr, sizeof(fidonethdr), 1, fp); while (fread(&fidonet, fidonethdr.recsize, 1, fp) == 1) { @@ -624,7 +624,7 @@ node *getnlent(faddr *addr) /* * First, lookup node in index. NOTE -- NOT 5D YET */ - sprintf(path, "%s/%s", CFG.nodelists, "node.index"); + snprintf(path, PATH_MAX -1, "%s/%s", CFG.nodelists, "node.index"); if ((fp = fopen(path, "r")) == NULL) { WriteError("$Can't open %s", path); free(path); @@ -659,7 +659,7 @@ node *getnlent(faddr *addr) goto retdummy; } - sprintf(path, "%s/%s", CFG.nodelists, "node.files"); + snprintf(path, PATH_MAX -1, "%s/%s", CFG.nodelists, "node.files"); if ((fp = fopen(path, "r")) == NULL) { WriteError("$Can't open %s", path); free(path); @@ -678,7 +678,7 @@ node *getnlent(faddr *addr) /* * Open and read in real nodelist */ - sprintf(path, "%s/%s", CFG.nodelists, fdx.filename); + snprintf(path, PATH_MAX -1, "%s/%s", CFG.nodelists, fdx.filename); if ((fp = fopen(path, "r")) == NULL) { WriteError("$Can't open %s", path); free(path); @@ -703,7 +703,7 @@ node *getnlent(faddr *addr) * nodelist overrides in this record will be used instead of * the nodelist entries. */ - sprintf(path, "%s/etc/nodes.data", getenv("MBSE_ROOT")); + snprintf(path, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT")); if ((np = fopen(path, "r")) != NULL) { fread(&ndhdr, sizeof(nodeshdr), 1, np); @@ -925,15 +925,12 @@ node *getnlent(faddr *addr) */ if (nodebuf.iflags & mytcpip) { memset(&tbuf, 0, sizeof(tbuf)); -// Syslog('n', "getnlent: node iflags %08x, mytcpip %08x", nodebuf.iflags, mytcpip); for (tmpm = &nl_tcpip; *tmpm; tmpm=&((*tmpm)->next)) { if ((*tmpm)->mask & nodebuf.iflags) { -// Syslog('n', "getnlent: best flag is %s", (*tmpm)->name); for (tmps = &nl_service; *tmps; tmps=&((*tmps)->next)) { if (strcmp((*tmps)->flag, (*tmpm)->name) == 0) { - sprintf(tbuf, "%s", (*tmps)->service); + snprintf(tbuf, 255, "%s", (*tmps)->service); tport = (*tmps)->tmpport; -// Syslog('n', "getnlent: protocol %s at port %d", (*tmps)->service, (*tmps)->tmpport); } } } @@ -952,13 +949,13 @@ node *getnlent(faddr *addr) memset(&tbuf, 0, sizeof(tbuf)); if (ndrecord && strlen(nd.Nl_hostname)) { Syslog('n', "getnlent: using override %s for FQDN", nd.Nl_hostname); - sprintf(tbuf, nodebuf.name); + snprintf(tbuf, 255, nodebuf.name); nodebuf.url = xstrcat(nodebuf.url, tbuf); } else { for (tmpa = &nl_search; *tmpa; tmpa=&((*tmpa)->next)) { Syslog('n', "getnlent: search FQDN method %s", (*tmpa)->name); if (strcasecmp((*tmpa)->name, "field3") == 0) { - sprintf(tbuf, nodebuf.name); + snprintf(tbuf, 255, nodebuf.name); if (strchr(tbuf, '.')) { /* * Okay, there are dots, this can be a FQDN or IP address. @@ -974,7 +971,7 @@ node *getnlent(faddr *addr) for (tmpaa = &nl_ipprefix; *tmpaa; tmpaa=&((*tmpaa)->next)) { if (nodebuf.phone && strncmp(nodebuf.phone, (*tmpaa)->name, strlen((*tmpaa)->name)) == 0) { Syslog('n', "getnlent: found %s prefix", (*tmpaa)->name); - sprintf(tbuf, "%s", nodebuf.phone+strlen((*tmpaa)->name)); + snprintf(tbuf, 255, "%s", nodebuf.phone+strlen((*tmpaa)->name)); for (i = 0; i < strlen(tbuf); i++) if (tbuf[i] == '-') tbuf[i] = '.'; @@ -1035,10 +1032,10 @@ node *getnlent(faddr *addr) for (tmpd = &nl_domsuffix; *tmpd; tmpd=&((*tmpd)->next)) { if ((*tmpd)->zone == nodebuf.addr.zone) { if (*r++ == '\0') - sprintf(tbuf, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name); else - sprintf(tbuf, "f%d.n%d.z%d.%s.%s%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name, r); Syslog('n', "getnlent: will try default domain \"%s\"", tbuf); nodebuf.url = xstrcat(nodebuf.url, tbuf); @@ -1051,7 +1048,7 @@ node *getnlent(faddr *addr) } if (strchr(r, '.')) { Syslog('n', "getnlent: found a FQDN \"%s\"", MBSE_SS(r)); - sprintf(tbuf, "%s", r); + snprintf(tbuf, 255, "%s", r); nodebuf.url = xstrcat(nodebuf.url, tbuf); break; } @@ -1065,7 +1062,7 @@ node *getnlent(faddr *addr) if (nodebuf.addr.domain) { for (tmpd = &nl_domsuffix; *tmpd; tmpd=&((*tmpd)->next)) { if ((*tmpd)->zone == nodebuf.addr.zone) { - sprintf(tbuf, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, + snprintf(tbuf, 255, "f%d.n%d.z%d.%s.%s", nodebuf.addr.node, nodebuf.addr.net, nodebuf.addr.zone, nodebuf.addr.domain, (*tmpd)->name); Syslog('n', "getnlent: will try default domain \"%s\"", tbuf); nodebuf.url = xstrcat(nodebuf.url, tbuf); @@ -1093,8 +1090,7 @@ node *getnlent(faddr *addr) * No optional port number, add one from the default * for this protocol. */ - sprintf(tbuf, ":%lu", tport); -// Syslog('n', "getnlent: adding default port %s", tbuf); + snprintf(tbuf, 255, ":%lu", tport); nodebuf.url = xstrcat(nodebuf.url, tbuf); } diff --git a/lib/nodelock.c b/lib/nodelock.c index 366f6270..e83cfd0a 100644 --- a/lib/nodelock.c +++ b/lib/nodelock.c @@ -4,7 +4,7 @@ * Purpose ...............: Node locking * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -45,7 +45,7 @@ int nodelock(faddr *addr, pid_t mypid) tfn = xstrcpy(fn); if ((p=strrchr(tfn,'/'))) *++p='\0'; - sprintf(tmp, "aa%d", mypid); + snprintf(tmp, 15, "aa%d", mypid); tfn = xstrcat(tfn, tmp); mkdirs(tfn, 0770); diff --git a/lib/packet.c b/lib/packet.c index 09787cdc..99c67886 100644 --- a/lib/packet.c +++ b/lib/packet.c @@ -4,7 +4,7 @@ * Purpose ...............: Fidonet mailer * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -133,10 +133,10 @@ FILE *openpkt(FILE *pkt, faddr *addr, char flavor, int session) memset(&str, 0, 8); if (session) { if (noderecord(addr) && strlen(nodes.Spasswd)) - sprintf(str, "%s", nodes.Spasswd); + snprintf(str, 8, "%s", nodes.Spasswd); } else { if (noderecord(addr) && strlen(nodes.Epasswd)) - sprintf(str, "%s", nodes.Epasswd); + snprintf(str, 8, "%s", nodes.Epasswd); } for (i = 0; i < 8; i++) buffer[0x1a + i] = toupper(str[i]); /* FSC-0039 only talks about A-Z, 0-9, so force uppercase */ diff --git a/lib/pktname.c b/lib/pktname.c index d48b9d7d..c265783a 100644 --- a/lib/pktname.c +++ b/lib/pktname.c @@ -4,7 +4,7 @@ * Purpose ...............: BinkleyTerm outbound naming * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -56,7 +56,7 @@ char *prepbuf(faddr *addr) char *p, *domain=NULL, zpref[8]; int i; - sprintf(buf, "%s", CFG.outbound); + snprintf(buf, PATH_MAX -1, "%s", CFG.outbound); if (CFG.addr4d) { Syslog('o', "Use 4d addressing, zone is %d", addr->zone); @@ -64,7 +64,7 @@ char *prepbuf(faddr *addr) if ((addr->zone == 0) || (addr->zone == CFG.aka[0].zone)) zpref[0] = '\0'; else - sprintf(zpref, ".%03x", addr->zone); + snprintf(zpref, 7, ".%03x", addr->zone); } else { /* * If we got a 5d address we use the given domain, if @@ -96,7 +96,7 @@ char *prepbuf(faddr *addr) if (CFG.aka[i].zone == addr->zone) zpref[0] = '\0'; else - sprintf(zpref, ".%03x", addr->zone); + snprintf(zpref, 7, ".%03x", addr->zone); } else { /* * this is our primary domain @@ -104,16 +104,16 @@ char *prepbuf(faddr *addr) if ((addr->zone == 0) || (addr->zone == CFG.aka[0].zone)) zpref[0]='\0'; else - sprintf(zpref,".%03x",addr->zone); + snprintf(zpref, 7, ".%03x",addr->zone); } } p = buf + strlen(buf); if (addr->point) - sprintf(p,"%s/%04x%04x.pnt/%08x.", zpref,addr->net,addr->node,addr->point); + snprintf(p, PATH_MAX -1, "%s/%04x%04x.pnt/%08x.", zpref,addr->net,addr->node,addr->point); else - sprintf(p,"%s/%04x%04x.",zpref,addr->net,addr->node); + snprintf(p, PATH_MAX -1, "%s/%04x%04x.",zpref,addr->net,addr->node); if (domain) free(domain); @@ -133,7 +133,7 @@ char *pktname(faddr *addr, char flavor) flavor = 'd'; q = p + strlen(p); - sprintf(q, "%c%s", flavor, ptyp); + snprintf(q, PATH_MAX -1, "%c%s", flavor, ptyp); return p; } @@ -150,7 +150,7 @@ char *floname(faddr *addr, char flavor) flavor = 'd'; q = p + strlen(p); - sprintf(q, "%c%s", flavor, ftyp); + snprintf(q, PATH_MAX -1, "%c%s", flavor, ftyp); return p; } @@ -162,7 +162,7 @@ char *reqname(faddr *addr) p = prepbuf(addr); q = p + strlen(p); - sprintf(q, "%s", rtyp); + snprintf(q, PATH_MAX -1, "%s", rtyp); return p; } @@ -174,7 +174,7 @@ char *splname(faddr *addr) p = prepbuf(addr); q = p + strlen(p); - sprintf(q, "%s", styp); + snprintf(q, PATH_MAX -1, "%s", styp); return p; } @@ -186,7 +186,7 @@ char *bsyname(faddr *addr) p = prepbuf(addr); q = p + strlen(p); - sprintf(q, "%s", btyp); + snprintf(q, PATH_MAX -1, "%s", btyp); return p; } @@ -198,7 +198,7 @@ char *stsname(faddr *addr) p = prepbuf(addr); q = p + strlen(p); - sprintf(q, "%s", qtyp); + snprintf(q, PATH_MAX -1, "%s", qtyp); return p; } @@ -210,7 +210,7 @@ char *polname(faddr *addr) p = prepbuf(addr); q = p + strlen(p); - sprintf(q, "%s", ltyp); + snprintf(q, PATH_MAX -1, "%s", ltyp); return p; } @@ -227,7 +227,7 @@ char *dayname(void) tt = time(NULL); ptm = localtime(&tt); - sprintf(buf, "%s", dow[ptm->tm_wday]); + snprintf(buf, 2, "%s", dow[ptm->tm_wday]); return buf; } @@ -257,10 +257,10 @@ char *arcname(faddr *addr, unsigned short Zone, int ARCmailCompat) * Generate ARCfile name from the CRC of the ASCII string * of the node address. */ - sprintf(p, "/%08lx.%s0", StringCRC32(ascfnode(addr, 0x1f)), ext); + snprintf(p, PATH_MAX -1, "/%08lx.%s0", StringCRC32(ascfnode(addr, 0x1f)), ext); } else { if (addr->point) { - sprintf(p, "/%04x%04x.%s0", + snprintf(p, PATH_MAX -1, "/%04x%04x.%s0", ((bestaka->net) - (addr->net)) & 0xffff, ((bestaka->node) - (addr->node) + (addr->point)) & 0xffff, ext); @@ -269,10 +269,10 @@ char *arcname(faddr *addr, unsigned short Zone, int ARCmailCompat) * Inserted the next code for if we are a point, * I hope this is ARCmail 0.60 compliant. 21-May-1999 */ - sprintf(p, "/%04x%04x.%s0", ((bestaka->net) - (addr->net)) & 0xffff, + snprintf(p, PATH_MAX -1, "/%04x%04x.%s0", ((bestaka->net) - (addr->net)) & 0xffff, ((bestaka->node) - (addr->node) - (bestaka->point)) & 0xffff, ext); } else { - sprintf(p, "/%04x%04x.%s0", ((bestaka->net) - (addr->net)) & 0xffff, + snprintf(p, PATH_MAX -1, "/%04x%04x.%s0", ((bestaka->net) - (addr->net)) & 0xffff, ((bestaka->node) - (addr->node)) &0xffff, ext); } } diff --git a/lib/proglock.c b/lib/proglock.c index 5225d583..c8d4d6b9 100644 --- a/lib/proglock.c +++ b/lib/proglock.c @@ -4,7 +4,7 @@ * Purpose ...............: Program Locking * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -47,8 +47,8 @@ int lockprogram(char *progname) tempfile = calloc(PATH_MAX, sizeof(char)); lockfile = calloc(PATH_MAX, sizeof(char)); - sprintf(tempfile, "%s/var/run/%s.tmp", getenv("MBSE_ROOT"), progname); - sprintf(lockfile, "%s/var/run/%s", getenv("MBSE_ROOT"), progname); + snprintf(tempfile, PATH_MAX -1, "%s/var/run/%s.tmp", getenv("MBSE_ROOT"), progname); + snprintf(lockfile, PATH_MAX -1, "%s/var/run/%s", getenv("MBSE_ROOT"), progname); if ((fp = fopen(tempfile, "w")) == NULL) { WriteError("$Can't create lockfile \"%s\"", tempfile); @@ -115,7 +115,7 @@ void ulockprogram(char *progname) pid_t oldpid; lockfile = calloc(PATH_MAX, sizeof(char)); - sprintf(lockfile, "%s/var/run/%s", getenv("MBSE_ROOT"), progname); + snprintf(lockfile, PATH_MAX -1, "%s/var/run/%s", getenv("MBSE_ROOT"), progname); if ((fp = fopen(lockfile, "r")) == NULL) { WriteError("$Can't open lockfile \"%s\"", lockfile); diff --git a/lib/rearc.c b/lib/rearc.c index b8670f8b..bf4a013f 100644 --- a/lib/rearc.c +++ b/lib/rearc.c @@ -113,7 +113,7 @@ int rearc(char *filename, char *arctype, int do_quiet) return -1; } - sprintf(p, "%s", archiver.name); + snprintf(p, 5, "%s", archiver.name); Syslog('f', "new filename %s", newname); arccmd = xstrcpy(archiver.farc); @@ -135,8 +135,8 @@ int rearc(char *filename, char *arctype, int do_quiet) oldpath = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char)); getcwd(oldpath, PATH_MAX); - sprintf(workpath, "%s/tmp/rearc%d", getenv("MBSE_ROOT"), getpid()); - sprintf(temp, "%s/%s", workpath, filename); + snprintf(workpath, PATH_MAX -1, "%s/tmp/rearc%d", getenv("MBSE_ROOT"), getpid()); + snprintf(temp, PATH_MAX -1, "%s/%s", workpath, filename); rc = mkdirs(temp, 0755) ? 0 : -1; if (rc == 0) { if ((rc = chdir(workpath)) == -1) { @@ -155,12 +155,7 @@ int rearc(char *filename, char *arctype, int do_quiet) */ if (rc == 0) { if ((rc = execute_str(uncmd,filename,(char *)NULL,(char*)"/dev/null",(char*)"/dev/null",(char*)"/dev/null"))) { - sync(); - sleep(1); - WriteError("Warning: unpack %s failed, trying again after sync()", filename); - if ((rc = execute_str(uncmd,filename,(char *)NULL,(char*)"/dev/null",(char*)"/dev/null",(char*)"/dev/null"))) { - WriteError("$Can't unpack %s", filename); - } + WriteError("$Can't unpack %s", filename); } } @@ -174,12 +169,7 @@ int rearc(char *filename, char *arctype, int do_quiet) */ if (rc == 0) { if ((rc = execute_str(arccmd,newname,(char *)".",(char*)"/dev/null",(char*)"/dev/null",(char*)"/dev/null"))) { - sync(); - sleep(1); - WriteError("Warning: pack %s failed, trying again after sync()", newname); - if ((rc = execute_str(arccmd,newname,(char *)".",(char*)"/dev/null",(char*)"/dev/null",(char*)"/dev/null"))) { - WriteError("$Can't pack %s", newname); - } + WriteError("$Can't pack %s", newname); } } @@ -193,10 +183,10 @@ int rearc(char *filename, char *arctype, int do_quiet) /* * Clean and remove workdir */ - sprintf(temp, "-rf %s", workpath); + snprintf(temp, PATH_MAX -1, "-rf %s", workpath); execute_pth((char *)"rm", temp, (char*)"/dev/null", (char*)"/dev/null", (char*)"/dev/null"); if (rc == 0) - sprintf(filename, "%s", newname); + snprintf(filename, PATH_MAX -1, "%s", newname); free(workpath); free(oldpath); diff --git a/lib/remask.c b/lib/remask.c index 8284e9f5..51cedb93 100644 --- a/lib/remask.c +++ b/lib/remask.c @@ -4,7 +4,7 @@ * Purpose ...............: Regular Expression Mask * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -60,11 +60,11 @@ char *re_mask(char *nm, int forceupper) case '*': *q++ = '.'; *q++ = '*'; break; - case '@': sprintf(q, "[A-Za-z]"); + case '@': snprintf(q, 9, "[A-Za-z]"); while (*q) q++; break; - case '#': sprintf(q, "[0-9]"); + case '#': snprintf(q, 6, "[0-9]"); while (*q) q++; break; diff --git a/lib/rfcdate.c b/lib/rfcdate.c index 97596dfb..7c599c89 100644 --- a/lib/rfcdate.c +++ b/lib/rfcdate.c @@ -4,7 +4,7 @@ * Purpose ...............: Date utilities * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -180,7 +180,7 @@ char *rfcdate(time_t now) hr = offset / 60L; min = offset % 60L; - sprintf(buf,"%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", wdays[ptm.tm_wday], ptm.tm_mday, months[ptm.tm_mon], + snprintf(buf, 39, "%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", wdays[ptm.tm_wday], ptm.tm_mday, months[ptm.tm_mon], ptm.tm_year + 1900, ptm.tm_hour, ptm.tm_min, ptm.tm_sec, sign, hr, min); return(buf); } diff --git a/lib/semafore.c b/lib/semafore.c index 77673cc2..e022e023 100644 --- a/lib/semafore.c +++ b/lib/semafore.c @@ -4,7 +4,7 @@ * Purpose ...............: Create, test and remove semafore's * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -36,7 +36,7 @@ void CreateSema(char *sem) { char temp[40]; - sprintf(temp, "%s", SockR("SECR:1,%s;", sem)); + snprintf(temp, 39, "%s", SockR("SECR:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) WriteError("Can't create semafore %s", sem); } @@ -47,7 +47,7 @@ void RemoveSema(char *sem) { char temp[40]; - sprintf(temp, "%s", SockR("SERM:1,%s;", sem)); + snprintf(temp, 39, "%s", SockR("SERM:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) WriteError("Can't remove semafore %s", sem); } @@ -58,7 +58,7 @@ int IsSema(char *sem) { char temp[40]; - sprintf(temp, "%s", SockR("SEST:1,%s;", sem)); + snprintf(temp, 39, "%s", SockR("SEST:1,%s;", sem)); if (strncmp(temp, "200", 3) == 0) { WriteError("Can't read semafore %s", sem); return FALSE; diff --git a/lib/smtp.c b/lib/smtp.c index cc9fbaea..d8bd3d18 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -4,7 +4,7 @@ * Purpose ...............: MBSE BBS Internet Library * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -105,7 +105,7 @@ int smtp_connect(void) Syslog('+', "SMTP: %s", p); - sprintf(temp, "HELO %s\r\n", CFG.sysdomain); + snprintf(temp, 39, "HELO %s\r\n", CFG.sysdomain); if (smtp_cmd(temp, 250)) { smtp_close(); return -1; @@ -193,7 +193,7 @@ int smtp_cmd(char *cmd, int resp) if (smtp_send(cmd) == -1) return -1; - sprintf(rsp, "%d", resp); + snprintf(rsp, 5, "%d", resp); p = smtp_receive(); if (strncmp(p, rsp, strlen(rsp))) { diff --git a/lib/unpacker.c b/lib/unpacker.c index e5de8a6b..d8950a3b 100644 --- a/lib/unpacker.c +++ b/lib/unpacker.c @@ -90,7 +90,7 @@ int getarchiver(char *unarc) memset(&archiver, 0, sizeof(archiver)); filename = calloc(PATH_MAX, sizeof(char)); - sprintf(filename, "%s/etc/archiver.data", getenv("MBSE_ROOT")); + snprintf(filename, PATH_MAX -1, "%s/etc/archiver.data", getenv("MBSE_ROOT")); if ((fp = fopen(filename, "r")) == NULL) { WriteError("$Can't open %s", filename);