diff --git a/lib/diesel.h b/lib/diesel.h index e298adfc..e86590ae 100644 --- a/lib/diesel.h +++ b/lib/diesel.h @@ -50,7 +50,7 @@ int diesel(char *, char *); char *ParseMacro( const char *, int * ); void MacroVars( const char *, const char *, ... ); void MacroClear(void); -void html_massage(char *, char *); +void html_massage(char *, char *, size_t); FILE *OpenMacro(const char *, int, int); #endif diff --git a/lib/dostran.c b/lib/dostran.c index 3883728a..972d01d4 100644 --- a/lib/dostran.c +++ b/lib/dostran.c @@ -4,7 +4,7 @@ * Purpose ...............: DOS to Unix filename translation * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -40,7 +40,7 @@ char *Dos2Unix(char *dosname) memset(&buf, 0, sizeof(buf)); memset(&buf2, 0, sizeof(buf2)); - sprintf(buf, "%s", dosname); + snprintf(buf, PATH_MAX -1, "%s", dosname); p = buf; if (strlen(CFG.dospath)) { @@ -72,7 +72,7 @@ char *Unix2Dos(char *uxname) memset(&buf, 0, sizeof(buf)); if (strlen(CFG.dospath)) { - sprintf(buf, "%s", CFG.dospath); + snprintf(buf, PATH_MAX -1, "%s", CFG.dospath); if (*(CFG.dospath+strlen(CFG.dospath)-1) != '\\') buf[strlen(buf)] = '\\'; @@ -84,7 +84,7 @@ char *Unix2Dos(char *uxname) buf[strlen(buf)] = (*q == '/')?'\\':*q; } else { - sprintf(buf, "%s", uxname); + snprintf(buf, PATH_MAX -1, "%s", uxname); } return buf; diff --git a/lib/execute.c b/lib/execute.c index 9bc049c3..0e8df2da 100644 --- a/lib/execute.c +++ b/lib/execute.c @@ -4,7 +4,7 @@ * Purpose ...............: Execute subprogram * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -45,7 +45,7 @@ int _execute(char **args, char *in, char *out, char *err) memset(&buf, 0, sizeof(buf)); for (i = 0; i < 16; i++) { if (args[i]) - sprintf(buf, "%s %s", buf, args[i]); + snprintf(buf, PATH_MAX -1, "%s %s", buf, args[i]); else break; } @@ -164,9 +164,9 @@ int execute_str(char *cmd, char *fil, char *pkt, char *in, char *out, char *err) i = 0; if ((pkt != NULL) && strlen(pkt)) - sprintf(buf, "%s %s %s", cmd, fil, pkt); + snprintf(buf, PATH_MAX -1, "%s %s %s", cmd, fil, pkt); else - sprintf(buf, "%s %s", cmd, fil); + snprintf(buf, PATH_MAX -1, "%s %s", cmd, fil); args[i++] = strtok(buf, " \t\0"); while ((args[i++] = strtok(NULL," \t\n")) && (i < 15)); diff --git a/lib/faddr.c b/lib/faddr.c index 83acb537..07f775a1 100644 --- a/lib/faddr.c +++ b/lib/faddr.c @@ -4,7 +4,7 @@ * Purpose ...............: Fidonet Address conversions. * ***************************************************************************** - * Copyright (C) 1993-2004 + * Copyright (C) 1993-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -48,14 +48,14 @@ char *aka2str(fidoaddr aka) result[0] = '\0'; if (strlen(aka.domain)) { if (aka.point == 0) - sprintf(result, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain); + snprintf(result, 42, "%d:%d/%d@%s", aka.zone, aka.net, aka.node, aka.domain); else - sprintf(result, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain); + snprintf(result, 42, "%d:%d/%d.%d@%s", aka.zone, aka.net, aka.node, aka.point, aka.domain); } else { if (aka.point == 0) - sprintf(result, "%d:%d/%d", aka.zone, aka.net, aka.node); + snprintf(result, 42, "%d:%d/%d", aka.zone, aka.net, aka.node); else - sprintf(result, "%d:%d/%d.%d", aka.zone, aka.net, aka.node, aka.point); + snprintf(result, 42, "%d:%d/%d.%d", aka.zone, aka.net, aka.node, aka.point); } return result; } @@ -84,7 +84,7 @@ fidoaddr str2aka(char *addr) if (strlen(addr) > 42) return n; - sprintf(b, "%s~", addr); + snprintf(b, 42, "%s~", addr); if ((strchr(b, ':') == NULL) || (strchr(b, '/') == NULL)) return n; diff --git a/lib/ftn.c b/lib/ftn.c index 47b18168..4880e3bb 100644 --- a/lib/ftn.c +++ b/lib/ftn.c @@ -5,7 +5,7 @@ * Remark ................: From ifmail with patches from P.Saratxaga * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -243,7 +243,7 @@ faddr *parsefaddr(char *s) goto leave; p = calloc(PATH_MAX, sizeof(char)); - sprintf(p, "%s/etc/domain.data", getenv("MBSE_ROOT")); + snprintf(p, PATH_MAX -1, "%s/etc/domain.data", getenv("MBSE_ROOT")); if ((fp = fopen(p, "r")) == NULL) { WriteError("$Can't open %s", p); free(p); @@ -399,9 +399,9 @@ char *ascinode(faddr *a, int fl) if ((strchr(a->name,'.')) || (strchr(a->name,'@')) || (strchr(a->name,'\'')) || (strchr(a->name,',')) || (strchr(a->name,'<')) || (strchr(a->name,'>'))) - sprintf(buf+strlen(buf),"\"%s\" <",a->name); + snprintf(buf+strlen(buf), 127, "\"%s\" <", a->name); else - sprintf(buf+strlen(buf),"%s <",a->name); + snprintf(buf+strlen(buf), 127, "%s <", a->name); } if ((fl & 0x40) && (a->name)) { @@ -466,33 +466,33 @@ char *ascinode(faddr *a, int fl) } if ((fl & 0x01) && (a->point)) - sprintf(buf+strlen(buf),"p%u.",a->point); + snprintf(buf+strlen(buf), 127, "p%u.", a->point); if (fl & 0x02) - sprintf(buf+strlen(buf),"f%u.",a->node); + snprintf(buf+strlen(buf), 127, "f%u.", a->node); if (fl & 0x04) - sprintf(buf+strlen(buf),"n%u.",a->net); + snprintf(buf+strlen(buf), 127, "n%u.", a->net); if ((fl & 0x08) && (a->zone)) - sprintf(buf+strlen(buf),"z%u.",a->zone); + snprintf(buf+strlen(buf), 127, "z%u.", a->zone); buf[strlen(buf)-1]='\0'; if (fl & 0x10) { if (a->domain) - sprintf(buf+strlen(buf),".%s",a->domain); + snprintf(buf+strlen(buf), 127, ".%s", a->domain); } if (fl & 0x20) { if (a->domain) { if ((fl & 0x10) == 0) - sprintf(buf+strlen(buf),".%s",a->domain); + snprintf(buf+strlen(buf), 127, ".%s", a->domain); } else { if (SearchFidonet(a->zone)) - sprintf(buf+strlen(buf), ".%s", fidonet.domain); + snprintf(buf+strlen(buf), 127, ".%s", fidonet.domain); else - sprintf(buf+strlen(buf),".fidonet"); + snprintf(buf+strlen(buf), 127, ".fidonet"); } p = calloc(128, sizeof(char)); - sprintf(p, "%s/etc/domain.data", getenv("MBSE_ROOT")); + snprintf(p, 127, "%s/etc/domain.data", getenv("MBSE_ROOT")); if ((fp = fopen(p, "r")) == NULL) { WriteError("$Can't open %s", p); } else { @@ -509,11 +509,11 @@ char *ascinode(faddr *a, int fl) } free(p); if (!found) - sprintf(buf + strlen(buf), ".ftn"); + snprintf(buf + strlen(buf), 127, ".ftn"); } if ((fl & 0x80) && (a->name)) - sprintf(buf+strlen(buf),">"); + snprintf(buf+strlen(buf), 127, ">"); return buf; } @@ -535,17 +535,17 @@ char *ascfnode(faddr *a, int fl) buf[0] = '\0'; if ((fl & 0x40) && (a->name)) - sprintf(buf+strlen(buf),"%s of ",a->name); + snprintf(buf+strlen(buf),127,"%s of ",a->name); if ((fl & 0x08) && (a->zone)) - sprintf(buf+strlen(buf),"%u:",a->zone); + snprintf(buf+strlen(buf),127,"%u:",a->zone); if (fl & 0x04) - sprintf(buf+strlen(buf),"%u/",a->net); + snprintf(buf+strlen(buf),127,"%u/",a->net); if (fl & 0x02) - sprintf(buf+strlen(buf),"%u",a->node); + snprintf(buf+strlen(buf),127,"%u",a->node); if ((fl & 0x01) && (a->point)) - sprintf(buf+strlen(buf),".%u",a->point); + snprintf(buf+strlen(buf),127,".%u",a->point); if ((fl & 0x10) && (a->domain)) - sprintf(buf+strlen(buf),"@%s",a->domain); + snprintf(buf+strlen(buf),127,"@%s",a->domain); return buf; } @@ -600,7 +600,7 @@ fidoaddr *faddr2fido(faddr *aka) Sys->node = aka->node; Sys->point = aka->point; if (aka->domain != NULL) - sprintf(Sys->domain, "%s", aka->domain); + snprintf(Sys->domain, 12, "%s", aka->domain); return Sys; } diff --git a/lib/ftnmsg.c b/lib/ftnmsg.c index a9a8eab9..085270a2 100644 --- a/lib/ftnmsg.c +++ b/lib/ftnmsg.c @@ -5,7 +5,7 @@ * Purpose ...............: Fidonet mailer * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -51,7 +51,7 @@ char *ftndate(time_t t) if (ptm->tm_sec > 59) ptm->tm_sec = 59; - sprintf(buf,"%02d %s %02d %02d:%02d:%02d",ptm->tm_mday, + snprintf(buf, 31, "%02d %s %02d %02d:%02d:%02d",ptm->tm_mday, months[ptm->tm_mon], ptm->tm_year%100, ptm->tm_hour, ptm->tm_min, ptm->tm_sec); return buf; diff --git a/lib/getheader.c b/lib/getheader.c index 997bea94..685a8e75 100644 --- a/lib/getheader.c +++ b/lib/getheader.c @@ -143,7 +143,7 @@ int getheader(faddr *f, faddr *t, FILE *pkt, char *pname, int session) /* * Fill in a default product code in case it doesn't exist */ - sprintf(buf, "%04x", prodx); + snprintf(buf, 4, "%04x", prodx); prodn = xstrcpy((char *)"Unknown 0x"); prodn = xstrcat(prodn, buf); for (i = 0; ftscprod[i].name; i++) diff --git a/lib/gmtoffset.c b/lib/gmtoffset.c index ea52786e..439aaba7 100644 --- a/lib/gmtoffset.c +++ b/lib/gmtoffset.c @@ -5,7 +5,7 @@ * Source ................: Eugene G. Crosser's ifmail package. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -99,9 +99,9 @@ char *gmtoffset(time_t now) min = offset % 60L; if (sign == '-') - sprintf(buf, "%c%02d%02d", sign, hr, min); + snprintf(buf, 5, "%c%02d%02d", sign, hr, min); else - sprintf(buf, "%02d%02d", hr, min); + snprintf(buf, 5, "%02d%02d", hr, min); return(buf); } @@ -119,7 +119,7 @@ char *str_time(time_t total) * 0 .. 59 seconds */ if (total < (time_t)60) { - sprintf(buf, "%2d.00s", (int)total); + snprintf(buf, 9, "%2d.00s", (int)total); return buf; } @@ -129,7 +129,7 @@ char *str_time(time_t total) if (total < (time_t)3600) { h = total / 60; m = total % 60; - sprintf(buf, "%2d:%02d ", h, m); + snprintf(buf, 9, "%2d:%02d ", h, m); return buf; } @@ -139,7 +139,7 @@ char *str_time(time_t total) if (total < (time_t)86400) { h = (total / 60) / 60; m = (total / 60) % 60; - sprintf(buf, "%2d:%02dm", h, m); + snprintf(buf, 9, "%2d:%02dm", h, m); return buf; } @@ -149,11 +149,11 @@ char *str_time(time_t total) if (total < (time_t)2592000) { h = (total / 3600) / 24; m = (total / 3600) % 24; - sprintf(buf, "%2d/%02dh", h, m); + snprintf(buf, 9, "%2d/%02dh", h, m); return buf; } - sprintf(buf, "N/A "); + snprintf(buf, 9, "N/A "); return buf; } diff --git a/lib/jammsg.c b/lib/jammsg.c index 9db91edb..ce893b26 100644 --- a/lib/jammsg.c +++ b/lib/jammsg.c @@ -10,7 +10,7 @@ * MBSE BBS and utilities. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -321,13 +321,13 @@ void JAM_DeleteJAM(char *Base) char *temp; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s%s", Base, EXT_HDRFILE); + snprintf(temp, PATH_MAX -1, "%s%s", Base, EXT_HDRFILE); unlink(temp); - sprintf(temp, "%s%s", Base, EXT_IDXFILE); + snprintf(temp, PATH_MAX -1, "%s%s", Base, EXT_IDXFILE); unlink(temp); - sprintf(temp, "%s%s", Base, EXT_TXTFILE); + snprintf(temp, PATH_MAX -1, "%s%s", Base, EXT_TXTFILE); unlink(temp); - sprintf(temp, "%s%s", Base, EXT_LRDFILE); + snprintf(temp, PATH_MAX -1, "%s%s", Base, EXT_LRDFILE); unlink(temp); free(temp); Syslog('+', "JAM deleted %s", Base); @@ -538,7 +538,7 @@ int JAM_Open(char *Msgbase) pSubfield = NULL; File = calloc(PATH_MAX, sizeof(char)); - sprintf(File, "%s%s", Msgbase, EXT_HDRFILE); + snprintf(File, PATH_MAX -1, "%s%s", Msgbase, EXT_HDRFILE); if ((fdHdr = open(File, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP)) != -1) { if (read(fdHdr, &jamHdrInfo, sizeof(JAMHDRINFO)) != sizeof(JAMHDRINFO)) { memset(&jamHdrInfo, 0, sizeof(JAMHDRINFO)); @@ -558,11 +558,11 @@ int JAM_Open(char *Msgbase) jamHdrInfo.Signature[1] == Signature[1] && jamHdrInfo.Signature[2] == Signature[2] && jamHdrInfo.Signature[3] == Signature[3]) { - sprintf(File, "%s%s", Msgbase, EXT_TXTFILE); + snprintf(File, PATH_MAX -1, "%s%s", Msgbase, EXT_TXTFILE); fdJdt = open(File, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); - sprintf(File, "%s%s", Msgbase, EXT_IDXFILE); + snprintf(File, PATH_MAX -1, "%s%s", Msgbase, EXT_IDXFILE); fdJdx = open(File, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); - sprintf(File, "%s%s", Msgbase, EXT_LRDFILE); + snprintf(File, PATH_MAX -1, "%s%s", Msgbase, EXT_LRDFILE); fdJlr = open(File, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); RetVal = TRUE; @@ -600,13 +600,13 @@ void JAM_Pack(void) File = calloc(PATH_MAX, sizeof(char)); New = calloc(PATH_MAX, sizeof(char)); - sprintf(File, "%s%s", BaseName, ".$dr"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dr"); fdnHdr = open(File, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); - sprintf(File, "%s%s", BaseName, ".$dt"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dt"); fdnJdt = open(File, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); - sprintf(File, "%s%s", BaseName, ".$dx"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dx"); fdnJdx = open(File, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); - sprintf(File, "%s%s", BaseName, ".$lr"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$lr"); fdnJlr = open(File, O_RDWR|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP); /* @@ -741,42 +741,42 @@ void JAM_Pack(void) close(fdJlr); fdHdr = fdJdt = fdJdx = fdJlr = -1; - sprintf(File, "%s%s", BaseName, ".$dr"); - sprintf(New, "%s%s", BaseName, EXT_HDRFILE); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dr"); + snprintf(New, PATH_MAX -1, "%s%s", BaseName, EXT_HDRFILE); unlink(New); rename(File, New); - sprintf(File, "%s%s", BaseName, ".$dt"); - sprintf(New, "%s%s", BaseName, EXT_TXTFILE); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dt"); + snprintf(New, PATH_MAX -1, "%s%s", BaseName, EXT_TXTFILE); unlink(New); rename(File, New); - sprintf(File, "%s%s", BaseName, ".$dx"); - sprintf(New, "%s%s", BaseName, EXT_IDXFILE); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dx"); + snprintf(New, PATH_MAX -1, "%s%s", BaseName, EXT_IDXFILE); unlink(New); rename(File, New); - sprintf(File, "%s%s", BaseName, ".$lr"); - sprintf(New, "%s%s", BaseName, EXT_LRDFILE); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$lr"); + snprintf(New, PATH_MAX -1, "%s%s", BaseName, EXT_LRDFILE); unlink(New); rename(File, New); - sprintf(File, "%s", BaseName); + snprintf(File, PATH_MAX -1, "%s", BaseName); JAM_Open(File); } if (fdnHdr != -1) close(fdnHdr); - sprintf(File, "%s%s", BaseName, ".$dr"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dr"); unlink(File); if (fdnJdt != -1) close(fdnJdt); - sprintf(File, "%s%s", BaseName, ".$dt"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dt"); unlink(File); if (fdnJdx != -1) close(fdnJdx); - sprintf(File, "%s%s", BaseName, ".$dx"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$dx"); unlink(File); if (fdnJlr != -1) close(fdnJlr); - sprintf(File, "%s%s", BaseName, ".$lr"); + snprintf(File, PATH_MAX -1, "%s%s", BaseName, ".$lr"); unlink(File); free(File); free(New); @@ -1110,29 +1110,29 @@ int JAM_Read(unsigned long ulMsg, int nWidth) memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; memset(&Msg.Msgid, 0, sizeof(Msg.Msgid)); - sprintf(Msg.Msgid, "%s", szBuff); - sprintf (szLine, "\001MSGID: %s", szBuff); + snprintf(Msg.Msgid, 80, "%s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001MSGID: %s", szBuff); MsgText_Add2(szLine); break; case JAMSFLD_REPLYID: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "\001REPLY: %s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001REPLY: %s", szBuff); MsgText_Add2(szLine); break; case JAMSFLD_PID: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "\001PID: %s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001PID: %s", szBuff); MsgText_Add2(szLine); break; case JAMSFLD_TRACE: memcpy(szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "\001Via %s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001Via %s", szBuff); MsgText_Add2(szLine); break; @@ -1140,20 +1140,20 @@ int JAM_Read(unsigned long ulMsg, int nWidth) memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; if (!strncmp(szBuff, "AREA:", 5)) - sprintf(szLine, "%s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "%s", szBuff); else { - sprintf (szLine, "\001%s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001%s", szBuff); if (strncmp(szLine, "\001REPLYADDR:", 11) == 0) { - sprintf(Msg.ReplyAddr, "%s", szLine+12); + snprintf(Msg.ReplyAddr, 80, "%s", szLine+12); } if (strncmp(szLine, "\001REPLYTO:", 9) == 0) { - sprintf(Msg.ReplyTo, "%s", szLine+10); + snprintf(Msg.ReplyTo, 80, "%s", szLine+10); } if (strncmp(szLine, "\001REPLYADDR", 10) == 0) { - sprintf(Msg.ReplyAddr, "%s", szLine+11); + snprintf(Msg.ReplyAddr, 80, "%s", szLine+11); } if (strncmp(szLine, "\001REPLYTO", 8) == 0) { - sprintf(Msg.ReplyTo, "%s", szLine+9); + snprintf(Msg.ReplyTo, 80, "%s", szLine+9); } } MsgText_Add2(szLine); @@ -1162,7 +1162,7 @@ int JAM_Read(unsigned long ulMsg, int nWidth) case JAMSFLD_SEENBY2D: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "SEEN-BY: %s", szBuff); + snprintf (szLine, MAX_LINE_LENGTH, "SEEN-BY: %s", szBuff); if ((New = (LDATA *)malloc(sizeof(LDATA))) != NULL) { memset(New, 0, sizeof(LDATA)); New->Value = strdup(szLine); @@ -1182,7 +1182,7 @@ int JAM_Read(unsigned long ulMsg, int nWidth) case JAMSFLD_PATH2D: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "\001PATH: %s", szBuff); + snprintf(szLine, MAX_LINE_LENGTH, "\001PATH: %s", szBuff); if ((New = (LDATA *)malloc(sizeof(LDATA))) != NULL) { memset(New, 0, sizeof(LDATA)); New->Value = strdup(szLine); @@ -1202,14 +1202,14 @@ int JAM_Read(unsigned long ulMsg, int nWidth) case JAMSFLD_FLAGS: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szLine, "\001FLAGS %s", szLine); + snprintf(szLine, MAX_LINE_LENGTH, "\001FLAGS %s", szLine); MsgText_Add2(szLine); break; case JAMSFLD_TZUTCINFO: memcpy (szBuff, pPos, (int)jamSubField->DatLen); szBuff[(int)jamSubField->DatLen] = '\0'; - sprintf (szBuff, "\001TZUTC %s", szLine); + snprintf(szBuff, MAX_LINE_LENGTH, "\001TZUTC %s", szLine); MsgText_Add2(szLine); break; diff --git a/lib/mangle.c b/lib/mangle.c index abee0112..c9258155 100644 --- a/lib/mangle.c +++ b/lib/mangle.c @@ -4,7 +4,7 @@ * Purpose ...............: Mangle a unix name to DOS 8.3 filename * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -427,7 +427,7 @@ void mangle_name_83(char *s) if (crc16 > (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE)) Syslog('!', "WARNING: mangle_name_83() crc16 overflow"); crc16 = crc16 % (MANGLE_BASE * MANGLE_BASE * MANGLE_BASE); - sprintf(s, "%s%c%c%c%c", base, magic_char, + snprintf(s, 8, "%s%c%c%c%c", base, magic_char, mangle(crc16 / (MANGLE_BASE * MANGLE_BASE)), mangle(crc16 / MANGLE_BASE), mangle(crc16)); if ( *extension ) { (void)strcat(s, "."); diff --git a/lib/mbdiesel.c b/lib/mbdiesel.c index 6532d257..cc8af56d 100644 --- a/lib/mbdiesel.c +++ b/lib/mbdiesel.c @@ -52,19 +52,19 @@ void MacroVars( const char *codes, const char *fmt, ...) switch (fmt[j]) { case 's': /* string */ vs = va_arg(ap, char *); - sprintf(tmp1,"@(setvar,%c,\"%s\")",codes[j],vs); + snprintf(tmp1, MAXSTR -1, "@(setvar,%c,\"%s\")",codes[j],vs); break; case 'd': /* int */ vd = va_arg(ap, int); - sprintf(tmp1,"@(setvar,%c,%d)",codes[j],vd); + snprintf(tmp1, MAXSTR -1, "@(setvar,%c,%d)",codes[j],vd); break; case 'c': /* char */ vc = va_arg(ap, int); - sprintf(tmp1,"@(setvar,%c,%c)",codes[j],vc); + snprintf(tmp1, MAXSTR -1, "@(setvar,%c,%c)",codes[j],vc); break; case 'f': /* char */ vf = va_arg(ap, double); - sprintf(tmp1,"@(setvar,%c,%f)",codes[j],vf); + snprintf(tmp1, MAXSTR -1, "@(setvar,%c,%f)",codes[j],vf); break; } dieselrc = diesel(tmp1,tmp2); @@ -129,16 +129,16 @@ char *ParseMacro( const char *line, int *dieselrc) i++; } i--; - sprintf(tmp2,"@(GETVAR,%c)",code); + snprintf(tmp2, MAXSTR -1, "@(GETVAR,%c)",code); if (!diesel(tmp2,tmp3)==0){ - sprintf(tmp3,"%c%c",'@',code); + snprintf(tmp3, MAXSTR -1, "%c%c",'@',code); } if (l>2){ if ( *i != '>') l=-l; - sprintf(&tmp1[strlen(tmp1)],"%*.*s",l,l, tmp3); + snprintf(&tmp1[strlen(tmp1)], MAXSTR -1, "%*.*s", l, l, tmp3); }else{ - sprintf(&tmp1[strlen(tmp1)],"%s",tmp3); + snprintf(&tmp1[strlen(tmp1)], MAXSTR -1, "%s", tmp3); } }else{ tmp1[(j=strlen(tmp1))]='@'; @@ -151,7 +151,7 @@ char *ParseMacro( const char *line, int *dieselrc) } i = tmp1; - sprintf(tmp2,"%s",tmp1); + snprintf(tmp2, MAXSTR -1, "%s", tmp1); if ((tmp1[0]=='@') && (tmp1[1]=='{')){ i++; @@ -163,11 +163,11 @@ char *ParseMacro( const char *line, int *dieselrc) i++; res[0]='\0'; if (j>2) - sprintf(res,"%.*s",j-2,&tmp1[2]); + snprintf(res, MAXSTR -1, "%.*s",j-2, &tmp1[2]); if ((diesel(res,tmp3)!=0) || (atoi(tmp3)==0)) - sprintf(tmp2,"@!%s",i); + snprintf(tmp2, MAXSTR -1, "@!%s",i); else - sprintf(tmp2,"%s",i); + snprintf(tmp2, MAXSTR -1, "%s",i); } } *dieselrc=diesel(tmp2, res); @@ -197,7 +197,7 @@ void Cookie(int HtmlMode) MacroVars("F", "s", ""); fname = calloc(PATH_MAX, sizeof(char)); - sprintf(fname, "%s/etc/oneline.data", getenv("MBSE_ROOT")); + snprintf(fname, PATH_MAX -1, "%s/etc/oneline.data", getenv("MBSE_ROOT")); if ((olf = fopen(fname, "r")) == NULL) { WriteError("Can't open %s", fname); @@ -218,7 +218,7 @@ void Cookie(int HtmlMode) if (fseek(olf, olhdr.hdrsize + (recno * olhdr.recsize), SEEK_SET) == 0) { if (fread(&ol, olhdr.recsize, 1, olf) == 1) { if (HtmlMode) { - html_massage(ol.Oneline, outbuf); + html_massage(ol.Oneline, outbuf, 255); MacroVars("F", "s", outbuf); } else { MacroVars("F", "s", ol.Oneline); @@ -240,7 +240,7 @@ void Cookie(int HtmlMode) /* * Translate ISO 8859-1 characters to named character entities */ -void html_massage(char *inbuf, char *outbuf) +void html_massage(char *inbuf, char *outbuf, size_t size) { char *inptr = inbuf; char *outptr = outbuf; @@ -251,106 +251,106 @@ void html_massage(char *inbuf, char *outbuf) switch ((unsigned char)*inptr) { - case '"': sprintf(outptr, """); break; - case '&': sprintf(outptr, "&"); break; - case '<': sprintf(outptr, "<"); break; - case '>': sprintf(outptr, ">"); break; - case 160: sprintf(outptr, " "); break; - case 161: sprintf(outptr, "¡"); break; - case 162: sprintf(outptr, "¢"); break; - case 163: sprintf(outptr, "£"); break; - case 164: sprintf(outptr, "¤"); break; - case 165: sprintf(outptr, "¥"); break; - case 166: sprintf(outptr, "¦"); break; - case 167: sprintf(outptr, "§"); break; - case 168: sprintf(outptr, "¨"); break; - case 169: sprintf(outptr, "©"); break; - case 170: sprintf(outptr, "ª"); break; - case 171: sprintf(outptr, "«"); break; - case 172: sprintf(outptr, "¬"); break; - case 173: sprintf(outptr, "­"); break; - case 174: sprintf(outptr, "®"); break; - case 175: sprintf(outptr, "¯"); break; - case 176: sprintf(outptr, "°"); break; - case 177: sprintf(outptr, "&plumin;"); break; - case 178: sprintf(outptr, "²"); break; - case 179: sprintf(outptr, "³"); break; - case 180: sprintf(outptr, "´"); break; - case 181: sprintf(outptr, "µ"); break; - case 182: sprintf(outptr, "¶"); break; - case 183: sprintf(outptr, "·"); break; - case 184: sprintf(outptr, "¸"); break; - case 185: sprintf(outptr, "&supl;"); break; - case 186: sprintf(outptr, "º"); break; - case 187: sprintf(outptr, "»"); break; - case 188: sprintf(outptr, "¼"); break; - case 189: sprintf(outptr, "½"); break; - case 190: sprintf(outptr, "¾"); break; - case 191: sprintf(outptr, "¿"); break; - case 192: sprintf(outptr, "À"); break; - case 193: sprintf(outptr, "Á"); break; - case 194: sprintf(outptr, "Â"); break; - case 195: sprintf(outptr, "Ã"); break; - case 196: sprintf(outptr, "Ä"); break; - case 197: sprintf(outptr, "Å"); break; - case 198: sprintf(outptr, "Æ"); break; - case 199: sprintf(outptr, "Ç"); break; - case 200: sprintf(outptr, "È"); break; - case 201: sprintf(outptr, "É"); break; - case 202: sprintf(outptr, "Ê"); break; - case 203: sprintf(outptr, "Ë"); break; - case 204: sprintf(outptr, "Ì"); break; - case 205: sprintf(outptr, "Í"); break; - case 206: sprintf(outptr, "Î"); break; - case 207: sprintf(outptr, "Ï"); break; - case 208: sprintf(outptr, "Ð"); break; - case 209: sprintf(outptr, "Ñ"); break; - case 210: sprintf(outptr, "Ò"); break; - case 211: sprintf(outptr, "Ó"); break; - case 212: sprintf(outptr, "Ô"); break; - case 213: sprintf(outptr, "Õ"); break; - case 214: sprintf(outptr, "Ö"); break; - case 215: sprintf(outptr, "×"); break; - case 216: sprintf(outptr, "Ø"); break; - case 217: sprintf(outptr, "Ù"); break; - case 218: sprintf(outptr, "Ú"); break; - case 219: sprintf(outptr, "Û"); break; - case 220: sprintf(outptr, "Ü"); break; - case 221: sprintf(outptr, "Ý"); break; - case 222: sprintf(outptr, "Þ"); break; - case 223: sprintf(outptr, "ß"); break; - case 224: sprintf(outptr, "à"); break; - case 225: sprintf(outptr, "á"); break; - case 226: sprintf(outptr, "â"); break; - case 227: sprintf(outptr, "ã"); break; - case 228: sprintf(outptr, "ä"); break; - case 229: sprintf(outptr, "å"); break; - case 230: sprintf(outptr, "æ"); break; - case 231: sprintf(outptr, "ç"); break; - case 232: sprintf(outptr, "è"); break; - case 233: sprintf(outptr, "é"); break; - case 234: sprintf(outptr, "ê"); break; - case 235: sprintf(outptr, "ë"); break; - case 236: sprintf(outptr, "ì"); break; - case 237: sprintf(outptr, "í"); break; - case 238: sprintf(outptr, "î"); break; - case 239: sprintf(outptr, "ï"); break; - case 240: sprintf(outptr, "ð"); break; - case 241: sprintf(outptr, "ñ"); break; - case 242: sprintf(outptr, "ò"); break; - case 243: sprintf(outptr, "ó"); break; - case 244: sprintf(outptr, "ô"); break; - case 245: sprintf(outptr, "õ"); break; - case 246: sprintf(outptr, "ö"); break; - case 247: sprintf(outptr, "÷"); break; - case 248: sprintf(outptr, "ø"); break; - case 249: sprintf(outptr, "ù"); break; - case 250: sprintf(outptr, "ú"); break; - case 251: sprintf(outptr, "û"); break; - case 252: sprintf(outptr, "ü"); break; - case 253: sprintf(outptr, "ý"); break; - case 254: sprintf(outptr, "þ"); break; - case 255: sprintf(outptr, "ÿ"); break; + case '"': snprintf(outptr, size, """); break; + case '&': snprintf(outptr, size, "&"); break; + case '<': snprintf(outptr, size, "<"); break; + case '>': snprintf(outptr, size, ">"); break; + case 160: snprintf(outptr, size, " "); break; + case 161: snprintf(outptr, size, "¡"); break; + case 162: snprintf(outptr, size, "¢"); break; + case 163: snprintf(outptr, size, "£"); break; + case 164: snprintf(outptr, size, "¤"); break; + case 165: snprintf(outptr, size, "¥"); break; + case 166: snprintf(outptr, size, "¦"); break; + case 167: snprintf(outptr, size, "§"); break; + case 168: snprintf(outptr, size, "¨"); break; + case 169: snprintf(outptr, size, "©"); break; + case 170: snprintf(outptr, size, "ª"); break; + case 171: snprintf(outptr, size, "«"); break; + case 172: snprintf(outptr, size, "¬"); break; + case 173: snprintf(outptr, size, "­"); break; + case 174: snprintf(outptr, size, "®"); break; + case 175: snprintf(outptr, size, "¯"); break; + case 176: snprintf(outptr, size, "°"); break; + case 177: snprintf(outptr, size, "&plumin;"); break; + case 178: snprintf(outptr, size, "²"); break; + case 179: snprintf(outptr, size, "³"); break; + case 180: snprintf(outptr, size, "´"); break; + case 181: snprintf(outptr, size, "µ"); break; + case 182: snprintf(outptr, size, "¶"); break; + case 183: snprintf(outptr, size, "·"); break; + case 184: snprintf(outptr, size, "¸"); break; + case 185: snprintf(outptr, size, "&supl;"); break; + case 186: snprintf(outptr, size, "º"); break; + case 187: snprintf(outptr, size, "»"); break; + case 188: snprintf(outptr, size, "¼"); break; + case 189: snprintf(outptr, size, "½"); break; + case 190: snprintf(outptr, size, "¾"); break; + case 191: snprintf(outptr, size, "¿"); break; + case 192: snprintf(outptr, size, "À"); break; + case 193: snprintf(outptr, size, "Á"); break; + case 194: snprintf(outptr, size, "Â"); break; + case 195: snprintf(outptr, size, "Ã"); break; + case 196: snprintf(outptr, size, "Ä"); break; + case 197: snprintf(outptr, size, "Å"); break; + case 198: snprintf(outptr, size, "Æ"); break; + case 199: snprintf(outptr, size, "Ç"); break; + case 200: snprintf(outptr, size, "È"); break; + case 201: snprintf(outptr, size, "É"); break; + case 202: snprintf(outptr, size, "Ê"); break; + case 203: snprintf(outptr, size, "Ë"); break; + case 204: snprintf(outptr, size, "Ì"); break; + case 205: snprintf(outptr, size, "Í"); break; + case 206: snprintf(outptr, size, "Î"); break; + case 207: snprintf(outptr, size, "Ï"); break; + case 208: snprintf(outptr, size, "Ð"); break; + case 209: snprintf(outptr, size, "Ñ"); break; + case 210: snprintf(outptr, size, "Ò"); break; + case 211: snprintf(outptr, size, "Ó"); break; + case 212: snprintf(outptr, size, "Ô"); break; + case 213: snprintf(outptr, size, "Õ"); break; + case 214: snprintf(outptr, size, "Ö"); break; + case 215: snprintf(outptr, size, "×"); break; + case 216: snprintf(outptr, size, "Ø"); break; + case 217: snprintf(outptr, size, "Ù"); break; + case 218: snprintf(outptr, size, "Ú"); break; + case 219: snprintf(outptr, size, "Û"); break; + case 220: snprintf(outptr, size, "Ü"); break; + case 221: snprintf(outptr, size, "Ý"); break; + case 222: snprintf(outptr, size, "Þ"); break; + case 223: snprintf(outptr, size, "ß"); break; + case 224: snprintf(outptr, size, "à"); break; + case 225: snprintf(outptr, size, "á"); break; + case 226: snprintf(outptr, size, "â"); break; + case 227: snprintf(outptr, size, "ã"); break; + case 228: snprintf(outptr, size, "ä"); break; + case 229: snprintf(outptr, size, "å"); break; + case 230: snprintf(outptr, size, "æ"); break; + case 231: snprintf(outptr, size, "ç"); break; + case 232: snprintf(outptr, size, "è"); break; + case 233: snprintf(outptr, size, "é"); break; + case 234: snprintf(outptr, size, "ê"); break; + case 235: snprintf(outptr, size, "ë"); break; + case 236: snprintf(outptr, size, "ì"); break; + case 237: snprintf(outptr, size, "í"); break; + case 238: snprintf(outptr, size, "î"); break; + case 239: snprintf(outptr, size, "ï"); break; + case 240: snprintf(outptr, size, "ð"); break; + case 241: snprintf(outptr, size, "ñ"); break; + case 242: snprintf(outptr, size, "ò"); break; + case 243: snprintf(outptr, size, "ó"); break; + case 244: snprintf(outptr, size, "ô"); break; + case 245: snprintf(outptr, size, "õ"); break; + case 246: snprintf(outptr, size, "ö"); break; + case 247: snprintf(outptr, size, "÷"); break; + case 248: snprintf(outptr, size, "ø"); break; + case 249: snprintf(outptr, size, "ù"); break; + case 250: snprintf(outptr, size, "ú"); break; + case 251: snprintf(outptr, size, "û"); break; + case 252: snprintf(outptr, size, "ü"); break; + case 253: snprintf(outptr, size, "ý"); break; + case 254: snprintf(outptr, size, "þ"); break; + case 255: snprintf(outptr, size, "ÿ"); break; default: *outptr++ = *inptr; *outptr = '\0'; break; } while (*outptr) @@ -376,7 +376,7 @@ FILE *OpenMacro(const char *filename, int Language, int htmlmode) /* * Maybe a valid language character, try to load the language */ - sprintf(temp, "%s/etc/language.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX -1, "%s/etc/language.data", getenv("MBSE_ROOT")); if ((pLang = fopen(temp, "rb")) == NULL) { WriteError("mbdiesel: Can't open language file: %s", temp); } else { @@ -384,7 +384,7 @@ FILE *OpenMacro(const char *filename, int Language, int htmlmode) while (fread(&lang, langhdr.recsize, 1, pLang) == 1) { if ((lang.LangKey[0] == Language) && (lang.Available)) { - sprintf(temp,"%s/%s", lang.MacroPath, filename); + snprintf(temp, PATH_MAX -1, "%s/%s", lang.MacroPath, filename); break; } } @@ -403,35 +403,35 @@ FILE *OpenMacro(const char *filename, int Language, int htmlmode) */ if (fi == NULL) { Syslog('-', "Macro file \"%s\" for language %c not found, trying default", filename, Language); - sprintf(temp, "%s/%s", CFG.bbs_macros, filename); + snprintf(temp, PATH_MAX -1, "%s/%s", CFG.bbs_macros, filename); fi = fopen(temp,"r"); } if (fi == NULL) WriteError("OpenMacro(%s, %c): not found", filename, Language); else { - sprintf(temp, "%s-%s", OsName(), OsCPU()); + snprintf(temp, PATH_MAX -1, "%s-%s", OsName(), OsCPU()); if (CFG.aka[0].point) - sprintf(aka, "%d:%d/%d.%d@%s", CFG.aka[0].zone, CFG.aka[0].net, CFG.aka[0].node, CFG.aka[0].point, CFG.aka[0].domain); + snprintf(aka, 80, "%d:%d/%d.%d@%s", CFG.aka[0].zone, CFG.aka[0].net, CFG.aka[0].node, CFG.aka[0].point, CFG.aka[0].domain); else - sprintf(aka, "%d:%d/%d@%s", CFG.aka[0].zone, CFG.aka[0].net, CFG.aka[0].node, CFG.aka[0].domain); + snprintf(aka, 80, "%d:%d/%d@%s", CFG.aka[0].zone, CFG.aka[0].net, CFG.aka[0].node, CFG.aka[0].domain); if (htmlmode) { MacroVars("O", "s", temp); - sprintf(linebuf, "%s", CFG.sysop); - html_massage(linebuf, outbuf); + snprintf(linebuf, 1023, "%s", CFG.sysop); + html_massage(linebuf, outbuf, 1023); MacroVars("U", "s", outbuf); - sprintf(linebuf, "%s", CFG.location); - html_massage(linebuf, outbuf); + snprintf(linebuf, 1023, "%s", CFG.location); + html_massage(linebuf, outbuf, 1023); MacroVars("L", "s", outbuf); - sprintf(linebuf, "%s", CFG.bbs_name); - html_massage(linebuf, outbuf); + snprintf(linebuf, 1023, "%s", CFG.bbs_name); + html_massage(linebuf, outbuf, 1023); MacroVars("N", "s", outbuf); - sprintf(linebuf, "%s", CFG.sysop_name); - html_massage(linebuf, outbuf); + snprintf(linebuf, 1023, "%s", CFG.sysop_name); + html_massage(linebuf, outbuf, 1023); MacroVars("S", "s", outbuf); - sprintf(linebuf, "%s", CFG.comment); - html_massage(linebuf, outbuf); + snprintf(linebuf, 1023, "%s", CFG.comment); + html_massage(linebuf, outbuf, 1023); MacroVars("T", "s", outbuf); } else { MacroVars("L", "s", CFG.location);