Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-29 17:23:53 +00:00
parent 29bee4d06a
commit 5a3a89e645

View File

@ -4,7 +4,7 @@
* Purpose ...............: Setup NGroups.
*
*****************************************************************************
* Copyright (C) 1997-2004
* Copyright (C) 1997-2005
*
* Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10
@ -52,7 +52,7 @@ int CountNGroup(void)
char ffile[PATH_MAX];
int count;
sprintf(ffile, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(ffile, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
if ((fil = fopen(ffile, "r")) == NULL) {
if ((fil = fopen(ffile, "a+")) != NULL) {
Syslog('+', "Created new %s", ffile);
@ -60,13 +60,13 @@ int CountNGroup(void)
ngrouphdr.recsize = sizeof(ngroup);
fwrite(&ngrouphdr, sizeof(ngrouphdr), 1, fil);
memset(&ngroup, 0, sizeof(ngroup));
sprintf(ngroup.Name, "DONT");
sprintf(ngroup.Comment, "Do NOT announce");
snprintf(ngroup.Name, 13, "DONT");
snprintf(ngroup.Comment, 56, "Do NOT announce");
ngroup.Active = TRUE;
fwrite(&ngroup, sizeof(ngroup), 1, fil);
memset(&ngroup, 0, sizeof(ngroup));
sprintf(ngroup.Name, "LOCAL");
sprintf(ngroup.Comment, "Local file areas");
snprintf(ngroup.Name, 13, "LOCAL");
snprintf(ngroup.Comment, 56, "Local file areas");
ngroup.Active = TRUE;
fwrite(&ngroup, sizeof(ngroup), 1, fil);
fclose(fil);
@ -100,8 +100,8 @@ int OpenNGroup(void)
char fnin[PATH_MAX], fnout[PATH_MAX];
long oldsize;
sprintf(fnin, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
sprintf(fnout, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
snprintf(fnin, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(fnout, PATH_MAX, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
if ((fin = fopen(fnin, "r")) != NULL) {
if ((fout = fopen(fnout, "w")) != NULL) {
NGrpUpdated = 0;
@ -156,8 +156,8 @@ void CloseNGroup(int force)
FILE *fi, *fo;
st_list *mgr = NULL, *tmp;
sprintf(fin, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
sprintf(fout,"%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
snprintf(fin, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(fout, PATH_MAX, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
if (NGrpUpdated == 1) {
if (force || (yes_no((char *)"Database is changed, save changes") == 1)) {
@ -201,7 +201,7 @@ int AppendNGroup(void)
FILE *fil;
char ffile[PATH_MAX];
sprintf(ffile, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
snprintf(ffile, PATH_MAX, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
if ((fil = fopen(ffile, "a")) != NULL) {
memset(&ngroup, 0, sizeof(ngroup));
fwrite(&ngroup, sizeof(ngroup), 1, fil);
@ -243,7 +243,7 @@ int EditNGrpRec(int Area)
working(1, 0, 0);
IsDoing("Edit NewfileGroup");
sprintf(mfile, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
snprintf(mfile, PATH_MAX, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
if ((fil = fopen(mfile, "r")) == NULL) {
working(2, 0, 0);
return -1;
@ -335,7 +335,7 @@ void EditNGroup(void)
mbse_mvprintw( 5, 4, "11. NEWFILES GROUPS SETUP");
set_color(CYAN, BLACK);
if (records != 0) {
sprintf(temp, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/ngroups.temp", getenv("MBSE_ROOT"));
working(1, 0, 0);
if ((fil = fopen(temp, "r")) != NULL) {
fread(&ngrouphdr, sizeof(ngrouphdr), 1, fil);
@ -355,7 +355,7 @@ void EditNGroup(void)
set_color(CYAN, BLACK);
else
set_color(LIGHTBLUE, BLACK);
sprintf(temp, "%3d. %-12s %-18s", o + i, ngroup.Name, ngroup.Comment);
snprintf(temp, 81, "%3d. %-12s %-18s", o + i, ngroup.Name, ngroup.Comment);
temp[38] = '\0';
mbse_mvprintw(y, x, temp);
y++;
@ -433,11 +433,11 @@ char *PickNGroup(char *shdr)
for (;;) {
clr_index();
set_color(WHITE, BLACK);
sprintf(temp, "%s. NEWFILES GROUP SELECT", shdr);
snprintf(temp, 81, "%s. NEWFILES GROUP SELECT", shdr);
mbse_mvprintw( 5, 4, temp);
set_color(CYAN, BLACK);
if (records != 0) {
sprintf(temp, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
working(1, 0, 0);
if ((fil = fopen(temp, "r")) != NULL) {
fread(&ngrouphdr, sizeof(ngrouphdr), 1, fil);
@ -457,7 +457,7 @@ char *PickNGroup(char *shdr)
set_color(CYAN, BLACK);
else
set_color(LIGHTBLUE, BLACK);
sprintf(temp, "%3d. %-12s %-18s", o + i, ngroup.Name, ngroup.Comment);
snprintf(temp, 81, "%3d. %-12s %-18s", o + i, ngroup.Name, ngroup.Comment);
temp[38] = '\0';
mbse_mvprintw(y, x, temp);
y++;
@ -480,7 +480,7 @@ char *PickNGroup(char *shdr)
o = o - 20;
if ((atoi(pick) >= 1) && (atoi(pick) <= records)) {
sprintf(temp, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
fil = fopen(temp, "r");
offset = sizeof(ngrouphdr) + ((atoi(pick) - 1) * ngrouphdr.recsize);
fseek(fil, offset, 0);
@ -501,7 +501,7 @@ int newf_group_doc(FILE *fp, FILE *toc, int page)
int i, groups, refs, nr;
temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/ngroups.data", getenv("MBSE_ROOT"));
if ((no = fopen(temp, "r")) == NULL) {
free(temp);
return page;
@ -537,7 +537,7 @@ int newf_group_doc(FILE *fp, FILE *toc, int page)
fseek(no, ngrouphdr.hdrsize, SEEK_SET);
while ((fread(&ngroup, ngrouphdr.recsize, 1, no)) == 1) {
refs = 0;
sprintf(temp, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((ip = fopen(temp, "r"))) {
fread(&areahdr, sizeof(areahdr), 1, ip);
nr = 0;
@ -557,7 +557,7 @@ int newf_group_doc(FILE *fp, FILE *toc, int page)
}
fclose(ip);
}
sprintf(temp, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT"));
if ((ip = fopen(temp, "r"))) {
fread(&fgrouphdr, fgrouphdr.hdrsize, 1, ip);
while ((fread(&fgroup, fgrouphdr.recsize, 1, ip)) == 1) {
@ -576,7 +576,7 @@ int newf_group_doc(FILE *fp, FILE *toc, int page)
}
fclose(ip);
}
sprintf(temp, "%s/etc/newfiles.data", getenv("MBSE_ROOT"));
snprintf(temp, PATH_MAX, "%s/etc/newfiles.data", getenv("MBSE_ROOT"));
if ((ip = fopen(temp, "r"))) {
fread(&newfileshdr, sizeof(newfileshdr), 1, ip);
nr = 0;