Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-30 17:53:35 +00:00
parent 1fe9a6332f
commit 5d57dad57a
6 changed files with 21 additions and 21 deletions

View File

@ -6,7 +6,7 @@
* Original Copyright ....: Julianne Frances Haugh and others. * Original Copyright ....: Julianne Frances Haugh and others.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2001 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -98,7 +98,7 @@ void addenv(const char *string, const char *value)
if (value) { if (value) {
newstring = xmalloc(strlen(string) + strlen(value) + 2); newstring = xmalloc(strlen(string) + strlen(value) + 2);
sprintf(newstring, "%s=%s", string, value); snprintf(newstring, strlen(string) + strlen(value) + 2, "%s=%s", string, value);
} else { } else {
newstring = xstrdup(string); newstring = xstrdup(string);
} }

View File

@ -6,7 +6,7 @@
* Original Copyright ....: Julianne Frances Haugh and others. * Original Copyright ....: Julianne Frances Haugh and others.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2002 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -243,7 +243,7 @@ void def_load(void)
syslog(LOG_CRIT, "cannot find user `mbse' in password file"); syslog(LOG_CRIT, "cannot find user `mbse' in password file");
return; return;
} }
sprintf(def_fname, "%s/etc/login.defs", pw->pw_dir); snprintf(def_fname, PATH_MAX, "%s/etc/login.defs", pw->pw_dir);
/* /*
* Open the configuration definitions file. * Open the configuration definitions file.

View File

@ -6,7 +6,7 @@
* Original Copyright ....: Julianne Frances Haugh and others. * Original Copyright ....: Julianne Frances Haugh and others.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2002 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -151,7 +151,7 @@ void login_prompt(const char *prompt, char *name, int namesize)
envp[envc] = nvar; envp[envc] = nvar;
} else { } else {
envp[envc] = xmalloc(strlen(nvar) + 32); envp[envc] = xmalloc(strlen(nvar) + 32);
sprintf(envp[envc], "L%d=%s", count++, nvar); snprintf(envp[envc], strlen(nvar) + 32, "L%d=%s", count++, nvar);
} }
} }
set_env(envc, envp); set_env(envc, envp);

View File

@ -501,7 +501,7 @@ int main(int argc, char **argv)
/* get the mbse environment */ /* get the mbse environment */
pw = getpwnam("mbse"); pw = getpwnam("mbse");
addenv("MBSE_ROOT", pw->pw_dir); addenv("MBSE_ROOT", pw->pw_dir);
sprintf(userfile, "%s/etc/users.data", pw->pw_dir); snprintf(userfile, PATH_MAX, "%s/etc/users.data", pw->pw_dir);
check_nologin(); check_nologin();

View File

@ -5,7 +5,7 @@
* Shadow Suite (c) ......: Julianne Frances Haugh * Shadow Suite (c) ......: Julianne Frances Haugh
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2003 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -166,7 +166,7 @@ int execute(char **args, char *in, char *out, char *err)
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
if (args[i]) if (args[i])
sprintf(buf, "%s %s", buf, args[i]); snprintf(buf, PATH_MAX, "%s %s", buf, args[i]);
else else
break; break;
} }
@ -611,7 +611,7 @@ static int new_password(const struct passwd *pw, char *newpasswd)
int HistUpdate P_((const char *, const char *)); int HistUpdate P_((const char *, const char *));
#endif #endif
sprintf(pass, "%s", newpasswd); snprintf(pass, 200, "%s", newpasswd);
/* /*
* Encrypt the password, then wipe the cleartext password. * Encrypt the password, then wipe the cleartext password.
@ -888,7 +888,7 @@ int main(int argc, char *argv[])
* Find out the name of our parent. * Find out the name of our parent.
*/ */
ppid = getppid(); ppid = getppid();
sprintf(temp, "/proc/%d/cmdline", ppid); snprintf(temp, PATH_MAX, "/proc/%d/cmdline", ppid);
if ((fp = fopen(temp, "r")) == NULL) { if ((fp = fopen(temp, "r")) == NULL) {
fprintf(stderr, "mbpasswd: can't read %s\n", temp); fprintf(stderr, "mbpasswd: can't read %s\n", temp);
syslog(LOG_ERR, "mbpasswd: can't read %s", temp); syslog(LOG_ERR, "mbpasswd: can't read %s", temp);
@ -1055,7 +1055,7 @@ int main(int argc, char *argv[])
fflush(stdin); fflush(stdin);
memset(args, 0, sizeof(args)); memset(args, 0, sizeof(args));
sprintf(temp, "%s/vpasswd", (char *)_VPOPMAIL_PATH); snprintf(temp, PATH_MAX, "%s/vpasswd", (char *)_VPOPMAIL_PATH);
args[0] = temp; args[0] = temp;
args[1] = argv[1]; args[1] = argv[1];
args[2] = argv[2]; args[2] = argv[2];

View File

@ -91,7 +91,7 @@ int execute(char **args, char *in, char *out, char *err)
memset(&buf, 0, sizeof(buf)); memset(&buf, 0, sizeof(buf));
for (i = 0; i < 16; i++) { for (i = 0; i < 16; i++) {
if (args[i]) if (args[i])
sprintf(buf, "%s %s", buf, args[i]); snprintf(buf, PATH_MAX, "%s %s", buf, args[i]);
else else
break; break;
} }
@ -222,7 +222,7 @@ int main(int argc, char *argv[])
*/ */
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
ppid = getppid(); ppid = getppid();
sprintf(temp, "/proc/%d/cmdline", ppid); snprintf(temp, PATH_MAX, "/proc/%d/cmdline", ppid);
if ((fp = fopen(temp, "r")) == NULL) { if ((fp = fopen(temp, "r")) == NULL) {
fprintf(stderr, "mbuseradd: can't read %s\n", temp); fprintf(stderr, "mbuseradd: can't read %s\n", temp);
exit(1); exit(1);
@ -289,8 +289,8 @@ int main(int argc, char *argv[])
#error "Don't know how to add a user on this OS" #error "Don't know how to add a user on this OS"
#endif #endif
sprintf(shell, "%s/bin/mbsebbs", getenv("MBSE_ROOT")); snprintf(shell, PATH_MAX, "%s/bin/mbsebbs", getenv("MBSE_ROOT"));
sprintf(homedir, "%s/%s", argv[4], argv[2]); snprintf(homedir, PATH_MAX, "%s/%s", argv[4], argv[2]);
#if defined(__linux__) #if defined(__linux__)
args[1] = (char *)"-c"; args[1] = (char *)"-c";
@ -390,17 +390,17 @@ int main(int argc, char *argv[])
/* /*
* Create Maildir and subdirs for Qmail. * Create Maildir and subdirs for Qmail.
*/ */
sprintf(temp, "%s/%s/Maildir", argv[4], argv[2]); snprintf(temp, PATH_MAX, "%s/%s/Maildir", argv[4], argv[2]);
makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid); makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid);
sprintf(temp, "%s/%s/Maildir/cur", argv[4], argv[2]); snprintf(temp, PATH_MAX, "%s/%s/Maildir/cur", argv[4], argv[2]);
makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid); makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid);
sprintf(temp, "%s/%s/Maildir/new", argv[4], argv[2]); snprintf(temp, PATH_MAX, "%s/%s/Maildir/new", argv[4], argv[2]);
makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid); makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid);
sprintf(temp, "%s/%s/Maildir/tmp", argv[4], argv[2]); snprintf(temp, PATH_MAX, "%s/%s/Maildir/tmp", argv[4], argv[2]);
makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid); makedir(temp, 0700, pwuser->pw_uid, pwent->pw_gid);
#ifdef _VPOPMAIL_PATH #ifdef _VPOPMAIL_PATH
sprintf(temp, "%s/vadduser", _VPOPMAIL_PATH); snprintf(temp, PATH_MAX, "%s/vadduser", _VPOPMAIL_PATH);
args[0] = temp; args[0] = temp;
args[1] = argv[2]; args[1] = argv[2];
args[2] = argv[2]; args[2] = argv[2];