diff --git a/mbfido/notify.c b/mbfido/notify.c index 316c4b98..00fa8ff0 100644 --- a/mbfido/notify.c +++ b/mbfido/notify.c @@ -68,7 +68,7 @@ int Notify(char *Options) } if (strlen(Options)) { - sprintf(Opt, "%s~", Options); + snprintf(Opt, 43, "%s~", Options); if (strchr(Opt, '.') != NULL) { temp = strdup(strtok(Opt, ":")); if (atoi(temp)) @@ -111,8 +111,8 @@ int Notify(char *Options) } Syslog('m', "Parsing nodes %d:%d/%d.%d", Zones, Nets, Nodes, Points); - temp = calloc(128, sizeof(char)); - sprintf(temp, "%s/etc/nodes.data", getenv("MBSE_ROOT")); + temp = calloc(PATH_MAX, sizeof(char)); + snprintf(temp, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT")); if ((np = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); return FALSE; diff --git a/mbfido/post.c b/mbfido/post.c index e3d31fc3..6404d255 100644 --- a/mbfido/post.c +++ b/mbfido/post.c @@ -69,7 +69,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) } sAreas = calloc(PATH_MAX, sizeof(char)); - sprintf(sAreas, "%s//etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX -1, "%s//etc/mareas.data", getenv("MBSE_ROOT")); if ((fp = fopen(sAreas, "r")) == NULL) { WriteError("$Can't open %s", sAreas); free(sAreas); @@ -163,8 +163,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) /* * Start writing the message */ - sprintf(Msg.From, CFG.sysop_name); - sprintf(Msg.To, To); + snprintf(Msg.From, 100, CFG.sysop_name); + snprintf(Msg.To, 100, To); /* * If netmail, clean the To field. @@ -180,8 +180,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) } } - sprintf(Msg.Subject, "%s", Subj); - sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); + snprintf(Msg.Subject, 100, "%s", Subj); + snprintf(Msg.FromAddress, 100, "%s", aka2str(msgs.Aka)); Msg.Written = time(NULL); Msg.Arrived = time(NULL); Msg.Local = TRUE; @@ -200,7 +200,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) case NETMAIL: Msg.Netmail = TRUE; - sprintf(Msg.ToAddress, "%s", ascfnode(parsefaddr(To), 0xff)); + snprintf(Msg.ToAddress, 100, "%s", ascfnode(parsefaddr(To), 0xff)); break; case ECHOMAIL: @@ -213,19 +213,19 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) } temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); + snprintf(temp, PATH_MAX -1, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); MsgText_Add2(temp); Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp)); Msg.ReplyCRC = 0xffffffff; - sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(temp, PATH_MAX -1, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); MsgText_Add2(temp); if (msgs.Charset != FTNC_NONE) { - sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset)); + snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(msgs.Charset)); } else { - sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); + snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); } MsgText_Add2(temp); - sprintf(temp, "\001TZUTC: %s", gmtoffset(tt)); + snprintf(temp, PATH_MAX -1, "\001TZUTC: %s", gmtoffset(tt)); MsgText_Add2(temp); while ((Fgets(temp, PATH_MAX -1, tp)) != NULL) { @@ -255,14 +255,14 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) aka = calloc(40, sizeof(char)); if (msgs.Aka.point) - sprintf(aka, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); + snprintf(aka, 39, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); else - sprintf(aka, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); + snprintf(aka, 39, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); if (strlen(msgs.Origin)) - sprintf(temp, " * Origin: %s %s", msgs.Origin, aka); + snprintf(temp, 80, " * Origin: %s %s", msgs.Origin, aka); else - sprintf(temp, " * Origin: %s %s", CFG.origin, aka); + snprintf(temp, 80, " * Origin: %s %s", CFG.origin, aka); MsgText_Add2(temp); free(aka); @@ -273,7 +273,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor) Syslog('+', "Posted message %ld", Msg.Id); if (msgs.Type != LOCALMAIL) { - sprintf(temp, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net"); + snprintf(temp, PATH_MAX -1, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net"); if ((fp = fopen(temp, "a")) != NULL) { fprintf(fp, "%s %lu\n", msgs.Base, Msg.Id); fclose(fp); diff --git a/mbfido/postecho.c b/mbfido/postecho.c index 394dd618..e58d3f7d 100644 --- a/mbfido/postecho.c +++ b/mbfido/postecho.c @@ -4,7 +4,7 @@ * Purpose ...............: Post echomail message. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -79,13 +79,13 @@ int EchoOut(fidoaddr aka, char *toname, char *fromname, char *subj, FILE *fp, in */ memset(&ext, 0, sizeof(ext)); if (nodes.PackNetmail) - sprintf(ext, (char *)"qqq"); + snprintf(ext, 3, (char *)"qqq"); else if (nodes.Crash) - sprintf(ext, (char *)"ccc"); + snprintf(ext, 3, (char *)"ccc"); else if (nodes.Hold) - sprintf(ext, (char *)"hhh"); + snprintf(ext, 3, (char *)"hhh"); else - sprintf(ext, (char *)"nnn"); + snprintf(ext, 3, (char *)"nnn"); if ((qp = OpenPkt(msgs.Aka, aka, (char *)ext)) == NULL) { WriteError("EchoOut(): OpenPkt failed"); @@ -346,7 +346,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m */ Syslog('m', "Gated echomail, clean SB"); tidy_falist(&sbl); - sprintf(sbe, "%u/%u", Link.aka.net, Link.aka.node); + snprintf(sbe, 15, "%u/%u", Link.aka.net, Link.aka.node); Syslog('m', "Add gate SB %s", sbe); fill_list(&sbl, sbe, NULL); } @@ -358,7 +358,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m for (i = 0; i < 40; i++) { if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) && !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { - sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); + snprintf(sbe, 15, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); fill_list(&sbl, sbe, NULL); } } @@ -368,7 +368,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m /* * Add our system to the path for later export. */ - sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node); + snprintf(sbe, 15, "%u/%u", msgs.Aka.net, msgs.Aka.node); fill_path(&ptl, sbe); uniq_list(&ptl); /* remove possible duplicate own aka */ @@ -399,7 +399,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m */ for (tmpq = qal; tmpq; tmpq = tmpq->next) { if (tmpq->send) { - sprintf(sbe, "%u/%u", tmpq->aka.net, tmpq->aka.node); + snprintf(sbe, 15, "%u/%u", tmpq->aka.net, tmpq->aka.node); fill_list(&sbl, sbe, NULL); } } @@ -437,15 +437,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m oldnet = sbl->addr->net - 1; for (tmpl = sbl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe, " %u", tmpl->addr->node); + snprintf(sbe, 15, " %u", tmpl->addr->node); else - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXSEEN) { seenlen = 0; fprintf(nfp, "\nSEEN-BY:"); - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(nfp, "%s", sbe); @@ -458,15 +458,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m oldnet = ptl->addr->net - 1; for (tmpl = ptl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe, " %u", tmpl->addr->node); + snprintf(sbe, 15, " %u", tmpl->addr->node); else - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXPATH) { seenlen = 0; fprintf(nfp, "\n\001PATH:"); - sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); + snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(nfp, "%s", sbe);