bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-28 12:35:18 +00:00
parent 107b01699a
commit 62dbe6534f
3 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
mbfido/notify.c
View File

@ -68,7 +68,7 @@ int Notify(char *Options)
} }
if (strlen(Options)) { if (strlen(Options)) {
sprintf(Opt, "%s~", Options); snprintf(Opt, 43, "%s~", Options);
if (strchr(Opt, '.') != NULL) { if (strchr(Opt, '.') != NULL) {
temp = strdup(strtok(Opt, ":")); temp = strdup(strtok(Opt, ":"));
if (atoi(temp)) if (atoi(temp))
@ -111,8 +111,8 @@ int Notify(char *Options)
} }
Syslog('m', "Parsing nodes %d:%d/%d.%d", Zones, Nets, Nodes, Points); Syslog('m', "Parsing nodes %d:%d/%d.%d", Zones, Nets, Nodes, Points);
temp = calloc(128, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/nodes.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX -1, "%s/etc/nodes.data", getenv("MBSE_ROOT"));
if ((np = fopen(temp, "r")) == NULL) { if ((np = fopen(temp, "r")) == NULL) {
WriteError("$Can't open %s", temp); WriteError("$Can't open %s", temp);
return FALSE; return FALSE;

32
mbfido/post.c
View File

@ -69,7 +69,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
} }
sAreas = calloc(PATH_MAX, sizeof(char)); sAreas = calloc(PATH_MAX, sizeof(char));
sprintf(sAreas, "%s//etc/mareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s//etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(sAreas, "r")) == NULL) { if ((fp = fopen(sAreas, "r")) == NULL) {
WriteError("$Can't open %s", sAreas); WriteError("$Can't open %s", sAreas);
free(sAreas); free(sAreas);
@ -163,8 +163,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
/* /*
* Start writing the message * Start writing the message
*/ */
sprintf(Msg.From, CFG.sysop_name); snprintf(Msg.From, 100, CFG.sysop_name);
sprintf(Msg.To, To); snprintf(Msg.To, 100, To);
/* /*
* If netmail, clean the To field. * If netmail, clean the To field.
@ -180,8 +180,8 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
} }
} }
sprintf(Msg.Subject, "%s", Subj); snprintf(Msg.Subject, 100, "%s", Subj);
sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); snprintf(Msg.FromAddress, 100, "%s", aka2str(msgs.Aka));
Msg.Written = time(NULL); Msg.Written = time(NULL);
Msg.Arrived = time(NULL); Msg.Arrived = time(NULL);
Msg.Local = TRUE; Msg.Local = TRUE;
@ -200,7 +200,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
case NETMAIL: case NETMAIL:
Msg.Netmail = TRUE; Msg.Netmail = TRUE;
sprintf(Msg.ToAddress, "%s", ascfnode(parsefaddr(To), 0xff)); snprintf(Msg.ToAddress, 100, "%s", ascfnode(parsefaddr(To), 0xff));
break; break;
case ECHOMAIL: case ECHOMAIL:
@ -213,19 +213,19 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
} }
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); snprintf(temp, PATH_MAX -1, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer());
MsgText_Add2(temp); MsgText_Add2(temp);
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp)); Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
Msg.ReplyCRC = 0xffffffff; Msg.ReplyCRC = 0xffffffff;
sprintf(temp, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU()); snprintf(temp, PATH_MAX -1, "\001PID: MBSE-FIDO %s (%s-%s)", VERSION, OsName(), OsCPU());
MsgText_Add2(temp); MsgText_Add2(temp);
if (msgs.Charset != FTNC_NONE) { if (msgs.Charset != FTNC_NONE) {
sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset)); snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(msgs.Charset));
} else { } else {
sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); snprintf(temp, PATH_MAX -1, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
} }
MsgText_Add2(temp); MsgText_Add2(temp);
sprintf(temp, "\001TZUTC: %s", gmtoffset(tt)); snprintf(temp, PATH_MAX -1, "\001TZUTC: %s", gmtoffset(tt));
MsgText_Add2(temp); MsgText_Add2(temp);
while ((Fgets(temp, PATH_MAX -1, tp)) != NULL) { while ((Fgets(temp, PATH_MAX -1, tp)) != NULL) {
@ -255,14 +255,14 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
aka = calloc(40, sizeof(char)); aka = calloc(40, sizeof(char));
if (msgs.Aka.point) if (msgs.Aka.point)
sprintf(aka, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); snprintf(aka, 39, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point);
else else
sprintf(aka, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); snprintf(aka, 39, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node);
if (strlen(msgs.Origin)) if (strlen(msgs.Origin))
sprintf(temp, " * Origin: %s %s", msgs.Origin, aka); snprintf(temp, 80, " * Origin: %s %s", msgs.Origin, aka);
else else
sprintf(temp, " * Origin: %s %s", CFG.origin, aka); snprintf(temp, 80, " * Origin: %s %s", CFG.origin, aka);
MsgText_Add2(temp); MsgText_Add2(temp);
free(aka); free(aka);
@ -273,7 +273,7 @@ int Post(char *To, long Area, char *Subj, char *File, char *Flavor)
Syslog('+', "Posted message %ld", Msg.Id); Syslog('+', "Posted message %ld", Msg.Id);
if (msgs.Type != LOCALMAIL) { if (msgs.Type != LOCALMAIL) {
sprintf(temp, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net"); snprintf(temp, PATH_MAX -1, "%s/tmp/%smail.jam", getenv("MBSE_ROOT"), (msgs.Type == ECHOMAIL) ? "echo" : "net");
if ((fp = fopen(temp, "a")) != NULL) { if ((fp = fopen(temp, "a")) != NULL) {
fprintf(fp, "%s %lu\n", msgs.Base, Msg.Id); fprintf(fp, "%s %lu\n", msgs.Base, Msg.Id);
fclose(fp); fclose(fp);

30
mbfido/postecho.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Post echomail message. * Purpose ...............: Post echomail message.
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -79,13 +79,13 @@ int EchoOut(fidoaddr aka, char *toname, char *fromname, char *subj, FILE *fp, in
*/ */
memset(&ext, 0, sizeof(ext)); memset(&ext, 0, sizeof(ext));
if (nodes.PackNetmail) if (nodes.PackNetmail)
sprintf(ext, (char *)"qqq"); snprintf(ext, 3, (char *)"qqq");
else if (nodes.Crash) else if (nodes.Crash)
sprintf(ext, (char *)"ccc"); snprintf(ext, 3, (char *)"ccc");
else if (nodes.Hold) else if (nodes.Hold)
sprintf(ext, (char *)"hhh"); snprintf(ext, 3, (char *)"hhh");
else else
sprintf(ext, (char *)"nnn"); snprintf(ext, 3, (char *)"nnn");
if ((qp = OpenPkt(msgs.Aka, aka, (char *)ext)) == NULL) { if ((qp = OpenPkt(msgs.Aka, aka, (char *)ext)) == NULL) {
WriteError("EchoOut(): OpenPkt failed"); WriteError("EchoOut(): OpenPkt failed");
@ -346,7 +346,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
*/ */
Syslog('m', "Gated echomail, clean SB"); Syslog('m', "Gated echomail, clean SB");
tidy_falist(&sbl); tidy_falist(&sbl);
sprintf(sbe, "%u/%u", Link.aka.net, Link.aka.node); snprintf(sbe, 15, "%u/%u", Link.aka.net, Link.aka.node);
Syslog('m', "Add gate SB %s", sbe); Syslog('m', "Add gate SB %s", sbe);
fill_list(&sbl, sbe, NULL); fill_list(&sbl, sbe, NULL);
} }
@ -358,7 +358,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
for (i = 0; i < 40; i++) { for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) && if (CFG.akavalid[i] && (msgs.Aka.zone == CFG.aka[i].zone) && (CFG.aka[i].point == 0) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); snprintf(sbe, 15, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL); fill_list(&sbl, sbe, NULL);
} }
} }
@ -368,7 +368,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
/* /*
* Add our system to the path for later export. * Add our system to the path for later export.
*/ */
sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node); snprintf(sbe, 15, "%u/%u", msgs.Aka.net, msgs.Aka.node);
fill_path(&ptl, sbe); fill_path(&ptl, sbe);
uniq_list(&ptl); /* remove possible duplicate own aka */ uniq_list(&ptl); /* remove possible duplicate own aka */
@ -399,7 +399,7 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
*/ */
for (tmpq = qal; tmpq; tmpq = tmpq->next) { for (tmpq = qal; tmpq; tmpq = tmpq->next) {
if (tmpq->send) { if (tmpq->send) {
sprintf(sbe, "%u/%u", tmpq->aka.net, tmpq->aka.node); snprintf(sbe, 15, "%u/%u", tmpq->aka.net, tmpq->aka.node);
fill_list(&sbl, sbe, NULL); fill_list(&sbl, sbe, NULL);
} }
} }
@ -437,15 +437,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
oldnet = sbl->addr->net - 1; oldnet = sbl->addr->net - 1;
for (tmpl = sbl; tmpl; tmpl = tmpl->next) { for (tmpl = sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet) if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node); snprintf(sbe, 15, " %u", tmpl->addr->node);
else else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net; oldnet = tmpl->addr->net;
seenlen += strlen(sbe); seenlen += strlen(sbe);
if (seenlen > MAXSEEN) { if (seenlen > MAXSEEN) {
seenlen = 0; seenlen = 0;
fprintf(nfp, "\nSEEN-BY:"); fprintf(nfp, "\nSEEN-BY:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe); seenlen = strlen(sbe);
} }
fprintf(nfp, "%s", sbe); fprintf(nfp, "%s", sbe);
@ -458,15 +458,15 @@ int postecho(faddr *p_from, faddr *f, faddr *t, char *orig, char *subj, time_t m
oldnet = ptl->addr->net - 1; oldnet = ptl->addr->net - 1;
for (tmpl = ptl; tmpl; tmpl = tmpl->next) { for (tmpl = ptl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet) if (tmpl->addr->net == oldnet)
sprintf(sbe, " %u", tmpl->addr->node); snprintf(sbe, 15, " %u", tmpl->addr->node);
else else
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net; oldnet = tmpl->addr->net;
seenlen += strlen(sbe); seenlen += strlen(sbe);
if (seenlen > MAXPATH) { if (seenlen > MAXPATH) {
seenlen = 0; seenlen = 0;
fprintf(nfp, "\n\001PATH:"); fprintf(nfp, "\n\001PATH:");
sprintf(sbe, " %u/%u", tmpl->addr->net, tmpl->addr->node); snprintf(sbe, 15, " %u/%u", tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe); seenlen = strlen(sbe);
} }
fprintf(nfp, "%s", sbe); fprintf(nfp, "%s", sbe);