diff --git a/mbnntp/auth.c b/mbnntp/auth.c index cdd8d9eb..d177b295 100644 --- a/mbnntp/auth.c +++ b/mbnntp/auth.c @@ -3,7 +3,7 @@ * $Id$ * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -95,7 +95,7 @@ void auth_pass(char *cmd) p = strtok(NULL, " \0"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp,"r+")) == NULL) { /* * This should not happen diff --git a/mbnntp/commands.c b/mbnntp/commands.c index 5b11ea60..679a4901 100644 --- a/mbnntp/commands.c +++ b/mbnntp/commands.c @@ -100,7 +100,7 @@ char *make_msgid(char *msgid) { static char buf[100]; - sprintf(buf, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain); + snprintf(buf, 100, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain); return buf; } @@ -216,6 +216,7 @@ void command_abhs(char *buf) send_nntp("Newsgroups: %s", currentgroup); asprintf(&subj,"Subject: %s", Msg.Subject); send_xlat(subj); + free(subj); send_nntp("Date: %s", rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60))); send_nntp("Message-ID: %s", make_msgid(Msg.Msgid)); if (strlen(Msg.Replyid)) @@ -308,7 +309,7 @@ void command_group(char *cmd) } temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r"))) { fread(&msgshdr, sizeof(msgshdr), 1, fp); while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) { @@ -322,7 +323,7 @@ void command_group(char *cmd) Msg_Highest(); Msg_Lowest(); send_nntp("211 %lu %lu %lu %s", MsgBase.Total, MsgBase.Lowest, MsgBase.Highest, msgs.Newsgroup); - sprintf(currentgroup, "%s", msgs.Newsgroup); + snprintf(currentgroup, 81, "%s", msgs.Newsgroup); } else { send_nntp("411 No such news group"); } @@ -363,7 +364,7 @@ void command_list(char *cmd) if ((opt == NULL) || (strcasecmp(opt, "ACTIVE") == 0) || (strcasecmp(opt, "NEWSGROUPS") == 0)) { send_nntp("215 Information follows"); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r"))) { fread(&msgshdr, sizeof(msgshdr), 1, fp); while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) { @@ -625,10 +626,10 @@ void command_xover(char *cmd) } while ((p = (char *)MsgText_Next()) != NULL); } } - sprintf(msgid, "%s", make_msgid(Msg.Msgid)); + snprintf(msgid, 100, "%s", make_msgid(Msg.Msgid)); reply[0] = 0; if (strlen(Msg.Replyid)) - sprintf(reply, "%s", make_msgid(Msg.Replyid)); + snprintf(reply, 100, "%s", make_msgid(Msg.Replyid)); send_nntp("%lu\t%s\t%s <%s>\t%s\t%s\t%s\t%d\t%d", i, Msg.Subject, Msg.From, Msg.FromAddress, rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)), msgid, reply, bytecount, linecount); } diff --git a/mbnntp/hash.c b/mbnntp/hash.c index 4ebf10b3..73cc183f 100644 --- a/mbnntp/hash.c +++ b/mbnntp/hash.c @@ -4,7 +4,7 @@ * Purpose ...............: MBSE BBS Mail Gate * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -46,7 +46,7 @@ void hash_update_n(unsigned long *id, unsigned long mod) { char buf[32]; - sprintf(buf,"%030lu",mod); + snprintf(buf,32,"%030lu",mod); *id ^= lh_strhash(buf); } diff --git a/mbnntp/mbnntp.c b/mbnntp/mbnntp.c index e69e1f6f..230d9c6b 100644 --- a/mbnntp/mbnntp.c +++ b/mbnntp/mbnntp.c @@ -4,7 +4,7 @@ * Purpose ...............: MBSE NNTP Server * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -237,7 +237,7 @@ void send_nntp(const char *format, ...) out = calloc(4096, sizeof(char)); va_start(va_ptr, format); - vsprintf(out, format, va_ptr); + vsnprintf(out, 4096, format, va_ptr); va_end(va_ptr); Syslog('n', "> \"%s\"", printable(out, 0)); diff --git a/mbnntp/rfc2ftn.c b/mbnntp/rfc2ftn.c index c71fe676..30ad79e9 100644 --- a/mbnntp/rfc2ftn.c +++ b/mbnntp/rfc2ftn.c @@ -374,7 +374,7 @@ int rfc2ftn(FILE *fp) datasize = 0; if (splitpart) { - sprintf(newsubj,"[part %d] ",splitpart+1); + snprintf(newsubj,4 * (MAXSUBJ+1),"[part %d] ",splitpart+1); strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj)); } else { strncpy(newsubj,fmsg->subj,MAXSUBJ); @@ -465,7 +465,7 @@ int rfc2ftn(FILE *fp) } if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) { - sprintf(temp, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(temp, 4096, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU()); hdrsize += 4 + strlen(temp); fprintf(ofp, "\1TID:"); kludgewrite(temp, ofp); @@ -623,12 +623,12 @@ int rfc2ftn(FILE *fp) for (i = 0; i < 40; i++) { if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) && !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { - sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); + snprintf(sbe, 16, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); fill_list(&sbl, sbe, NULL); } } if (msgs.Aka.point == 0) { - sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node); + snprintf(sbe, 16, "%u/%u", msgs.Aka.net, msgs.Aka.node); fill_list(&sbl, sbe, NULL); } @@ -644,15 +644,15 @@ int rfc2ftn(FILE *fp) oldnet = sbl->addr->net-1; for (tmpl = sbl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe," %u",tmpl->addr->node); + snprintf(sbe,16," %u",tmpl->addr->node); else - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXSEEN) { seenlen = 0; fprintf(ofp,"\nSEEN-BY:"); - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(ofp,"%s",sbe); @@ -667,7 +667,7 @@ int rfc2ftn(FILE *fp) if (!strcasecmp(tmp->key,"X-FTN-PATH")) fill_path(&ptl,tmp->val); if (msgs.Aka.point == 0) { - sprintf(sbe,"%u/%u",msgs.Aka.net, msgs.Aka.node); + snprintf(sbe,16,"%u/%u",msgs.Aka.net, msgs.Aka.node); fill_path(&ptl,sbe); } @@ -681,15 +681,15 @@ int rfc2ftn(FILE *fp) oldnet = ptl->addr->net-1; for (tmpl = ptl; tmpl; tmpl = tmpl->next) { if (tmpl->addr->net == oldnet) - sprintf(sbe," %u",tmpl->addr->node); + snprintf(sbe,16," %u",tmpl->addr->node); else - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); oldnet = tmpl->addr->net; seenlen += strlen(sbe); if (seenlen > MAXPATH) { seenlen = 0; fprintf(ofp,"\n\1PATH:"); - sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); + snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node); seenlen = strlen(sbe); } fprintf(ofp,"%s",sbe); @@ -744,7 +744,7 @@ int rfc2ftn(FILE *fp) /* * Create fast scan index */ - sprintf(temp, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); if ((qfp = fopen(temp, "a")) != NULL) { fprintf(qfp, "%s %lu\n", msgs.Base, Msg.Id); fclose(qfp); @@ -776,7 +776,7 @@ int rfc2ftn(FILE *fp) mgroup.MsgsSent.month[l_date->tm_mon]++; UpdateMsgs(); - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((qfp = fopen(temp, "r+"))) { fread(&usrconfighdr, sizeof(usrconfighdr), 1, qfp); fseek(qfp, usrconfighdr.hdrsize + (grecno * usrconfighdr.recsize), SEEK_SET);