Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-28 17:18:02 +00:00
parent 7cf920c591
commit 7f6afcf775
5 changed files with 26 additions and 25 deletions

View File

@ -3,7 +3,7 @@
* $Id$ * $Id$
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -95,7 +95,7 @@ void auth_pass(char *cmd)
p = strtok(NULL, " \0"); p = strtok(NULL, " \0");
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp,"r+")) == NULL) { if ((fp = fopen(temp,"r+")) == NULL) {
/* /*
* This should not happen * This should not happen

View File

@ -100,7 +100,7 @@ char *make_msgid(char *msgid)
{ {
static char buf[100]; static char buf[100];
sprintf(buf, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain); snprintf(buf, 100, "<%8lx$%s@%s>", StringCRC32(msgid), currentgroup, CFG.sysdomain);
return buf; return buf;
} }
@ -216,6 +216,7 @@ void command_abhs(char *buf)
send_nntp("Newsgroups: %s", currentgroup); send_nntp("Newsgroups: %s", currentgroup);
asprintf(&subj,"Subject: %s", Msg.Subject); asprintf(&subj,"Subject: %s", Msg.Subject);
send_xlat(subj); send_xlat(subj);
free(subj);
send_nntp("Date: %s", rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60))); send_nntp("Date: %s", rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)));
send_nntp("Message-ID: %s", make_msgid(Msg.Msgid)); send_nntp("Message-ID: %s", make_msgid(Msg.Msgid));
if (strlen(Msg.Replyid)) if (strlen(Msg.Replyid))
@ -308,7 +309,7 @@ void command_group(char *cmd)
} }
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r"))) { if ((fp = fopen(temp, "r"))) {
fread(&msgshdr, sizeof(msgshdr), 1, fp); fread(&msgshdr, sizeof(msgshdr), 1, fp);
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) { while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
@ -322,7 +323,7 @@ void command_group(char *cmd)
Msg_Highest(); Msg_Highest();
Msg_Lowest(); Msg_Lowest();
send_nntp("211 %lu %lu %lu %s", MsgBase.Total, MsgBase.Lowest, MsgBase.Highest, msgs.Newsgroup); send_nntp("211 %lu %lu %lu %s", MsgBase.Total, MsgBase.Lowest, MsgBase.Highest, msgs.Newsgroup);
sprintf(currentgroup, "%s", msgs.Newsgroup); snprintf(currentgroup, 81, "%s", msgs.Newsgroup);
} else { } else {
send_nntp("411 No such news group"); send_nntp("411 No such news group");
} }
@ -363,7 +364,7 @@ void command_list(char *cmd)
if ((opt == NULL) || (strcasecmp(opt, "ACTIVE") == 0) || (strcasecmp(opt, "NEWSGROUPS") == 0)) { if ((opt == NULL) || (strcasecmp(opt, "ACTIVE") == 0) || (strcasecmp(opt, "NEWSGROUPS") == 0)) {
send_nntp("215 Information follows"); send_nntp("215 Information follows");
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/mareas.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r"))) { if ((fp = fopen(temp, "r"))) {
fread(&msgshdr, sizeof(msgshdr), 1, fp); fread(&msgshdr, sizeof(msgshdr), 1, fp);
while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) { while (fread(&msgs, msgshdr.recsize, 1, fp) == 1) {
@ -625,10 +626,10 @@ void command_xover(char *cmd)
} while ((p = (char *)MsgText_Next()) != NULL); } while ((p = (char *)MsgText_Next()) != NULL);
} }
} }
sprintf(msgid, "%s", make_msgid(Msg.Msgid)); snprintf(msgid, 100, "%s", make_msgid(Msg.Msgid));
reply[0] = 0; reply[0] = 0;
if (strlen(Msg.Replyid)) if (strlen(Msg.Replyid))
sprintf(reply, "%s", make_msgid(Msg.Replyid)); snprintf(reply, 100, "%s", make_msgid(Msg.Replyid));
send_nntp("%lu\t%s\t%s <%s>\t%s\t%s\t%s\t%d\t%d", i, Msg.Subject, Msg.From, Msg.FromAddress, send_nntp("%lu\t%s\t%s <%s>\t%s\t%s\t%s\t%d\t%d", i, Msg.Subject, Msg.From, Msg.FromAddress,
rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)), msgid, reply, bytecount, linecount); rfcdate(Msg.Written + (gmt_offset((time_t)0) * 60)), msgid, reply, bytecount, linecount);
} }

View File

@ -4,7 +4,7 @@
* Purpose ...............: MBSE BBS Mail Gate * Purpose ...............: MBSE BBS Mail Gate
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -46,7 +46,7 @@ void hash_update_n(unsigned long *id, unsigned long mod)
{ {
char buf[32]; char buf[32];
sprintf(buf,"%030lu",mod); snprintf(buf,32,"%030lu",mod);
*id ^= lh_strhash(buf); *id ^= lh_strhash(buf);
} }

View File

@ -4,7 +4,7 @@
* Purpose ...............: MBSE NNTP Server * Purpose ...............: MBSE NNTP Server
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -237,7 +237,7 @@ void send_nntp(const char *format, ...)
out = calloc(4096, sizeof(char)); out = calloc(4096, sizeof(char));
va_start(va_ptr, format); va_start(va_ptr, format);
vsprintf(out, format, va_ptr); vsnprintf(out, 4096, format, va_ptr);
va_end(va_ptr); va_end(va_ptr);
Syslog('n', "> \"%s\"", printable(out, 0)); Syslog('n', "> \"%s\"", printable(out, 0));

View File

@ -374,7 +374,7 @@ int rfc2ftn(FILE *fp)
datasize = 0; datasize = 0;
if (splitpart) { if (splitpart) {
sprintf(newsubj,"[part %d] ",splitpart+1); snprintf(newsubj,4 * (MAXSUBJ+1),"[part %d] ",splitpart+1);
strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj)); strncat(newsubj,fmsg->subj,MAXSUBJ-strlen(newsubj));
} else { } else {
strncpy(newsubj,fmsg->subj,MAXSUBJ); strncpy(newsubj,fmsg->subj,MAXSUBJ);
@ -465,7 +465,7 @@ int rfc2ftn(FILE *fp)
} }
if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) { if (!(hdr((char *)"X-FTN-Tearline", msg)) && !(hdr((char *)"X-FTN-TID", msg))) {
sprintf(temp, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU()); snprintf(temp, 4096, " MBSE-NNTPD %s (%s-%s)", VERSION, OsName(), OsCPU());
hdrsize += 4 + strlen(temp); hdrsize += 4 + strlen(temp);
fprintf(ofp, "\1TID:"); fprintf(ofp, "\1TID:");
kludgewrite(temp, ofp); kludgewrite(temp, ofp);
@ -623,12 +623,12 @@ int rfc2ftn(FILE *fp)
for (i = 0; i < 40; i++) { for (i = 0; i < 40; i++) {
if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) && if (CFG.akavalid[i] && (CFG.aka[i].point == 0) && (msgs.Aka.zone == CFG.aka[i].zone) &&
!((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) { !((msgs.Aka.net == CFG.aka[i].net) && (msgs.Aka.node == CFG.aka[i].node))) {
sprintf(sbe, "%u/%u", CFG.aka[i].net, CFG.aka[i].node); snprintf(sbe, 16, "%u/%u", CFG.aka[i].net, CFG.aka[i].node);
fill_list(&sbl, sbe, NULL); fill_list(&sbl, sbe, NULL);
} }
} }
if (msgs.Aka.point == 0) { if (msgs.Aka.point == 0) {
sprintf(sbe, "%u/%u", msgs.Aka.net, msgs.Aka.node); snprintf(sbe, 16, "%u/%u", msgs.Aka.net, msgs.Aka.node);
fill_list(&sbl, sbe, NULL); fill_list(&sbl, sbe, NULL);
} }
@ -644,15 +644,15 @@ int rfc2ftn(FILE *fp)
oldnet = sbl->addr->net-1; oldnet = sbl->addr->net-1;
for (tmpl = sbl; tmpl; tmpl = tmpl->next) { for (tmpl = sbl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet) if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node); snprintf(sbe,16," %u",tmpl->addr->node);
else else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net; oldnet = tmpl->addr->net;
seenlen += strlen(sbe); seenlen += strlen(sbe);
if (seenlen > MAXSEEN) { if (seenlen > MAXSEEN) {
seenlen = 0; seenlen = 0;
fprintf(ofp,"\nSEEN-BY:"); fprintf(ofp,"\nSEEN-BY:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe); seenlen = strlen(sbe);
} }
fprintf(ofp,"%s",sbe); fprintf(ofp,"%s",sbe);
@ -667,7 +667,7 @@ int rfc2ftn(FILE *fp)
if (!strcasecmp(tmp->key,"X-FTN-PATH")) if (!strcasecmp(tmp->key,"X-FTN-PATH"))
fill_path(&ptl,tmp->val); fill_path(&ptl,tmp->val);
if (msgs.Aka.point == 0) { if (msgs.Aka.point == 0) {
sprintf(sbe,"%u/%u",msgs.Aka.net, msgs.Aka.node); snprintf(sbe,16,"%u/%u",msgs.Aka.net, msgs.Aka.node);
fill_path(&ptl,sbe); fill_path(&ptl,sbe);
} }
@ -681,15 +681,15 @@ int rfc2ftn(FILE *fp)
oldnet = ptl->addr->net-1; oldnet = ptl->addr->net-1;
for (tmpl = ptl; tmpl; tmpl = tmpl->next) { for (tmpl = ptl; tmpl; tmpl = tmpl->next) {
if (tmpl->addr->net == oldnet) if (tmpl->addr->net == oldnet)
sprintf(sbe," %u",tmpl->addr->node); snprintf(sbe,16," %u",tmpl->addr->node);
else else
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
oldnet = tmpl->addr->net; oldnet = tmpl->addr->net;
seenlen += strlen(sbe); seenlen += strlen(sbe);
if (seenlen > MAXPATH) { if (seenlen > MAXPATH) {
seenlen = 0; seenlen = 0;
fprintf(ofp,"\n\1PATH:"); fprintf(ofp,"\n\1PATH:");
sprintf(sbe," %u/%u",tmpl->addr->net, tmpl->addr->node); snprintf(sbe,16," %u/%u",tmpl->addr->net, tmpl->addr->node);
seenlen = strlen(sbe); seenlen = strlen(sbe);
} }
fprintf(ofp,"%s",sbe); fprintf(ofp,"%s",sbe);
@ -744,7 +744,7 @@ int rfc2ftn(FILE *fp)
/* /*
* Create fast scan index * Create fast scan index
*/ */
sprintf(temp, "%s/tmp/echomail.jam", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/tmp/echomail.jam", getenv("MBSE_ROOT"));
if ((qfp = fopen(temp, "a")) != NULL) { if ((qfp = fopen(temp, "a")) != NULL) {
fprintf(qfp, "%s %lu\n", msgs.Base, Msg.Id); fprintf(qfp, "%s %lu\n", msgs.Base, Msg.Id);
fclose(qfp); fclose(qfp);
@ -776,7 +776,7 @@ int rfc2ftn(FILE *fp)
mgroup.MsgsSent.month[l_date->tm_mon]++; mgroup.MsgsSent.month[l_date->tm_mon]++;
UpdateMsgs(); UpdateMsgs();
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((qfp = fopen(temp, "r+"))) { if ((qfp = fopen(temp, "r+"))) {
fread(&usrconfighdr, sizeof(usrconfighdr), 1, qfp); fread(&usrconfighdr, sizeof(usrconfighdr), 1, qfp);
fseek(qfp, usrconfighdr.hdrsize + (grecno * usrconfighdr.recsize), SEEK_SET); fseek(qfp, usrconfighdr.hdrsize + (grecno * usrconfighdr.recsize), SEEK_SET);