From 818bb9e884da4d316dd866a8771411f33a857715 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Mon, 29 Aug 2005 10:59:47 +0000 Subject: [PATCH] Secured sprintf with snprintf --- mbsebbs/mbnewusr.c | 14 +++++------ mbsebbs/mbsebbs.c | 22 ++++++++--------- mbsebbs/menu.c | 22 ++++++++--------- mbsebbs/misc.c | 28 +++++++++++----------- mbsebbs/morefile.c | 6 ++--- mbsebbs/msgutil.c | 60 +++++++++++++++++++++++----------------------- mbsebbs/newuser.c | 40 +++++++++++++++---------------- 7 files changed, 96 insertions(+), 96 deletions(-) diff --git a/mbsebbs/mbnewusr.c b/mbsebbs/mbnewusr.c index 112e7779..f249535e 100644 --- a/mbsebbs/mbnewusr.c +++ b/mbsebbs/mbnewusr.c @@ -4,7 +4,7 @@ * Purpose ...............: New user registration * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -137,11 +137,11 @@ int main(int argc, char **argv) } if (strncmp("/dev/", tty, 5) == 0) - sprintf(pTTY, "%s", tty+5); + snprintf(pTTY, 15, "%s", tty+5); else if (*tty == '/') { tty = strrchr(ttyname(0), '/'); ++tty; - sprintf(pTTY, "%s", tty); + snprintf(pTTY, 15, "%s", tty); } umask(007); @@ -173,7 +173,7 @@ int main(int argc, char **argv) Fast_Bye(MBERR_OK); } - sprintf(temp, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); + snprintf(temp, 81, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); poutCR(YELLOW, BLACK, temp); pout(WHITE, BLACK, (char *)COPYRIGHT); Enter(2); @@ -181,7 +181,7 @@ int main(int argc, char **argv) /* * Check if this port is available. */ - sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((pTty = fopen(temp, "r")) == NULL) { WriteError("Can't read %s", temp); @@ -206,10 +206,10 @@ int main(int argc, char **argv) */ if (CFG.iConnectString) { /* Connected on port */ - sprintf(temp, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); + snprintf(temp, 81, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); pout(CYAN, BLACK, temp); /* on */ - sprintf(temp, "%s %s", (char *) Language(135), ctime(<ime)); + snprintf(temp, 81, "%s %s", (char *) Language(135), ctime(<ime)); PUTSTR(temp); Enter(1); } diff --git a/mbsebbs/mbsebbs.c b/mbsebbs/mbsebbs.c index bb308b5b..76ad323e 100644 --- a/mbsebbs/mbsebbs.c +++ b/mbsebbs/mbsebbs.c @@ -4,7 +4,7 @@ * Purpose ...............: Main startup * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -143,11 +143,11 @@ int main(int argc, char **argv) } if (strncmp("/dev/", tty, 5) == 0) - sprintf(pTTY, "%s", tty+5); + snprintf(pTTY, 15, "%s", tty+5); else if (*tty == '/') { tty = strrchr(ttyname(0), '/'); ++tty; - sprintf(pTTY, "%s", tty); + snprintf(pTTY, 15, "%s", tty); } umask(007); @@ -181,7 +181,7 @@ int main(int argc, char **argv) clear(); DisplayLogo(); - sprintf(temp, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); + snprintf(temp, 81, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); poutCR(YELLOW, BLACK, temp); pout(WHITE, BLACK, (char *)COPYRIGHT); Enter(2); @@ -190,9 +190,9 @@ int main(int argc, char **argv) * Check users homedirectory, some *nix systems let users in if no * homedirectory exists */ - sprintf(temp, "%s/%s", CFG.bbs_usersdir, sUnixName); + snprintf(temp, PATH_MAX, "%s/%s", CFG.bbs_usersdir, sUnixName); if (stat(temp, &sb)) { - sprintf(temp, "No homedirectory\r\n\r\n"); + snprintf(temp, 81, "No homedirectory\r\n\r\n"); PUTSTR(temp); WriteError("homedirectory %s doesn't exist", temp); Quick_Bye(MBERR_OK); @@ -202,7 +202,7 @@ int main(int argc, char **argv) * Check if this port is available. In iNode we set a fake * line number, this will be used by doors. */ - sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); if ((pTty = fopen(temp, "r")) == NULL) { WriteError("Can't read %s", temp); } else { @@ -216,7 +216,7 @@ int main(int argc, char **argv) if ((strcmp(ttyinfo.tty, pTTY) != 0) || (!ttyinfo.available)) { Syslog('+', "No BBS allowed on port \"%s\"", pTTY); - sprintf(temp, "No BBS on this port allowed!\r\n\r\n"); + snprintf(temp, 81, "No BBS on this port allowed!\r\n\r\n"); PUTSTR(temp); Free_Language(); Quick_Bye(MBERR_OK); @@ -227,10 +227,10 @@ int main(int argc, char **argv) */ if (CFG.iConnectString) { /* Connected on port */ - sprintf(temp, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); + snprintf(temp, 81, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); pout(CYAN, BLACK, temp); /* on */ - sprintf(temp, "%s %s", (char *) Language(135), ctime(<ime)); + snprintf(temp, 81, "%s %s", (char *) Language(135), ctime(<ime)); PUTSTR(temp); Enter(1); } @@ -243,7 +243,7 @@ int main(int argc, char **argv) /* Next is not usefull */ Syslog('b', "nl_langinfo(LC_CTYPE) returns \"%s\"", printable(nl_langinfo(LC_CTYPE), 0)); - sprintf(sMailbox, "mailbox"); + snprintf(sMailbox, 21, "mailbox"); colour(LIGHTGRAY, BLACK); user(); return 0; diff --git a/mbsebbs/menu.c b/mbsebbs/menu.c index 30bb7030..61eb696c 100644 --- a/mbsebbs/menu.c +++ b/mbsebbs/menu.c @@ -81,7 +81,7 @@ void InitMenu() memset(Menus[i], 0, 51); MenuLevel = 0; MenuError = 0; - sprintf(Menus[0], "%s", CFG.default_menu); + snprintf(Menus[0], 15, "%s", CFG.default_menu); } @@ -107,9 +107,9 @@ void menu() * Open menufile, first users language menu, if it fails * try to open the default menu. */ - sprintf(sMenuPathFileName,"%s/%s", lang.MenuPath, Menus[MenuLevel]); + snprintf(sMenuPathFileName, PATH_MAX, "%s/%s", lang.MenuPath, Menus[MenuLevel]); if ((pMenuFile = fopen(sMenuPathFileName, "r")) == NULL) { - sprintf(sMenuPathFileName,"%s/%s", CFG.bbs_menus, Menus[MenuLevel]); + snprintf(sMenuPathFileName, PATH_MAX, "%s/%s", CFG.bbs_menus, Menus[MenuLevel]); pMenuFile = fopen(sMenuPathFileName,"r"); if (pMenuFile != NULL) Syslog('b', "Menu %s (Default)", Menus[MenuLevel]); @@ -127,7 +127,7 @@ void menu() */ if (MenuError == 10) { WriteError("FATAL ERROR: Too many menu errors"); - sprintf(temp, "Too many menu errors, notifying Sysop\r\n\r\n"); + snprintf(temp, 81, "Too many menu errors, notifying Sysop\r\n\r\n"); PUTSTR(temp); sleep(3); die(MBERR_CONFIG_ERROR); @@ -180,7 +180,7 @@ void menu() if (IsSema((char *)"upsdown")) { fclose(pMenuFile); Syslog('+', "Kicking user out, upsdown semafore detected"); - sprintf(temp, "System power failure, closing the bbs"); + snprintf(temp, 81, "System power failure, closing the bbs"); PUTSTR(temp); Enter(2); sleep(3); @@ -191,7 +191,7 @@ void menu() * Check if SysOp wants to chat to user everytime user gets prompt. */ if (CFG.iChatPromptChk) { - sprintf(buf, "CISC:1,%d", mypid); + snprintf(buf, 81, "CISC:1,%d", mypid); if (socket_send(buf) == 0) { strcpy(buf, socket_receive()); if (strcmp(buf, "100:1,1;") == 0) { @@ -210,7 +210,7 @@ void menu() if (exitinfo.HotKeys) { Key = Readkey(); - sprintf(Input, "%c", Key); + snprintf(Input, 81, "%c", Key); Enter(1); } else { colour(CFG.InputColourF, CFG.InputColourB); @@ -302,7 +302,7 @@ void DoMenu(int Type) if (menus.OptionalData[x] == '~') { strcat(sPrompt, sUserTimeleft); } else { - sprintf(temp, "%c", menus.OptionalData[x]); + snprintf(temp, 81, "%c", menus.OptionalData[x]); strcat(sPrompt, temp); } } @@ -315,9 +315,9 @@ void DoMenu(int Type) else if (*(sPromptBak + x) == '^') strcat(sPrompt, sMsgAreaDesc); else if (*(sPromptBak + x) == '#') - sprintf(sPrompt, "%s%s", sPrompt, (char *) GetLocalHM()); + snprintf(sPrompt, 81, "%s%s", sPrompt, (char *) GetLocalHM()); else { - sprintf(temp, "%c", *(sPromptBak + x)); + snprintf(temp, 81, "%c", *(sPromptBak + x)); strcat(sPrompt, temp); } } @@ -384,7 +384,7 @@ void DoMenu(int Type) for (i = 0; i < strlen(menus.OptionalData); i++) if (*(menus.OptionalData + i) == '@') *(menus.OptionalData + i) = '\n'; - sprintf(temp, "%s\r\n", menus.OptionalData); + snprintf(temp, 81, "%s\r\n", menus.OptionalData); PUTSTR(temp); } break; diff --git a/mbsebbs/misc.c b/mbsebbs/misc.c index 7487da15..88129db0 100644 --- a/mbsebbs/misc.c +++ b/mbsebbs/misc.c @@ -69,7 +69,7 @@ int ChkFiles() /* * Check if users.data exists, if not create a new one. */ - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp,"rb")) == NULL) { if ((fp = fopen(temp,"wb")) == NULL) { WriteError("$Can't create %s", temp); @@ -88,7 +88,7 @@ int ChkFiles() /* * Check if sysinfo.data exists, if not, create a new one. */ - sprintf(temp, "%s/etc/sysinfo.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/sysinfo.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "rb")) == NULL) { if ((fp = fopen(temp, "wb")) == NULL) { WriteError("$ChkFiles: Can't create %s", temp); @@ -118,7 +118,7 @@ void DisplayLogo() temp = calloc(PATH_MAX, sizeof(char)); sString = calloc(1024, sizeof(char)); - sprintf(temp, "%s/%s", CFG.bbs_txtfiles, CFG.welcome_logo); + snprintf(temp, PATH_MAX, "%s/%s", CFG.bbs_txtfiles, CFG.welcome_logo); if ((pLogo = fopen(temp,"rb")) == NULL) WriteError("$DisplayLogo: Can't open %s", temp); else { @@ -156,11 +156,11 @@ void SaveLastCallers() * First check if we passed midnight, in that case we create a fresh file. */ sFileName = calloc(PATH_MAX, sizeof(char)); - sprintf(sFileName,"%s/etc/lastcall.data", getenv("MBSE_ROOT")); + snprintf(sFileName, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT")); stat(sFileName, &statfile); - sprintf(sFileDate,"%s", StrDateDMY(statfile.st_mtime)); - sprintf(sDate,"%s", (char *) GetDateDMY()); + snprintf(sFileDate, 9, "%s", StrDateDMY(statfile.st_mtime)); + snprintf(sDate, 9, "%s", (char *) GetDateDMY()); if ((strcmp(sDate,sFileDate)) != 0) { unlink(sFileName); @@ -192,11 +192,11 @@ void SaveLastCallers() } else { ReadExitinfo(); memset(&LCALL, 0, sizeof(LCALL)); - sprintf(LCALL.UserName,"%s", exitinfo.sUserName); - sprintf(LCALL.Handle,"%s", exitinfo.sHandle); - sprintf(LCALL.Name, "%s", exitinfo.Name); - sprintf(LCALL.TimeOn,"%s", StartTime); - sprintf(LCALL.Device,"%s", pTTY); + snprintf(LCALL.UserName, 36, "%s", exitinfo.sUserName); + snprintf(LCALL.Handle, 36, "%s", exitinfo.sHandle); + snprintf(LCALL.Name, 9, "%s", exitinfo.Name); + snprintf(LCALL.TimeOn, 6, "%s", StartTime); + snprintf(LCALL.Device, 10, "%s", pTTY); LCALL.SecLevel = exitinfo.Security.level; LCALL.Calls = exitinfo.iTotalCalls; LCALL.CallTime = exitinfo.iConnectTime; @@ -207,12 +207,12 @@ void SaveLastCallers() LCALL.Chat = LC_Chat; LCALL.Olr = LC_Olr; LCALL.Door = LC_Door; - sprintf(LCALL.Speed, "%s", ttyinfo.speed); + snprintf(LCALL.Speed, 21, "%s", ttyinfo.speed); /* If true then set hidden so it doesn't display in lastcallers function */ LCALL.Hidden = exitinfo.Hidden; - sprintf(LCALL.Location,"%s", exitinfo.sLocation); + snprintf(LCALL.Location, 28, "%s", exitinfo.sLocation); rewind(pGLC); /* ???????????? */ fwrite(&LCALL, sizeof(LCALL), 1, pGLC); @@ -230,7 +230,7 @@ char *GLCdate() Time_Now = time(NULL); l_date = localtime(&Time_Now); - sprintf(GLcdate,"%02d-", l_date->tm_mday); + snprintf(GLcdate, 15, "%02d-", l_date->tm_mday); strcat(GLcdate,GetMonth(l_date->tm_mon+1)); return(GLcdate); diff --git a/mbsebbs/morefile.c b/mbsebbs/morefile.c index 5e09040d..645230be 100644 --- a/mbsebbs/morefile.c +++ b/mbsebbs/morefile.c @@ -4,7 +4,7 @@ * Purpose ...............: Display file with more * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -49,7 +49,7 @@ int MoreFile(char *filename) maxlines = lines = exitinfo.iScreenLen - 2; if ((fptr = fopen(filename,"r")) == NULL) { - sprintf(Buf, "%s%s", (char *) Language(72), filename); + snprintf(Buf, 81, "%s%s", (char *) Language(72), filename); pout(LIGHTRED, BLACK, Buf); Enter(2); return(0); @@ -69,7 +69,7 @@ int MoreFile(char *filename) } if (lines == 0) { /* More (Y/n/=) */ - sprintf(Buf, " %sY\x08", (char *) Language(61)); + snprintf(Buf, 81, " %sY\x08", (char *) Language(61)); PUTSTR(Buf); alarm_on(); input = toupper(getchar()); diff --git a/mbsebbs/msgutil.c b/mbsebbs/msgutil.c index 75670862..c542f237 100644 --- a/mbsebbs/msgutil.c +++ b/mbsebbs/msgutil.c @@ -95,7 +95,7 @@ char *rfcdate(time_t now) hr=offset/60L; min=offset%60L; - sprintf(buf,"%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", + snprintf(buf,40,"%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", wdays[gtm.tm_wday],gtm.tm_mday,months[gtm.tm_mon], gtm.tm_year+1900,gtm.tm_hour,gtm.tm_min,gtm.tm_sec, sign,hr,min); @@ -167,55 +167,55 @@ void Add_Headkludges(faddr *dest, int IsReply) break; case NETMAIL: Msg.Netmail = TRUE; - sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); - sprintf(Msg.ToAddress, "%s", ascfnode(dest, 0x1f)); + snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka)); + snprintf(Msg.ToAddress, 101, "%s", ascfnode(dest, 0x1f)); if (msgs.Aka.point) { - sprintf(temp, "\001FMPT %d", msgs.Aka.point); + snprintf(temp, 128, "\001FMPT %d", msgs.Aka.point); MsgText_Add2(temp); } if (dest->point) { - sprintf(temp, "\001TOPT %d", dest->point); + snprintf(temp, 128, "\001TOPT %d", dest->point); MsgText_Add2(temp); } - sprintf(temp, "\001INTL %d:%d/%d %d:%d/%d", dest->zone, dest->net, + snprintf(temp, 128, "\001INTL %d:%d/%d %d:%d/%d", dest->zone, dest->net, dest->node, msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); MsgText_Add2(temp); break; case LIST: Msg.Echomail = TRUE; - sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); + snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka)); break; case ECHOMAIL: Msg.Echomail = TRUE; - sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); + snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka)); break; case NEWS: /* * Header style is the same as GoldED does. */ Msg.News = TRUE; - sprintf(temp, "\001Date: %s", rfcdate(Msg.Written)); + snprintf(temp, 101, "\001Date: %s", rfcdate(Msg.Written)); MsgText_Add2(temp); Node = fido2faddr(msgs.Aka); - sprintf(temp, "\001From: %s", Msg.From); + snprintf(temp, 101, "\001From: %s", Msg.From); MsgText_Add2(temp); - sprintf(temp, "\001Subject: %s", Msg.Subject); + snprintf(temp, 101, "\001Subject: %s", Msg.Subject); MsgText_Add2(temp); - sprintf(temp, "\001Sender: %s", Msg.From); + snprintf(temp, 101, "\001Sender: %s", Msg.From); MsgText_Add2(temp); tidy_faddr(Node); MsgText_Add2((char *)"\001To: All"); MsgText_Add2((char *)"\001MIME-Version: 1.0"); if (exitinfo.Charset != FTNC_NONE) { - sprintf(temp, "\001Content-Type: text/plain; charset=%s", getrfcchrs(exitinfo.Charset)); + snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=%s", getrfcchrs(exitinfo.Charset)); } else if (msgs.Charset != FTNC_NONE) { - sprintf(temp, "\001Content-Type: text/plain; charset=%s", getrfcchrs(msgs.Charset)); + snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=%s", getrfcchrs(msgs.Charset)); } else { - sprintf(temp, "\001Content-Type: text/plain; charset=iso8859-1"); + snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=iso8859-1"); } MsgText_Add2(temp); MsgText_Add2((char *)"\001Content-Transfer-Encoding: 8bit"); - sprintf(temp, "\001X-Mailreader: MBSE BBS %s", VERSION); + snprintf(temp, PATH_MAX, "\001X-Mailreader: MBSE BBS %s", VERSION); MsgText_Add2(temp); break; } @@ -224,29 +224,29 @@ void Add_Headkludges(faddr *dest, int IsReply) * Set the right charset kludge */ if (exitinfo.Charset != FTNC_NONE) { - sprintf(temp, "\001CHRS: %s", getftnchrs(exitinfo.Charset)); + snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(exitinfo.Charset)); } else if (msgs.Charset != FTNC_NONE) { - sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset)); + snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(msgs.Charset)); } else { - sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); + snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); } MsgText_Add2(temp); - sprintf(temp, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); + snprintf(temp, PATH_MAX, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); MsgText_Add2(temp); Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp)); if (IsReply) { - sprintf(temp, "\001REPLY: %s", Msg.Replyid); + snprintf(temp, PATH_MAX, "\001REPLY: %s", Msg.Replyid); MsgText_Add2(temp); crc = -1; Msg.ReplyCRC = upd_crc32(temp, crc, strlen(temp)); } else Msg.ReplyCRC = 0xffffffff; - sprintf(temp, "\001PID: MBSE-BBS %s (%s-%s)", VERSION, OsName(), OsCPU()); + snprintf(temp, PATH_MAX, "\001PID: MBSE-BBS %s (%s-%s)", VERSION, OsName(), OsCPU()); MsgText_Add2(temp); tt = time(NULL); - sprintf(temp, "\001TZUTC: %s", gmtoffset(tt)); + snprintf(temp, PATH_MAX, "\001TZUTC: %s", gmtoffset(tt)); MsgText_Add2(temp); free(temp); } @@ -270,7 +270,7 @@ void Add_Footkludges(int Quote, char *tear, int HasTear) * If Quote (message entered at the bbs) we append a signature. */ if (Quote) { - sprintf(temp, "%s/%s/.signature", CFG.bbs_usersdir, exitinfo.Name); + snprintf(temp, PATH_MAX, "%s/%s/.signature", CFG.bbs_usersdir, exitinfo.Name); if ((fp = fopen(temp, "r"))) { MsgText_Add2((char *)""); while (fgets(temp, 80, fp)) { @@ -283,7 +283,7 @@ void Add_Footkludges(int Quote, char *tear, int HasTear) } if (msgs.Quotes && Quote) { - sprintf(temp, "... %s", Oneliner_Get()); + snprintf(temp, 81, "... %s", Oneliner_Get()); MsgText_Add2(temp); MsgText_Add2((char *)""); } @@ -295,21 +295,21 @@ void Add_Footkludges(int Quote, char *tear, int HasTear) if (tear == NULL) { MsgText_Add2(TearLine()); } else { - sprintf(temp, "--- %s", tear); + snprintf(temp, 81, "--- %s", tear); MsgText_Add2(temp); } } if ((msgs.Type == ECHOMAIL) || (msgs.Type == LIST)) { if (msgs.Aka.point) - sprintf(aka, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); + snprintf(aka, 32, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); else - sprintf(aka, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); + snprintf(aka, 32, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); if (strlen(msgs.Origin)) - sprintf(temp, " * Origin: %s %s", msgs.Origin, aka); + snprintf(temp, 81, " * Origin: %s %s", msgs.Origin, aka); else - sprintf(temp, " * Origin: %s %s", CFG.origin, aka); + snprintf(temp, 81, " * Origin: %s %s", CFG.origin, aka); MsgText_Add2(temp); } diff --git a/mbsebbs/newuser.c b/mbsebbs/newuser.c index 23a7087e..e9bea5b8 100644 --- a/mbsebbs/newuser.c +++ b/mbsebbs/newuser.c @@ -176,7 +176,7 @@ int newuser() Enter(2); /* Your password must contain at least */ language(LIGHTRED, BLACK, 42); - sprintf(temp, "%d ", CFG.password_length); + snprintf(temp, 81, "%d ", CFG.password_length); PUTSTR(temp); /* characters! Try again. */ language(WHITE, BLACK, 43); @@ -185,9 +185,9 @@ int newuser() } memset(&usrconfig.Password, 0, sizeof(usrconfig.Password)); - sprintf(usrconfig.Password, "%s", temp2); + snprintf(usrconfig.Password, Max_passlen +1, "%s", temp2); alarm_on(); - sprintf(UnixName, "%s", (char *) NameCreate(NameGen(FullName), FullName, temp2)); + snprintf(UnixName, 9, "%s", (char *) NameCreate(NameGen(FullName), FullName, temp2)); UserCity(mypid, UnixName, (char *)"Unknown"); strcpy(usrconfig.sUserName, FullName); @@ -293,7 +293,7 @@ int newuser() /* Please enter a longer location */ language(LIGHTRED, BLACK, 50); Enter(1); - sprintf(temp, "%s%d)", (char *) Language(74), CFG.CityLen); + snprintf(temp, 81, "%s%d)", (char *) Language(74), CFG.CityLen); PUTSTR(temp); Enter(1); } else { @@ -311,7 +311,7 @@ int newuser() language(LIGHTMAGENTA, BLACK, 474); Enter(1); for (i = 0; i < 3; i++) { - sprintf(temp, "%d: ", i+1); + snprintf(temp, 81, "%d: ", i+1); pout(YELLOW, BLACK, temp); colour(CFG.InputColourF, CFG.InputColourB); alarm_on(); @@ -364,13 +364,13 @@ int newuser() if (i == Keystroke(51, 0)) { /* Male */ - sprintf(usrconfig.sSex, "Male"); + snprintf(usrconfig.sSex, 8, "Male"); pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(52)); Enter(1); break; } else if (i == Keystroke(51, 1)) { /* Female */ - sprintf(usrconfig.sSex, "Female"); + snprintf(usrconfig.sSex, 8, "Female"); pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(53)); Enter(1); break; @@ -382,7 +382,7 @@ int newuser() } } } else /* End of if Statement */ - sprintf(usrconfig.sSex, "Unknown"); /* If set off, set to Unknown */ + snprintf(usrconfig.sSex, 8, "Unknown"); /* If set off, set to Unknown */ if (CFG.iDOB) { while (TRUE) { @@ -393,10 +393,10 @@ int newuser() alarm_on(); GetDate(temp, 10); - sprintf(temp1, "%c%c%c%c", temp[6], temp[7], temp[8], temp[9]); - sprintf(temp2, "%02d", l_date->tm_year); + snprintf(temp1, 81, "%c%c%c%c", temp[6], temp[7], temp[8], temp[9]); + snprintf(temp2, 81, "%02d", l_date->tm_year); iLang = atoi(temp2) + 1900; - sprintf(temp2, "%04d", iLang); + snprintf(temp2, 81, "%04d", iLang); if ((strcmp(temp1,temp2)) == 0) { Enter(1); @@ -472,7 +472,7 @@ int newuser() usrconfig.iLastFileArea = 1; usrconfig.iLastMsgArea = 1; - sprintf(usrconfig.sProtocol, "%s", (char *) Language(65)); + snprintf(usrconfig.sProtocol, 21, "%s", (char *) Language(65)); usrconfig.DoNotDisturb = FALSE; switch (CFG.AskNewmail) { @@ -537,7 +537,7 @@ int newuser() /* * Search a free slot in the users datafile */ - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((pUsrConfig = fopen(temp, "r+")) == NULL) { WriteError("Can't open file: %s", temp); ExitClient(MBERR_GENERAL); @@ -572,7 +572,7 @@ int newuser() /* Login Name : */ pout(LIGHTBLUE, BLACK, (char *) Language(68)); colour(CYAN, BLACK); - sprintf(temp, "%s (%s)", UnixName, FullName); + snprintf(temp, 81, "%s (%s)", UnixName, FullName); PUTSTR(temp); Enter(1); /* Password : */ @@ -622,7 +622,7 @@ void Fast_Bye(int onsig) socket_shutdown(mypid); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/tmp/mbnewusr%d", getenv("MBSE_ROOT"), getpid()); + snprintf(temp, PATH_MAX, "%s/tmp/mbnewusr%d", getenv("MBSE_ROOT"), getpid()); unlink(temp); free(temp); @@ -703,8 +703,8 @@ char *NameCreate(char *Name, char *Comment, char *Password) * Call mbuseradd, this is a special setuid root program to create * unix acounts and home directories. */ - sprintf(progname, "%s/bin/mbuseradd", getenv("MBSE_ROOT")); - sprintf(gidstr, "%d", getgid()); + snprintf(progname, PATH_MAX, "%s/bin/mbuseradd", getenv("MBSE_ROOT")); + snprintf(gidstr, 10, "%d", getgid()); args[0] = progname; args[1] = gidstr; args[2] = Name; @@ -720,7 +720,7 @@ char *NameCreate(char *Name, char *Comment, char *Password) } free(gidstr); - sprintf(progname, "%s/bin/mbpasswd", getenv("MBSE_ROOT")); + snprintf(progname, PATH_MAX, "%s/bin/mbpasswd", getenv("MBSE_ROOT")); memset(args, 0, sizeof(args)); args[0] = progname; args[1] = Name; @@ -759,7 +759,7 @@ int BadNames(char *Username) strcpy(User, tl(Username)); - sprintf(temp, "%s/etc/badnames.ctl", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/badnames.ctl", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) != NULL) { while ((fgets(String, 80, fp)) != NULL) { strcpy(String, tl(String)); @@ -799,7 +799,7 @@ int TelephoneScan(char *Number, char *Name) temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp,"rb")) != NULL) { fread(&uhdr, sizeof(uhdr), 1, fp);