bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Secured sprintf with snprintf

Browse Source
This commit is contained in:
Michiel Broek 2005-08-29 10:59:47 +00:00
parent e0fcfc4f59
commit 818bb9e884
7 changed files with 96 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
mbsebbs/mbnewusr.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: New user registration * Purpose ...............: New user registration
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -137,11 +137,11 @@ int main(int argc, char **argv)
} }
if (strncmp("/dev/", tty, 5) == 0) if (strncmp("/dev/", tty, 5) == 0)
sprintf(pTTY, "%s", tty+5); snprintf(pTTY, 15, "%s", tty+5);
else if (*tty == '/') { else if (*tty == '/') {
tty = strrchr(ttyname(0), '/'); tty = strrchr(ttyname(0), '/');
++tty; ++tty;
sprintf(pTTY, "%s", tty); snprintf(pTTY, 15, "%s", tty);
} }
umask(007); umask(007);
@ -173,7 +173,7 @@ int main(int argc, char **argv)
Fast_Bye(MBERR_OK); Fast_Bye(MBERR_OK);
} }
sprintf(temp, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); snprintf(temp, 81, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU());
poutCR(YELLOW, BLACK, temp); poutCR(YELLOW, BLACK, temp);
pout(WHITE, BLACK, (char *)COPYRIGHT); pout(WHITE, BLACK, (char *)COPYRIGHT);
Enter(2); Enter(2);
@ -181,7 +181,7 @@ int main(int argc, char **argv)
/* /*
* Check if this port is available. * Check if this port is available.
*/ */
sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
if ((pTty = fopen(temp, "r")) == NULL) { if ((pTty = fopen(temp, "r")) == NULL) {
WriteError("Can't read %s", temp); WriteError("Can't read %s", temp);
@ -206,10 +206,10 @@ int main(int argc, char **argv)
*/ */
if (CFG.iConnectString) { if (CFG.iConnectString) {
/* Connected on port */ /* Connected on port */
sprintf(temp, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); snprintf(temp, 81, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment);
pout(CYAN, BLACK, temp); pout(CYAN, BLACK, temp);
/* on */ /* on */
sprintf(temp, "%s %s", (char *) Language(135), ctime(&ltime)); snprintf(temp, 81, "%s %s", (char *) Language(135), ctime(&ltime));
PUTSTR(temp); PUTSTR(temp);
Enter(1); Enter(1);
} }

22
mbsebbs/mbsebbs.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Main startup * Purpose ...............: Main startup
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -143,11 +143,11 @@ int main(int argc, char **argv)
} }
if (strncmp("/dev/", tty, 5) == 0) if (strncmp("/dev/", tty, 5) == 0)
sprintf(pTTY, "%s", tty+5); snprintf(pTTY, 15, "%s", tty+5);
else if (*tty == '/') { else if (*tty == '/') {
tty = strrchr(ttyname(0), '/'); tty = strrchr(ttyname(0), '/');
++tty; ++tty;
sprintf(pTTY, "%s", tty); snprintf(pTTY, 15, "%s", tty);
} }
umask(007); umask(007);
@ -181,7 +181,7 @@ int main(int argc, char **argv)
clear(); clear();
DisplayLogo(); DisplayLogo();
sprintf(temp, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU()); snprintf(temp, 81, "MBSE BBS v%s (Release: %s) on %s/%s", VERSION, ReleaseDate, OsName(), OsCPU());
poutCR(YELLOW, BLACK, temp); poutCR(YELLOW, BLACK, temp);
pout(WHITE, BLACK, (char *)COPYRIGHT); pout(WHITE, BLACK, (char *)COPYRIGHT);
Enter(2); Enter(2);
@ -190,9 +190,9 @@ int main(int argc, char **argv)
* Check users homedirectory, some *nix systems let users in if no * Check users homedirectory, some *nix systems let users in if no
* homedirectory exists * homedirectory exists
*/ */
sprintf(temp, "%s/%s", CFG.bbs_usersdir, sUnixName); snprintf(temp, PATH_MAX, "%s/%s", CFG.bbs_usersdir, sUnixName);
if (stat(temp, &sb)) { if (stat(temp, &sb)) {
sprintf(temp, "No homedirectory\r\n\r\n"); snprintf(temp, 81, "No homedirectory\r\n\r\n");
PUTSTR(temp); PUTSTR(temp);
WriteError("homedirectory %s doesn't exist", temp); WriteError("homedirectory %s doesn't exist", temp);
Quick_Bye(MBERR_OK); Quick_Bye(MBERR_OK);
@ -202,7 +202,7 @@ int main(int argc, char **argv)
* Check if this port is available. In iNode we set a fake * Check if this port is available. In iNode we set a fake
* line number, this will be used by doors. * line number, this will be used by doors.
*/ */
sprintf(temp, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/ttyinfo.data", getenv("MBSE_ROOT"));
if ((pTty = fopen(temp, "r")) == NULL) { if ((pTty = fopen(temp, "r")) == NULL) {
WriteError("Can't read %s", temp); WriteError("Can't read %s", temp);
} else { } else {
@ -216,7 +216,7 @@ int main(int argc, char **argv)
if ((strcmp(ttyinfo.tty, pTTY) != 0) || (!ttyinfo.available)) { if ((strcmp(ttyinfo.tty, pTTY) != 0) || (!ttyinfo.available)) {
Syslog('+', "No BBS allowed on port \"%s\"", pTTY); Syslog('+', "No BBS allowed on port \"%s\"", pTTY);
sprintf(temp, "No BBS on this port allowed!\r\n\r\n"); snprintf(temp, 81, "No BBS on this port allowed!\r\n\r\n");
PUTSTR(temp); PUTSTR(temp);
Free_Language(); Free_Language();
Quick_Bye(MBERR_OK); Quick_Bye(MBERR_OK);
@ -227,10 +227,10 @@ int main(int argc, char **argv)
*/ */
if (CFG.iConnectString) { if (CFG.iConnectString) {
/* Connected on port */ /* Connected on port */
sprintf(temp, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment); snprintf(temp, 81, "%s\"%s\" ", (char *) Language(348), ttyinfo.comment);
pout(CYAN, BLACK, temp); pout(CYAN, BLACK, temp);
/* on */ /* on */
sprintf(temp, "%s %s", (char *) Language(135), ctime(&ltime)); snprintf(temp, 81, "%s %s", (char *) Language(135), ctime(&ltime));
PUTSTR(temp); PUTSTR(temp);
Enter(1); Enter(1);
} }
@ -243,7 +243,7 @@ int main(int argc, char **argv)
/* Next is not usefull */ /* Next is not usefull */
Syslog('b', "nl_langinfo(LC_CTYPE) returns \"%s\"", printable(nl_langinfo(LC_CTYPE), 0)); Syslog('b', "nl_langinfo(LC_CTYPE) returns \"%s\"", printable(nl_langinfo(LC_CTYPE), 0));
sprintf(sMailbox, "mailbox"); snprintf(sMailbox, 21, "mailbox");
colour(LIGHTGRAY, BLACK); colour(LIGHTGRAY, BLACK);
user(); user();
return 0; return 0;

22
mbsebbs/menu.c
View File

@ -81,7 +81,7 @@ void InitMenu()
memset(Menus[i], 0, 51); memset(Menus[i], 0, 51);
MenuLevel = 0; MenuLevel = 0;
MenuError = 0; MenuError = 0;
sprintf(Menus[0], "%s", CFG.default_menu); snprintf(Menus[0], 15, "%s", CFG.default_menu);
} }
@ -107,9 +107,9 @@ void menu()
* Open menufile, first users language menu, if it fails * Open menufile, first users language menu, if it fails
* try to open the default menu. * try to open the default menu.
*/ */
sprintf(sMenuPathFileName,"%s/%s", lang.MenuPath, Menus[MenuLevel]); snprintf(sMenuPathFileName, PATH_MAX, "%s/%s", lang.MenuPath, Menus[MenuLevel]);
if ((pMenuFile = fopen(sMenuPathFileName, "r")) == NULL) { if ((pMenuFile = fopen(sMenuPathFileName, "r")) == NULL) {
sprintf(sMenuPathFileName,"%s/%s", CFG.bbs_menus, Menus[MenuLevel]); snprintf(sMenuPathFileName, PATH_MAX, "%s/%s", CFG.bbs_menus, Menus[MenuLevel]);
pMenuFile = fopen(sMenuPathFileName,"r"); pMenuFile = fopen(sMenuPathFileName,"r");
if (pMenuFile != NULL) if (pMenuFile != NULL)
Syslog('b', "Menu %s (Default)", Menus[MenuLevel]); Syslog('b', "Menu %s (Default)", Menus[MenuLevel]);
@ -127,7 +127,7 @@ void menu()
*/ */
if (MenuError == 10) { if (MenuError == 10) {
WriteError("FATAL ERROR: Too many menu errors"); WriteError("FATAL ERROR: Too many menu errors");
sprintf(temp, "Too many menu errors, notifying Sysop\r\n\r\n"); snprintf(temp, 81, "Too many menu errors, notifying Sysop\r\n\r\n");
PUTSTR(temp); PUTSTR(temp);
sleep(3); sleep(3);
die(MBERR_CONFIG_ERROR); die(MBERR_CONFIG_ERROR);
@ -180,7 +180,7 @@ void menu()
if (IsSema((char *)"upsdown")) { if (IsSema((char *)"upsdown")) {
fclose(pMenuFile); fclose(pMenuFile);
Syslog('+', "Kicking user out, upsdown semafore detected"); Syslog('+', "Kicking user out, upsdown semafore detected");
sprintf(temp, "System power failure, closing the bbs"); snprintf(temp, 81, "System power failure, closing the bbs");
PUTSTR(temp); PUTSTR(temp);
Enter(2); Enter(2);
sleep(3); sleep(3);
@ -191,7 +191,7 @@ void menu()
* Check if SysOp wants to chat to user everytime user gets prompt. * Check if SysOp wants to chat to user everytime user gets prompt.
*/ */
if (CFG.iChatPromptChk) { if (CFG.iChatPromptChk) {
sprintf(buf, "CISC:1,%d", mypid); snprintf(buf, 81, "CISC:1,%d", mypid);
if (socket_send(buf) == 0) { if (socket_send(buf) == 0) {
strcpy(buf, socket_receive()); strcpy(buf, socket_receive());
if (strcmp(buf, "100:1,1;") == 0) { if (strcmp(buf, "100:1,1;") == 0) {
@ -210,7 +210,7 @@ void menu()
if (exitinfo.HotKeys) { if (exitinfo.HotKeys) {
Key = Readkey(); Key = Readkey();
sprintf(Input, "%c", Key); snprintf(Input, 81, "%c", Key);
Enter(1); Enter(1);
} else { } else {
colour(CFG.InputColourF, CFG.InputColourB); colour(CFG.InputColourF, CFG.InputColourB);
@ -302,7 +302,7 @@ void DoMenu(int Type)
if (menus.OptionalData[x] == '~') { if (menus.OptionalData[x] == '~') {
strcat(sPrompt, sUserTimeleft); strcat(sPrompt, sUserTimeleft);
} else { } else {
sprintf(temp, "%c", menus.OptionalData[x]); snprintf(temp, 81, "%c", menus.OptionalData[x]);
strcat(sPrompt, temp); strcat(sPrompt, temp);
} }
} }
@ -315,9 +315,9 @@ void DoMenu(int Type)
else if (*(sPromptBak + x) == '^') else if (*(sPromptBak + x) == '^')
strcat(sPrompt, sMsgAreaDesc); strcat(sPrompt, sMsgAreaDesc);
else if (*(sPromptBak + x) == '#') else if (*(sPromptBak + x) == '#')
sprintf(sPrompt, "%s%s", sPrompt, (char *) GetLocalHM()); snprintf(sPrompt, 81, "%s%s", sPrompt, (char *) GetLocalHM());
else { else {
sprintf(temp, "%c", *(sPromptBak + x)); snprintf(temp, 81, "%c", *(sPromptBak + x));
strcat(sPrompt, temp); strcat(sPrompt, temp);
} }
} }
@ -384,7 +384,7 @@ void DoMenu(int Type)
for (i = 0; i < strlen(menus.OptionalData); i++) for (i = 0; i < strlen(menus.OptionalData); i++)
if (*(menus.OptionalData + i) == '@') if (*(menus.OptionalData + i) == '@')
*(menus.OptionalData + i) = '\n'; *(menus.OptionalData + i) = '\n';
sprintf(temp, "%s\r\n", menus.OptionalData); snprintf(temp, 81, "%s\r\n", menus.OptionalData);
PUTSTR(temp); PUTSTR(temp);
} }
break; break;

28
mbsebbs/misc.c
View File

@ -69,7 +69,7 @@ int ChkFiles()
/* /*
* Check if users.data exists, if not create a new one. * Check if users.data exists, if not create a new one.
*/ */
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp,"rb")) == NULL) { if ((fp = fopen(temp,"rb")) == NULL) {
if ((fp = fopen(temp,"wb")) == NULL) { if ((fp = fopen(temp,"wb")) == NULL) {
WriteError("$Can't create %s", temp); WriteError("$Can't create %s", temp);
@ -88,7 +88,7 @@ int ChkFiles()
/* /*
* Check if sysinfo.data exists, if not, create a new one. * Check if sysinfo.data exists, if not, create a new one.
*/ */
sprintf(temp, "%s/etc/sysinfo.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/sysinfo.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "rb")) == NULL) { if ((fp = fopen(temp, "rb")) == NULL) {
if ((fp = fopen(temp, "wb")) == NULL) { if ((fp = fopen(temp, "wb")) == NULL) {
WriteError("$ChkFiles: Can't create %s", temp); WriteError("$ChkFiles: Can't create %s", temp);
@ -118,7 +118,7 @@ void DisplayLogo()
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sString = calloc(1024, sizeof(char)); sString = calloc(1024, sizeof(char));
sprintf(temp, "%s/%s", CFG.bbs_txtfiles, CFG.welcome_logo); snprintf(temp, PATH_MAX, "%s/%s", CFG.bbs_txtfiles, CFG.welcome_logo);
if ((pLogo = fopen(temp,"rb")) == NULL) if ((pLogo = fopen(temp,"rb")) == NULL)
WriteError("$DisplayLogo: Can't open %s", temp); WriteError("$DisplayLogo: Can't open %s", temp);
else { else {
@ -156,11 +156,11 @@ void SaveLastCallers()
* First check if we passed midnight, in that case we create a fresh file. * First check if we passed midnight, in that case we create a fresh file.
*/ */
sFileName = calloc(PATH_MAX, sizeof(char)); sFileName = calloc(PATH_MAX, sizeof(char));
sprintf(sFileName,"%s/etc/lastcall.data", getenv("MBSE_ROOT")); snprintf(sFileName, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT"));
stat(sFileName, &statfile); stat(sFileName, &statfile);
sprintf(sFileDate,"%s", StrDateDMY(statfile.st_mtime)); snprintf(sFileDate, 9, "%s", StrDateDMY(statfile.st_mtime));
sprintf(sDate,"%s", (char *) GetDateDMY()); snprintf(sDate, 9, "%s", (char *) GetDateDMY());
if ((strcmp(sDate,sFileDate)) != 0) { if ((strcmp(sDate,sFileDate)) != 0) {
unlink(sFileName); unlink(sFileName);
@ -192,11 +192,11 @@ void SaveLastCallers()
} else { } else {
ReadExitinfo(); ReadExitinfo();
memset(&LCALL, 0, sizeof(LCALL)); memset(&LCALL, 0, sizeof(LCALL));
sprintf(LCALL.UserName,"%s", exitinfo.sUserName); snprintf(LCALL.UserName, 36, "%s", exitinfo.sUserName);
sprintf(LCALL.Handle,"%s", exitinfo.sHandle); snprintf(LCALL.Handle, 36, "%s", exitinfo.sHandle);
sprintf(LCALL.Name, "%s", exitinfo.Name); snprintf(LCALL.Name, 9, "%s", exitinfo.Name);
sprintf(LCALL.TimeOn,"%s", StartTime); snprintf(LCALL.TimeOn, 6, "%s", StartTime);
sprintf(LCALL.Device,"%s", pTTY); snprintf(LCALL.Device, 10, "%s", pTTY);
LCALL.SecLevel = exitinfo.Security.level; LCALL.SecLevel = exitinfo.Security.level;
LCALL.Calls = exitinfo.iTotalCalls; LCALL.Calls = exitinfo.iTotalCalls;
LCALL.CallTime = exitinfo.iConnectTime; LCALL.CallTime = exitinfo.iConnectTime;
@ -207,12 +207,12 @@ void SaveLastCallers()
LCALL.Chat = LC_Chat; LCALL.Chat = LC_Chat;
LCALL.Olr = LC_Olr; LCALL.Olr = LC_Olr;
LCALL.Door = LC_Door; LCALL.Door = LC_Door;
sprintf(LCALL.Speed, "%s", ttyinfo.speed); snprintf(LCALL.Speed, 21, "%s", ttyinfo.speed);
/* If true then set hidden so it doesn't display in lastcallers function */ /* If true then set hidden so it doesn't display in lastcallers function */
LCALL.Hidden = exitinfo.Hidden; LCALL.Hidden = exitinfo.Hidden;
sprintf(LCALL.Location,"%s", exitinfo.sLocation); snprintf(LCALL.Location, 28, "%s", exitinfo.sLocation);
rewind(pGLC); /* ???????????? */ rewind(pGLC); /* ???????????? */
fwrite(&LCALL, sizeof(LCALL), 1, pGLC); fwrite(&LCALL, sizeof(LCALL), 1, pGLC);
@ -230,7 +230,7 @@ char *GLCdate()
Time_Now = time(NULL); Time_Now = time(NULL);
l_date = localtime(&Time_Now); l_date = localtime(&Time_Now);
sprintf(GLcdate,"%02d-", l_date->tm_mday); snprintf(GLcdate, 15, "%02d-", l_date->tm_mday);
strcat(GLcdate,GetMonth(l_date->tm_mon+1)); strcat(GLcdate,GetMonth(l_date->tm_mon+1));
return(GLcdate); return(GLcdate);

6
mbsebbs/morefile.c
View File

@ -4,7 +4,7 @@
* Purpose ...............: Display file with more * Purpose ...............: Display file with more
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -49,7 +49,7 @@ int MoreFile(char *filename)
maxlines = lines = exitinfo.iScreenLen - 2; maxlines = lines = exitinfo.iScreenLen - 2;
if ((fptr = fopen(filename,"r")) == NULL) { if ((fptr = fopen(filename,"r")) == NULL) {
sprintf(Buf, "%s%s", (char *) Language(72), filename); snprintf(Buf, 81, "%s%s", (char *) Language(72), filename);
pout(LIGHTRED, BLACK, Buf); pout(LIGHTRED, BLACK, Buf);
Enter(2); Enter(2);
return(0); return(0);
@ -69,7 +69,7 @@ int MoreFile(char *filename)
} }
if (lines == 0) { if (lines == 0) {
/* More (Y/n/=) */ /* More (Y/n/=) */
sprintf(Buf, " %sY\x08", (char *) Language(61)); snprintf(Buf, 81, " %sY\x08", (char *) Language(61));
PUTSTR(Buf); PUTSTR(Buf);
alarm_on(); alarm_on();
input = toupper(getchar()); input = toupper(getchar());

60
mbsebbs/msgutil.c
View File

@ -95,7 +95,7 @@ char *rfcdate(time_t now)
hr=offset/60L; hr=offset/60L;
min=offset%60L; min=offset%60L;
sprintf(buf,"%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d", snprintf(buf,40,"%s, %02d %s %04d %02d:%02d:%02d %c%02d%02d",
wdays[gtm.tm_wday],gtm.tm_mday,months[gtm.tm_mon], wdays[gtm.tm_wday],gtm.tm_mday,months[gtm.tm_mon],
gtm.tm_year+1900,gtm.tm_hour,gtm.tm_min,gtm.tm_sec, gtm.tm_year+1900,gtm.tm_hour,gtm.tm_min,gtm.tm_sec,
sign,hr,min); sign,hr,min);
@ -167,55 +167,55 @@ void Add_Headkludges(faddr *dest, int IsReply)
break; break;
case NETMAIL: Msg.Netmail = TRUE; case NETMAIL: Msg.Netmail = TRUE;
sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka));
sprintf(Msg.ToAddress, "%s", ascfnode(dest, 0x1f)); snprintf(Msg.ToAddress, 101, "%s", ascfnode(dest, 0x1f));
if (msgs.Aka.point) { if (msgs.Aka.point) {
sprintf(temp, "\001FMPT %d", msgs.Aka.point); snprintf(temp, 128, "\001FMPT %d", msgs.Aka.point);
MsgText_Add2(temp); MsgText_Add2(temp);
} }
if (dest->point) { if (dest->point) {
sprintf(temp, "\001TOPT %d", dest->point); snprintf(temp, 128, "\001TOPT %d", dest->point);
MsgText_Add2(temp); MsgText_Add2(temp);
} }
sprintf(temp, "\001INTL %d:%d/%d %d:%d/%d", dest->zone, dest->net, snprintf(temp, 128, "\001INTL %d:%d/%d %d:%d/%d", dest->zone, dest->net,
dest->node, msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); dest->node, msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node);
MsgText_Add2(temp); MsgText_Add2(temp);
break; break;
case LIST: Msg.Echomail = TRUE; case LIST: Msg.Echomail = TRUE;
sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka));
break; break;
case ECHOMAIL: Msg.Echomail = TRUE; case ECHOMAIL: Msg.Echomail = TRUE;
sprintf(Msg.FromAddress, "%s", aka2str(msgs.Aka)); snprintf(Msg.FromAddress, 101, "%s", aka2str(msgs.Aka));
break; break;
case NEWS: /* case NEWS: /*
* Header style is the same as GoldED does. * Header style is the same as GoldED does.
*/ */
Msg.News = TRUE; Msg.News = TRUE;
sprintf(temp, "\001Date: %s", rfcdate(Msg.Written)); snprintf(temp, 101, "\001Date: %s", rfcdate(Msg.Written));
MsgText_Add2(temp); MsgText_Add2(temp);
Node = fido2faddr(msgs.Aka); Node = fido2faddr(msgs.Aka);
sprintf(temp, "\001From: %s", Msg.From); snprintf(temp, 101, "\001From: %s", Msg.From);
MsgText_Add2(temp); MsgText_Add2(temp);
sprintf(temp, "\001Subject: %s", Msg.Subject); snprintf(temp, 101, "\001Subject: %s", Msg.Subject);
MsgText_Add2(temp); MsgText_Add2(temp);
sprintf(temp, "\001Sender: %s", Msg.From); snprintf(temp, 101, "\001Sender: %s", Msg.From);
MsgText_Add2(temp); MsgText_Add2(temp);
tidy_faddr(Node); tidy_faddr(Node);
MsgText_Add2((char *)"\001To: All"); MsgText_Add2((char *)"\001To: All");
MsgText_Add2((char *)"\001MIME-Version: 1.0"); MsgText_Add2((char *)"\001MIME-Version: 1.0");
if (exitinfo.Charset != FTNC_NONE) { if (exitinfo.Charset != FTNC_NONE) {
sprintf(temp, "\001Content-Type: text/plain; charset=%s", getrfcchrs(exitinfo.Charset)); snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=%s", getrfcchrs(exitinfo.Charset));
} else if (msgs.Charset != FTNC_NONE) { } else if (msgs.Charset != FTNC_NONE) {
sprintf(temp, "\001Content-Type: text/plain; charset=%s", getrfcchrs(msgs.Charset)); snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=%s", getrfcchrs(msgs.Charset));
} else { } else {
sprintf(temp, "\001Content-Type: text/plain; charset=iso8859-1"); snprintf(temp, PATH_MAX, "\001Content-Type: text/plain; charset=iso8859-1");
} }
MsgText_Add2(temp); MsgText_Add2(temp);
MsgText_Add2((char *)"\001Content-Transfer-Encoding: 8bit"); MsgText_Add2((char *)"\001Content-Transfer-Encoding: 8bit");
sprintf(temp, "\001X-Mailreader: MBSE BBS %s", VERSION); snprintf(temp, PATH_MAX, "\001X-Mailreader: MBSE BBS %s", VERSION);
MsgText_Add2(temp); MsgText_Add2(temp);
break; break;
} }
@ -224,29 +224,29 @@ void Add_Headkludges(faddr *dest, int IsReply)
* Set the right charset kludge * Set the right charset kludge
*/ */
if (exitinfo.Charset != FTNC_NONE) { if (exitinfo.Charset != FTNC_NONE) {
sprintf(temp, "\001CHRS: %s", getftnchrs(exitinfo.Charset)); snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(exitinfo.Charset));
} else if (msgs.Charset != FTNC_NONE) { } else if (msgs.Charset != FTNC_NONE) {
sprintf(temp, "\001CHRS: %s", getftnchrs(msgs.Charset)); snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(msgs.Charset));
} else { } else {
sprintf(temp, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1)); snprintf(temp, PATH_MAX, "\001CHRS: %s", getftnchrs(FTNC_LATIN_1));
} }
MsgText_Add2(temp); MsgText_Add2(temp);
sprintf(temp, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer()); snprintf(temp, PATH_MAX, "\001MSGID: %s %08lx", aka2str(msgs.Aka), sequencer());
MsgText_Add2(temp); MsgText_Add2(temp);
Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp)); Msg.MsgIdCRC = upd_crc32(temp, crc, strlen(temp));
if (IsReply) { if (IsReply) {
sprintf(temp, "\001REPLY: %s", Msg.Replyid); snprintf(temp, PATH_MAX, "\001REPLY: %s", Msg.Replyid);
MsgText_Add2(temp); MsgText_Add2(temp);
crc = -1; crc = -1;
Msg.ReplyCRC = upd_crc32(temp, crc, strlen(temp)); Msg.ReplyCRC = upd_crc32(temp, crc, strlen(temp));
} else } else
Msg.ReplyCRC = 0xffffffff; Msg.ReplyCRC = 0xffffffff;
sprintf(temp, "\001PID: MBSE-BBS %s (%s-%s)", VERSION, OsName(), OsCPU()); snprintf(temp, PATH_MAX, "\001PID: MBSE-BBS %s (%s-%s)", VERSION, OsName(), OsCPU());
MsgText_Add2(temp); MsgText_Add2(temp);
tt = time(NULL); tt = time(NULL);
sprintf(temp, "\001TZUTC: %s", gmtoffset(tt)); snprintf(temp, PATH_MAX, "\001TZUTC: %s", gmtoffset(tt));
MsgText_Add2(temp); MsgText_Add2(temp);
free(temp); free(temp);
} }
@ -270,7 +270,7 @@ void Add_Footkludges(int Quote, char *tear, int HasTear)
* If Quote (message entered at the bbs) we append a signature. * If Quote (message entered at the bbs) we append a signature.
*/ */
if (Quote) { if (Quote) {
sprintf(temp, "%s/%s/.signature", CFG.bbs_usersdir, exitinfo.Name); snprintf(temp, PATH_MAX, "%s/%s/.signature", CFG.bbs_usersdir, exitinfo.Name);
if ((fp = fopen(temp, "r"))) { if ((fp = fopen(temp, "r"))) {
MsgText_Add2((char *)""); MsgText_Add2((char *)"");
while (fgets(temp, 80, fp)) { while (fgets(temp, 80, fp)) {
@ -283,7 +283,7 @@ void Add_Footkludges(int Quote, char *tear, int HasTear)
} }
if (msgs.Quotes && Quote) { if (msgs.Quotes && Quote) {
sprintf(temp, "... %s", Oneliner_Get()); snprintf(temp, 81, "... %s", Oneliner_Get());
MsgText_Add2(temp); MsgText_Add2(temp);
MsgText_Add2((char *)""); MsgText_Add2((char *)"");
} }
@ -295,21 +295,21 @@ void Add_Footkludges(int Quote, char *tear, int HasTear)
if (tear == NULL) { if (tear == NULL) {
MsgText_Add2(TearLine()); MsgText_Add2(TearLine());
} else { } else {
sprintf(temp, "--- %s", tear); snprintf(temp, 81, "--- %s", tear);
MsgText_Add2(temp); MsgText_Add2(temp);
} }
} }
if ((msgs.Type == ECHOMAIL) || (msgs.Type == LIST)) { if ((msgs.Type == ECHOMAIL) || (msgs.Type == LIST)) {
if (msgs.Aka.point) if (msgs.Aka.point)
sprintf(aka, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point); snprintf(aka, 32, "(%d:%d/%d.%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node, msgs.Aka.point);
else else
sprintf(aka, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node); snprintf(aka, 32, "(%d:%d/%d)", msgs.Aka.zone, msgs.Aka.net, msgs.Aka.node);
if (strlen(msgs.Origin)) if (strlen(msgs.Origin))
sprintf(temp, " * Origin: %s %s", msgs.Origin, aka); snprintf(temp, 81, " * Origin: %s %s", msgs.Origin, aka);
else else
sprintf(temp, " * Origin: %s %s", CFG.origin, aka); snprintf(temp, 81, " * Origin: %s %s", CFG.origin, aka);
MsgText_Add2(temp); MsgText_Add2(temp);
} }

40
mbsebbs/newuser.c
View File

@ -176,7 +176,7 @@ int newuser()
Enter(2); Enter(2);
/* Your password must contain at least */ /* Your password must contain at least */
language(LIGHTRED, BLACK, 42); language(LIGHTRED, BLACK, 42);
sprintf(temp, "%d ", CFG.password_length); snprintf(temp, 81, "%d ", CFG.password_length);
PUTSTR(temp); PUTSTR(temp);
/* characters! Try again. */ /* characters! Try again. */
language(WHITE, BLACK, 43); language(WHITE, BLACK, 43);
@ -185,9 +185,9 @@ int newuser()
} }
memset(&usrconfig.Password, 0, sizeof(usrconfig.Password)); memset(&usrconfig.Password, 0, sizeof(usrconfig.Password));
sprintf(usrconfig.Password, "%s", temp2); snprintf(usrconfig.Password, Max_passlen +1, "%s", temp2);
alarm_on(); alarm_on();
sprintf(UnixName, "%s", (char *) NameCreate(NameGen(FullName), FullName, temp2)); snprintf(UnixName, 9, "%s", (char *) NameCreate(NameGen(FullName), FullName, temp2));
UserCity(mypid, UnixName, (char *)"Unknown"); UserCity(mypid, UnixName, (char *)"Unknown");
strcpy(usrconfig.sUserName, FullName); strcpy(usrconfig.sUserName, FullName);
@ -293,7 +293,7 @@ int newuser()
/* Please enter a longer location */ /* Please enter a longer location */
language(LIGHTRED, BLACK, 50); language(LIGHTRED, BLACK, 50);
Enter(1); Enter(1);
sprintf(temp, "%s%d)", (char *) Language(74), CFG.CityLen); snprintf(temp, 81, "%s%d)", (char *) Language(74), CFG.CityLen);
PUTSTR(temp); PUTSTR(temp);
Enter(1); Enter(1);
} else { } else {
@ -311,7 +311,7 @@ int newuser()
language(LIGHTMAGENTA, BLACK, 474); language(LIGHTMAGENTA, BLACK, 474);
Enter(1); Enter(1);
for (i = 0; i < 3; i++) { for (i = 0; i < 3; i++) {
sprintf(temp, "%d: ", i+1); snprintf(temp, 81, "%d: ", i+1);
pout(YELLOW, BLACK, temp); pout(YELLOW, BLACK, temp);
colour(CFG.InputColourF, CFG.InputColourB); colour(CFG.InputColourF, CFG.InputColourB);
alarm_on(); alarm_on();
@ -364,13 +364,13 @@ int newuser()
if (i == Keystroke(51, 0)) { if (i == Keystroke(51, 0)) {
/* Male */ /* Male */
sprintf(usrconfig.sSex, "Male"); snprintf(usrconfig.sSex, 8, "Male");
pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(52)); pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(52));
Enter(1); Enter(1);
break; break;
} else if (i == Keystroke(51, 1)) { } else if (i == Keystroke(51, 1)) {
/* Female */ /* Female */
sprintf(usrconfig.sSex, "Female"); snprintf(usrconfig.sSex, 8, "Female");
pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(53)); pout(CFG.InputColourF, CFG.InputColourB, (char *) Language(53));
Enter(1); Enter(1);
break; break;
@ -382,7 +382,7 @@ int newuser()
} }
} }
} else /* End of if Statement */ } else /* End of if Statement */
sprintf(usrconfig.sSex, "Unknown"); /* If set off, set to Unknown */ snprintf(usrconfig.sSex, 8, "Unknown"); /* If set off, set to Unknown */
if (CFG.iDOB) { if (CFG.iDOB) {
while (TRUE) { while (TRUE) {
@ -393,10 +393,10 @@ int newuser()
alarm_on(); alarm_on();
GetDate(temp, 10); GetDate(temp, 10);
sprintf(temp1, "%c%c%c%c", temp[6], temp[7], temp[8], temp[9]); snprintf(temp1, 81, "%c%c%c%c", temp[6], temp[7], temp[8], temp[9]);
sprintf(temp2, "%02d", l_date->tm_year); snprintf(temp2, 81, "%02d", l_date->tm_year);
iLang = atoi(temp2) + 1900; iLang = atoi(temp2) + 1900;
sprintf(temp2, "%04d", iLang); snprintf(temp2, 81, "%04d", iLang);
if ((strcmp(temp1,temp2)) == 0) { if ((strcmp(temp1,temp2)) == 0) {
Enter(1); Enter(1);
@ -472,7 +472,7 @@ int newuser()
usrconfig.iLastFileArea = 1; usrconfig.iLastFileArea = 1;
usrconfig.iLastMsgArea = 1; usrconfig.iLastMsgArea = 1;
sprintf(usrconfig.sProtocol, "%s", (char *) Language(65)); snprintf(usrconfig.sProtocol, 21, "%s", (char *) Language(65));
usrconfig.DoNotDisturb = FALSE; usrconfig.DoNotDisturb = FALSE;
switch (CFG.AskNewmail) { switch (CFG.AskNewmail) {
@ -537,7 +537,7 @@ int newuser()
/* /*
* Search a free slot in the users datafile * Search a free slot in the users datafile
*/ */
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((pUsrConfig = fopen(temp, "r+")) == NULL) { if ((pUsrConfig = fopen(temp, "r+")) == NULL) {
WriteError("Can't open file: %s", temp); WriteError("Can't open file: %s", temp);
ExitClient(MBERR_GENERAL); ExitClient(MBERR_GENERAL);
@ -572,7 +572,7 @@ int newuser()
/* Login Name : */ /* Login Name : */
pout(LIGHTBLUE, BLACK, (char *) Language(68)); pout(LIGHTBLUE, BLACK, (char *) Language(68));
colour(CYAN, BLACK); colour(CYAN, BLACK);
sprintf(temp, "%s (%s)", UnixName, FullName); snprintf(temp, 81, "%s (%s)", UnixName, FullName);
PUTSTR(temp); PUTSTR(temp);
Enter(1); Enter(1);
/* Password : */ /* Password : */
@ -622,7 +622,7 @@ void Fast_Bye(int onsig)
socket_shutdown(mypid); socket_shutdown(mypid);
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/tmp/mbnewusr%d", getenv("MBSE_ROOT"), getpid()); snprintf(temp, PATH_MAX, "%s/tmp/mbnewusr%d", getenv("MBSE_ROOT"), getpid());
unlink(temp); unlink(temp);
free(temp); free(temp);
@ -703,8 +703,8 @@ char *NameCreate(char *Name, char *Comment, char *Password)
* Call mbuseradd, this is a special setuid root program to create * Call mbuseradd, this is a special setuid root program to create
* unix acounts and home directories. * unix acounts and home directories.
*/ */
sprintf(progname, "%s/bin/mbuseradd", getenv("MBSE_ROOT")); snprintf(progname, PATH_MAX, "%s/bin/mbuseradd", getenv("MBSE_ROOT"));
sprintf(gidstr, "%d", getgid()); snprintf(gidstr, 10, "%d", getgid());
args[0] = progname; args[0] = progname;
args[1] = gidstr; args[1] = gidstr;
args[2] = Name; args[2] = Name;
@ -720,7 +720,7 @@ char *NameCreate(char *Name, char *Comment, char *Password)
} }
free(gidstr); free(gidstr);
sprintf(progname, "%s/bin/mbpasswd", getenv("MBSE_ROOT")); snprintf(progname, PATH_MAX, "%s/bin/mbpasswd", getenv("MBSE_ROOT"));
memset(args, 0, sizeof(args)); memset(args, 0, sizeof(args));
args[0] = progname; args[0] = progname;
args[1] = Name; args[1] = Name;
@ -759,7 +759,7 @@ int BadNames(char *Username)
strcpy(User, tl(Username)); strcpy(User, tl(Username));
sprintf(temp, "%s/etc/badnames.ctl", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/badnames.ctl", getenv("MBSE_ROOT"));
if ((fp = fopen(temp, "r")) != NULL) { if ((fp = fopen(temp, "r")) != NULL) {
while ((fgets(String, 80, fp)) != NULL) { while ((fgets(String, 80, fp)) != NULL) {
strcpy(String, tl(String)); strcpy(String, tl(String));
@ -799,7 +799,7 @@ int TelephoneScan(char *Number, char *Name)
temp = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char));
sprintf(temp, "%s/etc/users.data", getenv("MBSE_ROOT")); snprintf(temp, PATH_MAX, "%s/etc/users.data", getenv("MBSE_ROOT"));
if ((fp = fopen(temp,"rb")) != NULL) { if ((fp = fopen(temp,"rb")) != NULL) {
fread(&uhdr, sizeof(uhdr), 1, fp); fread(&uhdr, sizeof(uhdr), 1, fp);