Secured sprintf with snprintf

This commit is contained in:
Michiel Broek 2005-08-28 13:06:08 +00:00
parent 4feb9cfa3e
commit c515cbcd24
7 changed files with 30 additions and 30 deletions

View File

@ -67,7 +67,7 @@ void Kill(void)
printf("Kill/move files...\n"); printf("Kill/move files...\n");
} }
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas); WriteError("Can't open %s", sAreas);
@ -148,8 +148,8 @@ void Kill(void)
if (area.MoveArea) { if (area.MoveArea) {
fseek(pAreas, ((area.MoveArea -1) * areahdr.recsize) + areahdr.hdrsize, SEEK_SET); fseek(pAreas, ((area.MoveArea -1) * areahdr.recsize) + areahdr.hdrsize, SEEK_SET);
fread(&darea, areahdr.recsize, 1, pAreas); fread(&darea, areahdr.recsize, 1, pAreas);
sprintf(from, "%s/%s", area.Path, fdb.Name); snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
sprintf(to, "%s/%s", darea.Path, fdb.Name); snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
if ((rc = file_mv(from, to)) == 0) { if ((rc = file_mv(from, to)) == 0) {
Syslog('+', "Move %s, area %d => %d", fdb.Name, i, area.MoveArea); Syslog('+', "Move %s, area %d => %d", fdb.Name, i, area.MoveArea);
if ((dst_area = mbsedb_OpenFDB(area.MoveArea, 30))) { if ((dst_area = mbsedb_OpenFDB(area.MoveArea, 30))) {
@ -162,22 +162,22 @@ void Kill(void)
/* /*
* Now again if there is a dotted version (thumbnail) of this file. * Now again if there is a dotted version (thumbnail) of this file.
*/ */
sprintf(from, "%s/.%s", area.Path, fdb.Name); snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
sprintf(to, "%s/.%s", darea.Path, fdb.Name); snprintf(to, PATH_MAX -1, "%s/.%s", darea.Path, fdb.Name);
if (file_exist(from, R_OK) == 0) if (file_exist(from, R_OK) == 0)
file_mv(from, to); file_mv(from, to);
/* /*
* Unlink the old symbolic link * Unlink the old symbolic link
*/ */
sprintf(from, "%s/%s", area.Path, fdb.LName); snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
unlink(from); unlink(from);
/* /*
* Create the new symbolic link * Create the new symbolic link
*/ */
sprintf(from, "%s/%s", darea.Path, fdb.Name); snprintf(from, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
sprintf(to, "%s/%s", darea.Path, fdb.LName); snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.LName);
symlink(from, to); symlink(from, to);
fdb.Deleted = TRUE; fdb.Deleted = TRUE;
@ -199,11 +199,11 @@ void Kill(void)
mbsedb_UnlockFDB(fdb_area); mbsedb_UnlockFDB(fdb_area);
} }
iKilled++; iKilled++;
sprintf(from, "%s/%s", area.Path, fdb.LName); snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
unlink(from); unlink(from);
sprintf(from, "%s/%s", area.Path, fdb.Name); snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
unlink(from); unlink(from);
sprintf(from, "%s/.%s", area.Path, fdb.Name); snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
unlink(from); unlink(from);
} }
} }

View File

@ -4,7 +4,7 @@
* Purpose: File Database Maintenance - List areas and totals * Purpose: File Database Maintenance - List areas and totals
* *
***************************************************************************** *****************************************************************************
* Copyright (C) 1997-2004 * Copyright (C) 1997-2005
* *
* Michiel Broek FIDO: 2:280/2802 * Michiel Broek FIDO: 2:280/2802
* Beekmansbos 10 * Beekmansbos 10
@ -69,7 +69,7 @@ void ListFileAreas(int Area)
sTic = calloc(PATH_MAX, sizeof(char)); sTic = calloc(PATH_MAX, sizeof(char));
ticarea = calloc(21, sizeof(char)); ticarea = calloc(21, sizeof(char));
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas); WriteError("Can't open %s", sAreas);
printf("Can't open %s\n", sAreas); printf("Can't open %s\n", sAreas);
@ -83,7 +83,7 @@ void ListFileAreas(int Area)
if (Area) { if (Area) {
IsDoing("List area %d", Area); IsDoing("List area %d", Area);
sprintf(sTic, "%s/etc/tic.data", getenv("MBSE_ROOT")); snprintf(sTic, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
if ((pTic = fopen(sTic, "r")) == NULL) { if ((pTic = fopen(sTic, "r")) == NULL) {
WriteError("Can't open %s", sTic); WriteError("Can't open %s", sTic);
printf("Can't open %s\n", sTic); printf("Can't open %s\n", sTic);
@ -121,7 +121,7 @@ void ListFileAreas(int Area)
mbse_colour(LIGHTGRAY, BLACK); mbse_colour(LIGHTGRAY, BLACK);
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) { while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
sprintf(flags, "---"); snprintf(flags, 3, "---");
if (fdb.Deleted) if (fdb.Deleted)
flags[0] = 'D'; flags[0] = 'D';
if (fdb.NoKill) if (fdb.NoKill)

View File

@ -61,7 +61,7 @@ void PackFileBase(void)
printf("Packing file database...\n"); printf("Packing file database...\n");
} }
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas); WriteError("Can't open %s", sAreas);
@ -102,18 +102,18 @@ void PackFileBase(void)
Syslog('+', "Removed double record file \"%s\" from area %d", fdb.LName, i); Syslog('+', "Removed double record file \"%s\" from area %d", fdb.LName, i);
} else { } else {
Syslog('+', "Removed file \"%s\" from area %d", fdb.LName, i); Syslog('+', "Removed file \"%s\" from area %d", fdb.LName, i);
sprintf(fn, "%s/%s", area.Path, fdb.LName); snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
rc = unlink(fn); rc = unlink(fn);
if (rc && (errno != ENOENT)) if (rc && (errno != ENOENT))
Syslog('+', "Unlink %s failed, result %d", fn, rc); Syslog('+', "Unlink %s failed, result %d", fn, rc);
sprintf(fn, "%s/%s", area.Path, fdb.Name); snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
rc = unlink(fn); rc = unlink(fn);
if (rc && (errno != ENOENT)) if (rc && (errno != ENOENT))
Syslog('+', "Unlink %s failed, result %d", fn, rc); Syslog('+', "Unlink %s failed, result %d", fn, rc);
/* /*
* If a dotted version (thumbnail) exists, remove it silently * If a dotted version (thumbnail) exists, remove it silently
*/ */
sprintf(fn, "%s/.%s", area.Path, fdb.Name); snprintf(fn, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
unlink(fn); unlink(fn);
} }
do_index = TRUE; do_index = TRUE;

View File

@ -90,7 +90,7 @@ void ReArc(int Area, char *File)
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) { while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
if (re_exec(fdb.LName) || re_exec(fdb.Name)) { if (re_exec(fdb.LName) || re_exec(fdb.Name)) {
Syslog('+', "Will rearc %s", fdb.LName); Syslog('+', "Will rearc %s", fdb.LName);
sprintf(temp, "%s/%s", area.Path, fdb.Name); snprintf(temp, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
count++; count++;
rc = rearc(temp, area.Archiver, do_quiet); rc = rearc(temp, area.Archiver, do_quiet);
@ -105,7 +105,7 @@ void ReArc(int Area, char *File)
} }
linkpath = calloc(PATH_MAX, sizeof(char)); linkpath = calloc(PATH_MAX, sizeof(char));
sprintf(linkpath, "%s/%s", area.Path, fdb.LName); snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
unlink(linkpath); unlink(linkpath);
Syslog('+', "New name %s", temp); Syslog('+', "New name %s", temp);
@ -129,7 +129,7 @@ void ReArc(int Area, char *File)
*p = '\0'; *p = '\0';
else if ((p = strstr(fdb.Name, "HA"))) else if ((p = strstr(fdb.Name, "HA")))
*p = '\0'; *p = '\0';
sprintf(p, "%s", archiver.name); snprintf(p, 5, "%s", archiver.name);
if ((p = strstr(fdb.LName, "arc"))) if ((p = strstr(fdb.LName, "arc")))
*p = '\0'; *p = '\0';
else if ((p = strstr(fdb.LName, "lha"))) else if ((p = strstr(fdb.LName, "lha")))
@ -154,7 +154,7 @@ void ReArc(int Area, char *File)
*p = '\0'; *p = '\0';
else if ((p = strstr(fdb.LName, "ha"))) else if ((p = strstr(fdb.LName, "ha")))
*p = '\0'; *p = '\0';
sprintf(p, "%s", tl(archiver.name)); snprintf(p, 5, "%s", tl(archiver.name));
Syslog('f', "%s %s", fdb.Name, fdb.LName); Syslog('f', "%s %s", fdb.Name, fdb.LName);
fdb.Size = file_size(temp); fdb.Size = file_size(temp);
fdb.Crc32 = file_crc(temp, FALSE); fdb.Crc32 = file_crc(temp, FALSE);
@ -172,7 +172,7 @@ void ReArc(int Area, char *File)
if (strcmp(fdb.Name, mname)) { if (strcmp(fdb.Name, mname)) {
Syslog('+', "Converted 8.3 name to %s", mname); Syslog('+', "Converted 8.3 name to %s", mname);
strcpy(fdb.Name, mname); strcpy(fdb.Name, mname);
sprintf(mname, "%s/%s", area.Path, fdb.Name); snprintf(mname, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
rename(temp, mname); rename(temp, mname);
strcpy(temp, mname); strcpy(temp, mname);
} }
@ -186,7 +186,7 @@ void ReArc(int Area, char *File)
/* /*
* Update symbolic link to long filename * Update symbolic link to long filename
*/ */
sprintf(linkpath, "%s/%s", area.Path, fdb.LName); snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
symlink(temp, linkpath); symlink(temp, linkpath);
free(linkpath); free(linkpath);
if (strlen(fdb.Magic)) if (strlen(fdb.Magic))

View File

@ -59,7 +59,7 @@ void SortFileBase(int Area)
mbse_colour(CYAN, BLACK); mbse_colour(CYAN, BLACK);
} }
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
if ((pAreas = fopen (sAreas, "r")) == NULL) { if ((pAreas = fopen (sAreas, "r")) == NULL) {
WriteError("Can't open %s", sAreas); WriteError("Can't open %s", sAreas);

View File

@ -596,7 +596,7 @@ void ol_doc(void)
fread(&olhdr, sizeof(olhdr), 1, fp); fread(&olhdr, sizeof(olhdr), 1, fp);
while (fread(&ol, olhdr.recsize, 1, fp) == 1) { while (fread(&ol, olhdr.recsize, 1, fp) == 1) {
nr++; nr++;
html_massage(ol.Oneline, out); html_massage(ol.Oneline, out, 1023);
fprintf(wp, "<TR><TD>%d</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD></TR>\n", fprintf(wp, "<TR><TD>%d</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD></TR>\n",
nr, out, ol.UserName, ol.DateOfEntry, getboolean(ol.Available)); nr, out, ol.UserName, ol.DateOfEntry, getboolean(ol.Available));
} }

View File

@ -211,9 +211,9 @@ void add_webtable(FILE *fp, char *hstr, char *dstr)
{ {
char left[1024], right[1024]; char left[1024], right[1024];
html_massage(hstr, left); html_massage(hstr, left, 1023);
if (strlen(dstr)) if (strlen(dstr))
html_massage(dstr, right); html_massage(dstr, right, 1023);
else else
sprintf(right, "&nbsp;"); sprintf(right, "&nbsp;");
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%s</TD></TR>\n", left, right); fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%s</TD></TR>\n", left, right);
@ -225,7 +225,7 @@ void add_webdigit(FILE *fp, char *hstr, int digit)
{ {
char left[1024]; char left[1024];
html_massage(hstr, left); html_massage(hstr, left, 1023);
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%d</TD></TR>\n", left, digit); fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%d</TD></TR>\n", left, digit);
} }