Secured sprintf with snprintf
This commit is contained in:
parent
4feb9cfa3e
commit
c515cbcd24
@ -67,7 +67,7 @@ void Kill(void)
|
|||||||
printf("Kill/move files...\n");
|
printf("Kill/move files...\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||||
WriteError("Can't open %s", sAreas);
|
WriteError("Can't open %s", sAreas);
|
||||||
@ -148,8 +148,8 @@ void Kill(void)
|
|||||||
if (area.MoveArea) {
|
if (area.MoveArea) {
|
||||||
fseek(pAreas, ((area.MoveArea -1) * areahdr.recsize) + areahdr.hdrsize, SEEK_SET);
|
fseek(pAreas, ((area.MoveArea -1) * areahdr.recsize) + areahdr.hdrsize, SEEK_SET);
|
||||||
fread(&darea, areahdr.recsize, 1, pAreas);
|
fread(&darea, areahdr.recsize, 1, pAreas);
|
||||||
sprintf(from, "%s/%s", area.Path, fdb.Name);
|
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||||
sprintf(to, "%s/%s", darea.Path, fdb.Name);
|
snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
|
||||||
if ((rc = file_mv(from, to)) == 0) {
|
if ((rc = file_mv(from, to)) == 0) {
|
||||||
Syslog('+', "Move %s, area %d => %d", fdb.Name, i, area.MoveArea);
|
Syslog('+', "Move %s, area %d => %d", fdb.Name, i, area.MoveArea);
|
||||||
if ((dst_area = mbsedb_OpenFDB(area.MoveArea, 30))) {
|
if ((dst_area = mbsedb_OpenFDB(area.MoveArea, 30))) {
|
||||||
@ -162,22 +162,22 @@ void Kill(void)
|
|||||||
/*
|
/*
|
||||||
* Now again if there is a dotted version (thumbnail) of this file.
|
* Now again if there is a dotted version (thumbnail) of this file.
|
||||||
*/
|
*/
|
||||||
sprintf(from, "%s/.%s", area.Path, fdb.Name);
|
snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||||
sprintf(to, "%s/.%s", darea.Path, fdb.Name);
|
snprintf(to, PATH_MAX -1, "%s/.%s", darea.Path, fdb.Name);
|
||||||
if (file_exist(from, R_OK) == 0)
|
if (file_exist(from, R_OK) == 0)
|
||||||
file_mv(from, to);
|
file_mv(from, to);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Unlink the old symbolic link
|
* Unlink the old symbolic link
|
||||||
*/
|
*/
|
||||||
sprintf(from, "%s/%s", area.Path, fdb.LName);
|
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||||
unlink(from);
|
unlink(from);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Create the new symbolic link
|
* Create the new symbolic link
|
||||||
*/
|
*/
|
||||||
sprintf(from, "%s/%s", darea.Path, fdb.Name);
|
snprintf(from, PATH_MAX -1, "%s/%s", darea.Path, fdb.Name);
|
||||||
sprintf(to, "%s/%s", darea.Path, fdb.LName);
|
snprintf(to, PATH_MAX -1, "%s/%s", darea.Path, fdb.LName);
|
||||||
symlink(from, to);
|
symlink(from, to);
|
||||||
|
|
||||||
fdb.Deleted = TRUE;
|
fdb.Deleted = TRUE;
|
||||||
@ -199,11 +199,11 @@ void Kill(void)
|
|||||||
mbsedb_UnlockFDB(fdb_area);
|
mbsedb_UnlockFDB(fdb_area);
|
||||||
}
|
}
|
||||||
iKilled++;
|
iKilled++;
|
||||||
sprintf(from, "%s/%s", area.Path, fdb.LName);
|
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||||
unlink(from);
|
unlink(from);
|
||||||
sprintf(from, "%s/%s", area.Path, fdb.Name);
|
snprintf(from, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||||
unlink(from);
|
unlink(from);
|
||||||
sprintf(from, "%s/.%s", area.Path, fdb.Name);
|
snprintf(from, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||||
unlink(from);
|
unlink(from);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
* Purpose: File Database Maintenance - List areas and totals
|
* Purpose: File Database Maintenance - List areas and totals
|
||||||
*
|
*
|
||||||
*****************************************************************************
|
*****************************************************************************
|
||||||
* Copyright (C) 1997-2004
|
* Copyright (C) 1997-2005
|
||||||
*
|
*
|
||||||
* Michiel Broek FIDO: 2:280/2802
|
* Michiel Broek FIDO: 2:280/2802
|
||||||
* Beekmansbos 10
|
* Beekmansbos 10
|
||||||
@ -69,7 +69,7 @@ void ListFileAreas(int Area)
|
|||||||
sTic = calloc(PATH_MAX, sizeof(char));
|
sTic = calloc(PATH_MAX, sizeof(char));
|
||||||
ticarea = calloc(21, sizeof(char));
|
ticarea = calloc(21, sizeof(char));
|
||||||
|
|
||||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||||
WriteError("Can't open %s", sAreas);
|
WriteError("Can't open %s", sAreas);
|
||||||
printf("Can't open %s\n", sAreas);
|
printf("Can't open %s\n", sAreas);
|
||||||
@ -83,7 +83,7 @@ void ListFileAreas(int Area)
|
|||||||
if (Area) {
|
if (Area) {
|
||||||
IsDoing("List area %d", Area);
|
IsDoing("List area %d", Area);
|
||||||
|
|
||||||
sprintf(sTic, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
snprintf(sTic, PATH_MAX -1, "%s/etc/tic.data", getenv("MBSE_ROOT"));
|
||||||
if ((pTic = fopen(sTic, "r")) == NULL) {
|
if ((pTic = fopen(sTic, "r")) == NULL) {
|
||||||
WriteError("Can't open %s", sTic);
|
WriteError("Can't open %s", sTic);
|
||||||
printf("Can't open %s\n", sTic);
|
printf("Can't open %s\n", sTic);
|
||||||
@ -121,7 +121,7 @@ void ListFileAreas(int Area)
|
|||||||
mbse_colour(LIGHTGRAY, BLACK);
|
mbse_colour(LIGHTGRAY, BLACK);
|
||||||
|
|
||||||
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
||||||
sprintf(flags, "---");
|
snprintf(flags, 3, "---");
|
||||||
if (fdb.Deleted)
|
if (fdb.Deleted)
|
||||||
flags[0] = 'D';
|
flags[0] = 'D';
|
||||||
if (fdb.NoKill)
|
if (fdb.NoKill)
|
||||||
|
@ -61,7 +61,7 @@ void PackFileBase(void)
|
|||||||
printf("Packing file database...\n");
|
printf("Packing file database...\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||||
WriteError("Can't open %s", sAreas);
|
WriteError("Can't open %s", sAreas);
|
||||||
@ -102,18 +102,18 @@ void PackFileBase(void)
|
|||||||
Syslog('+', "Removed double record file \"%s\" from area %d", fdb.LName, i);
|
Syslog('+', "Removed double record file \"%s\" from area %d", fdb.LName, i);
|
||||||
} else {
|
} else {
|
||||||
Syslog('+', "Removed file \"%s\" from area %d", fdb.LName, i);
|
Syslog('+', "Removed file \"%s\" from area %d", fdb.LName, i);
|
||||||
sprintf(fn, "%s/%s", area.Path, fdb.LName);
|
snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||||
rc = unlink(fn);
|
rc = unlink(fn);
|
||||||
if (rc && (errno != ENOENT))
|
if (rc && (errno != ENOENT))
|
||||||
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
||||||
sprintf(fn, "%s/%s", area.Path, fdb.Name);
|
snprintf(fn, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||||
rc = unlink(fn);
|
rc = unlink(fn);
|
||||||
if (rc && (errno != ENOENT))
|
if (rc && (errno != ENOENT))
|
||||||
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
Syslog('+', "Unlink %s failed, result %d", fn, rc);
|
||||||
/*
|
/*
|
||||||
* If a dotted version (thumbnail) exists, remove it silently
|
* If a dotted version (thumbnail) exists, remove it silently
|
||||||
*/
|
*/
|
||||||
sprintf(fn, "%s/.%s", area.Path, fdb.Name);
|
snprintf(fn, PATH_MAX -1, "%s/.%s", area.Path, fdb.Name);
|
||||||
unlink(fn);
|
unlink(fn);
|
||||||
}
|
}
|
||||||
do_index = TRUE;
|
do_index = TRUE;
|
||||||
|
@ -90,7 +90,7 @@ void ReArc(int Area, char *File)
|
|||||||
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
while (fread(&fdb, fdbhdr.recsize, 1, fdb_area->fp) == 1) {
|
||||||
if (re_exec(fdb.LName) || re_exec(fdb.Name)) {
|
if (re_exec(fdb.LName) || re_exec(fdb.Name)) {
|
||||||
Syslog('+', "Will rearc %s", fdb.LName);
|
Syslog('+', "Will rearc %s", fdb.LName);
|
||||||
sprintf(temp, "%s/%s", area.Path, fdb.Name);
|
snprintf(temp, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||||
count++;
|
count++;
|
||||||
|
|
||||||
rc = rearc(temp, area.Archiver, do_quiet);
|
rc = rearc(temp, area.Archiver, do_quiet);
|
||||||
@ -105,7 +105,7 @@ void ReArc(int Area, char *File)
|
|||||||
}
|
}
|
||||||
|
|
||||||
linkpath = calloc(PATH_MAX, sizeof(char));
|
linkpath = calloc(PATH_MAX, sizeof(char));
|
||||||
sprintf(linkpath, "%s/%s", area.Path, fdb.LName);
|
snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||||
unlink(linkpath);
|
unlink(linkpath);
|
||||||
|
|
||||||
Syslog('+', "New name %s", temp);
|
Syslog('+', "New name %s", temp);
|
||||||
@ -129,7 +129,7 @@ void ReArc(int Area, char *File)
|
|||||||
*p = '\0';
|
*p = '\0';
|
||||||
else if ((p = strstr(fdb.Name, "HA")))
|
else if ((p = strstr(fdb.Name, "HA")))
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
sprintf(p, "%s", archiver.name);
|
snprintf(p, 5, "%s", archiver.name);
|
||||||
if ((p = strstr(fdb.LName, "arc")))
|
if ((p = strstr(fdb.LName, "arc")))
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
else if ((p = strstr(fdb.LName, "lha")))
|
else if ((p = strstr(fdb.LName, "lha")))
|
||||||
@ -154,7 +154,7 @@ void ReArc(int Area, char *File)
|
|||||||
*p = '\0';
|
*p = '\0';
|
||||||
else if ((p = strstr(fdb.LName, "ha")))
|
else if ((p = strstr(fdb.LName, "ha")))
|
||||||
*p = '\0';
|
*p = '\0';
|
||||||
sprintf(p, "%s", tl(archiver.name));
|
snprintf(p, 5, "%s", tl(archiver.name));
|
||||||
Syslog('f', "%s %s", fdb.Name, fdb.LName);
|
Syslog('f', "%s %s", fdb.Name, fdb.LName);
|
||||||
fdb.Size = file_size(temp);
|
fdb.Size = file_size(temp);
|
||||||
fdb.Crc32 = file_crc(temp, FALSE);
|
fdb.Crc32 = file_crc(temp, FALSE);
|
||||||
@ -172,7 +172,7 @@ void ReArc(int Area, char *File)
|
|||||||
if (strcmp(fdb.Name, mname)) {
|
if (strcmp(fdb.Name, mname)) {
|
||||||
Syslog('+', "Converted 8.3 name to %s", mname);
|
Syslog('+', "Converted 8.3 name to %s", mname);
|
||||||
strcpy(fdb.Name, mname);
|
strcpy(fdb.Name, mname);
|
||||||
sprintf(mname, "%s/%s", area.Path, fdb.Name);
|
snprintf(mname, PATH_MAX -1, "%s/%s", area.Path, fdb.Name);
|
||||||
rename(temp, mname);
|
rename(temp, mname);
|
||||||
strcpy(temp, mname);
|
strcpy(temp, mname);
|
||||||
}
|
}
|
||||||
@ -186,7 +186,7 @@ void ReArc(int Area, char *File)
|
|||||||
/*
|
/*
|
||||||
* Update symbolic link to long filename
|
* Update symbolic link to long filename
|
||||||
*/
|
*/
|
||||||
sprintf(linkpath, "%s/%s", area.Path, fdb.LName);
|
snprintf(linkpath, PATH_MAX -1, "%s/%s", area.Path, fdb.LName);
|
||||||
symlink(temp, linkpath);
|
symlink(temp, linkpath);
|
||||||
free(linkpath);
|
free(linkpath);
|
||||||
if (strlen(fdb.Magic))
|
if (strlen(fdb.Magic))
|
||||||
|
@ -59,7 +59,7 @@ void SortFileBase(int Area)
|
|||||||
mbse_colour(CYAN, BLACK);
|
mbse_colour(CYAN, BLACK);
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
snprintf(sAreas, PATH_MAX -1, "%s/etc/fareas.data", getenv("MBSE_ROOT"));
|
||||||
|
|
||||||
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
if ((pAreas = fopen (sAreas, "r")) == NULL) {
|
||||||
WriteError("Can't open %s", sAreas);
|
WriteError("Can't open %s", sAreas);
|
||||||
|
@ -596,7 +596,7 @@ void ol_doc(void)
|
|||||||
fread(&olhdr, sizeof(olhdr), 1, fp);
|
fread(&olhdr, sizeof(olhdr), 1, fp);
|
||||||
while (fread(&ol, olhdr.recsize, 1, fp) == 1) {
|
while (fread(&ol, olhdr.recsize, 1, fp) == 1) {
|
||||||
nr++;
|
nr++;
|
||||||
html_massage(ol.Oneline, out);
|
html_massage(ol.Oneline, out, 1023);
|
||||||
fprintf(wp, "<TR><TD>%d</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD></TR>\n",
|
fprintf(wp, "<TR><TD>%d</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD><TD>%s</TD></TR>\n",
|
||||||
nr, out, ol.UserName, ol.DateOfEntry, getboolean(ol.Available));
|
nr, out, ol.UserName, ol.DateOfEntry, getboolean(ol.Available));
|
||||||
}
|
}
|
||||||
|
@ -211,9 +211,9 @@ void add_webtable(FILE *fp, char *hstr, char *dstr)
|
|||||||
{
|
{
|
||||||
char left[1024], right[1024];
|
char left[1024], right[1024];
|
||||||
|
|
||||||
html_massage(hstr, left);
|
html_massage(hstr, left, 1023);
|
||||||
if (strlen(dstr))
|
if (strlen(dstr))
|
||||||
html_massage(dstr, right);
|
html_massage(dstr, right, 1023);
|
||||||
else
|
else
|
||||||
sprintf(right, " ");
|
sprintf(right, " ");
|
||||||
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%s</TD></TR>\n", left, right);
|
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%s</TD></TR>\n", left, right);
|
||||||
@ -225,7 +225,7 @@ void add_webdigit(FILE *fp, char *hstr, int digit)
|
|||||||
{
|
{
|
||||||
char left[1024];
|
char left[1024];
|
||||||
|
|
||||||
html_massage(hstr, left);
|
html_massage(hstr, left, 1023);
|
||||||
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%d</TD></TR>\n", left, digit);
|
fprintf(fp, "<TR><TH align='left'>%s</TH><TD>%d</TD></TR>\n", left, digit);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user