From ce6f83241b13b535ceb024c0df2d65641e7845fe Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Mon, 17 Oct 2005 14:36:12 +0000 Subject: [PATCH] Added clencode and cldecode to safe escape messages with clients --- ChangeLog | 2 + lib/clcomm.c | 4 +- mbmon/mbmon.c | 101 ++++++++++++++++++++++------------------------ mbmon/mutil.c | 42 +++++++++---------- mbtask/taskchat.c | 18 +++++---- mbtask/taskcomm.c | 28 +++++++------ mbtask/taskinfo.c | 82 +++++++++++++++++++------------------ mbtask/taskregs.c | 89 +++++++++++++++++++++++++++++----------- mbtask/taskutil.c | 65 +++++++++++++++++++++++++++++ 9 files changed, 273 insertions(+), 158 deletions(-) diff --git a/ChangeLog b/ChangeLog index f5979302..63d80fcf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ v0.81.2 14-Oct-2005. mbtask: Some time_t/int conversions. + Added clencode and cldecode to safe escape messages with + clients. mbsebbs: Accepts connections via ssh. diff --git a/lib/clcomm.c b/lib/clcomm.c index e525450a..f1696f29 100644 --- a/lib/clcomm.c +++ b/lib/clcomm.c @@ -530,7 +530,7 @@ char *clencode(char *s) return s; } for (p = s, q = buf; *p != '\0';) { - if ((! isascii(*p)) || (*p == ',')) { + if ((! isascii(*p)) || (*p == ',') || (*p == ';')) { *q++ = '\\'; *q++ = Base16Code[(*p >> 4) & 0x0f]; *q++ = Base16Code[*p & 0x0f]; @@ -570,6 +570,8 @@ char *cldecode(char *s) *q++ = *p; } } + + *q = '\0'; return s; } diff --git a/mbmon/mbmon.c b/mbmon/mbmon.c index c2e258fb..86f9c4c4 100644 --- a/mbmon/mbmon.c +++ b/mbmon/mbmon.c @@ -36,8 +36,8 @@ #include "mutil.h" -int lines = 24; -int columns = 80; +int cols = 80; +int rows = 24; extern int bbs_free; extern int ttyfd; @@ -80,7 +80,7 @@ static void die(int onsig) void ShowSysinfo(void) { int ch; - char buf[128], *cnt; + char buf[128], *cnt, *lc; clr_index(); set_color(WHITE, BLACK); @@ -93,7 +93,7 @@ void ShowSysinfo(void) mbse_mvprintw(11, 6, "5. Local calls"); mbse_mvprintw(12, 6, "6. Date started"); mbse_mvprintw(13, 6, "7. Last caller"); - center_addstr(lines - 3, (char *)"Press any key"); + center_addstr(rows - 3, (char *)"Press any key"); IsDoing("View System Info"); do { @@ -110,11 +110,13 @@ void ShowSysinfo(void) mbse_mvprintw(10,26, "%s", strtok(NULL, ",")); mbse_mvprintw(11,26, "%s", strtok(NULL, ",")); mbse_mvprintw(12,26, "%s", strtok(NULL, ",")); - mbse_mvprintw(13,26, "%s", strtok(NULL, ";")); + lc = xstrcpy(cldecode(strtok(NULL, ";"))); + mbse_mvprintw(13,26, "%s", lc); + free(lc); fflush(stdout); } } - ch = testkey(lines - 3, columns / 2 + 8); + ch = testkey(rows - 3, cols / 2 + 8); } while (ch == '\0'); } @@ -131,9 +133,9 @@ void ShowLastcaller(void) set_color(YELLOW, RED); mbse_mvprintw( 6, 1, "Nr Username Location Level Device Time Mins Calls Speed Actions "); set_color(CYAN, BLACK); - center_addstr(lines - 1, (char *)"Press any key"); + center_addstr(rows - 1, (char *)"Press any key"); IsDoing("View Lastcallers"); - maxrows = lines - 10; + maxrows = rows - 10; do { show_date(LIGHTGRAY, BLACK, 0, 0); @@ -161,8 +163,8 @@ void ShowLastcaller(void) if (strncmp(buf, "100:9,", 6) == 0) { cnt = strtok(buf, ","); mbse_mvprintw(y, 1, "%2d", i); - mbse_mvprintw(y, 4, "%s", strtok(NULL, ",")); - mbse_mvprintw(y,19, "%s", strtok(NULL, ",")); + mbse_mvprintw(y, 4, "%s", cldecode(strtok(NULL, ","))); + mbse_mvprintw(y,19, "%s", cldecode(strtok(NULL, ","))); mbse_mvprintw(y,32, "%s", strtok(NULL, ",")); mbse_mvprintw(y,38, "%s", strtok(NULL, ",")); mbse_mvprintw(y,45, "%s", strtok(NULL, ",")); @@ -175,7 +177,7 @@ void ShowLastcaller(void) } } } - ch = testkey(lines - 1, columns / 2 + 8); + ch = testkey(rows - 1, cols / 2 + 8); } while (ch == '\0'); } @@ -193,7 +195,7 @@ void system_moni(void) set_color(YELLOW, RED); mbse_mvprintw( 7, 1, "Pid tty user program city doing time "); set_color(CYAN, BLACK); - center_addstr(lines - 1, (char *)"Press any key"); + center_addstr(rows - 1, (char *)"Press any key"); IsDoing("System Monitor"); do { @@ -202,7 +204,7 @@ void system_moni(void) eof = 0; set_color(LIGHTGRAY, BLACK); - for (y = 8; y <= lines - 2; y++) { + for (y = 8; y <= rows - 2; y++) { if (y == 8) snprintf(buf, 128, "GMON:1,1;"); else @@ -221,9 +223,9 @@ void system_moni(void) cnt = strtok(buf, ","); mbse_mvprintw(y, 1, (char *)"%.5s", strtok(NULL, ",")); mbse_mvprintw(y, 7, (char *)"%.6s", strtok(NULL, ",")); - mbse_mvprintw(y,14, (char *)"%.8s", strtok(NULL, ",")); - mbse_mvprintw(y,23, (char *)"%.8s", strtok(NULL, ",")); - mbse_mvprintw(y,32, (char *)"%.15s", strtok(NULL, ",")); + mbse_mvprintw(y,14, (char *)"%.8s", cldecode(strtok(NULL, ","))); + mbse_mvprintw(y,23, (char *)"%.8s", cldecode(strtok(NULL, ","))); + mbse_mvprintw(y,32, (char *)"%.15s", cldecode(strtok(NULL, ","))); mbse_mvprintw(y,48, (char *)"%.26s", strtok(NULL, ",")); start = atoi(strtok(NULL, ";")); now = time(NULL); @@ -239,7 +241,7 @@ void system_moni(void) } } /* for () */ - ch = testkey(lines - 1, columns / 2 + 8); + ch = testkey(rows - 1, cols / 2 + 8); } while (ch == '\0'); } @@ -277,7 +279,7 @@ void system_stat(void) mbse_mvprintw(16,59, "IBC users"); mbse_mvprintw(17, 6, "Communication errors"); mbse_mvprintw(19, 6, "Next sequence number"); - mbse_mvprintw(lines -3,59, "Press any key"); + mbse_mvprintw(rows -3,59, "Press any key"); IsDoing("System Statistics"); do { @@ -326,7 +328,7 @@ void system_stat(void) break; } - ch = testkey(lines -3,73); + ch = testkey(rows -3,73); } while (ch == '\0'); } @@ -344,7 +346,7 @@ void disk_stat(void) set_color(YELLOW, RED); mbse_mvprintw( 7, 1, " Size MB Free MB Used FS-Type St Mountpoint "); set_color(CYAN, BLACK); - mbse_mvprintw(lines - 2, 6, "Press any key"); + mbse_mvprintw(rows - 2, 6, "Press any key"); IsDoing("Filesystem Usage"); for (i = 0; i < 10; i++) last[i] = 0; @@ -400,7 +402,7 @@ void disk_stat(void) } } - ch = testkey(lines - 2, 20); + ch = testkey(rows - 2, 20); } while (ch == '\0'); } @@ -461,11 +463,11 @@ void soft_info(void) set_color(LIGHTCYAN, BLACK); center_addstr(14, (char *)"http://www.mbse.dds.nl or 2:280/2802"); set_color(LIGHTGREEN, BLACK); - center_addstr(lines -7, (char *)"This is free software; released under the terms of the GNU General"); - center_addstr(lines -6, (char *)"Public License as published by the Free Software Foundation."); + center_addstr(rows -7, (char *)"This is free software; released under the terms of the GNU General"); + center_addstr(rows -6, (char *)"Public License as published by the Free Software Foundation."); set_color(CYAN, BLACK); - center_addstr(lines -4, (char *)"Press any key"); - readkey(lines - 4, columns / 2 + 8, LIGHTGRAY, BLACK); + center_addstr(rows -4, (char *)"Press any key"); + readkey(rows - 4, cols / 2 + 8, LIGHTGRAY, BLACK); } @@ -473,11 +475,13 @@ void soft_info(void) /* * Colorize the chat window */ -void Showline(int y, int x, char *msg) +void Showline(int y, int x, char *msgin) { int i; + char *msg; - if (strlen(msg)) { + if (strlen(msgin)) { + msg = xstrcpy(cldecode(msgin)); if (msg[0] == '<') { mbse_locate(y, x); mbse_colour(LIGHTCYAN, BLACK); @@ -502,6 +506,7 @@ void Showline(int y, int x, char *msg) mbse_colour(GREEN, BLACK); mbse_mvprintw(y, x, msg); } + free(msg); } } @@ -546,7 +551,7 @@ void Chat(int sysop) static char buf[200]; clr_index(); - rsize = lines - 7; + rsize = rows - 7; rpointer = 0; snprintf(buf, 200, "CCON,4,%d,%s,%s,%s;", mypid, CFG.sysop_name, CFG.sysop, sysop ? "1":"0"); @@ -559,19 +564,19 @@ void Chat(int sysop) mbse_mvprintw(4, 1, (char *)"The chatserver is not configured in /etc/services"); working(2, 0, 0); working(0, 0, 0); - center_addstr(lines -4, (char *)"Press any key"); - readkey(lines - 4, columns / 2 + 8, LIGHTGRAY, BLACK); + center_addstr(rows -4, (char *)"Press any key"); + readkey(rows - 4, cols / 2 + 8, LIGHTGRAY, BLACK); return; } } - mbse_locate(lines - 2, 1); + mbse_locate(rows - 2, 1); set_color(WHITE, BLUE); clrtoeol(); - mbse_mvprintw(lines - 2, 2, "Chat, type \"/EXIT\" to exit"); + mbse_mvprintw(rows - 2, 2, "Chat, type \"/EXIT\" to exit"); set_color(WHITE, BLACK); - mbse_mvprintw(lines - 1, 1, ">"); + mbse_mvprintw(rows - 1, 1, ">"); memset(&sbuf, 0, sizeof(sbuf)); memset(&rbuf, 0, sizeof(rbuf)); @@ -631,7 +636,7 @@ void Chat(int sysop) /* * Check for a pressed key, if so then process it */ - ch = testkey(lines -1, curpos + 2); + ch = testkey(rows -1, curpos + 2); if (isprint(ch)) { set_color(CYAN, BLACK); if (curpos < 77) { @@ -673,10 +678,10 @@ void Chat(int sysop) } curpos = 0; memset(&sbuf, 0, sizeof(sbuf)); - mbse_locate(lines - 1, 2); + mbse_locate(rows - 1, 2); clrtoeol(); set_color(WHITE, BLACK); - mbse_mvprintw(lines - 1, 1, ">"); + mbse_mvprintw(rows - 1, 1, ">"); } } @@ -728,9 +733,8 @@ void Chat(int sysop) int main(int argc, char *argv[]) { struct passwd *pw; + struct winsize ws; char buf[128]; - int rc; - /* * Find out who is on the keyboard or automated the keyboard. @@ -767,21 +771,14 @@ int main(int argc, char *argv[]) signal(SIGTERM,(void (*))die); signal(SIGKILL,(void (*))die); - /* - * Find out if the environment variables LINES and COLUMNS are present, - * if so, then use these for screen dimensions. - */ - if (getenv("LINES")) { - rc = atoi(getenv("LINES")); - if (rc >= 24) - lines = rc; + if (ioctl(1, TIOCGWINSZ, &ws) != -1 && (ws.ws_col > 0) && (ws.ws_row > 0)) { + rows = ws.ws_row; + if (rows < 24) { + Syslog('!', "Warning, only %d screen rows, forcing to 24", rows); + rows = 24; + } } - if (getenv("COLUMNS")) { - rc = atoi(getenv("COLUMNS")); - if (rc >= 80) - columns = rc; - } - Syslog('-', "Screen size set to %dx%d", columns, lines); + Syslog('+', "Screen size set to %dx%d", cols, rows); if (lockprogram((char *)"mbmon")) { printf("\n\7Another mbmon is already running, abort.\n\n"); diff --git a/mbmon/mutil.c b/mbmon/mutil.c index 8a946334..edac0b4a 100644 --- a/mbmon/mutil.c +++ b/mbmon/mutil.c @@ -33,7 +33,7 @@ #include "mutil.h" -extern int lines, columns; +extern int rows, cols; extern int ttyfd; int bbs_free; @@ -305,10 +305,10 @@ int select_menu(int max) * Loop forever until it's right. */ for (;;) { - mbse_mvprintw(lines - 2, 6, "Enter your choice >"); + mbse_mvprintw(rows - 2, 6, "Enter your choice >"); menu = (char *)"-"; - menu = edit_field(lines - 2, 26, 3, '9', menu); - mbse_locate(lines -2, 6); + menu = edit_field(rows - 2, 26, 3, '9', menu); + mbse_locate(rows - 2, 6); clrtoeol(); if (strncmp(menu, "-", 1) == 0) @@ -330,7 +330,7 @@ void clrtoeol() int i; printf("\r"); - for (i = 0; i < columns; i++) + for (i = 0; i < cols; i++) putchar(' '); printf("\r"); fflush(stdout); @@ -382,10 +382,10 @@ void show_date(int fg, int bg, int y, int x) set_color(LIGHTGREEN, BLUE); p = ctime(&now); Striplf(p); - mbse_mvprintw(1, columns - 36, (char *)"%s TZUTC %s", p, gmtoffset(now)); + mbse_mvprintw(1, cols - 36, (char *)"%s TZUTC %s", p, gmtoffset(now)); p = asctime(gmtime(&now)); Striplf(p); - mbse_mvprintw(2, columns - 36, (char *)"%s UTC", p); + mbse_mvprintw(2, cols - 36, (char *)"%s UTC", p); /* * Indicator if bbs is free @@ -395,15 +395,15 @@ void show_date(int fg, int bg, int y, int x) strcpy(buf, SockR("SBBS:0;")); if (strncmp(buf, "100:2,1", 7) == 0) { set_color(WHITE, RED); - mbse_mvprintw(2,columns - 6, (char *)" Down "); + mbse_mvprintw(2,cols - 6, (char *)" Down "); } else { set_color(WHITE, BLUE); - mbse_mvprintw(2,columns - 6, (char *)" Free "); + mbse_mvprintw(2,cols - 6, (char *)" Free "); } bbs_free = TRUE; } else { set_color(WHITE, RED); - mbse_mvprintw(2,columns - 6, (char *)" Busy "); + mbse_mvprintw(2,cols - 6, (char *)" Busy "); bbs_free = FALSE; } @@ -447,7 +447,7 @@ void show_date(int fg, int bg, int y, int x) void center_addstr(int y, char *s) { - mbse_mvprintw(y, (columns / 2) - (strlen(s) / 2), s); + mbse_mvprintw(y, (cols / 2) - (strlen(s) / 2), s); } @@ -459,18 +459,18 @@ void screen_start(char *name) { int i; - mbse_TermInit(1, columns, lines); + mbse_TermInit(1, cols, rows); /* * Overwrite screen the first time, if user had it black on white * it will change to white on black. clear() won't do the trick. */ set_color(LIGHTGRAY, BLUE); mbse_locate(1, 1); - for (i = 0; i < lines; i++) { + for (i = 0; i < rows; i++) { if (i == 3) mbse_colour(LIGHTGRAY, BLACK); clrtoeol(); - if (i < lines) + if (i < rows) printf("\n"); } fflush(stdout); @@ -521,11 +521,11 @@ void working(int txno, int y, int x) set_color(LIGHTGRAY, BLACK); switch (txno) { - case 0: mbse_mvprintw(4, columns - 14, (char *)" "); + case 0: mbse_mvprintw(4, cols - 14, (char *)" "); break; - case 1: mbse_mvprintw(4, columns - 14, (char *)"Working . . ."); + case 1: mbse_mvprintw(4, cols - 14, (char *)"Working . . ."); break; - case 2: mbse_mvprintw(4, columns - 14, (char *)">>> ERROR <<<"); + case 2: mbse_mvprintw(4, cols - 14, (char *)">>> ERROR <<<"); for (i = 1; i <= 5; i++) { putchar(7); fflush(stdout); @@ -533,12 +533,12 @@ void working(int txno, int y, int x) } msleep(550); break; - case 3: mbse_mvprintw(4, columns - 14, (char *)"Form inserted"); + case 3: mbse_mvprintw(4, cols - 14, (char *)"Form inserted"); putchar(7); fflush(stdout); sleep(1); break; - case 4: mbse_mvprintw(4, columns - 14, (char *)"Form deleted "); + case 4: mbse_mvprintw(4, cols - 14, (char *)"Form deleted "); putchar(7); fflush(stdout); sleep(1); @@ -562,7 +562,7 @@ void clr_index() int i; set_color(LIGHTGRAY, BLACK); - for (i = 4; i <= (lines); i++) { + for (i = 4; i <= (rows); i++) { mbse_locate(i, 1); clrtoeol(); } @@ -578,7 +578,7 @@ void showhelp(char *T) int f, i, x, forlim; f = FALSE; - mbse_locate(lines, 1); + mbse_locate(rows, 1); set_color(WHITE, RED); clrtoeol(); x = 0; diff --git a/mbtask/taskchat.c b/mbtask/taskchat.c index 627ae508..67fc5f5b 100644 --- a/mbtask/taskchat.c +++ b/mbtask/taskchat.c @@ -404,11 +404,11 @@ char *chat_connect(char *data) /* * Register with IBC */ - pid = strtok(data, ","); /* Should be 3 */ - pid = strtok(NULL, ","); /* The pid */ - realname = strtok(NULL, ","); /* Username */ - nick = strtok(NULL, ","); /* Mickname */ - sys = atoi(strtok(NULL, ";")); /* Sysop flag */ + pid = strtok(data, ","); /* Should be 3 */ + pid = strtok(NULL, ","); /* The pid */ + realname = xstrcpy(cldecode(strtok(NULL, ",")));/* Username */ + nick = xstrcpy(cldecode(strtok(NULL, ","))); /* Nickname */ + sys = atoi(strtok(NULL, ";")); /* Sysop flag */ add_user(&users, CFG.myfqdn, nick, realname); send_all("USER %s@%s %s\r\n", nick, CFG.myfqdn, realname); @@ -512,8 +512,7 @@ char *chat_put(char *data) pid = strtok(data, ","); pid = strtok(NULL, ","); - msg = strtok(NULL, "\0"); - msg[strlen(msg)-1] = '\0'; + msg = xstrcpy(cldecode(strtok(NULL, ";"))); for (tmpu = users; tmpu; tmpu = tmpu->next) { if (tmpu->pid == atoi(pid)) { @@ -689,14 +688,17 @@ char *chat_put(char *data) } Syslog('-', "Pid %s was not connected to chatserver"); snprintf(buf, 200, "100:2,1,*** ERROR - Not connected to server;"); + free(msg); return buf; ack: snprintf(buf, 200, "100:0;"); + free(msg); return buf; hangup: snprintf(buf, 200, "100:2,1,Disconnecting;"); + free(msg); return buf; } @@ -737,7 +739,7 @@ char *chat_get(char *data) /* * Message is for us */ - snprintf(buf, 200, "100:2,0,%s;", chat_messages[tmpu->pointer].message); + snprintf(buf, 200, "100:2,0,%s;", clencode(chat_messages[tmpu->pointer].message)); Syslog('-', "%s", buf); return buf; } diff --git a/mbtask/taskcomm.c b/mbtask/taskcomm.c index df6f07bc..eae77a63 100644 --- a/mbtask/taskcomm.c +++ b/mbtask/taskcomm.c @@ -58,19 +58,21 @@ int cmd_run = FALSE;/* cmd running */ int userlog(char *); int userlog(char *param) { - char *prname, *prpid, *grade, *msg; - static char lfn[PATH_MAX], token[14]; + char *prname, *prpid, *grade, *msg; + static char lfn[PATH_MAX], token[14]; + int rc; - lfn[0] = '\0'; - strcpy(token, strtok(param, ",")); - strcpy(token, strtok(NULL, ",")); - snprintf(lfn, PATH_MAX, "%s/log/%s", getenv("MBSE_ROOT"), token); - prname = strtok(NULL, ","); - prpid = strtok(NULL, ","); - grade = strtok(NULL, ","); - msg = strtok(NULL, "\0"); - msg[strlen(msg) -1] = '\0'; - return ulog(lfn, grade, prname, prpid, msg); + lfn[0] = '\0'; + strcpy(token, strtok(param, ",")); + strcpy(token, strtok(NULL, ",")); + snprintf(lfn, PATH_MAX, "%s/log/%s", getenv("MBSE_ROOT"), token); + prname = strtok(NULL, ","); + prpid = strtok(NULL, ","); + grade = strtok(NULL, ","); + msg = xstrcpy(cldecode(strtok(NULL, ";"))); + rc = ulog(lfn, grade, prname, prpid, msg); + free(msg); + return rc; } @@ -519,7 +521,7 @@ char *exe_cmd(char *in) } /* - * SCLO:1,message; + * SCLO:0; * 100:0; */ if (strncmp(cmd, "SCLO", 4) == 0) { diff --git a/mbtask/taskinfo.c b/mbtask/taskinfo.c index 1c17dd2c..34712343 100644 --- a/mbtask/taskinfo.c +++ b/mbtask/taskinfo.c @@ -58,7 +58,7 @@ char *get_sysinfo(void) startdate = SYSINFO.StartDate; snprintf(buf, SS_BUFSIZE, "100:7,%d,%d,%d,%d,%d,%s,%s;", SYSINFO.SystemCalls, SYSINFO.Pots, SYSINFO.ISDN, SYSINFO.Network, SYSINFO.Local, - ctime(&startdate), SYSINFO.LastCaller); + ctime(&startdate), clencode(SYSINFO.LastCaller)); } fclose(fp); @@ -94,49 +94,53 @@ char *get_lastcallercount(void) char *get_lastcallerrec(int Rec) { - static char buf[SS_BUFSIZE]; - char *temp, action[9]; - FILE *fp; + static char buf[SS_BUFSIZE]; + char *temp, action[9], *name, *city; + FILE *fp; - snprintf(buf, SS_BUFSIZE, "201:1,16;"); - temp = calloc(PATH_MAX, sizeof(char)); - snprintf(temp, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT")); - if ((fp = fopen(temp, "r")) == NULL) { - free(temp); - return buf; - } - fread(&LCALLhdr, sizeof(LCALLhdr), 1, fp); - fseek(fp, ((Rec -1) * LCALLhdr.recsize) + LCALLhdr.hdrsize, SEEK_SET); + snprintf(buf, SS_BUFSIZE, "201:1,16;"); + temp = calloc(PATH_MAX, sizeof(char)); + snprintf(temp, PATH_MAX, "%s/etc/lastcall.data", getenv("MBSE_ROOT")); + if ((fp = fopen(temp, "r")) == NULL) { + free(temp); + return buf; + } + fread(&LCALLhdr, sizeof(LCALLhdr), 1, fp); + fseek(fp, ((Rec -1) * LCALLhdr.recsize) + LCALLhdr.hdrsize, SEEK_SET); - if (fread(&LCALL, LCALLhdr.recsize, 1, fp) == 1) { - LCALL.UserName[15] = '\0'; - LCALL.Location[12] = '\0'; - strcpy(action, "--------"); - if (LCALL.Hidden) - action[0] = 'H'; - if (LCALL.Download) - action[1] = 'D'; - if (LCALL.Upload) - action[2] = 'U'; - if (LCALL.Read) - action[3] = 'R'; - if (LCALL.Wrote) - action[4] = 'P'; - if (LCALL.Chat) - action[5] = 'C'; - if (LCALL.Olr) - action[6] = 'O'; - if (LCALL.Door) - action[7] = 'E'; - action[8] = '\0'; - snprintf(buf, SS_BUFSIZE, "100:9,%s,%s,%d,%s,%s,%d,%d,%s,%s;", LCALL.UserName, LCALL.Location, + if (fread(&LCALL, LCALLhdr.recsize, 1, fp) == 1) { + LCALL.UserName[15] = '\0'; + LCALL.Location[12] = '\0'; + strcpy(action, "--------"); + if (LCALL.Hidden) + action[0] = 'H'; + if (LCALL.Download) + action[1] = 'D'; + if (LCALL.Upload) + action[2] = 'U'; + if (LCALL.Read) + action[3] = 'R'; + if (LCALL.Wrote) + action[4] = 'P'; + if (LCALL.Chat) + action[5] = 'C'; + if (LCALL.Olr) + action[6] = 'O'; + if (LCALL.Door) + action[7] = 'E'; + action[8] = '\0'; + name = xstrcpy(clencode(LCALL.UserName)); + city = xstrcpy(clencode(LCALL.Location)); + snprintf(buf, SS_BUFSIZE, "100:9,%s,%s,%d,%s,%s,%d,%d,%s,%s;", name, city, LCALL.SecLevel, LCALL.Device, LCALL.TimeOn, (int)LCALL.CallTime, LCALL.Calls, LCALL.Speed, action); - } + free(name); + free(city); + } - free(temp); - fclose(fp); - return buf; + free(temp); + fclose(fp); + return buf; } diff --git a/mbtask/taskregs.c b/mbtask/taskregs.c index 5204dbd2..e7e7c23d 100644 --- a/mbtask/taskregs.c +++ b/mbtask/taskregs.c @@ -76,15 +76,18 @@ int reg_newcon(char *data) cnt = strtok(data, ","); pid = strtok(NULL, ","); tty = strtok(NULL, ","); - uid = strtok(NULL, ","); - prg = strtok(NULL, ","); - city = strtok(NULL, ";"); + uid = xstrcpy(cldecode(strtok(NULL, ","))); + prg = xstrcpy(cldecode(strtok(NULL, ","))); + city = xstrcpy(cldecode(strtok(NULL, ";"))); /* * Abort if no empty record is found */ if ((retval = reg_find((char *)"0")) == -1) { Syslog('?', "Maximum clients (%d) reached", MAXCLIENT); + free(uid); + free(prg); + free(city); return -1; } @@ -110,6 +113,9 @@ int reg_newcon(char *data) mailers++; Syslog('-', "Registered client pgm \"%s\", pid %s, slot %d, mailers %d, TCP/IP %d", prg, pid, retval, mailers, ipmailers); + free(uid); + free(prg); + free(city); return retval; } @@ -201,13 +207,16 @@ int reg_doing(char *data) cnt = strtok(data, ","); pid = strtok(NULL, ","); - line = strtok(NULL, ";"); + line = xstrcpy(cldecode(strtok(NULL, ";"))); - if ((rec = reg_find(pid)) == -1) + if ((rec = reg_find(pid)) == -1) { + free(line); return -1; + } strncpy(reginfo[rec].doing, line, 35); reginfo[rec].lastcon = (int)time(NULL); + free(line); return 0; } @@ -343,15 +352,20 @@ int reg_user(char *data) cnt = strtok(data, ","); pid = strtok(NULL, ","); - user = strtok(NULL, ","); - city = strtok(NULL, ";"); + user = xstrcpy(cldecode(strtok(NULL, ","))); + city = xstrcpy(cldecode(strtok(NULL, ";"))); - if ((rec = reg_find(pid)) == -1) + if ((rec = reg_find(pid)) == -1) { + free(user); + free(city); return -1; + } strncpy((char *)®info[rec].uname, user, 35); strncpy((char *)®info[rec].city, city, 35); reginfo[rec].lastcon = (int)time(NULL); + free(user); + free(city); return 0; } @@ -384,7 +398,7 @@ int reg_sysop(char *data) */ char *reg_ipm(char *data) { - char *cnt, *pid; + char *cnt, *pid, *name, *msg; static char buf[128]; int rec; @@ -401,7 +415,9 @@ char *reg_ipm(char *data) return buf; buf[0] = '\0'; - snprintf(buf, 128, "100:2,%s,%s;", reginfo[rec].fname[reginfo[rec].ptr_out], reginfo[rec].msg[reginfo[rec].ptr_out]); + name = xstrcpy(clencode(reginfo[rec].fname[reginfo[rec].ptr_out])); + msg = xstrcpy(clencode(reginfo[rec].msg[reginfo[rec].ptr_out])); + snprintf(buf, 128, "100:2,%s,%s;", name, msg); if (reginfo[rec].ptr_out < RB) reginfo[rec].ptr_out++; else @@ -411,6 +427,8 @@ char *reg_ipm(char *data) Syslog('+', "reg_ipm: in=%d out=%d ismsg=%d", reginfo[rec].ptr_in, reginfo[rec].ptr_out, reginfo[rec].ismsg); + free(name); + free(msg); return buf; } @@ -425,10 +443,9 @@ int reg_spm(char *data) int i; cnt = strtok(data, ","); - from = strtok(NULL, ","); - too = strtok(NULL, ","); - txt = strtok(NULL, "\0"); - txt[strlen(txt)-1] = '\0'; + from = xstrcpy(cldecode(strtok(NULL, ","))); + too = xstrcpy(cldecode(strtok(NULL, ","))); + txt = xstrcpy(cldecode(strtok(NULL, ";"))); Syslog('-', "SIPM:%s,%s,%s,%s;", cnt, from, too, txt); @@ -440,6 +457,9 @@ int reg_spm(char *data) * can't get anymore new messages. */ if (reginfo[i].ismsg && (reginfo[i].ptr_in == reginfo[i].ptr_out)) { + free(from); + free(too); + free(txt); return 2; } @@ -447,6 +467,9 @@ int reg_spm(char *data) * If user has the "do not distrurb" flag set, but the sysop ignore's this. */ if (reginfo[i].silent) { + free(from); + free(too); + free(txt); return 1; } @@ -469,10 +492,16 @@ int reg_spm(char *data) } Syslog('+', "reg_spm: rec=%d in=%d out=%d ismsg=%d", i, reginfo[i].ptr_in, reginfo[i].ptr_out, reginfo[i].ismsg); + free(from); + free(too); + free(txt); return 0; } } + free(from); + free(too); + free(txt); return 3; // Error, user not found } @@ -523,6 +552,7 @@ char *reg_fre(void) char *get_reginfo(int first) { static char buf[256]; + char *name, *prg, *city, *doing; memset(&buf, 0, sizeof(buf)); snprintf(buf, 256, "100:0;"); @@ -542,11 +572,17 @@ char *get_reginfo(int first) return buf; if ((int)reginfo[entrypos].pid != 0) { + name = xstrcpy(clencode(reginfo[entrypos].uname)); + prg = xstrcpy(clencode(reginfo[entrypos].prg)); + city = xstrcpy(clencode(reginfo[entrypos].city)); + doing = xstrcpy(clencode( reginfo[entrypos].doing)); snprintf(buf, 256, "100:7,%d,%s,%s,%s,%s,%s,%d;", reginfo[entrypos].pid, reginfo[entrypos].tty, - reginfo[entrypos].uname, reginfo[entrypos].prg, - reginfo[entrypos].city, reginfo[entrypos].doing, - reginfo[entrypos].started); + name, prg, city, doing, reginfo[entrypos].started); + free(name); + free(prg); + free(city); + free(doing); return buf; } } @@ -565,25 +601,30 @@ int reg_page(char *data) cnt = strtok(data, ","); pid = strtok(NULL, ","); - reason = strtok(NULL, "\0"); - reason[strlen(reason)-1] = '\0'; + reason = xstrcpy(cldecode(strtok(NULL, ";"))); Syslog('+', "reg_page: pid=%d, reason=\"%s\"", pid, reason); - if (!sysop_present) + if (!sysop_present) { + free(reason); return 2; + } /* * Check if another user is paging the sysop or has paged the sysop. * If so, mark sysop busy. */ for (i = 1; i < MAXCLIENT; i++) { - if (reginfo[i].pid && (reginfo[i].pid != atoi(pid)) && (reginfo[i].paging || reginfo[i].haspaged)) + if (reginfo[i].pid && (reginfo[i].pid != atoi(pid)) && (reginfo[i].paging || reginfo[i].haspaged)) { + free(reason); return 1; + } } - if ((rec = reg_find(pid)) == -1) + if ((rec = reg_find(pid)) == -1) { + free(reason); return 3; + } /* * All seems well, accept the page @@ -633,11 +674,11 @@ char *reg_checkpage(char *data) memset(&buf, 0, sizeof(buf)); for (i = 1; i < MAXCLIENT; i++) { if (reginfo[i].pid && reginfo[i].paging) { - snprintf(buf, 128, "100:3,%d,1,%s;", reginfo[i].pid, reginfo[i].reason); + snprintf(buf, 128, "100:3,%d,1,%s;", reginfo[i].pid, clencode(reginfo[i].reason)); return buf; } if (reginfo[i].pid && reginfo[i].haspaged) { - snprintf(buf, 128, "100:3,%d,0,%s;", reginfo[i].pid, reginfo[i].reason); + snprintf(buf, 128, "100:3,%d,0,%s;", reginfo[i].pid, clencode(reginfo[i].reason)); return buf; } } diff --git a/mbtask/taskutil.c b/mbtask/taskutil.c index 01532292..266b9520 100644 --- a/mbtask/taskutil.c +++ b/mbtask/taskutil.c @@ -625,3 +625,68 @@ char *printable(char *s, int l) return pbuff; } + + +char *clencode(char *s) +{ + char Base16Code[]="0123456789ABCDEF"; + static char *buf; + char *p, *q; + + if (buf) + free(buf); + buf = NULL; + if (s == NULL) + return NULL; + + if ((buf = malloc(2 * strlen(s) + 1 * sizeof(char))) == NULL) { + Syslog('+', "clencode: out of memory:string too long:\"%s\"", s); + return s; + } + for (p = s, q = buf; *p != '\0';) { + if ((! isascii(*p)) || (*p == ',') || (*p == ';')) { + *q++ = '\\'; + *q++ = Base16Code[(*p >> 4) & 0x0f]; + *q++ = Base16Code[*p & 0x0f]; + p++; + } else if (*p == '\\') { + *q++ = '\\'; + *q++ = *p++; + } else { + *q++ = *p++; + } + } + *q = '\0'; + return buf; +} + + + +char *cldecode(char *s) +{ + char *p, *q; + int i; + + if (s == NULL) { + return NULL; + } + + for (p = s, q = s; *p; p++) { + if (*p == '\\') { + if (*(p + 1) == '\\') { + *q++ = *p++; + } else { + sscanf(p + 1, "%02x", &i); + *q++ = i; + p += 2; + } + } else { + *q++ = *p; + } + } + + *q = '\0'; + return s; +} + +