diff --git a/mbfido/grlist.c b/mbfido/grlist.c index 25b924f2..3467c229 100644 --- a/mbfido/grlist.c +++ b/mbfido/grlist.c @@ -4,7 +4,7 @@ * Purpose ...............: Announce new files and FileFind * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:2801/16 * Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl @@ -75,8 +75,8 @@ void fill_grlist(gr_list **fdp, char *groupname, char *echoname) */ tmp = (gr_list *)malloc(sizeof(gr_list)); tmp->next = *fdp; - sprintf(tmp->group, "%s", groupname); - sprintf(tmp->echo, "%s", echoname); + snprintf(tmp->group, 13, "%s", groupname); + snprintf(tmp->echo, 21, "%s", echoname); tmp->count = 1; *fdp = tmp; } diff --git a/mbfido/hash.c b/mbfido/hash.c index d25093fa..eb389c94 100644 --- a/mbfido/hash.c +++ b/mbfido/hash.c @@ -4,7 +4,7 @@ * Purpose ...............: MBSE BBS Mail Gate * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -45,7 +45,7 @@ void hash_update_n(unsigned long *id, unsigned long mod) { char buf[32]; - sprintf(buf,"%030lu",mod); + snprintf(buf,32, "%030lu",mod); *id ^= lh_strhash(buf); } diff --git a/mbfido/hatch.c b/mbfido/hatch.c index 298c272f..f70e7b1c 100644 --- a/mbfido/hatch.c +++ b/mbfido/hatch.c @@ -4,7 +4,7 @@ * Purpose ...............: Hatch files * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -69,7 +69,7 @@ void Hatch() LastDay++; } - sprintf(temp, "%s/etc/hatch.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/hatch.data", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "r")) == NULL) { WriteError("$Can't open %s", temp); free(temp); @@ -85,7 +85,7 @@ void Hatch() HatchToday = TRUE; if ((hatch.Month[Tm->tm_mday -1]) || (hatch.Month[31] && (LastDay == Tm->tm_mday))) HatchToday = TRUE; - sprintf(temp, "%s", hatch.Spec); + snprintf(temp, PATH_MAX, "%s", hatch.Spec); if (HatchToday) CheckHatch(temp); @@ -132,7 +132,7 @@ int CheckHatch(char *temp) if (re_exec(de->d_name)) { hatched = TRUE; Syslog('+', "Hatch \"%s\" in area %s", de->d_name, hatch.Name); - sprintf(tf, "%s/%s", CFG.pinbound, MakeTicName()); + snprintf(tf, PATH_MAX, "%s/%s", CFG.pinbound, MakeTicName()); if ((Tf = fopen(tf, "a+")) == NULL) { WriteError("Can't create %s", tf); @@ -153,7 +153,7 @@ int CheckHatch(char *temp) if (strlen(hatch.Magic)) fprintf(Tf, "Magic %s\r\n", hatch.Magic); temp2 = calloc(strlen(de->d_name) + 1, sizeof(char)); - sprintf(temp2, "%s", de->d_name); + snprintf(temp2, strlen(de->d_name) + 1, "%s", de->d_name); name_mangle(temp2); fprintf(Tf, "File %s\r\n", temp2); free(temp2); diff --git a/mbfido/magic.c b/mbfido/magic.c index b9f2256e..7d2d48e3 100644 --- a/mbfido/magic.c +++ b/mbfido/magic.c @@ -4,7 +4,7 @@ * Purpose ...............: .TIC files magic processing. * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -49,27 +49,27 @@ char *Magic_Macro(int C) buf[0] = '\0'; switch(toupper(C)) { - case 'F': sprintf(buf, "%s/%s", TIC.BBSpath, TIC.NewFile); + case 'F': snprintf(buf, PATH_MAX, "%s/%s", TIC.BBSpath, TIC.NewFile); break; - case 'P': sprintf(buf, "%s", TIC.BBSpath); + case 'P': snprintf(buf, PATH_MAX, "%s", TIC.BBSpath); break; - case 'N': sprintf(buf, "%s", strtok(strdup(TIC.NewFile), ".")); + case 'N': snprintf(buf, PATH_MAX, "%s", strtok(strdup(TIC.NewFile), ".")); break; - case 'E': sprintf(buf, "%s", strrchr(TIC.NewFile, '.')); + case 'E': snprintf(buf, PATH_MAX, "%s", strrchr(TIC.NewFile, '.')); break; - case 'L': sprintf(buf, "%s", strrchr(TIC.NewFile, '.')); + case 'L': snprintf(buf, PATH_MAX, "%s", strrchr(TIC.NewFile, '.')); buf[0] = buf[1]; buf[1] = buf[2]; buf[2] = '\0'; break; - case 'D': sprintf(buf, "%03d", Day_Of_Year()); + case 'D': snprintf(buf, 3, "%03d", Day_Of_Year()); break; - case 'C': sprintf(buf, "%03d", Day_Of_Year()); + case 'C': snprintf(buf, 3, "%03d", Day_Of_Year()); buf[0] = buf[1]; buf[1] = buf[2]; buf[2] = '\0'; break; - case 'A': sprintf(buf, "%s", TIC.TicIn.Area); + case 'A': snprintf(buf, PATH_MAX, "%s", TIC.TicIn.Area); break; } @@ -90,7 +90,7 @@ int GetMagicRec(int Typ, int First) MagicNr = 0; temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "%s/etc/magic.data", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/magic.data", getenv("MBSE_ROOT")); if ((FeM = fopen(temp, "r")) == NULL) { Syslog('+', "Huh? No magic file? (%s)", temp); free(temp); @@ -147,7 +147,7 @@ void MagicResult(char *format, ...) outputstr = calloc(1024, sizeof(char)); va_start(va_ptr, format); - vsprintf(outputstr, format, va_ptr); + vsnprintf(outputstr, 1024, format, va_ptr); va_end(va_ptr); Syslog('+', "Magic: %s", outputstr); @@ -200,7 +200,7 @@ void Magic_ExecCommand(void) j++; } else { Temp[0] = '\0'; - sprintf(Temp, "%s", Magic_Macro(magic.Cmd[i])); + snprintf(Temp, PATH_MAX, "%s", Magic_Macro(magic.Cmd[i])); for (k = 0; k < strlen(Temp); k++) { Line[j] = Temp[k]; j++; @@ -236,8 +236,8 @@ void Magic_CopyFile(void) while (GetMagicRec(MG_COPY, First)) { First = FALSE; - sprintf(From, "%s/%s", TIC.BBSpath, TIC.NewFile); - sprintf(To, "%s/%s", magic.Path, TIC.NewFile); + snprintf(From, PATH_MAX, "%s/%s", TIC.BBSpath, TIC.NewFile); + snprintf(To, PATH_MAX, "%s/%s", magic.Path, TIC.NewFile); if ((rc = file_cp(From, To) == 0)) { MagicResult((char *)"%s copied to %s", From, To); @@ -264,7 +264,7 @@ void Magic_UnpackFile(void) getcwd(buf, 128); if (chdir(magic.Path) == 0) { - sprintf(Fn, "%s/%s", TIC.BBSpath, TIC.NewFile); + snprintf(Fn, PATH_MAX, "%s/%s", TIC.BBSpath, TIC.NewFile); if ((unarc = unpacker(Fn)) != NULL) { if (getarchiver(unarc)) { cmd = xstrcpy(archiver.munarc); @@ -325,7 +325,7 @@ void Magic_AdoptFile(void) if (SearchTic(magic.ToArea)) { MagicResult((char *)"Adoptfile in %s", magic.ToArea); - sprintf(temp, "%s/%s", TIC.Inbound, MakeTicName()); + snprintf(temp, PATH_MAX, "%s/%s", TIC.Inbound, MakeTicName()); if ((Tf = fopen(temp, "a+")) == NULL) WriteError("$Can't create %s", temp); else { diff --git a/mbfido/maketags.c b/mbfido/maketags.c index c08f8c0c..bacb7d85 100644 --- a/mbfido/maketags.c +++ b/mbfido/maketags.c @@ -4,7 +4,7 @@ * Purpose ...............: Make tag files * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:2801/16 * Beekmansbos 10 Internet: mbroek@ux123.pttnwb.nl @@ -45,8 +45,8 @@ void MakeTags(void) tname = calloc(PATH_MAX, sizeof(char)); aname = calloc(PATH_MAX, sizeof(char)); - sprintf(gname, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); - sprintf(dname, "%s/etc/mareas.data", getenv("MBSE_ROOT")); + snprintf(gname, PATH_MAX, "%s/etc/mgroups.data", getenv("MBSE_ROOT")); + snprintf(dname, PATH_MAX, "%s/etc/mareas.data", getenv("MBSE_ROOT")); if (((fg = fopen(gname, "r")) == NULL) || ((fd = fopen(dname, "r")) == NULL)) { WriteError("$Can't open data"); @@ -56,10 +56,10 @@ void MakeTags(void) while ((fread(&mgroup, mgrouphdr.recsize, 1, fg)) == 1) { if (mgroup.Active) { - sprintf(tname, "%s/share/doc/tags/%s.msgs.tag", getenv("MBSE_ROOT"), mgroup.Name); + snprintf(tname, PATH_MAX, "%s/share/doc/tags/%s.msgs.tag", getenv("MBSE_ROOT"), mgroup.Name); mkdirs(tname, 0755); td = fopen(tname, "w"); - sprintf(aname, "%s/share/doc/tags/%s.msgs.are", getenv("MBSE_ROOT"), mgroup.Name); + snprintf(aname, PATH_MAX, "%s/share/doc/tags/%s.msgs.are", getenv("MBSE_ROOT"), mgroup.Name); ad = fopen(aname, "w"); fprintf(ad, "; Mail areas in group %s\n", mgroup.Name); fprintf(ad, ";\n"); @@ -81,8 +81,8 @@ void MakeTags(void) fclose(fd); } - sprintf(gname, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); - sprintf(dname, "%s/etc/tic.data", getenv("MBSE_ROOT")); + snprintf(gname, PATH_MAX, "%s/etc/fgroups.data", getenv("MBSE_ROOT")); + snprintf(dname, PATH_MAX, "%s/etc/tic.data", getenv("MBSE_ROOT")); if (((fg = fopen(gname, "r")) == NULL) || ((fd = fopen(dname, "r")) == NULL)) { WriteError("$Can't open data"); @@ -92,9 +92,9 @@ void MakeTags(void) while ((fread(&fgroup, fgrouphdr.recsize, 1, fg)) == 1) { if (fgroup.Active) { - sprintf(tname, "%s/share/doc/tags/%s.file.tag", getenv("MBSE_ROOT"), fgroup.Name); + snprintf(tname, PATH_MAX, "%s/share/doc/tags/%s.file.tag", getenv("MBSE_ROOT"), fgroup.Name); td = fopen(tname, "w"); - sprintf(aname, "%s/share/doc/tags/%s.file.are", getenv("MBSE_ROOT"), fgroup.Name); + snprintf(aname, PATH_MAX, "%s/share/doc/tags/%s.file.are", getenv("MBSE_ROOT"), fgroup.Name); ad = fopen(aname, "w"); fprintf(ad, "; TIC file areas in group %s\n", fgroup.Name); fprintf(ad, ";\n"); diff --git a/mbfido/mbfadopt.c b/mbfido/mbfadopt.c index 1a43cf1f..661432bf 100644 --- a/mbfido/mbfadopt.c +++ b/mbfido/mbfadopt.c @@ -77,11 +77,11 @@ void AdoptFile(int Area, char *File, char *Description) fflush(stdout); } - sprintf(temp, "%s/%s", pwd, File); - sprintf(tmpdir, "%s/tmp/arc", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/%s", pwd, File); + snprintf(tmpdir, PATH_MAX, "%s/tmp/arc", getenv("MBSE_ROOT")); if ((unarc = unpacker(File)) == NULL) { Syslog('+', "No known archive: %s", File); - sprintf(temp2, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), File); + snprintf(temp2, PATH_MAX, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), File); mkdirs(temp2, 0755); if ((rc = file_cp(temp, temp2))) { WriteError("Can't copy file to %s, %s", temp2, strerror(rc)); @@ -150,12 +150,12 @@ void AdoptFile(int Area, char *File, char *Description) /* * Try to get a FILE_ID.DIZ */ - sprintf(temp, "%s/tmp/arc/FILE_ID.DIZ", getenv("MBSE_ROOT")); - sprintf(temp2, "%s/tmp/FILE_ID.DIZ", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/tmp/arc/FILE_ID.DIZ", getenv("MBSE_ROOT")); + snprintf(temp2, PATH_MAX, "%s/tmp/FILE_ID.DIZ", getenv("MBSE_ROOT")); if (file_cp(temp, temp2) == 0) { File_Id = TRUE; } else { - sprintf(temp, "%s/tmp/arc/file_id.diz", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/tmp/arc/file_id.diz", getenv("MBSE_ROOT")); if (file_cp(temp, temp2) == 0) File_Id = TRUE; } @@ -284,7 +284,7 @@ void AdoptFile(int Area, char *File, char *Description) f_db.Size = file_size(f_db.Name); f_db.Crc32 = file_crc(f_db.Name, TRUE); f_db.FileDate = file_time(f_db.Name); - sprintf(temp2, "%s/%s", area.Path, f_db.Name); + snprintf(temp2, PATH_MAX, "%s/%s", area.Path, f_db.Name); if (!do_quiet) { printf("Adding \b\b\b\b\b\b\b\b\b\b"); @@ -293,7 +293,7 @@ void AdoptFile(int Area, char *File, char *Description) if (strcmp(f_db.Name, f_db.LName)) { lname = calloc(PATH_MAX, sizeof(char)); - sprintf(lname, "%s/%s", area.Path, f_db.LName); + snprintf(lname, PATH_MAX, "%s/%s", area.Path, f_db.LName); if (AddFile(f_db, Area, temp2, f_db.Name, lname) == FALSE) { die(MBERR_GENERAL); } diff --git a/mbfido/mbfcheck.c b/mbfido/mbfcheck.c index 65dd02e1..effbce64 100644 --- a/mbfido/mbfcheck.c +++ b/mbfido/mbfcheck.c @@ -85,7 +85,7 @@ void Check(long AreaNr) } iAreasNew = iTotal = iErrors = 0; - sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen (sAreas, "r")) == NULL) { WriteError("Can't open %s", sAreas); @@ -120,7 +120,7 @@ void Check(long AreaNr) } else { if (strlen(area.Name) == 0) { - sprintf(fAreas, "%s/fdb/file%ld.data", getenv("MBSE_ROOT"), i); + snprintf(fAreas, PATH_MAX, "%s/fdb/file%ld.data", getenv("MBSE_ROOT"), i); if (unlink(fAreas) == 0) { Syslog('+', "Removed obsolete %s", fAreas); } @@ -147,7 +147,7 @@ void Check(long AreaNr) } else { while ((de = readdir(dp))) { if (de->d_name[0] != '.') { - sprintf(temp, "%s/%s", CFG.req_magic, de->d_name); + snprintf(temp, PATH_MAX, "%s/%s", CFG.req_magic, de->d_name); if (file_exist(temp, X_OK) == 0) { Syslog('f', "%s is executable", temp); } else if (file_exist(temp, R_OK) == 0) { @@ -155,7 +155,7 @@ void Check(long AreaNr) fgets(mname, PATH_MAX -1, pFile); fclose(pFile); Striplf(mname); - sprintf(newdir, "%s/etc/request.index", getenv("MBSE_ROOT")); + snprintf(newdir, PATH_MAX, "%s/etc/request.index", getenv("MBSE_ROOT")); Found = FALSE; if ((pFile = fopen(newdir, "r"))) { while (fread(&idx, sizeof(idx), 1, pFile)) { @@ -228,7 +228,7 @@ void CheckArea(long Area) */ if (access(area.Path, R_OK) == -1) { Syslog('!', "No dir: %s", area.Path); - sprintf(newdir, "%s/foobar", area.Path); + snprintf(newdir, PATH_MAX, "%s/foobar", area.Path); mkdirs(newdir, 0775); } @@ -300,8 +300,8 @@ void CheckArea(long Area) iTotal++; inArea++; - sprintf(newdir, "%s/%s", area.Path, fdb.LName); - sprintf(mname, "%s/%s", area.Path, fdb.Name); + snprintf(newdir, PATH_MAX, "%s/%s", area.Path, fdb.LName); + snprintf(mname, PATH_MAX, "%s/%s", area.Path, fdb.Name); if (file_exist(newdir, R_OK) && file_exist(mname, R_OK)) { Syslog('+', "File %s area %ld not on disk.", newdir, Area); @@ -324,13 +324,13 @@ void CheckArea(long Area) strcpy(temp, fdb.LName); name_mangle(temp); - sprintf(mname, "%s/%s", area.Path, temp); + snprintf(mname, PATH_MAX, "%s/%s", area.Path, temp); if (strcmp(fdb.Name, temp)) { Syslog('!', "Converted %s to %s", fdb.Name, temp); tname = calloc(PATH_MAX, sizeof(char)); - sprintf(tname, "%s/%s", area.Path, fdb.Name); + snprintf(tname, PATH_MAX, "%s/%s", area.Path, fdb.Name); rename(tname, mname); - sprintf(tname, "%s/%s", area.Path, fdb.LName); + snprintf(tname, PATH_MAX, "%s/%s", area.Path, fdb.LName); unlink(tname); symlink(mname, tname); free(tname); @@ -347,10 +347,10 @@ void CheckArea(long Area) * 8.3 and LFN are the same. */ tname = calloc(PATH_MAX, sizeof(char)); - sprintf(tname, "%s/%s", area.Path, fdb.LName); + snprintf(tname, PATH_MAX, "%s/%s", area.Path, fdb.LName); for (j = 0; j < strlen(fdb.LName); j++) fdb.LName[j] = tolower(fdb.LName[j]); - sprintf(newdir, "%s/%s", area.Path, fdb.LName); + snprintf(newdir, PATH_MAX, "%s/%s", area.Path, fdb.LName); if (strcmp(tname, newdir)) { Syslog('+', "Rename LFN from %s to %s", fdb.Name, fdb.LName); rename(tname, newdir); @@ -433,7 +433,7 @@ void CheckArea(long Area) * It could be that there is a thumbnail made of the 8.3 filename */ tname = calloc(PATH_MAX, sizeof(char)); - sprintf(tname, "%s/.%s", area.Path, fdb.Name); + snprintf(tname, PATH_MAX, "%s/.%s", area.Path, fdb.Name); if (file_exist(tname, R_OK) == 0) { Syslog('+', "Removing wrong 8.3 thumbnail %s", tname); iErrors++; @@ -532,7 +532,7 @@ void CheckArea(long Area) (strncmp(de->d_name, "header", 6)) && (strncmp(de->d_name, "index", 5)) && (strncmp(de->d_name, "readme", 6))) { - sprintf(fn, "%s/%s", area.Path, de->d_name); + snprintf(fn, PATH_MAX, "%s/%s", area.Path, de->d_name); if (stat(fn, &stb) == 0) if (S_ISREG(stb.st_mode)) { if (unlink(fn) == 0) { diff --git a/mbfido/mbfido.c b/mbfido/mbfido.c index c0769b77..65e00e03 100644 --- a/mbfido/mbfido.c +++ b/mbfido/mbfido.c @@ -177,7 +177,7 @@ void editor_configs(void) /* * Export ~/etc/msg.txt for MsgEd. */ - sprintf(temp, "%s/etc/msg.txt", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/msg.txt", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "w")) != NULL) { fprintf(fp, "; msg.txt -- Automatic created by mbsetup %s -- Do not edit!\n;\n", VERSION); fprintf(fp, "; Mail areas for MsgEd.\n;\n"); @@ -191,7 +191,7 @@ void editor_configs(void) /* * Export ~/etc/golded.inc for GoldED */ - sprintf(temp, "%s/etc/golded.inc", getenv("MBSE_ROOT")); + snprintf(temp, PATH_MAX, "%s/etc/golded.inc", getenv("MBSE_ROOT")); if ((fp = fopen(temp, "w")) != NULL) { fprintf(fp, "; GoldED.inc -- Automatic created by mbsetup %s -- Do not edit!\n\n", VERSION); fprintf(fp, "; Basic information.\n;\n"); @@ -419,7 +419,7 @@ int main(int argc, char **argv) ((strchr(argv[i + 1], ':') != NULL) || (atoi(argv[i + 1])) || (strncmp(argv[i + 1], "*", 1) == 0))) { - sprintf(Options, "%s", argv[i + 1]); + snprintf(Options, 81, "%s", argv[i + 1]); i++; } } @@ -559,7 +559,7 @@ int main(int argc, char **argv) * Read alias file */ cmd = calloc(PATH_MAX, sizeof(char)); - sprintf(cmd, "%s/etc/aliases", getenv("MBSE_ROOT")); + snprintf(cmd, PATH_MAX, "%s/etc/aliases", getenv("MBSE_ROOT")); if ((do_news || do_scan || do_toss || do_mail) && file_exist(cmd, R_OK) == 0) readalias(cmd); free(cmd); diff --git a/mbfido/mbfimport.c b/mbfido/mbfimport.c index 99037f1f..c89d1aae 100644 --- a/mbfido/mbfimport.c +++ b/mbfido/mbfimport.c @@ -4,7 +4,7 @@ * Purpose: File Database Maintenance - Import files with files.bbs * ***************************************************************************** - * Copyright (C) 1997-2004 + * Copyright (C) 1997-2005 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 @@ -58,7 +58,7 @@ void ImportFiles(int Area) mbse_colour(CYAN, BLACK); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(temp, "xxxxx%d", getpid()); + snprintf(temp, PATH_MAX, "xxxxx%d", getpid()); if ((fbbs = fopen(temp, "a+")) == NULL) { WriteError("$Can't write to directory"); if (!do_quiet) @@ -86,14 +86,14 @@ void ImportFiles(int Area) getcwd(pwd, PATH_MAX); if (CheckFDB(Area, area.Path)) die(MBERR_GENERAL); - sprintf(tmpdir, "%s/tmp/arc", getenv("MBSE_ROOT")); + snprintf(tmpdir, PATH_MAX, "%s/tmp/arc", getenv("MBSE_ROOT")); IsDoing("Import files"); /* * Find and open files.bbs */ - sprintf(temp, "FILES.BBS"); + snprintf(temp, PATH_MAX, "FILES.BBS"); if (getfilecase(area.Path, temp) == FALSE) { WriteError("Can't find files.bbs anywhere"); if (!do_quiet) @@ -117,7 +117,7 @@ void ImportFiles(int Area) Doit = TRUE; if ((unarc = unpacker(temp)) == NULL) { Syslog('+', "Unknown archive format %s", temp); - sprintf(temp2, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), f_db.Name); + snprintf(temp2, PATH_MAX, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), f_db.Name); mkdirs(temp2, 0755); if ((rc = file_cp(temp, temp2))) { WriteError("Can't copy file to %s, %s", temp2, strerror(rc)); @@ -238,7 +238,7 @@ void ImportFiles(int Area) strcpy(f_db.Name, temp2); } - sprintf(temp, "%s/%s", pwd, fod); + snprintf(temp, PATH_MAX, "%s/%s", pwd, fod); stat(temp, &statfile); if (do_annon) @@ -310,8 +310,8 @@ void ImportFiles(int Area) strcpy(f_db.Desc[0], "No description"); } - sprintf(dest, "%s/%s", area.Path, f_db.Name); - sprintf(lname, "%s/%s", area.Path, f_db.LName); + snprintf(dest, PATH_MAX, "%s/%s", area.Path, f_db.Name); + snprintf(lname, PATH_MAX, "%s/%s", area.Path, f_db.LName); Append = TRUE; f_db.Size = statfile.st_size; f_db.FileDate = statfile.st_mtime; @@ -375,7 +375,7 @@ void ImportFiles(int Area) Doit = TRUE; if ((unarc = unpacker(temp)) == NULL) { Syslog('+', "Unknown archive format %s", temp); - sprintf(temp2, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), f_db.LName); + snprintf(temp2, PATH_MAX, "%s/tmp/arc/%s", getenv("MBSE_ROOT"), f_db.LName); mkdirs(temp2, 0755); if ((rc = file_cp(temp, temp2))) { WriteError("Can't copy file to %s, %s", temp2, strerror(rc)); diff --git a/mbfido/mbfindex.c b/mbfido/mbfindex.c index 2a9e19d2..d2c990cc 100644 --- a/mbfido/mbfindex.c +++ b/mbfido/mbfindex.c @@ -215,7 +215,7 @@ char *rfcdate(time_t now) ptm = *gmtime(&now); - sprintf(buf,"%s, %02d %s %04d %02d:%02d:%02d GMT", + snprintf(buf,40,"%s, %02d %s %04d %02d:%02d:%02d GMT", wdays[ptm.tm_wday], ptm.tm_mday, months[ptm.tm_mon], ptm.tm_year + 1900, ptm.tm_hour, ptm.tm_min, ptm.tm_sec); return(buf); @@ -233,18 +233,18 @@ void pagelink(FILE *fa, char *Path, int inArea, int Current) if ((Current >= CFG.www_files_page) && (inArea >= CFG.www_files_page)) { if (((Current / CFG.www_files_page) - 1) > 0) { - sprintf(nr, "%d", (Current / CFG.www_files_page) -1); + snprintf(nr, 25, "%d", (Current / CFG.www_files_page) -1); } else { nr[0] = '\0'; } - sprintf(temp, "%s/%s%s/index%s.html", CFG.www_url, CFG.www_link2ftp, Path+strlen(CFG.ftp_base), nr); + snprintf(temp, 256, "%s/%s%s/index%s.html", CFG.www_url, CFG.www_link2ftp, Path+strlen(CFG.ftp_base), nr); MacroVars("c", "s", temp); } else { MacroVars("c", "s", ""); } if ((Current < (inArea - CFG.www_files_page)) && (inArea >= CFG.www_files_page)) { - sprintf(temp, "%s/%s%s/index%d.html", CFG.www_url, CFG.www_link2ftp, Path+strlen(CFG.ftp_base), + snprintf(temp, 256, "%s/%s%s/index%d.html", CFG.www_url, CFG.www_link2ftp, Path+strlen(CFG.ftp_base), (Current / CFG.www_files_page) + 1); MacroVars("d", "s", temp); } else { @@ -265,14 +265,14 @@ FILE *newpage(char *Path, char *Name, time_t later, int inArea, int Current, FIL lastfile = Current; if (Current) - sprintf(linebuf, "%s/index%d.temp", Path, Current / CFG.www_files_page); + snprintf(linebuf, 1024, "%s/index%d.temp", Path, Current / CFG.www_files_page); else - sprintf(linebuf, "%s/index.temp", Path); + snprintf(linebuf, 1024, "%s/index.temp", Path); if ((fa = fopen(linebuf, "w")) == NULL) { WriteError("$Can't create %s", linebuf); } else { - sprintf(linebuf, "%s", Name); - html_massage(linebuf, outbuf, 1023); + snprintf(linebuf, 1024, "%s", Name); + html_massage(linebuf, outbuf, 1024); MacroVars("ab", "ss", rfcdate(later), outbuf); pagelink(fa, Path, inArea, Current); MacroRead(fi, fa); @@ -299,11 +299,11 @@ void closepage(FILE *fa, char *Path, int inArea, int Current, FILE *fi) MacroRead(fi, fa); fclose(fa); if (lastfile) { - sprintf(temp1, "%s/index%d.html", Path, lastfile / CFG.www_files_page); - sprintf(temp2, "%s/index%d.temp", Path, lastfile / CFG.www_files_page); + snprintf(temp1, PATH_MAX, "%s/index%d.html", Path, lastfile / CFG.www_files_page); + snprintf(temp2, PATH_MAX, "%s/index%d.temp", Path, lastfile / CFG.www_files_page); } else { - sprintf(temp1, "%s/index.html", Path); - sprintf(temp2, "%s/index.temp", Path); + snprintf(temp1, PATH_MAX, "%s/index.html", Path); + snprintf(temp2, PATH_MAX, "%s/index.temp", Path); } rename(temp2, temp1); chmod(temp1, 0644); @@ -341,13 +341,13 @@ void ReqIndex(void) sIndex = calloc(PATH_MAX, sizeof(char)); temp = calloc(PATH_MAX, sizeof(char)); - sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen (sAreas, "r")) == NULL) { WriteError("$Can't open %s", sAreas); die(MBERR_INIT_ERROR); } - sprintf(sIndex, "%s/etc/request.index", getenv("MBSE_ROOT")); + snprintf(sIndex, PATH_MAX, "%s/etc/request.index", getenv("MBSE_ROOT")); if ((pIndex = fopen(sIndex, "w")) == NULL) { WriteError("$Can't create %s", sIndex); die(MBERR_GENERAL); @@ -386,7 +386,7 @@ void ReqIndex(void) if ((fdb_area = mbsedb_OpenFDB(i, 30)) == NULL) die(MBERR_GENERAL); - sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), i); + snprintf(temp, PATH_MAX, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), i); db_time = (int) file_time(temp); /* @@ -402,8 +402,8 @@ void ReqIndex(void) if ((iTotal % 10) == 0) Marker(); memset(&idx, 0, sizeof(idx)); - sprintf(idx.Name, "%s", tu(fdb.Name)); - sprintf(idx.LName, "%s", tu(fdb.LName)); + snprintf(idx.Name, 13, "%s", tu(fdb.Name)); + snprintf(idx.LName, 81, "%s", tu(fdb.LName)); idx.AreaNum = i; idx.Record = record; fill_index(idx, &fdx); @@ -415,7 +415,7 @@ void ReqIndex(void) /* * Create files.bbs if needed. */ - sprintf(temp, "%s/files.bbs", area.Path); + snprintf(temp, PATH_MAX, "%s/files.bbs", area.Path); obj_time = (int) file_time(temp); if (obj_time < db_time) { @@ -458,7 +458,7 @@ void ReqIndex(void) */ if (strncmp(CFG.ftp_base, area.Path, strlen(CFG.ftp_base)) == 0) { - sprintf(temp, "%s/00index", area.Path); + snprintf(temp, PATH_MAX, "%s/00index", area.Path); obj_time = (int) file_time(temp); if (obj_time < db_time) { @@ -552,7 +552,7 @@ void HtmlIndex(char *Lang) printf("\rCreate html pages... \n"); } - sprintf(sAreas, "%s/etc/fareas.data", getenv("MBSE_ROOT")); + snprintf(sAreas, PATH_MAX, "%s/etc/fareas.data", getenv("MBSE_ROOT")); if ((pAreas = fopen (sAreas, "r")) == NULL) { WriteError("$Can't open %s", sAreas); die(MBERR_INIT_ERROR); @@ -567,7 +567,7 @@ void HtmlIndex(char *Lang) * download directories. */ if (strlen(CFG.ftp_base) && strlen(CFG.www_url) && strlen(CFG.www_author) && strlen(CFG.www_charset)) { - sprintf(fn, "%s/index.temp", CFG.ftp_base); + snprintf(fn, PATH_MAX, "%s/index.temp", CFG.ftp_base); if ((fm = fopen(fn, "w")) == NULL) { Syslog('+', "Can't open %s, skipping html pages creation", fn); } @@ -622,9 +622,9 @@ void HtmlIndex(char *Lang) if ((fdb_area = mbsedb_OpenFDB(i, 30)) == NULL) die(MBERR_GENERAL); - sprintf(temp, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), i); + snprintf(temp, PATH_MAX, "%s/var/fdb/file%ld.data", getenv("MBSE_ROOT"), i); db_time = (int) file_time(temp); - sprintf(temp, "%s/index.html", area.Path); + snprintf(temp, PATH_MAX, "%s/index.html", area.Path); obj_time = (int) file_time(temp); if (strncmp(CFG.ftp_base, area.Path, strlen(CFG.ftp_base)) == 0) @@ -681,8 +681,8 @@ void HtmlIndex(char *Lang) isthumb = FALSE; if (strstr(fdb.LName, ".gif") || strstr(fdb.LName, ".jpg") || strstr(fdb.LName, ".GIF") || strstr(fdb.LName, ".JPG")) { - sprintf(linebuf, "%s/%s", area.Path, fdb.LName); - sprintf(outbuf, "%s/.%s", area.Path, fdb.LName); + snprintf(linebuf, 1024, "%s/%s", area.Path, fdb.LName); + snprintf(outbuf, 1024, "%s/.%s", area.Path, fdb.LName); if (file_exist(outbuf, R_OK)) { if (strlen(CFG.www_convert)) { if ((execute_str(CFG.www_convert, linebuf, outbuf, @@ -699,31 +699,31 @@ void HtmlIndex(char *Lang) isthumb = TRUE; } } - sprintf(outbuf, "%s/%s%s/%s", CFG.www_url, CFG.www_link2ftp, + snprintf(outbuf, 1024, "%s/%s%s/%s", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base), fdb.LName); if (isthumb) { - sprintf(linebuf, "%s/%s%s/.%s", CFG.www_url, CFG.www_link2ftp, + snprintf(linebuf, 1024, "%s/%s%s/.%s", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base), fdb.LName); MacroVars("fghi", "dsss", 1, outbuf, fdb.LName, linebuf); } else { - sprintf(outbuf, "%s/%s%s/%s", CFG.www_url, CFG.www_link2ftp, + snprintf(outbuf, 1024, "%s/%s%s/%s", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base), fdb.LName); MacroVars("fghi", "dsss", 0, outbuf, fdb.LName, ""); } - sprintf(outbuf, "%lu Kb.", (long)(fdb.Size / 1024)); + snprintf(outbuf, 1024, "%lu Kb.", (long)(fdb.Size / 1024)); MacroVars("jkl", "ssd", StrDateDMY(fdb.FileDate), outbuf, fdb.TimesDL); memset(&desc, 0, sizeof(desc)); k = 0; for (j = 0; j < 25; j++) if (strlen(fdb.Desc[j])) { if (j) { - sprintf(desc+k, "\n"); + snprintf(desc+k, 2, "\n"); k += 1; } - sprintf(linebuf, "%s", To_Html(fdb.Desc[j])); - html_massage(linebuf, outbuf, 1023); - sprintf(desc+k, "%s", outbuf); + snprintf(linebuf, 1024, "%s", To_Html(fdb.Desc[j])); + html_massage(linebuf, outbuf, 1024); + snprintf(desc+k, 6400 -k, "%s", outbuf); k += strlen(outbuf); } MacroVars("m", "s", desc); @@ -759,7 +759,7 @@ void HtmlIndex(char *Lang) filenr = lastfile / CFG.www_files_page; while (TRUE) { filenr++; - sprintf(linebuf, "%s/index%d.html", area.Path, filenr); + snprintf(linebuf, 1024, "%s/index%d.html", area.Path, filenr); if (unlink(linebuf)) break; Syslog('+', "Removed obsolete %s", linebuf); @@ -781,12 +781,12 @@ void HtmlIndex(char *Lang) } strcpy(linebuf, area.Name); - html_massage(linebuf, namebuf, 1023); - sprintf(linebuf, "%s/%s%s/index.html", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base)); + html_massage(linebuf, namebuf, 1024); + snprintf(linebuf, 1024, "%s/%s%s/index.html", CFG.www_url, CFG.www_link2ftp, area.Path+strlen(CFG.ftp_base)); if (aSize > 1048576) - sprintf(outbuf, "%ld Mb.", aSize / 1048576); + snprintf(outbuf, 1024, "%ld Mb.", aSize / 1048576); else - sprintf(outbuf, "%ld Kb.", aSize / 1024); + snprintf(outbuf, 1024, "%ld Kb.", aSize / 1024); MacroVars("efghi", "dssds", AreaNr, linebuf, namebuf, aTotal, outbuf); if (last == 0L) MacroVars("j", "s", " "); @@ -800,13 +800,13 @@ void HtmlIndex(char *Lang) } if (fm) { - sprintf(linebuf, "%ld Mb.", KSize / 1024); + snprintf(linebuf, 1024, "%ld Mb.", KSize / 1024); MacroVars("cd", "ds", TotalHtml, linebuf); MacroRead(fi, fm); fclose(fi); MacroClear(); fclose(fm); - sprintf(linebuf, "%s/index.html", CFG.ftp_base); + snprintf(linebuf, 1024, "%s/index.html", CFG.ftp_base); rename(fn, linebuf); chmod(linebuf, 0644); }