sprintf() is unsafe since it may overflow the bounds
of its destination buffers. Remove the last of the
calls to it; all the logic has either been rewritten
to use snprintf() or other forms of string copying
such as strlcpy().
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This is the big push to get rid of the last of the
unadorned dynamic arrays. Use ptr_vectors for things
like mail conferences etc.
Lots of incidental cleanup along the way.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
I think this is correct. The code, both before and
after, doesn't appear to NUL-terminate its output.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
This started with using bounded operations on strings,
and morphed to introducing a utility function to open
the USERS SQLite3 database and then a general cleanup.
This needs testing.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
sprintf() was being used to copy a string constant with
no formatting verbs; just use strlcpy() instead.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
Note that the calls to strncat() did not account for the
NUL terminating byte, and for very long queries could have
led to a buffer overrun.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
In the course of removing calls to realloc(), change
the menu parsing and use logic to use ptr_vector's
directly.
This also fixes some detects menu issues in parsing
and avoids e.g. writing to a bad pointer (or should;
of course it needs testing...).
Finally, free menu state on return from the menu_system
function. There was a comment here to do that, but it
didn't appear to be done.
Signed-off-by: Dan Cross <patchdev@fat-dragon.org>
