diff options
| author | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2005-08-23 11:52:06 +0800 |
|---|---|---|
| committer | kcwu <kcwu@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2005-08-23 11:52:06 +0800 |
| commit | 9ad97ad4b96e2a975f196d19cd43af34cd8beaca (patch) | |
| tree | 8d89022be11e10f6e5218ef0b13a665de605b40a | |
| parent | 7dfb1cd0396127830a9ba1011f0febf702e61e75 (diff) | |
| download | pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar.gz pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar.bz2 pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar.lz pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar.xz pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.tar.zst pttbbs-9ad97ad4b96e2a975f196d19cd43af34cd8beaca.zip | |
set*() family functions all assume buffer size = PATHLEN, to prevent buffer overflow.
do some s/256/PATHLEN/.
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3074 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | mbbsd/admin.c | 15 | ||||
| -rw-r--r-- | mbbsd/announce.c | 4 | ||||
| -rw-r--r-- | mbbsd/bbs.c | 10 | ||||
| -rw-r--r-- | mbbsd/cache.c | 10 | ||||
| -rw-r--r-- | mbbsd/chess.c | 24 | ||||
| -rw-r--r-- | mbbsd/mail.c | 24 | ||||
| -rw-r--r-- | mbbsd/record.c | 12 | ||||
| -rw-r--r-- | mbbsd/stuff.c | 41 | ||||
| -rw-r--r-- | mbbsd/syspost.c | 12 |
9 files changed, 77 insertions, 75 deletions
diff --git a/mbbsd/admin.c b/mbbsd/admin.c index 03dda722..4abf11f1 100644 --- a/mbbsd/admin.c +++ b/mbbsd/admin.c @@ -55,7 +55,8 @@ m_user(void) static int retrieve_backup(userec_t *user) { int uid; - char src[256], dst[256]; + char src[PATHLEN], dst[PATHLEN]; + char ans; if ((uid = searchuser(user->userid, user->userid))) { setumoney(uid, user->money); @@ -63,9 +64,9 @@ static int retrieve_backup(userec_t *user) return 0; } - src[0] = getans("目前的 PASSWD 檔沒有此 ID,新增嗎?[y/N]"); + ans = getans("目前的 PASSWD 檔沒有此 ID,新增嗎?[y/N]"); - if (src[0] != 'y') { + if (ans != 'y') { vmsg("目前的 PASSWDS 檔沒有此 ID,請先新增此帳號"); return -1; } @@ -259,9 +260,9 @@ setperms(unsigned int pbits, const char * const pstring[]) static void AddingChessCountryFiles(const char* apath) { - char filename[256]; - char symbolicname[256]; - char adir[256]; + char filename[PATHLEN]; + char symbolicname[PATHLEN]; + char adir[PATHLEN]; FILE* fp; fileheader_t fh; @@ -425,7 +426,7 @@ m_mod_board(char *bname) switch (*ans) { case 'g': if (HasUserPerm(PERM_SYSOP | PERM_BOARD)) { - char path[256]; + char path[PATHLEN]; setbfile(genbuf, bname, FN_TICKET_LOCK); setbfile(path, bname, FN_TICKET_END); rename(genbuf, path); diff --git a/mbbsd/announce.c b/mbbsd/announce.c index b549a252..72a5fe8c 100644 --- a/mbbsd/announce.c +++ b/mbbsd/announce.c @@ -721,7 +721,7 @@ a_moveitem(menu_t * pm) static void a_delrange(menu_t * pm) { - char fname[256]; + char fname[PATHLEN]; snprintf(fname, sizeof(fname), "%s/.DIR", pm->path); del_range(0, NULL, fname); @@ -1338,7 +1338,7 @@ void BlogMain(int num) MYSQL mysql; char cmd[256]; - sprintf(cmd, "delete from comment where " + snprintf(cmd, sizeof(cmd), "delete from comment where " "hash='%s'&&brdname='%s'", hash, currboard); #ifdef DEBUG vmsg(cmd); diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c index fbe6b7ef..e2c485fe 100644 --- a/mbbsd/bbs.c +++ b/mbbsd/bbs.c @@ -1038,7 +1038,7 @@ b_posttype(int ent, const fileheader_t * fhdr, const char *direct) { boardheader_t *bp; int i, aborted; - char filepath[256], genbuf[60], title[5], posttype_f, posttype[33]=""; + char filepath[PATHLEN], genbuf[60], title[5], posttype_f, posttype[33]=""; if(!(currmode & MODE_BOARD)) return DONOTHING; @@ -1671,7 +1671,7 @@ hold_gamble(int ent, const fileheader_t * fhdr, const char *direct) static int cite_post(int ent, const fileheader_t * fhdr, const char *direct) { - char fpath[256]; + char fpath[PATHLEN]; char title[TTLEN + 1]; setbfile(fpath, currboard, fhdr->filename); @@ -1753,7 +1753,7 @@ static int do_add_recommend(const char *direct, fileheader_t *fhdr, int ent, const char *buf, int type) { - char path[256]; + char path[PATHLEN]; int update = 0; /* race here: @@ -1800,7 +1800,7 @@ static int do_bid(int ent, fileheader_t * fhdr, const boardheader_t *bp, const char *direct, const struct tm *ptime) { - char genbuf[200], fpath[256],say[30],*money; + char genbuf[200], fpath[PATHLEN],say[30],*money; bid_t bidinfo; int mymax, next; @@ -2213,7 +2213,7 @@ del_range(int ent, const fileheader_t *fhdr, const char *direct) static int del_post(int ent, fileheader_t * fhdr, char *direct) { - char genbuf[100], newpath[256]; + char genbuf[100], newpath[PATHLEN]; int not_owned, tusernum; boardheader_t *bp; diff --git a/mbbsd/cache.c b/mbbsd/cache.c index 79197183..b76d69da 100644 --- a/mbbsd/cache.c +++ b/mbbsd/cache.c @@ -673,18 +673,18 @@ void setbottomtotal(int bid) { boardheader_t *bh = getbcache(bid); - char genbuf[256]; + char fname[PATHLEN]; int n; if(!bh->brdname[0]) return; - setbfile(genbuf, bh->brdname, ".DIR.bottom"); - n = get_num_records(genbuf, sizeof(fileheader_t)); + setbfile(fname, bh->brdname, ".DIR.bottom"); + n = get_num_records(fname, sizeof(fileheader_t)); if(n>5) { #ifdef DEBUG_BOTTOM - log_file("fix_bottom", LOG_CREAT | LOG_VF, "%s n:%d\n", genbuf, n); + log_file("fix_bottom", LOG_CREAT | LOG_VF, "%s n:%d\n", fname, n); #endif - unlink(genbuf); + unlink(fname); SHM->n_bottom[bid-1]=0; } else diff --git a/mbbsd/chess.c b/mbbsd/chess.c index 7cb9290d..e131459d 100644 --- a/mbbsd/chess.c +++ b/mbbsd/chess.c @@ -796,16 +796,16 @@ ChessGenLogGlobal(ChessInfo* info, ChessGameResult result) { fileheader_t log_header; FILE *fp; - char buf[256]; + char fname[PATHLEN]; int bid; if ((bid = getbnum(info->constants->log_board)) == 0) return; - setbpath(buf, info->constants->log_board); - stampfile(buf, &log_header); + setbpath(fname, info->constants->log_board); + stampfile(fname, &log_header); - fp = fopen(buf, "w"); + fp = fopen(fname, "w"); if (fp != NULL) { info->actions->genlog(info, fp, result); fclose(fp); @@ -814,8 +814,8 @@ ChessGenLogGlobal(ChessInfo* info, ChessGameResult result) snprintf(log_header.title, sizeof(log_header.title), "[棋譜] %s VS %s", info->user1.userid, info->user2.userid); - setbdir(buf, info->constants->log_board); - append_record(buf, &log_header, sizeof(log_header)); + setbdir(fname, info->constants->log_board); + append_record(fname, &log_header, sizeof(log_header)); setbtotal(bid); } @@ -826,12 +826,12 @@ ChessGenLogUser(ChessInfo* info, ChessGameResult result) { fileheader_t log_header; FILE *fp; - char buf[256]; + char fname[PATHLEN]; - sethomepath(buf, cuser.userid); - stampfile(buf, &log_header); + sethomepath(fname, cuser.userid); + stampfile(fname, &log_header); - fp = fopen(buf, "w"); + fp = fopen(fname, "w"); if (fp != NULL) { info->actions->genlog(info, fp, result); fclose(fp); @@ -846,8 +846,8 @@ ChessGenLogUser(ChessInfo* info, ChessGameResult result) info->user2.userid, info->user1.userid); log_header.filemode = 0; - sethomedir(buf, cuser.userid); - append_record_forward(buf, &log_header, sizeof(log_header), + sethomedir(fname, cuser.userid); + append_record_forward(fname, &log_header, sizeof(log_header), cuser.userid); mailalert(cuser.userid); diff --git a/mbbsd/mail.c b/mbbsd/mail.c index dd69aba9..f5d44c48 100644 --- a/mbbsd/mail.c +++ b/mbbsd/mail.c @@ -782,7 +782,7 @@ read_new_mail(void * voidfptr, void *optarg) fileheader_t *fptr=(fileheader_t*)voidfptr; struct ReadNewMailArg *arg=(struct ReadNewMailArg*)optarg; char done = NA, delete_it; - char fname[256]; + char fname[PATHLEN]; char genbuf[4]; arg->idc++; @@ -1313,7 +1313,7 @@ mail_man(void) static int mail_cite(int ent, fileheader_t * fhdr, const char *direct) { - char fpath[256]; + char fpath[PATHLEN]; char title[TTLEN + 1]; static char xboard[20]; char buf[20]; @@ -1354,7 +1354,7 @@ mail_cite(int ent, fileheader_t * fhdr, const char *direct) static int mail_save(int ent, fileheader_t * fhdr, const char *direct) { - char fpath[256]; + char fpath[PATHLEN]; char title[TTLEN + 1]; if (HasUserPerm(PERM_MAILLIMIT)) { @@ -1561,7 +1561,7 @@ m_read(void) static int send_inner_mail(const char *fpath, const char *title, const char *receiver) { - char genbuf[256]; + char fname[PATHLEN]; fileheader_t mymail; char rightid[IDLEN+1]; @@ -1569,18 +1569,18 @@ send_inner_mail(const char *fpath, const char *title, const char *receiver) return -2; /* to avoid DDOS of disk */ - sethomedir(genbuf, rightid); + sethomedir(fname, rightid); if (strcmp(rightid, cuser.userid) == 0) { if (chk_mailbox_limit()) return -2; } // XXX should we use MAX_EXKEEPMAIL instead? - else if (dashs(genbuf) >= 2048 * sizeof(fileheader_t)) { + else if (dashs(fname) >= 2048 * sizeof(fileheader_t)) { return -2; } - sethomepath(genbuf, rightid); - stampfile(genbuf, &mymail); + sethomepath(fname, rightid); + stampfile(fname, &mymail); if (!strcmp(rightid, cuser.userid)) { /* Using BBSNAME may be too loooooong. */ strlcpy(mymail.owner, "[站內]", sizeof(mymail.owner)); @@ -1588,10 +1588,10 @@ send_inner_mail(const char *fpath, const char *title, const char *receiver) } else strlcpy(mymail.owner, cuser.userid, sizeof(mymail.owner)); strncpy(mymail.title, title, TTLEN); - unlink(genbuf); - Copy(fpath, genbuf); - sethomedir(genbuf, rightid); - return append_record_forward(genbuf, &mymail, sizeof(mymail), rightid); + unlink(fname); + Copy(fpath, fname); + sethomedir(fname, rightid); + return append_record_forward(fname, &mymail, sizeof(mymail), rightid); } #include <netdb.h> diff --git a/mbbsd/record.c b/mbbsd/record.c index f244876a..0a4e9255 100644 --- a/mbbsd/record.c +++ b/mbbsd/record.c @@ -135,22 +135,22 @@ int substitute_ref_record(const char *direct, fileheader_t * fhdr, int ent) { fileheader_t hdr; - char genbuf[256]; + char fname[PATHLEN]; int num = 0; /* rocker.011018: 串接模式用reference增進效率 */ if (!(fhdr->filemode & FILE_BOTTOM) && (fhdr->multi.refer.flag) && (num = fhdr->multi.refer.ref)){ - setdirpath(genbuf, direct, ".DIR"); - get_record(genbuf, &hdr, sizeof(hdr), num); + setdirpath(fname, direct, ".DIR"); + get_record(fname, &hdr, sizeof(hdr), num); if (strcmp(hdr.filename, fhdr->filename)) { - if((num = getindex(genbuf, fhdr, num))>0) { - substitute_record(genbuf, fhdr, sizeof(*fhdr), num); + if((num = getindex(fname, fhdr, num))>0) { + substitute_record(fname, fhdr, sizeof(*fhdr), num); } } else if(num>0) { fhdr->multi.money = hdr.multi.money; - substitute_record(genbuf, fhdr, sizeof(*fhdr), num); + substitute_record(fname, fhdr, sizeof(*fhdr), num); } fhdr->multi.refer.flag = 1; fhdr->multi.refer.ref = num; // Ptt: update now! diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c index 2ec3ba1c..f5ecafa3 100644 --- a/mbbsd/stuff.c +++ b/mbbsd/stuff.c @@ -14,72 +14,73 @@ static char cdate_buffer[32]; #define STR_DOTDIR ".DIR" static const char * const str_dotdir = STR_DOTDIR; +/* XXX set*() all assume buffer size = PATHLEN */ void sethomepath(char *buf, const char *userid) { - sprintf(buf, "home/%c/%s", userid[0], userid); + snprintf(buf, PATHLEN, "home/%c/%s", userid[0], userid); } void sethomedir(char *buf, const char *userid) { - sprintf(buf, str_home_file, userid[0], userid, str_dotdir); + snprintf(buf, PATHLEN, str_home_file, userid[0], userid, str_dotdir); } void sethomeman(char *buf, const char *userid) { - sprintf(buf, str_home_file, userid[0], userid, "man"); + snprintf(buf, PATHLEN, str_home_file, userid[0], userid, "man"); } void sethomefile(char *buf, const char *userid, const char *fname) { - sprintf(buf, str_home_file, userid[0], userid, fname); + snprintf(buf, PATHLEN, str_home_file, userid[0], userid, fname); } void setuserfile(char *buf, const char *fname) { - sprintf(buf, str_home_file, cuser.userid[0], cuser.userid, fname); + snprintf(buf, PATHLEN, str_home_file, cuser.userid[0], cuser.userid, fname); } void setapath(char *buf, const char *boardname) { - sprintf(buf, "man/boards/%c/%s", boardname[0], boardname); + snprintf(buf, PATHLEN, "man/boards/%c/%s", boardname[0], boardname); } void setadir(char *buf, const char *path) { - sprintf(buf, "%s/%s", path, str_dotdir); + snprintf(buf, PATHLEN, "%s/%s", path, str_dotdir); } void setbpath(char *buf, const char *boardname) { - sprintf(buf, "boards/%c/%s", boardname[0], boardname); + snprintf(buf, PATHLEN, "boards/%c/%s", boardname[0], boardname); } void setbdir(char *buf, const char *boardname) { - sprintf(buf, str_board_file, boardname[0], boardname, + snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname, (currmode & MODE_DIGEST ? fn_mandex : str_dotdir)); } void setbfile(char *buf, const char *boardname, const char *fname) { - sprintf(buf, str_board_file, boardname[0], boardname, fname); + snprintf(buf, PATHLEN, str_board_file, boardname[0], boardname, fname); } void setbnfile(char *buf, const char *boardname, const char *fname, int n) { - sprintf(buf, str_board_n_file, boardname[0], boardname, fname, n); + snprintf(buf, PATHLEN, str_board_n_file, boardname[0], boardname, fname, n); } /* @@ -94,7 +95,7 @@ setdirpath(char *buf, const char *direct, const char *fname) strcpy(buf, direct); p = strrchr(buf, '/'); assert(p); - strcpy(p + 1, fname); + strlcpy(p + 1, fname, PATHLEN-(p+1-buf)); } /** @@ -188,10 +189,10 @@ invalid_pname(const char *str) while (*p1) { if (!(p2 = strchr(p1, '/'))) p2 = str + strlen(str); - if (p1 + 1 > p2 || p1 + strspn(p1, ".") == p2) + if (p1 + 1 > p2 || p1 + strspn(p1, ".") == p2) /* 不允許用 / 開頭, 或是 // 之間只有 . */ return 1; for (p3 = p1; p3 < p2; p3++) - if (not_alnum(*p3) && !strchr("@[]-._", *p3)) + if (not_alnum(*p3) && !strchr("@[]-._", *p3)) /* 只允許 alnum 或這些符號 */ return 1; p1 = p2 + (*p2 ? 1 : 0); } @@ -371,12 +372,12 @@ static int copy_file_to_file(const char *src, const char *dst) static int copy_file_to_dir(const char *src, const char *dst) { - char buf[256]; + char buf[PATHLEN]; char *slash; if ((slash = rindex(src, '/')) == NULL) - sprintf(buf, "%s/%s", dst, src); + snprintf(buf, PATHLEN, "%s/%s", dst, src); else - sprintf(buf, "%s/%s", dst, slash); + snprintf(buf, PATHLEN, "%s/%s", dst, slash); return copy_file_to_file(src, buf); } @@ -385,7 +386,7 @@ static int copy_dir_to_dir(const char *src, const char *dst) DIR *dir; struct dirent *entry; struct stat st; - char buf[256], buf2[256]; + char buf[PATHLEN], buf2[PATHLEN]; if (stat(dst, &st) < 0) if (mkdir(dst, 0700) < 0) @@ -398,8 +399,8 @@ static int copy_dir_to_dir(const char *src, const char *dst) if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue; - sprintf(buf, "%s/%s", src, entry->d_name); - sprintf(buf2, "%s/%s", dst, entry->d_name); + snprintf(buf, PATHLEN, "%s/%s", src, entry->d_name); + snprintf(buf2, PATHLEN, "%s/%s", dst, entry->d_name); if (stat(buf, &st) < 0) continue; if (S_ISDIR(st.st_mode)) diff --git a/mbbsd/syspost.c b/mbbsd/syspost.c index 8849b2aa..447e00e3 100644 --- a/mbbsd/syspost.c +++ b/mbbsd/syspost.c @@ -7,12 +7,12 @@ post_msg(const char *bname, const char *title, const char *msg, const char *auth FILE *fp; int bid; fileheader_t fhdr; - char genbuf[256]; + char fname[PATHLEN]; /* 在 bname 板發表新文章 */ - setbpath(genbuf, bname); - stampfile(genbuf, &fhdr); - fp = fopen(genbuf, "w"); + setbpath(fname, bname); + stampfile(fname, &fhdr); + fp = fopen(fname, "w"); if (!fp) return -1; @@ -27,8 +27,8 @@ post_msg(const char *bname, const char *title, const char *msg, const char *auth /* 將檔案加入列表 */ strlcpy(fhdr.title, title, sizeof(fhdr.title)); strlcpy(fhdr.owner, author, sizeof(fhdr.owner)); - setbdir(genbuf, bname); - if (append_record(genbuf, &fhdr, sizeof(fhdr)) != -1) + setbdir(fname, bname); + if (append_record(fname, &fhdr, sizeof(fhdr)) != -1) if ((bid = getbnum(bname)) > 0) setbtotal(bid); return 0; |