check buffer size

reduce computation git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3040 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
author: victor <victor@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2005-08-15 19:04:17 +0800
committer: victor <victor@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2005-08-15 19:04:17 +0800
commit: 426d45c033157d10cfcb43cdaf0aa5334a343e3a (patch)
tree: 17daf037be530df5c2af6ec360fe929874100107 /mbbsd
parent: 1d1d17c68f67323ca6338b96addee8f4568d9b55 (diff)
download: pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.gz
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.bz2
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.lz
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.xz
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.zst
pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.zip
1 files changed, 7 insertions, 6 deletions
diff --git a/mbbsd/record.c b/mbbsd/record.c
index 439b47f4..5cb74cd4 100644
--- a/mbbsd/record.c
+++ b/mbbsd/record.c
@@ -584,23 +584,24 @@ int
 append_record_forward(char *fpath, fileheader_t * record, int size, const char *origid)
 {
 #if !defined(_BBS_UTIL_C_)
-    int             m, n;
     if (get_num_records(fpath, sizeof(fileheader_t)) <= MAX_KEEPMAIL * 2) {
 	FILE           *fp;
-	char            buf[512], address[200];
+	char            buf[512];
+	int             n;
 
 	for (n = strlen(fpath) - 1; fpath[n] != '/' && n > 0; n--);
 	strncpy(buf, fpath, n + 1);
-	buf[n + 1] = 0;
-	for (m = strlen(buf) - 2; buf[m] != '/' && m > 0; m--);
-	strcat(buf, ".forward"); // XXX check buffer size
+	if (n + sizeof(".forward") > sizeof(buf))
+	    return -1;
+	strcpy(buf + n + 1, ".forward");
 	if ((fp = fopen(buf, "r"))) {
 
+	    char address[64];
 	    int flIdiotSent2Self = 0;
 	    int oidlen = origid ? strlen(origid) : 0;
 
 	    address[0] = 0;
-	    fscanf(fp, "%s", address); // XXX check buffer size
+	    fscanf(fp, "%63s", address);
 	    fclose(fp);
 	    /* some idiots just set forwarding to themselves.
 	     * and even after we checked "sameid", some still
author	victor <victor@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2005-08-15 19:04:17 +0800
committer	victor <victor@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2005-08-15 19:04:17 +0800
commit	426d45c033157d10cfcb43cdaf0aa5334a343e3a (patch)
tree	17daf037be530df5c2af6ec360fe929874100107 /mbbsd
parent	1d1d17c68f67323ca6338b96addee8f4568d9b55 (diff)
download	pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.gz pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.bz2 pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.lz pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.xz pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.tar.zst pttbbs-426d45c033157d10cfcb43cdaf0aa5334a343e3a.zip