diff options
| author | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-03-24 21:29:51 +0800 |
|---|---|---|
| committer | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-03-24 21:29:51 +0800 |
| commit | e8abf57867b7bb211c2f693c50887a263d5c4510 (patch) | |
| tree | 28ad50da5a9d25630fc12db5ab67b5d30bb972e9 /mbbsd | |
| parent | 9babe26b4f858e481463edd43290059bcd2717bd (diff) | |
| download | pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar.gz pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar.bz2 pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar.lz pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar.xz pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.tar.zst pttbbs-e8abf57867b7bb211c2f693c50887a263d5c4510.zip | |
- fix buffer overflow (due to some invalid friend file containing very long id)
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4015 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat (limited to 'mbbsd')
| -rw-r--r-- | mbbsd/friend.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/mbbsd/friend.c b/mbbsd/friend.c index 4fbc0be3..e5d9776d 100644 --- a/mbbsd/friend.c +++ b/mbbsd/friend.c @@ -202,15 +202,17 @@ delete_friend_from_file(const char *file, const char *string, int case_sensitiv { FILE *fp = NULL, *nfp = NULL; char fnew[PATHLEN]; - char genbuf[STRLEN + 1]; + char genbuf[STRLEN + 1], buf[STRLEN]; int ret = 0; - sprintf(fnew, "%s.%3.3X", file, (unsigned int)(random() & 0xFFF)); + snprintf(fnew, sizeof(fnew), "%s.%3.3X", file, (unsigned int)(random() & 0xFFF)); if ((fp = fopen(file, "r")) && (nfp = fopen(fnew, "w"))) { while (fgets(genbuf, sizeof(genbuf), fp)) if ((genbuf[0] > ' ')) { - char buf[32]; + // prevent buffer overflow + genbuf[sizeof(genbuf)-1] =0; sscanf(genbuf, " %s", buf); + genbuf[sizeof(buf)-1] =0; if (((case_sensitive && strcmp(buf, string)) || (!case_sensitive && strcasecmp(buf, string)))) fputs(genbuf, nfp); |