From 2d8ee1c78013c104374613d064565aa7e14c4f2a Mon Sep 17 00:00:00 2001 From: piaip Date: Thu, 21 Apr 2005 09:19:28 +0000 Subject: buffer overflow: file path [64] is too small! use PATHLEN instead. git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2706 63ad8ddf-47c3-0310-b6dd-a9e9d9715204 --- include/config.h | 4 ++++ mbbsd/announce.c | 2 -- mbbsd/bbs.c | 8 ++++---- mbbsd/edit.c | 2 +- mbbsd/fav.c | 2 +- mbbsd/mail.c | 4 ++-- mbbsd/read.c | 4 ++-- 7 files changed, 14 insertions(+), 12 deletions(-) diff --git a/include/config.h b/include/config.h index 5b562c10..ec6b6f9c 100644 --- a/include/config.h +++ b/include/config.h @@ -97,6 +97,10 @@ #define MAXPATHLEN (256) #endif +#ifndef PATHLEN +#define PATHLEN (256) +#endif + #ifndef MAX_BOARD #define MAX_BOARD (8192) /* 最大開板個數 */ #endif diff --git a/mbbsd/announce.c b/mbbsd/announce.c index 6f7000da..edd12c95 100644 --- a/mbbsd/announce.c +++ b/mbbsd/announce.c @@ -1,8 +1,6 @@ /* $Id$ */ #include "bbs.h" -#define PATHLEN 256 - struct CopyTmp { char copyfile[PATHLEN]; char copytitle[TTLEN + 1]; diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c index 4aa5d213..4c009f5e 100644 --- a/mbbsd/bbs.c +++ b/mbbsd/bbs.c @@ -1293,7 +1293,7 @@ do_limitedit(int ent, fileheader_t * fhdr, const char *direct) static int b_man(void) { - char buf[64]; + char buf[PATHLEN]; setapath(buf, currboard); if ((currmode & MODE_BOARD) || HAS_PERM(PERM_SYSOP)) { @@ -2099,7 +2099,7 @@ tar_addqueue(int ent, const fileheader_t * fhdr, const char *direct) int b_note_edit_bname(int bid) { - char buf[64]; + char buf[PATHLEN]; int aborted; boardheader_t *fh = getbcache(bid); setbfile(buf, fh->brdname, fn_notes); @@ -2221,7 +2221,7 @@ bh_title_edit(void) static int b_notes(void) { - char buf[64]; + char buf[PATHLEN]; setbfile(buf, currboard, fn_notes); if (more(buf, NA) == -1) { @@ -2323,7 +2323,7 @@ good_post(int ent, fileheader_t * fhdr, const char *direct) } } else { fileheader_t digest; - char *ptr, buf[64]; + char *ptr, buf[PATHLEN]; memcpy(&digest, fhdr, sizeof(digest)); digest.filename[0] = 'G'; diff --git a/mbbsd/edit.c b/mbbsd/edit.c index 9e4ebc4d..8500c101 100644 --- a/mbbsd/edit.c +++ b/mbbsd/edit.c @@ -1054,7 +1054,7 @@ auto_backup(void) if (curr_buf->currline) { FILE *fp; textline_t *p, *v; - char bakfile[64]; + char bakfile[PATHLEN]; int count = 0; setuserfile(bakfile, fp_bak); diff --git a/mbbsd/fav.c b/mbbsd/fav.c index 4c47ca64..306f8d45 100644 --- a/mbbsd/fav.c +++ b/mbbsd/fav.c @@ -554,7 +554,7 @@ static void write_favrec(FILE *fwp, fav_t *fp) int fav_save(void) { FILE *fwp; - char buf[64], buf2[64]; + char buf[PATHLEN], buf2[PATHLEN]; fav_t *fp = get_fav_root(); #ifdef MEM_CHECK if (fav_memcheck() != MEM_CHECK) diff --git a/mbbsd/mail.c b/mbbsd/mail.c index e028908f..58ffc4f3 100644 --- a/mbbsd/mail.c +++ b/mbbsd/mail.c @@ -865,7 +865,7 @@ mail_del(int ent, const fileheader_t * fhdr, const char *direct) static int mail_read(int ent, fileheader_t * fhdr, const char *direct) { - char buf[64]; + char buf[PATHLEN]; char done, delete_it, replied; clear(); @@ -1156,7 +1156,7 @@ mail_cross_post(int ent, fileheader_t * fhdr, const char *direct) int mail_man(void) { - char buf[64], buf1[64]; + char buf[PATHLEN], buf1[64]; int mode0 = currutmp->mode; int stat0 = currstat; diff --git a/mbbsd/read.c b/mbbsd/read.c index 09494fba..43b018c9 100644 --- a/mbbsd/read.c +++ b/mbbsd/read.c @@ -523,7 +523,7 @@ i_read_key(const onekey_t * rcmdlist, keeploc_t * locmem, case 'e': case KEY_LEFT: if(currmode & MODE_SELECT){ - char genbuf[64]; + char genbuf[PATHLEN]; fileheader_t *fhdr = &headers[locmem->crs_ln - locmem->top_ln]; board_select(); setbdir(genbuf, currboard); @@ -807,7 +807,7 @@ i_read(int cmdmode, const char *direct, void (*dotitle) (), int recbase = 0, mode; int num = 0, entries = 0, n_bottom=0; int i; - char currdirect0[64]; + char currdirect0[PATHLEN]; int last_line0 = last_line; int bottom_line = 0; fileheader_t *headers0 = headers; -- cgit v1.2.3