From c5484be541d5c1e1929b5dce01cd757fb65d5974 Mon Sep 17 00:00:00 2001
From: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Sun, 30 Dec 2007 03:50:33 +0000
Subject: - prevent possible bug to create unlimited huge file
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@3763 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
mbbsd/announce.c | 96 ++++++++++++++++++++++++++++++++++----------------------
mbbsd/edit.c | 1 +
2 files changed, 60 insertions(+), 37 deletions(-)
diff --git a/mbbsd/announce.c b/mbbsd/announce.c
index f7400006..4b2382c1 100644
--- a/mbbsd/announce.c
+++ b/mbbsd/announce.c
@@ -11,6 +11,9 @@
//
// XXX 9999 �·зQ�Ӥ覡�ﱼ
+// for max file size limitation here, see edit.c
+#define MAX_FILE_SIZE (32768*1024)
+
/* copy temp queue operation -------------------------------------- */
/* TODO
@@ -553,44 +556,59 @@ a_appenditem(const menu_t * pm, int isask)
else
{
CopyQueue *cq = copyqueue_gethead();
+ off_t sz;
- if (dashf(cq->copyfile)) {
- snprintf(fname, sizeof(fname), "%s/%s", pm->path,
- pm->header[pm->now - pm->page].filename);
- if (dashf(fname)) {
- if (isask) {
- snprintf(buf, sizeof(buf),
- "�T�w�n�N[%s]���[��(Y/N)�H[N] ", cq->copytitle);
- getdata(b_lines - 2, 1, buf, ans, sizeof(ans), LCECHO);
- }
- if (ans[0] == 'y') {
- if ((fp = fopen(fname, "a+"))) {
- if ((fin = fopen(cq->copyfile, "r"))) {
- memset(buf, '-', 74);
- buf[74] = '\0';
- fprintf(fp, "\n> %s <\n\n", buf);
- if (isask)
- getdata(b_lines - 1, 1,
- "�O�_����ñ�W�ɳ���(Y/N)�H[Y] ",
- ans, sizeof(ans), LCECHO);
- while (fgets(buf, sizeof(buf), fin)) {
- if ((ans[0] == 'n') &&
- !strcmp(buf, "--\n"))
- break;
- fputs(buf, fp);
- }
- fclose(fin);
- cq->copyfile[0] = '\0';
- }
- fclose(fp);
- }
- }
- } else {
- vmsg("�ɮפ��o���[�I");
- }
- } else {
+ if (!dashf(cq->copyfile)) {
vmsg("�ؿ����o���[���ɮ�I");
+ return;
}
+
+ snprintf(fname, sizeof(fname), "%s/%s", pm->path,
+ pm->header[pm->now - pm->page].filename);
+
+ if (!dashf(fname)) {
+ vmsg("�ɮפ��o���[�I");
+ return;
+ }
+
+ sz = dashs(fname);
+ if (sz >= MAX_FILE_SIZE)
+ {
+ vmsg("�ɮפw�W�L�̤j����A�L�k�A���[");
+ return;
+ }
+
+ if (isask) {
+ snprintf(buf, sizeof(buf),
+ "�T�w�n�N[%s]���[��(Y/N)�H[N] ", cq->copytitle);
+ getdata(b_lines - 2, 1, buf, ans, sizeof(ans), LCECHO);
+ }
+
+ if (ans[0] != 'y' || !(fp = fopen(fname, "a+")))
+ return;
+
+ if (!(fin = fopen(cq->copyfile, "r"))) {
+ fclose(fp);
+ return;
+ }
+
+ memset(buf, '-', 74);
+ buf[74] = '\0';
+ fprintf(fp, "\n> %s <\n\n", buf);
+ if (isask)
+ getdata(b_lines - 1, 1,
+ "�O�_����ñ�W�ɳ���(Y/N)�H[Y] ",
+ ans, sizeof(ans), LCECHO);
+
+ while (fgets(buf, sizeof(buf), fin)) {
+ if ((ans[0] == 'n') &&
+ !strcmp(buf, "--\n"))
+ break;
+ fputs(buf, fp);
+ }
+ fclose(fin);
+ fclose(fp);
+ cq->copyfile[0] = '\0';
}
}
@@ -612,14 +630,18 @@ a_pastetagpost(menu_t * pm, int mode)
}
tagnum = TagNum;
- if (!tagnum)
+ // prevent if anything wrong
+ if (tagnum >= MAXTAGS)
+ tagnum = MAXTAGS;
+
+ if (tagnum < 1)
return ans;
/* since we use different tag features,
* copyqueue is not required/used. */
copyqueue_reset();
- while (tagnum--) {
+ while (tagnum-- > 0) {
memset(&fhdr, 0, sizeof(fhdr));
EnumTagFhdr(&fhdr, dirname, ent++);
diff --git a/mbbsd/edit.c b/mbbsd/edit.c
index 03f2d014..315cfc65 100644
--- a/mbbsd/edit.c
+++ b/mbbsd/edit.c
@@ -39,6 +39,7 @@
* 32M �� size limit
* 1M �� line limit
* �S�A���M�o�{���e totaln �������O short... �ҥH 65536 �N���F?
+ * ���: ���G�O�� announce �� append �@�X�Ӫ��A���ݨ� > --- <- mark�C
*/
#include "bbs.h"
--
cgit v1.2.3