From d4655322c745b6a78706369c5b1926962d0c61c2 Mon Sep 17 00:00:00 2001 From: victor Date: Tue, 9 Nov 2004 10:05:46 +0000 Subject: add modifier "const" to some constant remove a static char array of 60 bytes from mail.c:doforward avoid DDOS in mail.c:send_inner_mail git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@2321 63ad8ddf-47c3-0310-b6dd-a9e9d9715204 --- mbbsd/mail.c | 16 +++++++++++----- mbbsd/stuff.c | 8 ++++---- mbbsd/talk.c | 4 ++-- mbbsd/user.c | 2 +- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/mbbsd/mail.c b/mbbsd/mail.c index 94f936cd..5ba76b17 100644 --- a/mbbsd/mail.c +++ b/mbbsd/mail.c @@ -1388,6 +1388,13 @@ send_inner_mail(char *fpath, char *title, char *receiver) if (!searchuser(receiver)) return -2; + + sethomedir(genbuf, receiver); + // XXX should we use MAX_EXKEEPMAIL instead? + if (dashs(genbuf) >= 2048 * sizeof(fileheader_t)) { + return -2; + } + sethomepath(genbuf, receiver); stampfile(genbuf, &mymail); if (!strcmp(receiver, cuser.userid)) { @@ -1522,13 +1529,12 @@ bsmtp(char *fpath, char *title, char *rcpt, int method) int doforward(char *direct, fileheader_t * fh, int mode) { - static char address[60]; + char address[60]; char fname[500]; int return_no; char genbuf[200]; - if (!address[0]) - strlcpy(address, cuser.email, sizeof(address)); + strlcpy(address, cuser.email, sizeof(address)); if( mode == 'U' ){ vmsg("將進行 uuencode 。若您不清楚什麼是 uuencode 請改用 F轉寄。"); @@ -1554,7 +1560,7 @@ doforward(char *direct, fileheader_t * fh, int mode) strlcpy(address, fname, sizeof(address)); else snprintf(address, sizeof(address), - "%s.bbs@%s", fname, MYHOSTNAME); + "%s.bbs@%s", fname, MYHOSTNAME); } else { vmsg("取消轉寄"); return 1; @@ -1682,7 +1688,7 @@ mail_justify(userec_t muser) #ifndef USE_BSMTP bbs_sendmail(NULL, title, muser.email) #else - bsmtp(NULL, title, muser.email, MQ_JUSTIFY); + bsmtp(NULL, title, muser.email, MQ_JUSTIFY) #endif <0) Link("etc/bademail", buf1); diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c index 8f6f65d5..608c1384 100644 --- a/mbbsd/stuff.c +++ b/mbbsd/stuff.c @@ -4,12 +4,12 @@ /* ----------------------------------------------------- */ /* set file path for boards/user home */ /* ----------------------------------------------------- */ -static char *str_home_file = "home/%c/%s/%s"; -static char *str_board_file = "boards/%c/%s/%s"; -static char *str_board_n_file = "boards/%c/%s/%s.%d"; +const static char *str_home_file = "home/%c/%s/%s"; +const static char *str_board_file = "boards/%c/%s/%s"; +const static char *str_board_n_file = "boards/%c/%s/%s.%d"; #define STR_DOTDIR ".DIR" -static char *str_dotdir = STR_DOTDIR; +const static char *str_dotdir = STR_DOTDIR; void sethomepath(char *buf, const char *userid) diff --git a/mbbsd/talk.c b/mbbsd/talk.c index 9f2791b9..c8bb5d50 100644 --- a/mbbsd/talk.c +++ b/mbbsd/talk.c @@ -121,7 +121,7 @@ modestring(userinfo_t * uentp, int simple) #endif ) if (uentp->msgcount < 10) { - char *cnum[10] = + const char *cnum[10] = {"", "一", "兩", "三", "四", "五", "六", "七", "八", "九"}; snprintf(modestr, sizeof(modestr), @@ -436,7 +436,7 @@ water_scr(water_t * tw, int which, char type) { if (type == 1) { int i; - int colors[] = {33, 37, 33, 37, 33}; + const int colors[] = {33, 37, 33, 37, 33}; move(8 + which, 28); outc(' '); move(8 + which, 28); diff --git a/mbbsd/user.c b/mbbsd/user.c index 0428e22d..9921d00d 100644 --- a/mbbsd/user.c +++ b/mbbsd/user.c @@ -751,7 +751,7 @@ showplans(char *uid) #ifdef CHESSCOUNTRY if (user_query_mode) { - char *photo_name[2] = { "photo_fivechess", "photo_cchess" }; + const char const *photo_name[2] = { "photo_fivechess", "photo_cchess" }; int i = 0; FILE *fp; -- cgit v1.2.3