patch 6
Bear Giles
bear at coyotesong.com
Sat Jun 9 19:06:46 UTC 2001
diff -Naur --recursive inn2-2.3.1.orig/authprogs/auth_pass.c inn2-2.3.1/authprogs/auth_pass.c
--- inn2-2.3.1.orig/authprogs/auth_pass.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/authprogs/auth_pass.c Sat Jun 9 03:05:29 2001
@@ -109,15 +109,19 @@
if (getpeername(0, (struct sockaddr *)&sin, &length) < 0) {
if (!isatty(0)) {
fprintf(stderr, "cant getpeername()::%s:+:!*\n", username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(1);
}
- (void)strcpy(peername, "stdin");
+ (void)strncpy(peername, "stdin", sizeof peername);
} else if (sin.sin_family != AF_INET) {
fprintf(stderr, "Bad address family %ld::%s:+:!*\n",
(long)sin.sin_family, username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(1);
} else if ((hp = gethostbyaddr((char *)&sin.sin_addr, sizeof(sin.sin_addr), AF_INET)) == NULL) {
- strcpy(peername, inet_ntoa(sin.sin_addr));
+ strncpy(peername, inet_ntoa(sin.sin_addr), sizeof peername);
} else {
strncpy(peername, hp->h_name, sizeof(peername));
}
@@ -131,6 +135,8 @@
* No entry in the passwd file.
*/
fprintf(stderr, "%s::%s:+:!*\n", peername, username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(2);
}
@@ -143,6 +149,8 @@
* No permission to read passwords.
*/
fprintf(stderr, "%s::%s:+:!*\n", peername, username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(3);
}
@@ -155,6 +163,8 @@
* Password was invalid.
*/
fprintf(stderr, "%s::%s:+:!*\n", peername, username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(4);
}
@@ -162,5 +172,7 @@
* We managed to authenticate the user.
*/
fprintf(stderr, "%s:RP:%s:+:*\n", peername, username);
+ memset (username, 0, sizeof username);
+ memset (password, 0, sizeof password);
exit(0);
}
diff -Naur --recursive inn2-2.3.1.orig/authprogs/ckpasswd.c inn2-2.3.1/authprogs/ckpasswd.c
--- inn2-2.3.1.orig/authprogs/ckpasswd.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/authprogs/ckpasswd.c Sat Jun 9 03:07:46 2001
@@ -1,6 +1,9 @@
/* $Id: ckpasswd.c,v 1.6.2.2 2000/09/20 10:47:22 kondou Exp $
**
** The default username/password authenticator.
+**
+** This program clears most buffers (but not all, unfortunately) to
+** fight any attempt to grab passwords by reading old memory buffers.
*/
#include "config.h"
#include "clibrary.h"
@@ -31,6 +34,7 @@
{
static struct spwd *spwd;
+ spwd = NULL; /* clear last shadow password information */
if ((spwd = getspnam(user)) != NULL)
return(spwd->sp_pwdp);
return(0);
@@ -41,6 +45,7 @@
{
static struct passwd *pwd;
+ pwd = NULL; /* clear last password information */
if ((pwd = getpwnam(user)) != NULL)
return(pwd->pw_passwd);
return(0);
@@ -54,6 +59,7 @@
int found;
static char pass[SMBUF];
+ memset (pass, 0, sizeof pass); /* clear last password */
pwfile = fopen(file, "r");
if (!pwfile)
return(0);
@@ -62,19 +68,23 @@
buf[strlen(buf)-1] = 0; /* clean off the \n */
if (!(colon = strchr(buf, ':'))) {
fclose(pwfile);
+ memset (buf, 0, sizeof buf); /* clear buffer */
return(0);
}
*colon = 0;
- if (!strcmp(buf, name))
- found = 1;
+ if (!strcmp(buf, name))
+ found = 1;
}
fclose(pwfile);
- if (!found)
+ if (!found) {
+ memset (buf, 0, sizeof buf); /* clear buffer */
return(0);
+ }
iter = colon+1;
if ((colon = strchr(iter, ':')) != NULL)
*colon = 0;
- strcpy(pass, iter);
+ strncpy(pass, iter, sizeof pass);
+ memset (buf, 0, sizeof buf); /* clear buffer */
return(pass);
}
@@ -86,6 +96,7 @@
DBM *D;
static char pass[SMBUF];
+ memset (pass, 0, sizeof pass); /* clear last password */
D = dbm_open(file, O_RDONLY, 0600);
if (!D)
return(0);
@@ -164,12 +175,15 @@
#define NAMESTR "ClientAuthname: "
#define PASSSTR "ClientPassword: "
if (!strncmp(buff, NAMESTR, strlen(NAMESTR)))
- strcpy(uname, buff+sizeof(NAMESTR)-1);
+ strncpy(uname, buff+sizeof(NAMESTR)-1, sizeof uname);
if (!strncmp(buff, PASSSTR, strlen(PASSSTR)))
- strcpy(pass, buff+sizeof(PASSSTR)-1);
+ strncpy(pass, buff+sizeof(PASSSTR)-1, sizeof pass);
}
- if (!uname[0] || !pass[0])
+ if (!uname[0] || !pass[0]) {
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass); /* clear password, if we got it */
exit(3);
+ }
/* got username and password, check if they're valid */
#if HAVE_GETSPNAM
@@ -190,12 +204,19 @@
if (!rpass) {
fprintf(stderr, "ckpasswd: user %s does not exist.\n", uname);
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass); /* clear password */
exit(1);
}
if (strcmp(rpass, crypt(pass, rpass)) == 0) {
printf("User:%s\n", uname);
+ rpass = NULL;
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass); /* clear password */
exit(0);
}
fprintf(stderr, "ckpasswd: user %s password doesn't match.\n", uname);
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass); /* clear password */
exit(1);
}
diff -Naur --recursive inn2-2.3.1.orig/authprogs/ident.c inn2-2.3.1/authprogs/ident.c
--- inn2-2.3.1.orig/authprogs/ident.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/authprogs/ident.c Sat Jun 9 03:05:29 2001
@@ -114,7 +114,7 @@
}
/* send the request out */
- sprintf(buf, "%d , %d\r\n", ntohs(cli.sin_port), ntohs(loc.sin_port));
+ snprintf(buf, sizeof buf, "%d , %d\r\n", ntohs(cli.sin_port), ntohs(loc.sin_port));
got = 0;
while (got != strlen(buf)) {
opt = write(sock, buf+got, strlen(buf)-got);
diff -Naur --recursive inn2-2.3.1.orig/authprogs/pwcheck.c inn2-2.3.1/authprogs/pwcheck.c
--- inn2-2.3.1.orig/authprogs/pwcheck.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/authprogs/pwcheck.c Sat Jun 9 03:05:29 2001
@@ -68,19 +68,29 @@
#define NAMESTR "ClientAuthname: "
#define PASSSTR "ClientPassword: "
if (!strncmp(buff, NAMESTR, strlen(NAMESTR)))
- strcpy(uname, buff+sizeof(NAMESTR)-1);
+ strncpy(uname, buff+sizeof(NAMESTR)-1, sizeof uname);
if (!strncmp(buff, PASSSTR, strlen(PASSSTR)))
- strcpy(pass, buff+sizeof(PASSSTR)-1);
+ strncpy(pass, buff+sizeof(PASSSTR)-1, sizeof pass);
}
- if (!uname[0] || !pass[0])
+ if (!uname[0] || !pass[0]) {
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass);
+ memset (buff, 0, sizeof buff);
exit(3);
+ }
if(!login_plaintext(uname, pass)) {
fprintf(stderr, "valid passwd\n");
printf("User:%s\n", uname);
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass);
+ memset (buff, 0, sizeof buff);
exit(0);
}
+ memset (uname, 0, sizeof uname);
+ memset (pass, 0, sizeof pass);
+ memset (buff, 0, sizeof buff);
exit(1);
}
diff -Naur --recursive inn2-2.3.1.orig/authprogs/radius.c inn2-2.3.1/authprogs/radius.c
--- inn2-2.3.1.orig/authprogs/radius.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/authprogs/radius.c Sat Jun 9 03:05:29 2001
@@ -199,6 +199,7 @@
if ((hent = gethostbyname(config->lochost)) == NULL) {
fprintf(stderr, "radius: cant gethostbyname lochost %s\n",
config->lochost);
+ memset (secbuf, 0, sizeof secbuf);
return(-1);
}
memcpy(&sinl.sin_addr.s_addr, hent->h_addr,
@@ -209,6 +210,7 @@
if ((hent = gethostbyname(config->radhost)) == NULL) {
fprintf(stderr, "radius: cant gethostbyname radhost %s\n",
config->radhost);
+ memset (secbuf, 0, sizeof secbuf);
return(-1);
}
memcpy(&sinr.sin_addr.s_addr, hent->h_addr_list[0],
@@ -225,7 +227,7 @@
/* build the visible part of the auth vector randomly */
for (i = 0; i < AUTH_VECTOR_LEN; i++)
req.vector[i] = random() % 256;
- strcpy(secbuf, config->secret);
+ strncpy(secbuf, config->secret, sizeof secbuf);
memcpy(secbuf+strlen(config->secret), req.vector, AUTH_VECTOR_LEN);
MD5Init(&ctx);
MD5Update(&ctx, secbuf, strlen(config->secret)+AUTH_VECTOR_LEN);
@@ -300,7 +302,7 @@
req.data[passstart+2+i+j] ^= digest.hash[j];
if (jlen == sizeof(HASH)) {
/* Recalculate the digest from the HASHed previous */
- strcpy(secbuf, config->secret);
+ strncpy(secbuf, config->secret, sizeof secbuf);
memcpy(secbuf+strlen(config->secret), &req.data[passstart+2+i],
sizeof(HASH));
MD5Init(&ctx);
@@ -319,12 +321,16 @@
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
fprintf(stderr, "radius: cant build reply socket: %s\n",
strerror(errno));
+ memset (secbuf, 0, sizeof secbuf);
+ memset (&req, 0, sizeof req);
return(-1);
}
if (bind(sock, (struct sockaddr*) &sinl, sizeof(sinl)) < 0) {
fprintf(stderr, "radius: cant bind reply socket: %s\n",
strerror(errno));
close(sock);
+ memset (secbuf, 0, sizeof secbuf);
+ memset (&req, 0, sizeof req);
return(-1);
}
@@ -333,6 +339,8 @@
sizeof(sinr)) < 0) {
fprintf(stderr, "radius: cant send auth_req: %s\n", strerror(errno));
close(sock);
+ memset (secbuf, 0, sizeof secbuf);
+ memset (&req, 0, sizeof req);
return(-1);
}
/* wait 5 seconds maximum for a radius reply. */
@@ -398,6 +406,8 @@
inet_ntoa(sinr.sin_addr), ntohs(sinr.sin_port));
}
close(sock);
+ memset (secbuf, 0, sizeof secbuf);
+ memset (&req, 0, sizeof req);
return(ret);
}
diff -Naur --recursive inn2-2.3.1.orig/backends/archive.c inn2-2.3.1/backends/archive.c
--- inn2-2.3.1.orig/backends/archive.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/backends/archive.c Sat Jun 9 03:05:29 2001
@@ -35,7 +35,7 @@
time(&now);
x = localtime(&now);
- sprintf(ds, "%d%d", x->tm_year + 1900, x->tm_mon + 1);
+ snprintf(ds, sizeof ds, "%d%d", x->tm_year + 1900, x->tm_mon + 1);
return ds;
}
@@ -507,7 +507,7 @@
}
/* Set up the destination. */
- (void)strcpy(dest, Archive);
+ (void)strncpy(dest, Archive, sizeof dest);
Name = dest + strlen(dest);
*Name++ = '/';
@@ -671,11 +671,11 @@
/* Make an appropriate spool file. */
p = av[0];
if (p == NULL)
- (void)sprintf(temp, "%s/%s", innconf->pathoutgoing, "archive");
+ (void)snprintf(temp, sizeof temp, "%s/%s", innconf->pathoutgoing, "archive");
else if (*p == '/')
- (void)sprintf(temp, "%s.bch", p);
+ (void)snprintf(temp, sizeof temp, "%s.bch", p);
else
- (void)sprintf(temp, "%s/%s.bch", innconf->pathoutgoing, p);
+ (void)snprintf(temp, sizeof temp, "%s/%s.bch", innconf->pathoutgoing, p);
if ((F = xfopena(temp)) == NULL) {
(void)fprintf(stderr, "archive: Can't spool to \"%s\", %s\n",
temp, strerror(errno));
diff -Naur --recursive inn2-2.3.1.orig/backends/batcher.c inn2-2.3.1/backends/batcher.c
--- inn2-2.3.1.orig/backends/batcher.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/backends/batcher.c Sat Jun 9 03:05:29 2001
@@ -54,7 +54,7 @@
char buff[SMBUF];
if (Processor && *Processor) {
- (void)sprintf(buff, Processor, Host);
+ (void)snprintf(buff, sizeof buff, Processor, Host);
F = popen(buff, "w");
if (F == NULL)
return NULL;
@@ -132,9 +132,9 @@
/* Make an appropriate spool file. */
if (Input == NULL)
- (void)sprintf(temp, "%s/%s", innconf->pathoutgoing, Host);
+ (void)snprintf(temp, sizeof temp, "%s/%s", innconf->pathoutgoing, Host);
else
- (void)sprintf(temp, "%s.bch", Input);
+ (void)snprintf(temp, sizeof temp, "%s.bch", Input);
if ((F = xfopena(temp)) == NULL) {
(void)fprintf(stderr, "batcher %s cant open %s %s\n",
Host, temp, strerror(errno));
@@ -296,9 +296,9 @@
Host = av[0];
if ((Input = av[1]) != NULL) {
if (Input[0] != '/') {
- Input = NEW(char, strlen(innconf->pathoutgoing) + 1+
- strlen(av[1]) + 1);
- (void)sprintf(Input, "%s/%s", innconf->pathoutgoing, av[1]);
+ size_t len = strlen(innconf->pathoutgoing) + 1+ strlen(av[1]) + 1;
+ Input = NEW(char, len);
+ (void)snprintf(Input, len, "%s/%s", innconf->pathoutgoing, av[1]);
}
if (freopen(Input, "r", stdin) == NULL) {
(void)fprintf(stderr, "batcher %s cant open %s %s\n",
@@ -438,7 +438,7 @@
SendIt:
/* Now we can start to send the article! */
if (Separator && *Separator) {
- (void)sprintf(buff, Separator, BytesInArt);
+ (void)snprintf(buff, sizeof buff, Separator, BytesInArt);
BytesInCB += strlen(buff) + 1;
BytesWritten += strlen(buff) + 1;
if (fprintf(F, "%s\n", buff) == EOF || ferror(F)) {
diff -Naur --recursive inn2-2.3.1.orig/backends/buffchan.c inn2-2.3.1/backends/buffchan.c
--- inn2-2.3.1.orig/backends/buffchan.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/backends/buffchan.c Sat Jun 9 03:05:29 2001
@@ -203,7 +203,7 @@
/* Fill in the structure for the new site. */
sp->Name = COPY(Name);
- (void)sprintf(buff, Format, Map ? MAPname(Name) : sp->Name);
+ (void)snprintf(buff, sizeof buff, Format, Map ? MAPname(Name) : sp->Name);
sp->Filename = COPY(buff);
if (BufferMode == 'u')
sp->Buffer = NULL;
@@ -470,8 +470,9 @@
if (Redirect)
(void)freopen(ERRLOG, "a", stderr);
if (Format == NULL) {
- Format = NEW(char, strlen(innconf->pathoutgoing) + 1 + 2 + 1);
- (void)sprintf(Format, "%s/%%s", innconf->pathoutgoing);
+ size_t len = strlen(innconf->pathoutgoing) + 1 + 2 + 1;
+ Format = NEW(char, len);
+ (void)snprintf(Format, len, "%s/%%s", innconf->pathoutgoing);
}
if (Directory && chdir(Directory) < 0) {
(void)fprintf(stderr, "buffchan cant chdir %s %s\n",
diff -Naur --recursive inn2-2.3.1.orig/backends/innxbatch.c inn2-2.3.1/backends/innxbatch.c
--- inn2-2.3.1.orig/backends/innxbatch.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/backends/innxbatch.c Sat Jun 9 03:05:29 2001
@@ -539,7 +539,7 @@
if (GotInterrupt) Interrupted();
/* Offer the xbatch. */
- (void)sprintf(buff, "xbatch %d", XBATCHsize);
+ (void)snprintf(buff, sizeof buff, "xbatch %d", XBATCHsize);
if (!REMwrite(ToServer, buff)) {
(void)fprintf(stderr, "Can't offer xbatch to %s, %s\n",
REMhost, strerror(errno));
diff -Naur --recursive inn2-2.3.1.orig/backends/innxmit.c inn2-2.3.1/backends/innxmit.c
--- inn2-2.3.1.orig/backends/innxmit.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/backends/innxmit.c Sat Jun 9 03:05:29 2001
@@ -726,7 +726,7 @@
char buff[NNTP_STRLEN];
/* send "check <ID>" to the other system */
- (void)sprintf(buff, "check %s", stbuf[i].st_id);
+ (void)snprintf(buff, sizeof buff, "check %s", stbuf[i].st_id);
if (!REMwrite(buff, (int)strlen(buff), FALSE)) {
(void)fprintf(stderr, "Can't check article, %s\n",
strerror(errno));
@@ -780,7 +780,7 @@
SMfreearticle(art);
}
/* send "takethis <ID>" to the other system */
- (void)sprintf(buff, "takethis %s", stbuf[i].st_id);
+ (void)snprintf(buff, sizeof buff, "takethis %s", stbuf[i].st_id);
if (!REMwrite(buff, (int)strlen(buff), FALSE)) {
(void)fprintf(stderr, "Can't send takethis <id>, %s\n",
strerror(errno));
@@ -929,6 +929,7 @@
int port = NNTP_PORT;
BOOL val;
TOKEN token;
+ size_t len;
(void)openlog("innxmit", L_OPENLOG_FLAGS | LOG_PID, LOG_INN_PROG);
/* Set defaults. */
@@ -1007,9 +1008,9 @@
/* Open the batch file and lock others out. */
if (BATCHname[0] != '/') {
- BATCHname = NEW(char, strlen(innconf->pathoutgoing) + 1 +
- strlen(av[1]) + 1);
- (void)sprintf(BATCHname, "%s/%s", innconf->pathoutgoing, av[1]);
+ size_t len = strlen(innconf->pathoutgoing) + 1 + strlen(av[1]) + 1;
+ BATCHname = NEW(char, len);
+ (void)snprintf(BATCHname, len, "%s/%s", innconf->pathoutgoing, av[1]);
}
if (((i = open(BATCHname, O_RDWR)) < 0) || ((BATCHqp = QIOfdopen(i)) == NULL)) {
(void)fprintf(stderr, "Can't open \"%s\", %s\n",
@@ -1032,9 +1033,10 @@
/* Get a temporary name in the same directory as the batch file. */
p = strrchr(BATCHname, '/');
- BATCHtemp = NEW(char, strlen(BATCHname) + STRLEN("/bchXXXXXX") + 1);
+ len = strlen(BATCHname) + STRLEN("/bchXXXXXX") + 1;
+ BATCHtemp = NEW(char, len);
*p = '\0';
- (void)sprintf(BATCHtemp, "%s/bchXXXXXX", BATCHname);
+ (void)snprintf(BATCHtemp, len, "%s/bchXXXXXX", BATCHname);
*p = '/';
/* Set up buffer used by REMwrite. */
@@ -1328,7 +1330,7 @@
}
continue; /* next article */
}
- (void)sprintf(buff, "ihave %s", MessageID);
+ (void)snprintf(buff, sizeof buff, "ihave %s", MessageID);
if (!REMwrite(buff, (int)strlen(buff), FALSE)) {
(void)fprintf(stderr, "Can't offer article, %s\n",
strerror(errno));
diff -Naur --recursive inn2-2.3.1.orig/backends/nntpget.c inn2-2.3.1/backends/nntpget.c
--- inn2-2.3.1.orig/backends/nntpget.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/backends/nntpget.c Sat Jun 9 03:05:29 2001
@@ -270,7 +270,7 @@
}
gt = gmtime(&Sb.st_mtime);
/* Y2K: NNTP Spec currently allows only two digit years. */
- (void)sprintf(tbuff, "%02d%02d%02d %02d%02d%02d GMT",
+ (void)snprintf(tbuff, sizeof tbuff, "%02d%02d%02d %02d%02d%02d GMT",
gt->tm_year % 100, gt->tm_mon + 1, gt->tm_mday,
gt->tm_hour, gt->tm_min, gt->tm_sec);
Since = tbuff;
@@ -328,10 +328,10 @@
if (Groups == NULL)
Groups = "*";
if (distributions)
- (void)sprintf(buff, "NEWNEWS %s %s <%s>",
+ (void)snprintf(buff, sizeof buff, "NEWNEWS %s %s <%s>",
Groups, Since, distributions);
else
- (void)sprintf(buff, "NEWNEWS %s %s", Groups, Since);
+ (void)snprintf(buff, sizeof buff, "NEWNEWS %s %s", Groups, Since);
if (!SITEwrite(Remote, buff, (int)strlen(buff))
|| !SITEread(Remote, buff)) {
(void)fprintf(stderr, "Can't start list, %s\n", strerror(errno));
@@ -345,7 +345,7 @@
}
/* Create a temporary file. */
- (void)sprintf(temp, "%s/nntpgetXXXXXX", innconf->pathtmp);
+ (void)snprintf(temp, sizeof temp, "%s/nntpgetXXXXXX", innconf->pathtmp);
(void)mktemp(temp);
if ((F = fopen(temp, "w+")) == NULL) {
(void)fprintf(stderr, "Can't open \"%s\", %s\n",
@@ -403,7 +403,7 @@
if (Offer) {
/* See if the local server wants it. */
STAToffered++;
- (void)sprintf(buff, "ihave %s", mesgid);
+ (void)snprintf(buff, sizeof buff, "ihave %s", mesgid);
if (!SITEwrite(Local, buff, (int)strlen(buff))
|| !SITEread(Local, buff)) {
(void)fprintf(stderr, "Can't offer \"%s\", %s\n.",
@@ -415,7 +415,7 @@
}
/* Try to get the article. */
- (void)sprintf(buff, "article %s", mesgid);
+ (void)snprintf(buff, sizeof buff, "article %s", mesgid);
if (!SITEwrite(Remote, buff, (int)strlen(buff))
|| !SITEread(Remote, buff)) {
(void)fprintf(stderr, "Can't get \"%s\", %s\n",
diff -Naur --recursive inn2-2.3.1.orig/backends/shlock.c inn2-2.3.1/backends/shlock.c
--- inn2-2.3.1.orig/backends/shlock.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/backends/shlock.c Sat Jun 9 03:05:29 2001
@@ -144,11 +144,11 @@
/* Create the temp file in the same directory as the destination. */
if ((p = strrchr(name, '/')) != NULL) {
*p = '\0';
- (void)sprintf(tmp, "%s/shlock%ld", name, (long)getpid());
+ (void)snprintf(tmp, sizeof tmp, "%s/shlock%ld", name, (long)getpid());
*p = '/';
}
else
- (void)sprintf(tmp, "shlock%ld", (long)getpid());
+ (void)snprintf(tmp, sizeof tmp, "shlock%ld", (long)getpid());
/* Loop until we can open the file. */
while ((fd = open(tmp, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0)
@@ -170,7 +170,7 @@
if (BinaryLock)
ok = write(fd, &pid, (size_t)sizeof pid) == sizeof pid;
else {
- (void)sprintf(buff, "%ld\n", (long) pid);
+ (void)snprintf(buff, sizeof buff, "%ld\n", (long) pid);
i = strlen(buff);
ok = write(fd, buff, (size_t)i) == i;
}
diff -Naur --recursive inn2-2.3.1.orig/backends/shrinkfile.c inn2-2.3.1/backends/shrinkfile.c
--- inn2-2.3.1.orig/backends/shrinkfile.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/backends/shrinkfile.c Sat Jun 9 03:05:29 2001
@@ -48,7 +48,7 @@
int i;
/* Get filename. */
- (void)sprintf(buff, "%s/shrinkXXXXXX", innconf->pathtmp);
+ (void)snprintf(buff, sizeof buff, "%s/shrinkXXXXXX", innconf->pathtmp);
(void)mktemp(buff);
/* Open the file. */
diff -Naur --recursive inn2-2.3.1.orig/contrib/newsresp.c inn2-2.3.1/contrib/newsresp.c
--- inn2-2.3.1.orig/contrib/newsresp.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/contrib/newsresp.c Sat Jun 9 03:05:29 2001
@@ -177,7 +177,7 @@
}
do {
- sprintf(ihave,"ihave <%u at a>\r\n",start+numart);
+ snprintf(ihave,sizeof ihave,"ihave <%u at a>\r\n",start+numart);
ptime();
printf(">>> %s",ihave);
if ( write(sock,ihave,strlen(ihave)) != strlen(ihave) ) {
diff -Naur --recursive inn2-2.3.1.orig/contrib/ninpaths-3.1.1/ninpaths.c inn2-2.3.1/contrib/ninpaths-3.1.1/ninpaths.c
--- inn2-2.3.1.orig/contrib/ninpaths-3.1.1/ninpaths.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/contrib/ninpaths-3.1.1/ninpaths.c Sat Jun 9 03:05:29 2001
@@ -438,7 +438,7 @@
if (verbose > 1 || (100*list->sentto > total)) {
if (list->id[0] != 0 && list->rlink != NULL) {
columns = 3+strlen(list->id);
- sprintf(hostString,"%s H ",list->id);
+ snprintf(hostString,sizeof hostString,"%s H ",list->id);
needHost = 1;
rlist = list->rlink;
while (rlist != NULL) {
diff -Naur --recursive inn2-2.3.1.orig/contrib/pullart.c inn2-2.3.1/contrib/pullart.c
--- inn2-2.3.1.orig/contrib/pullart.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/contrib/pullart.c Sat Jun 9 03:05:29 2001
@@ -283,7 +283,7 @@
/* No header specified */
/* Open file, write buffer, close file */
- sprintf (filename, "%s.%06i", fileprefix, fileno);
+ snprintf (filename, sizeof filename, "%s.%06i", fileprefix, fileno);
outfile = fopen (filename, "wt");
if (outfile==NULL) {
diff -Naur --recursive inn2-2.3.1.orig/expire/expire.c inn2-2.3.1/expire/expire.c
--- inn2-2.3.1.orig/expire/expire.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/expire/expire.c Sat Jun 9 03:05:29 2001
@@ -568,7 +568,8 @@
where = Offset;
if (Arrived > RealNow)
Arrived = RealNow;
- (void)sprintf(date, "%lu", (unsigned long)Arrived);
+ (void)snprintf(date, sizeof date, "%lu",
+ (unsigned long)Arrived);
(void)fprintf(out, "%s%c%s%c%s\n",
fields[0], HIS_FIELDSEP,
date, HIS_SUBFIELDSEP, HIS_NOEXP);
@@ -603,7 +604,8 @@
where = Offset;
if (Arrived > RealNow)
Arrived = RealNow;
- (void)sprintf(date, "%lu", (unsigned long)Arrived);
+ (void)snprintf(date, sizeof date, "%lu",
+ (unsigned long)Arrived);
(void)fprintf(out, "%s%c%s%c%s\n", fields[0], HIS_FIELDSEP,
date, HIS_SUBFIELDSEP, HIS_NOEXP);
Offset += strlen(fields[0]) + 1
@@ -861,7 +863,8 @@
/* Set up the link, reserve the lock. */
if (EXPreason == NULL) {
- (void)sprintf(buff, "Expiring process %ld", (long)getpid());
+ (void)snprintf(buff, sizeof buff, "Expiring process %ld",
+ (long)getpid());
EXPreason = COPY(buff);
}
if (Server) {
@@ -879,31 +882,31 @@
/* Make the history filenames. */
HistoryDB = COPY(HistoryText);
- (void)sprintf(buff, "%s.dir", HistoryDB);
+ (void)snprintf(buff, sizeof buff, "%s.dir", HistoryDB);
Historydir = COPY(buff);
#ifdef DO_TAGGED_HASH
- (void)sprintf(buff, "%s.pag", HistoryDB);
+ (void)snprintf(buff, sizeof buff, "%s.pag", HistoryDB);
Historypag = COPY(buff);
#else
- (void)sprintf(buff, "%s.index", HistoryDB);
+ (void)snprintf(buff, sizeof buff, "%s.index", HistoryDB);
Historyindex = COPY(buff);
- (void)sprintf(buff, "%s.hash", HistoryDB);
+ (void)snprintf(buff, sizeof buff, "%s.hash", HistoryDB);
Historyhash = COPY(buff);
#endif
if (HistoryPath)
- (void)sprintf(buff, "%s/%s.n", HistoryPath, History);
+ (void)snprintf(buff, sizeof buff, "%s/%s.n", HistoryPath, History);
else
- (void)sprintf(buff, "%s.n", HistoryText);
+ (void)snprintf(buff, sizeof buff, "%s.n", HistoryText);
NHistory = COPY(buff);
- (void)sprintf(buff, "%s.dir", NHistory);
+ (void)snprintf(buff, sizeof buff, "%s.dir", NHistory);
NHistorydir = COPY(buff);
#ifdef DO_TAGGED_HASH
- (void)sprintf(buff, "%s.pag", NHistory);
+ (void)snprintf(buff, sizeof buff, "%s.pag", NHistory);
NHistorypag = COPY(buff);
#else
- (void)sprintf(buff, "%s.index", NHistory);
+ (void)snprintf(buff, sizeof buff, "%s.index", NHistory);
NHistoryindex = COPY(buff);
- (void)sprintf(buff, "%s.hash", NHistory);
+ (void)snprintf(buff, sizeof buff, "%s.hash", NHistory);
NHistoryhash = COPY(buff);
#endif
@@ -1043,7 +1046,7 @@
}
/* If user used the -d flag, mark we're done and exit. */
if (HistoryPath != NULL) {
- (void)sprintf(buff, "%s.done", NHistory);
+ (void)snprintf(buff, sizeof buff, "%s.done", NHistory);
(void)fclose(EXPfopen(FALSE, buff, "w", TRUE, Server, FALSE));
CleanupAndExit(Server, FALSE, 0);
}
diff -Naur --recursive inn2-2.3.1.orig/expire/expireover.c inn2-2.3.1/expire/expireover.c
--- inn2-2.3.1.orig/expire/expireover.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/expire/expireover.c Sat Jun 9 03:05:29 2001
@@ -60,7 +60,7 @@
ovge.earliest = TRUE;
break;
case 'f':
- strcpy(activefn, optarg);
+ strncpy(activefn, optarg, sizeof activefn);
break;
case 'k':
ovge.keep = TRUE;
@@ -143,7 +143,8 @@
}
if (activefn[0] == '\0') {
- strcpy(activefn, cpcatpath(innconf->pathdb, _PATH_ACTIVE));
+ strncpy(activefn, cpcatpath(innconf->pathdb, _PATH_ACTIVE),
+ sizeof activefn);
Nonull = FALSE;
} else {
Nonull = TRUE;
diff -Naur --recursive inn2-2.3.1.orig/expire/grephistory.c inn2-2.3.1/expire/grephistory.c
--- inn2-2.3.1.orig/expire/grephistory.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/expire/grephistory.c Sat Jun 9 03:05:29 2001
@@ -243,8 +243,9 @@
} else {
if (*av[0] != '<') {
/* Add optional braces. */
- keystr = NEW(char, 1 + strlen(av[0]) + 1 + 1);
- (void)sprintf(keystr, "<%s>", av[0]);
+ size_t len = 1 + strlen(av[0]) + 1 + 1;
+ keystr = NEW(char, len);
+ (void)snprintf(keystr, len, "<%s>", av[0]);
}
key = HashMessageID(keystr);
}
diff -Naur --recursive inn2-2.3.1.orig/expire/makedbz.c inn2-2.3.1/expire/makedbz.c
--- inn2-2.3.1.orig/expire/makedbz.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/expire/makedbz.c Sat Jun 9 03:05:29 2001
@@ -26,18 +26,18 @@
static char NOCANDO[] = "Can't remove \"%s\", %s\n";
char buff[SMBUF];
- (void)sprintf(buff, "%s.dir", p);
+ (void)snprintf(buff, sizeof buff, "%s.dir", p);
if (unlink(buff) && errno != ENOENT)
(void)fprintf(stderr, NOCANDO, buff, strerror(errno));
#ifdef DO_TAGGED_HASH
- (void)sprintf(buff, "%s.pag", p);
+ (void)snprintf(buff, sizeof buff, "%s.pag", p);
if (unlink(buff) && errno != ENOENT)
(void)fprintf(stderr, NOCANDO, buff, strerror(errno));
#else
- (void)sprintf(buff, "%s.index", p);
+ (void)snprintf(buff, sizeof buff, "%s.index", p);
if (unlink(buff) && errno != ENOENT)
(void)fprintf(stderr, NOCANDO, buff, strerror(errno));
- (void)sprintf(buff, "%s.hash", p);
+ (void)snprintf(buff, sizeof buff, "%s.hash", p);
if (unlink(buff) && errno != ENOENT)
(void)fprintf(stderr, NOCANDO, buff, strerror(errno));
#endif
@@ -72,7 +72,7 @@
/* If using the standard history file, force DBZ to use history.n. */
if (EQ(TextFile, HISTORY) && !Overwrite) {
- (void)sprintf(temp, "%s.n", HISTORY);
+ (void)snprintf(temp, sizeof temp, "%s.n", HISTORY);
if (link(HISTORY, temp) < 0) {
(void)fprintf(stderr, "Can't make temporary link to \"%s\", %s\n",
temp, strerror(errno));
diff -Naur --recursive inn2-2.3.1.orig/expire/makehistory.c inn2-2.3.1/expire/makehistory.c
--- inn2-2.3.1.orig/expire/makehistory.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/expire/makehistory.c Sat Jun 9 03:05:29 2001
@@ -245,11 +245,11 @@
}
}
- sprintf(temp, "%s/hisTXXXXXX", TmpDir);
+ snprintf(temp, sizeof temp, "%s/hisTXXXXXX", TmpDir);
mktemp(temp);
SortedTmpPath = COPY(temp);
- sprintf(temp, "exec %s -T %s -t'%c' -o %s %s", _PATH_SORT,
+ snprintf(temp, sizeof temp, "exec %s -T %s -t'%c' -o %s %s", _PATH_SORT,
TmpDir, '\t', SortedTmpPath, OverTmpPath);
i = system(temp) >> 8;
@@ -369,7 +369,7 @@
}
if (OverTmpPath == NULL) {
/* need new temp file, so create it. */
- (void)sprintf(temp, "%s/histXXXXXX", TmpDir);
+ (void)snprintf(temp, sizeof temp, "%s/histXXXXXX", TmpDir);
(void)mktemp(temp);
OverTmpPath = COPY(temp);
if ((OverTmpFile = fopen(OverTmpPath, "w")) == NULL) {
@@ -593,7 +593,7 @@
fp->HeaderLength = p2 - fp->Header;
} else if (RetrMode == RETR_ALL && strcmp(fp->Headername, "Bytes") == 0)
{
- sprintf(bytes, "%d", art->len);
+ snprintf(bytes, sizeof bytes, "%d", art->len);
fp->HasHeader = TRUE;
fp->Header = bytes;
fp->HeaderLength = strlen(bytes);
@@ -629,7 +629,7 @@
Xrefp->Header = NULL;
Xrefp->HeaderLength = 0;
} else {
- sprintf(overdata, "%s %s %s:%lu", XREF, innconf->pathhost,
+ snprintf(overdata, sizeof overdata, "%s %s %s:%lu", XREF, innconf->pathhost,
ann.groupname, ann.artnum);
Xrefp->Header = overdata;
Xrefp->HeaderLength = strlen(overdata);
diff -Naur --recursive inn2-2.3.1.orig/frontends/ctlinnd.c inn2-2.3.1/frontends/ctlinnd.c
--- inn2-2.3.1.orig/frontends/ctlinnd.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/frontends/ctlinnd.c Sat Jun 9 03:05:29 2001
@@ -318,7 +318,7 @@
p = cpcatpath(innconf->pathrun, _PATH_SERVERPID);
if (stat(p, &Sb) < 0)
(void)fprintf(stderr, "No innd.pid file; did server die?\n");
- (void)sprintf(buff, "send \"%s\" command", cp->Command);
+ (void)snprintf(buff, sizeof buff, "send \"%s\" command", cp->Command);
errno = i;
Failed(buff);
}
diff -Naur --recursive inn2-2.3.1.orig/frontends/feedone.c inn2-2.3.1/frontends/feedone.c
--- inn2-2.3.1.orig/frontends/feedone.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/frontends/feedone.c Sat Jun 9 03:05:29 2001
@@ -107,15 +107,15 @@
/* NOTREACHED */
case 'm': /* Specified Message-ID */
if (*optarg == '<')
- (void)strcpy(mesgid, optarg);
+ (void)strncpy(mesgid, optarg, sizeof mesgid);
else
- (void)sprintf(mesgid, "<%s>", optarg);
+ (void)snprintf(mesgid, sizeof mesgid, "<%s>", optarg);
break;
case 'p': /* Use Post, not ihave */
PostMode = TRUE;
break;
case 'r': /* Random Message-ID */
- (void)sprintf(mesgid, "<%ld@%ld>",
+ (void)snprintf(mesgid, sizeof mesgid, "<%ld@%ld>",
(long) getpid(), (long)time((time_t *)NULL));
break;
case 't':
@@ -141,7 +141,7 @@
exit(1);
}
q[1] = '\0';
- (void)strcpy(mesgid, p);
+ (void)strncpy(mesgid, p, mesgid);
break;
}
if (mesgid[0] == '\0') {
diff -Naur --recursive inn2-2.3.1.orig/frontends/inews.c inn2-2.3.1/frontends/inews.c
--- inn2-2.3.1.orig/frontends/inews.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/frontends/inews.c Sat Jun 9 03:05:29 2001
@@ -556,11 +556,11 @@
if (out[0]) {
buff = NEW(char, (strlen(pwp->pw_name) + 1 + strlen(node) + 2
+ strlen(out) + 2));
- sprintf(buff, "%s@%s (%s)", pwp->pw_name, node, out);
+ snprintf(buff, sizeof buff, "%s@%s (%s)", pwp->pw_name, node, out);
}
else {
buff = NEW(char, strlen(pwp->pw_name) + 1 + strlen(node) + 1);
- sprintf(buff, "%s@%s", pwp->pw_name, node);
+ snprintf(buff, sizeof buff, "%s@%s", pwp->pw_name, node);
}
return buff;
}
@@ -629,7 +629,7 @@
fprintf(stderr, "Username and host too long\n");
QuitServer(1);
}
- (void)sprintf(buff, "%s@%s", pwp->pw_name, p);
+ (void)snprintf(buff, sizeof buff, "%s@%s", pwp->pw_name, p);
(void)strncpy(from, HDR(_from), SMBUF);
from[SMBUF - 1] = '\0';
HeaderCleanFrom(from);
@@ -691,9 +691,9 @@
i += strlen(p) + 1;
HDR(_path) = NEW(char, i + 1);
if (*p)
- (void)sprintf(HDR(_path), "%s%s!%s", Exclusions, p, PATHFLUFF);
+ (void)snprintf(HDR(_path), i+1,"%s%s!%s", Exclusions, p, PATHFLUFF);
else
- (void)sprintf(HDR(_path), "%s%s", Exclusions, PATHFLUFF);
+ (void)snprintf(HDR(_path), i+1, "%s%s", Exclusions, PATHFLUFF);
}
else if (innconf->server != NULL) {
if ((p = GetFQDN(innconf->domain)) == NULL) {
@@ -703,15 +703,15 @@
}
i += strlen(p) + 1;
HDR(_path) = NEW(char, i + 1);
- (void)sprintf(HDR(_path), "%s%s!%s", Exclusions, p, PATHFLUFF);
+ (void)snprintf(HDR(_path), i+1, "%s%s!%s", Exclusions, p, PATHFLUFF);
}
else {
HDR(_path) = NEW(char, i + 1);
- (void)sprintf(HDR(_path), "%s%s", Exclusions, PATHFLUFF);
+ (void)snprintf(HDR(_path), i+1, "%s%s", Exclusions, PATHFLUFF);
}
#else
HDR(_path) = NEW(char, i + 1);
- (void)sprintf(HDR(_path), "%s%s", Exclusions, PATHFLUFF);
+ (void)snprintf(HDR(_path), i+1, "%s%s", Exclusions, PATHFLUFF);
#endif /* defined(DO_INEWS_PATH) */
}
@@ -750,7 +750,7 @@
/* Approved; left alone. */
/* Set Lines */
- (void)sprintf(buff, "%d", linecount);
+ (void)snprintf(buff, sizeof buff, "%d", linecount);
HDR(_lines) = COPY(buff);
/* Check Supersedes. */
@@ -786,6 +786,7 @@
char *p;
char buff[BUFSIZ];
FILE *F;
+ size_t len;
/* Open the file. */
*linesp = 0;
@@ -793,7 +794,7 @@
fprintf(stderr, "Home directory path too long\n");
QuitServer(1);
}
- (void)sprintf(buff, "%s/.signature", homedir);
+ (void)snprintf(buff, sizeof buff, "%s/.signature", homedir);
if ((F = fopen(buff, "r")) == NULL) {
if (errno == ENOENT)
return article;
@@ -834,8 +835,9 @@
/* Grow the article to have the signature. */
i = strlen(article);
if (UseMalloc) {
- p = NEW(char, i + (sizeof SIGSEP - 1) + length + 1);
- (void)strcpy(p, article);
+ len = i + (sizeof SIGSEP - 1) + length + 1;
+ p = NEW(char, len);
+ (void)strncpy(p, article, len);
article = p;
}
else
@@ -1010,6 +1012,7 @@
BOOL DoSignature;
BOOL AddOrg;
size_t Length;
+ size_t len;
/* First thing, set up logging and our identity. */
openlog("inews", L_OPENLOG_FLAGS | LOG_PID, LOG_INN_PROG);
@@ -1059,8 +1062,9 @@
Mode = i;
break;
case 'x':
- Exclusions = NEW(char, strlen(optarg) + 1 + 1);
- (void)sprintf(Exclusions, "%s!", optarg);
+ len = strlen(optarg) + 1 + 1;
+ Exclusions = NEW(char, len);
+ (void)snprintf(Exclusions, len, "%s!", optarg);
break;
case 'p':
port = atoi(optarg);
@@ -1107,12 +1111,13 @@
*p = '\0';
if ((p = strchr(buff, '\r')) != NULL)
*p = '\0';
- (void)strcpy(SpoolMessage, buff[0] ? buff : NOCONNECT);
+ (void)strncpy(SpoolMessage, buff[0] ? buff : NOCONNECT,
+ sizeof SpoolMessage);
if (strlen(pwp->pw_dir) > sizeof(buff) - 14) {
fprintf(stderr, "Home directory path too long\n");
exit(1);
}
- (void)sprintf(buff, "%s/dead.article", pwp->pw_dir);
+ (void)snprintf(buff, sizeof buff, "%s/dead.article", pwp->pw_dir);
deadfile = COPY(buff);
}
else {
diff -Naur --recursive inn2-2.3.1.orig/frontends/rnews.c inn2-2.3.1/frontends/rnews.c
--- inn2-2.3.1.orig/frontends/rnews.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/frontends/rnews.c Sat Jun 9 03:05:29 2001
@@ -583,11 +583,11 @@
else
p = &buff[3];
if (strchr(_PATH_RNEWSPROGS, '/') == NULL) {
- (void)sprintf(path, "%s/%s/%s", innconf->pathbin,
+ (void)snprintf(path, sizeof path, "%s/%s/%s", innconf->pathbin,
_PATH_RNEWSPROGS, p);
len = strlen(innconf->pathbin) + 1 + sizeof _PATH_RNEWSPROGS;
} else {
- (void)sprintf(path, "%s/%s", _PATH_RNEWSPROGS, p);
+ (void)snprintf(path, sizeof path, "%s/%s", _PATH_RNEWSPROGS, p);
len = sizeof _PATH_RNEWSPROGS;
}
for (p = &path[len]; *p; p++)
@@ -718,9 +718,7 @@
if (p == NULL)
exit(10);
*p = '\0';
- strcpy(temp, buff);
- strcat(temp, "/.");
- strcat(temp, ++p);
+ snprintf (temp, sizeof temp, "%s/.%s", buff, ++p);
(void)umask(0);
if ((spfd = open(temp, O_WRONLY | O_CREAT, BATCHFILE_MODE)) < 0) {
syslog(L_FATAL, "cant open %s %m", temp);
diff -Naur --recursive inn2-2.3.1.orig/innd/art.c inn2-2.3.1/innd/art.c
--- inn2-2.3.1.orig/innd/art.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/innd/art.c Sat Jun 9 03:05:29 2001
@@ -541,7 +541,7 @@
}
/* Figure out how much space we'll need and get it. */
- (void)sprintf(bytesbuff, "Bytes: %ld\r\n", size);
+ (void)snprintf(bytesbuff, sizeof bytesbuff, "Bytes: %ld\r\n", size);
if (Headers.Data == NULL) {
Headers.Size = end - artbuff;
@@ -603,7 +603,7 @@
if (colon == NULL || !ISWHITE(colon[1])) {
if ((p = strchr(start, '\n')) != NULL)
*p = '\0';
- (void)sprintf(buff, COLONSPACE, MaxLength(start, start));
+ (void)snprintf(buff, sizeof buff, COLONSPACE, MaxLength(start, start));
*errorp = buff;
return NULL;
}
@@ -626,7 +626,8 @@
/* Not a system header, make sure we have <word><colon><space>. */
for (p = colon; --p > start; )
if (ISWHITE(*p)) {
- (void)sprintf(buff, "Space before colon in \"%s\" header",
+ (void)snprintf(buff, sizeof buff,
+ "Space before colon in \"%s\" header",
MaxLength(start, start));
*errorp = buff;
return NULL;
@@ -669,7 +670,7 @@
/* Copy the header if not too big. */
i = (out - 1 - 1) - p;
if (i >= MAXHEADERSIZE) {
- (void)sprintf(buff, "\"%s\" header too long", hp->Name);
+ (void)snprintf(buff, sizeof buff, "\"%s\" header too long", hp->Name);
*errorp = buff;
return NULL;
}
@@ -825,11 +826,13 @@
for (hp = ARTheaders; hp < ENDOF(ARTheaders); hp++)
if (hp->Type == HTreq) {
if (*hp->Value == '\0') {
- (void)sprintf(buff, "Missing \"%s\" header", hp->Name);
+ (void)snprintf(buff, sizeof buff, "Missing \"%s\" header",
+ hp->Name);
return buff;
}
if (hp->Found > 1) {
- (void)sprintf(buff, "Duplicate \"%s\" header", hp->Name);
+ (void)snprintf(buff, sizeof buff, "Duplicate \"%s\" header",
+ hp->Name);
return buff;
}
}
@@ -847,7 +850,7 @@
*out = '\0';
if (Article->Data + Article->Used != in + 1) {
i++;
- (void)sprintf(buff, "Line %d includes null character", i);
+ (void)snprintf(buff, sizeof buff, "Line %d includes null character", i);
return buff;
}
Article->Used = out - Article->Data;
@@ -859,7 +862,7 @@
innconf->linecountfuzz) {
if ((in = strchr(p, '\n')) != NULL)
*in = '\0';
- (void)sprintf(buff, "Linecount %s != %d +- %d",
+ (void)snprintf(buff, sizeof buff, "Linecount %s != %d +- %d",
MaxLength(p, p), i, innconf->linecountfuzz);
return buff;
}
@@ -868,15 +871,17 @@
/* Is article too old? */
p = HDR(_date);
if ((Data->Posted = parsedate(p, &Now)) == -1) {
- (void)sprintf(buff, "Bad \"Date\" header -- \"%s\"", MaxLength(p, p));
+ (void)snprintf(buff, sizeof buff, "Bad \"Date\" header -- \"%s\"",
+ MaxLength(p, p));
return buff;
}
if (innconf->artcutoff && Data->Posted < Now.time - innconf->artcutoff) {
- (void)sprintf(buff, "Too old -- \"%s\"", MaxLength(p, p));
+ (void)snprintf(buff, sizeof buff, "Too old -- \"%s\"", MaxLength(p, p));
return buff;
}
if (Data->Posted > Now.time + DATE_FUZZ) {
- (void)sprintf(buff, "Article posted in the future -- \"%s\"",
+ (void)snprintf(buff, sizeof buff,
+ "Article posted in the future -- \"%s\"",
MaxLength(p, p));
return buff;
}
@@ -885,7 +890,7 @@
Data->Expires = 0;
if (*p != '\0' && (Data->Expires = parsedate(p, &Now)) == -1) {
#if 0
- (void)sprintf(buff, "Bad \"Expires\" header -- \"%s\"",
+ (void)snprintf(buff, sizeof buff, "Bad \"Expires\" header -- \"%s\"",
MaxLength(p, p));
return buff;
#endif
@@ -896,7 +901,7 @@
return "Colon in \"Newsgroups\" header";
for (p = HDR(_newsgroups); *p; p++)
if (ISWHITE(*p)) {
- (void)sprintf(buff,
+ (void)snprintf(buff, sizeof buff,
"Whitespace in \"Newsgroups\" header -- \"%s\"",
MaxLength(HDR(_newsgroups), p));
return buff;
@@ -1028,7 +1033,8 @@
HeaderCleanFrom(p);
if (!EQ(q, p)) {
token = NULL;
- (void)sprintf(buff, "\"%.50s\" wants to cancel %s by \"%.50s\"",
+ (void)snprintf(buff, sizeof buff,
+ "\"%.50s\" wants to cancel %s by \"%.50s\"",
p, MaxLength(MessageID, MessageID), q);
ARTlog(Data, ART_REJECT, buff);
}
@@ -1070,7 +1076,8 @@
return;
}
HISremember(hash);
- (void)sprintf(buff, "Cancelling %s", MaxLength(MessageID, MessageID));
+ (void)snprintf(buff, sizeof buff, "Cancelling %s",
+ MaxLength(MessageID, MessageID));
ARTlog(Data, ART_CANC, buff);
TMRstop(TMR_ARTCNCL);
return;
@@ -1091,7 +1098,8 @@
syslog(L_ERROR, "%s cant cancel %s", LogName, TokenToText(*token));
if (innconf->immediatecancel && !SMflushcacheddata(SM_CANCELEDART))
syslog(L_ERROR, "%s cant cancel cached %s", LogName, TokenToText(*token));
- (void)sprintf(buff, "Cancelling %s", MaxLength(MessageID, MessageID));
+ (void)snprintf(buff, sizeof buff, "Cancelling %s",
+ MaxLength(MessageID, MessageID));
ARTlog(Data, ART_CANC, buff);
TMRstop(TMR_ARTCNCL);
}
@@ -1986,7 +1994,7 @@
hops = ARTparsepath(HDR(_path), &hopcount);
if (error != NULL &&
(Data.MessageID == NULL || hops == 0 || hops[0]=='\0')) {
- sprintf(buff, "%d %s", NNTP_REJECTIT_VAL, error);
+ snprintf(buff, sizeof buff, "%d %s", NNTP_REJECTIT_VAL, error);
return buff;
}
AddAlias = FALSE;
@@ -2008,14 +2016,14 @@
hash = HashMessageID(Data.MessageID);
Data.Hash = &hash;
if (HIShavearticle(hash)) {
- sprintf(buff, "%d Duplicate", NNTP_REJECTIT_VAL);
+ snprintf(buff, sizeof buff, "%d Duplicate", NNTP_REJECTIT_VAL);
ARTlog(&Data, ART_REJECT, buff);
ARTreject(REJECT_DUPLICATE, cp, buff, article);
return buff;
}
if (error != NULL) {
- sprintf(buff, "%d %s", NNTP_REJECTIT_VAL, error);
+ snprintf(buff, sizeof buff, "%d %s", NNTP_REJECTIT_VAL, error);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) && !HISremember(hash))
syslog(L_ERROR, "%s cant write history %s %m",
@@ -2027,7 +2035,7 @@
/* And now check the path for unwanted sites -- Andy */
for( j = 0 ; ME.Exclusions && ME.Exclusions[j] ; j++ ) {
if( ListHas(hops, ME.Exclusions[j]) ) {
- (void)sprintf(buff, "%d Unwanted site %s in path",
+ (void)snprintf(buff, sizeof buff, "%d Unwanted site %s in path",
NNTP_REJECTIT_VAL, ME.Exclusions[j]);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2050,7 +2058,8 @@
Data.LinesValue);
TMRstop(TMR_PYTHON);
if (filterrc != NULL) {
- (void)sprintf(buff, "%d %.200s", NNTP_REJECTIT_VAL, filterrc);
+ (void)snprintf(buff, sizeof buffer, "%d %.200s", NNTP_REJECTIT_VAL,
+ filterrc);
syslog(L_NOTICE, "rejecting[python] %s %s", Data.MessageID, buff);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2069,7 +2078,7 @@
filterrc = PLartfilter(Data.Body, Data.LinesValue);
TMRstop(TMR_PERL);
if (filterrc) {
- sprintf(buff, "%d %.200s", NNTP_REJECTIT_VAL, filterrc);
+ snprintf(buff, sizeof buff, "%d %.200s", NNTP_REJECTIT_VAL, filterrc);
syslog(L_NOTICE, "rejecting[perl] %s %s", Data.MessageID, buff);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2110,8 +2119,8 @@
(void)Tcl_UnsetVar(TCLInterpreter, "Headers", TCL_GLOBAL_ONLY);
if (code == TCL_OK) {
if (strcmp(TCLInterpreter->result, "accept") != 0) {
- (void)sprintf(buff, "%d %.200s", NNTP_REJECTIT_VAL,
- TCLInterpreter->result);
+ (void)snprintf(buff, sizeof buff, "%d %.200s",
+ NNTP_REJECTIT_VAL, TCLInterpreter->result);
syslog(L_NOTICE, "rejecting[tcl] %s %s", Data.MessageID, buff);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2150,7 +2159,7 @@
distributions = *p ? CommaSplit(p) : NULL;
if (distributions) {
if (*distributions[0] == '\0') {
- (void)sprintf(buff, "%d bogus distribution \"%s\"",
+ (void)snprintf(buff, sizeof buff, "%d bogus distribution \"%s\"",
NNTP_REJECTIT_VAL,
MaxLength(p, p));
ARTlog(&Data, ART_REJECT, buff);
@@ -2164,8 +2173,8 @@
DISTparse(distributions, &Data);
if (ME.Distributions
&& !DISTwantany(ME.Distributions, distributions)) {
- (void)sprintf(buff, "%d Unwanted distribution \"%s\"",
- NNTP_REJECTIT_VAL,
+ (void)snprintf(buff, sizeof buff,
+ "%d Unwanted distribution \"%s\"", NNTP_REJECTIT_VAL,
MaxLength(distributions[0], distributions[0]));
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2299,7 +2308,7 @@
/* Basic validity check. */
if (ngp->Rest[0] == NF_FLAG_MODERATED && !Approved) {
- (void)sprintf(buff, "%d Unapproved for \"%s\"",
+ (void)snprintf(buff, sizeof buff, "%d Unapproved for \"%s\"",
NNTP_REJECTIT_VAL, ngp->Name);
ARTlog(&Data, ART_REJECT, buff);
if (innconf->remembertrash && (Mode == OMrunning) &&
@@ -2328,7 +2337,8 @@
continue;
}
else if (canpost < 0) {
- (void)sprintf(buff, "%d Won't accept posts in \"%s\"",
+ (void)snprintf(buff, sizeof buff,
+ "%d Won't accept posts in \"%s\"",
NNTP_REJECTIT_VAL, MaxLength(p, p));
ARTlog(&Data, ART_REJECT, buff);
if (distributions)
@@ -2391,11 +2401,11 @@
if (!Accepted || ngptr == GroupPointers) {
if (!Accepted) {
if (NoHistoryUpdate) {
- (void)sprintf(buff, "%d Can't post to \"%s\"",
+ (void)snprintf(buff, sizeof buff, "%d Can't post to \"%s\"",
NNTP_REJECTIT_VAL,
MaxLength(Data.Newsgroups, Data.Newsgroups));
} else {
- (void)sprintf(buff, "%d Unwanted newsgroup \"%s\"",
+ (void)snprintf(buff, sizeof buff, "%d Unwanted newsgroup \"%s\"",
NNTP_REJECTIT_VAL,
MaxLength(Data.Newsgroups, Data.Newsgroups));
}
@@ -2459,11 +2469,11 @@
if (innconf->xrefslave) {
if (ARTxrefslave() == FALSE) {
if (HDR(_xref)) {
- (void)sprintf(buff, "%d Invalid Xref header \"%s\"",
- NNTP_REJECTIT_VAL,
+ (void)snprintf(buff, sizeof buff,
+ "%d Invalid Xref header \"%s\"", NNTP_REJECTIT_VAL,
MaxLength(HDR(_xref), HDR(_xref)));
} else {
- (void)sprintf(buff, "%d No Xref header",
+ (void)snprintf(buff, sizeof buff,"%d No Xref header",
NNTP_REJECTIT_VAL);
}
ARTlog(&Data, ART_REJECT, buff);
@@ -2488,7 +2498,7 @@
token = ARTstore(article, &Data);
if (token.type == TOKEN_EMPTY) {
syslog(L_ERROR, "%s cant store article: %s", LogName, SMerrorstr);
- sprintf(buff, "%d cant store article", NNTP_RESENDIT_VAL);
+ snprintf(buff, sizeof buff, "%d cant store article", NNTP_RESENDIT_VAL);
ARTlog(&Data, ART_REJECT, buff);
if ((Mode == OMrunning) && !HISremember(hash))
syslog(L_ERROR, "%s cant write history %s %m",
@@ -2524,7 +2534,7 @@
if ((Mode != OMrunning) || !HISwrite(&Data, hash, Files.Data, &token)) {
i = errno;
syslog(L_ERROR, "%s cant write history %s %m", LogName, Data.MessageID);
- (void)sprintf(buff, "%d cant write history, %s",
+ (void)snprintf(buff, sizeof buff, "%d cant write history, %s",
NNTP_RESENDIT_VAL, strerror(errno));
ARTlog(&Data, ART_REJECT, buff);
if (distributions)
@@ -2556,11 +2566,17 @@
/* Start logging, then propagate the article. */
if (CRwithoutLF > 0 || LFwithoutCR > 0) {
if (CRwithoutLF > 0 && LFwithoutCR == 0)
- (void)sprintf(buff, "%d article includes CR without LF(%d)", NNTP_REJECTIT_VAL, CRwithoutLF);
+ (void)snprintf(buff, sizeof buff,
+ "%d article includes CR without LF(%d)", NNTP_REJECTIT_VAL,
+ CRwithoutLF);
else if (CRwithoutLF == 0 && LFwithoutCR > 0)
- (void)sprintf(buff, "%d article includes LF without CR(%d)", NNTP_REJECTIT_VAL, LFwithoutCR);
+ (void)snprintf(buff, sizeof buff,
+ "%d article includes LF without CR(%d)", NNTP_REJECTIT_VAL,
+ LFwithoutCR);
else
- (void)sprintf(buff, "%d article includes CR without LF(%d) and LF withtout CR(%d)", NNTP_REJECTIT_VAL, CRwithoutLF, LFwithoutCR);
+ (void)snprintf(buff, sizeof buff,
+ "%d article includes CR without LF(%d) and LF withtout CR(%d)",
+ NNTP_REJECTIT_VAL, CRwithoutLF, LFwithoutCR);
ARTlog(&Data, ART_STRSTR, buff);
}
ARTlog(&Data, Accepted ? ART_ACCEPT : ART_JUNK, (char *)NULL);
diff -Naur --recursive inn2-2.3.1.orig/innd/cc.c inn2-2.3.1/innd/cc.c
--- inn2-2.3.1.orig/innd/cc.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/innd/cc.c Sat Jun 9 03:05:29 2001
@@ -174,7 +174,7 @@
/* Server's mode. */
switch (Mode) {
default:
- (void)sprintf(buff, "Unknown %d", Mode);
+ (void)snprintf(buff, sizeof buff, "Unknown %d", Mode);
return buff;
case OMrunning:
return "running";
@@ -999,31 +999,33 @@
BUFFappend(&CCreply, p, strlen(p));
switch (cp->Type) {
case CTremconn:
- sprintf(buff, ":remconn::");
+ snprintf(buff, sizeof buff, ":remconn::");
break;
case CTreject:
- sprintf(buff, ":reject::");
+ snprintf(buff, sizeof buff, ":reject::");
break;
case CTnntp:
- sprintf(buff, ":nntp:%ld:%s", Now.time - cp->LastActive, (cp->MaxCnx > 0 && cp->ActiveCnx == 0) ? "paused" : "");
+ snprintf(buff, sizeof buff, ":nntp:%ld:%s",
+ Now.time - cp->LastActive,
+ (cp->MaxCnx > 0 && cp->ActiveCnx == 0) ? "paused" : "");
break;
case CTlocalconn:
- sprintf(buff, ":localconn::");
+ snprintf(buff, sizeof buff, ":localconn::");
break;
case CTcontrol:
- sprintf(buff, ":control::");
+ snprintf(buff, sizeof buff, ":control::");
break;
case CTfile:
- sprintf(buff, "::");
+ snprintf(buff, sizeof buff, "::");
break;
case CTexploder:
- sprintf(buff, ":exploder::");
+ snprintf(buff, sizeof buff, ":exploder::");
break;
case CTprocess:
- sprintf(buff, ":");
+ snprintf(buff, sizeof buff, ":");
break;
default:
- sprintf(buff, ":unknown::");
+ snprintf(buff, sizeof buff, ":unknown::");
break;
}
p = buff;
@@ -1096,7 +1098,7 @@
/* %s + ' ' + %ld + ' ' + %s + '\n' + terminator */
buff = NEW(char, strlen(Name) + 1 + 20 + 1 + strlen(who) + 1 + 1);
- (void)sprintf(buff, "%s %ld %s\n", Name, Now.time, who);
+ (void)snprintf(buff, sizeof buff, "%s %ld %s\n", Name, Now.time, who);
if (xwrite(fd, buff, strlen(buff)) < 0) {
oerrno = errno;
syslog(L_ERROR, "%s cant write %s %m", LogName, TIMES);
diff -Naur --recursive inn2-2.3.1.orig/innd/chan.c inn2-2.3.1/innd/chan.c
--- inn2-2.3.1.orig/innd/chan.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innd/chan.c Sat Jun 9 03:05:29 2001
@@ -367,30 +367,31 @@
switch (cp->Type) {
default:
- (void)sprintf(buff, "?%d(#%d@%d)?", cp->Type, cp->fd, cp - CHANtable);
+ (void)snprintf(buff, sizeof buff, "?%d(#%d@%d)?", cp->Type,
+ cp->fd, cp - CHANtable);
break;
case CTany:
- (void)sprintf(buff, "any:%d", cp->fd);
+ (void)snprintf(buff, sizeof buff, "any:%d", cp->fd);
break;
case CTfree:
- (void)sprintf(buff, "free:%d", cp->fd);
+ (void)snprintf(buff, sizeof buff, "free:%d", cp->fd);
break;
case CTremconn:
- (void)sprintf(buff, "remconn:%d", cp->fd);
+ (void)snprintf(buff, sizeof buff, "remconn:%d", cp->fd);
break;
case CTreject:
- (void)sprintf(buff, "%s rejected", RChostname(cp));
+ (void)snprintf(buff, sizeof buff, "%s rejected", RChostname(cp));
break;
case CTnntp:
- (void)sprintf(buff, "%s:%d",
+ (void)snprintf(buff, sizeof buff, "%s:%d",
cp->Address.s_addr == 0 ? "localhost" : RChostname(cp),
cp->fd);
break;
case CTlocalconn:
- (void)sprintf(buff, "localconn:%d", cp->fd);
+ (void)snprintf(buff, sizeof buff, "localconn:%d", cp->fd);
break;
case CTcontrol:
- (void)sprintf(buff, "control:%d", cp->fd);
+ (void)snprintf(buff, sizeof buff, "control:%d", cp->fd);
break;
case CTexploder:
case CTfile:
@@ -404,11 +405,11 @@
break;
}
if (pid == 0)
- (void)sprintf(buff, "%s:%d:%s",
+ (void)snprintf(buff, sizeof buff, "%s:%d:%s",
MaxLength(p, p), cp->fd,
cp->Type == CTfile ? "file" : "proc");
else
- (void)sprintf(buff, "%s:%d:%s:%ld",
+ (void)snprintf(buff, sizeof buff, "%s:%d:%s:%ld",
MaxLength(p, p), cp->fd,
cp->Type == CTfile ? "file" : "proc", (long)pid);
break;
diff -Naur --recursive inn2-2.3.1.orig/innd/icd.c inn2-2.3.1/innd/icd.c
--- inn2-2.3.1.orig/innd/icd.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innd/icd.c Sat Jun 9 03:05:29 2001
@@ -289,7 +289,8 @@
syslog(L_ERROR, "%s too_long %s", LogName, MaxLength(Name, Name));
return FALSE;
}
- (void)sprintf(buff, "%s 0000000000 0000000001 %s\n", Name, Rest);
+ (void)snprintf(buff, sizeof buff, "%s 0000000000 0000000001 %s\n",
+ Name, Rest);
ICDiovset(&iov[0], ICDactpointer, ICDactsize);
ICDiovset(&iov[1], buff, strlen(buff));
diff -Naur --recursive inn2-2.3.1.orig/innd/innd.c inn2-2.3.1/innd/innd.c
--- inn2-2.3.1.orig/innd/innd.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/innd/innd.c Sat Jun 9 03:05:29 2001
@@ -410,7 +410,7 @@
DISPOSE(Reservation);
Reservation = NULL;
}
- (void)sprintf(buff, "%s writing %s file -- throttling",
+ (void)snprintf(buff, sizeof buff, "%s writing %s file -- throttling",
strerror(oerrno), when);
if ((p = CCblock(OMthrottled, buff)) != NULL)
syslog(L_ERROR, "%s cant throttle %s", LogName, p);
@@ -434,7 +434,7 @@
DISPOSE(Reservation);
Reservation = NULL;
}
- (void)sprintf(buff, "%s storing article -- throttling",
+ (void)snprintf(buff, sizeof buff, "%s storing article -- throttling",
SMerrorstr);
if ((p = CCblock(OMthrottled, buff)) != NULL)
syslog(L_ERROR, "%s cant throttle %s", LogName, p);
@@ -659,7 +659,7 @@
case 't': Mode = OMthrottled; break;
}
if (Mode != OMrunning) {
- (void)sprintf(buff, "%sed from command line",
+ (void)snprintf(buff, sizeof buff, "%sed from command line",
Mode == OMpaused ? "Paus" : "Throttl");
ModeReason = COPY(buff);
}
diff -Naur --recursive inn2-2.3.1.orig/innd/inndstart.c inn2-2.3.1/innd/inndstart.c
--- inn2-2.3.1.orig/innd/inndstart.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innd/inndstart.c Sat Jun 9 03:05:29 2001
@@ -338,7 +338,7 @@
innd_argv[i] = 0;
printf("When starting innd, use -dp%d\n", s);
#else /* DEBUGGER */
- sprintf(pflag, "-p%d", s);
+ snprintf(pflag, sizeof pflag, "-p%d", s);
innd_argv[i++] = cpcatpath(innconf->pathbin, "innd");
innd_argv[i++] = pflag;
diff -Naur --recursive inn2-2.3.1.orig/innd/nc.c inn2-2.3.1/innd/nc.c
--- inn2-2.3.1.orig/innd/nc.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/innd/nc.c Sat Jun 9 03:05:29 2001
@@ -200,7 +200,7 @@
if (cp->Sendid.Size > 3) { /* We be streaming */
char buff[4];
cp->Takethis_Ok++;
- (void)sprintf(buff, "%d", NNTP_OK_RECID_VAL);
+ (void)snprintf(buff, sizeof buff, "%d", NNTP_OK_RECID_VAL);
cp->Sendid.Data[0] = buff[0];
cp->Sendid.Data[1] = buff[1];
cp->Sendid.Data[2] = buff[2];
@@ -335,7 +335,7 @@
/* Write the message. */
p = TokenToText(*token);
buff = NEW(char, strlen(p) + 16);
- (void)sprintf(buff, "%d 0 %s", NNTP_NOTHING_FOLLOWS_VAL, p);
+ (void)snprintf(buff, sizeof buff, "%d 0 %s", NNTP_NOTHING_FOLLOWS_VAL, p);
NCwritereply(cp, buff);
DISPOSE(buff);
}
@@ -642,7 +642,7 @@
else if (caseEQ(p, "stream") &&
(!StreamingOff && cp->Streaming)) {
char buff[16];
- (void)sprintf(buff, "%d StreamOK.", NNTP_OK_STREAM_VAL);
+ (void)snprintf(buff, sizeof buff, "%d StreamOK.", NNTP_OK_STREAM_VAL);
NCwritereply(cp, buff);
syslog(L_NOTICE, "%s NCmode \"mode stream\" received",
CHANname(cp));
@@ -692,7 +692,8 @@
for (p = cp->In.Data; *p && !ISWHITE(*p); p++)
continue;
*p = '\0';
- (void)sprintf(buff, "%d \"%s\" not implemented; try \"help\".",
+ (void)snprintf(buff, sizeof buff,
+ "%d \"%s\" not implemented; try \"help\".",
NNTP_BAD_COMMAND_VAL, MaxLength(cp->In.Data, cp->In.Data));
NCwritereply(cp, buff);
}
@@ -877,7 +878,7 @@
if (cp->Sendid.Size > 3) { /* We be streaming */
char buff[4];
cp->Takethis_Err++;
- (void)sprintf(buff, "%d", NNTP_ERR_FAILID_VAL);
+ (void)snprintf(buff, sizeof buff, "%d", NNTP_ERR_FAILID_VAL);
cp->Sendid.Data[0] = buff[0];
cp->Sendid.Data[1] = buff[1];
cp->Sendid.Data[2] = buff[2];
@@ -968,7 +969,8 @@
syslog(L_NOTICE, "%s internal rejecting huge article (%d > %d)",
CHANname(cp), i, innconf->maxartsize);
cp->LargeArtSize = 0;
- (void)sprintf(buff, "%d Article exceeds local limit of %ld bytes",
+ (void)snprintf(buff, sizeof buff,
+ "%d Article exceeds local limit of %ld bytes",
NNTP_REJECTIT_VAL, innconf->maxartsize);
cp->State = CSgetcmd;
if (cp->Sendid.Size)
@@ -1036,7 +1038,8 @@
syslog(L_NOTICE, "%s internal rejecting too long command line (%d > %d)",
CHANname(cp), i, NNTP_STRLEN);
cp->LargeCmdSize = 0;
- (void)sprintf(buff, "%d command exceeds local limit of %d bytes",
+ (void)snprintf(buff, sizeof buff,
+ "%d command exceeds local limit of %d bytes",
NNTP_BAD_COMMAND_VAL, NNTP_STRLEN);
cp->State = CSgetcmd;
NCwritereply(cp, buff);
@@ -1091,15 +1094,15 @@
now = time(NULL);
failed = 0;
/* time+channel file descriptor should make an unique file name */
- sprintf(buff, "%s/%ld%d.tmp", innconf->pathincoming,
- now, cp->fd);
+ snprintf(buff, sizeof buff, "%s/%ld%d.tmp",
+ innconf->pathincoming, now, cp->fd);
fd = open(buff, O_WRONLY|O_CREAT|O_EXCL, ARTFILE_MODE);
if (fd < 0) {
oerrno = errno;
failed = 1;
syslog(L_ERROR, "%s cannot open outfile %s for xbatch: %m",
CHANname(cp), buff);
- sprintf(buff, "%s cant create file: %s",
+ snprintf(buff, sizeof buff, "%s cant create file: %s",
NNTP_RESENDIT_XBATCHERR, strerror(oerrno));
NCwritereply(cp, buff);
} else {
@@ -1107,7 +1110,8 @@
oerrno = errno;
syslog(L_ERROR, "%s cant write batch to file %s: %m",
CHANname(cp), buff);
- sprintf(buff, "%s cant write batch to file: %s",
+ snprintf(buff, sizeof buff,
+ "%s cant write batch to file: %s",
NNTP_RESENDIT_XBATCHERR, strerror(oerrno));
NCwritereply(cp, buff);
failed = 1;
@@ -1117,18 +1121,19 @@
oerrno = errno;
syslog(L_ERROR, "%s error closing batch file %s: %m",
CHANname(cp), failed ? "" : buff);
- sprintf(buff, "%s error closing batch file: %s",
+ snprintf(buff, sizeof buff,
+ "%s error closing batch file: %s",
NNTP_RESENDIT_XBATCHERR, strerror(oerrno));
NCwritereply(cp, buff);
failed = 1;
}
- sprintf(buff2, "%s/%ld%d.x", innconf->pathincoming,
- now, cp->fd);
+ snprintf(buff2, sizeof buff2, "%s/%ld%d.x",
+ innconf->pathincoming, now, cp->fd);
if (rename(buff, buff2)) {
oerrno = errno;
syslog(L_ERROR, "%s cant rename %s to %s: %m",
CHANname(cp), failed ? "" : buff, buff2);
- sprintf(buff, "%s cant rename batch to %s: %s",
+ snprintf(buff, sizeof buff,"%s cant rename batch to %s: %s",
NNTP_RESENDIT_XBATCHERR, buff2, strerror(oerrno));
NCwritereply(cp, buff);
failed = 1;
@@ -1238,7 +1243,7 @@
if (p == NULL)
/* Worked in main, now it fails? Curious. */
p = Path.Data;
- (void)sprintf(buff, "%d %s InterNetNews server %s ready",
+ (void)snprintf(buff, sizeof buff, "%d %s InterNetNews server %s ready",
NNTP_POSTOK_VAL, p, inn_version_string);
NCgreeting = COPY(buff);
diff -Naur --recursive inn2-2.3.1.orig/innd/perl.c inn2-2.3.1/innd/perl.c
--- inn2-2.3.1.orig/innd/perl.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innd/perl.c Sat Jun 9 03:05:29 2001
@@ -279,7 +279,7 @@
/* If any of the times are missing, they should default to now. */
if (i < 4) {
- sprintf(tbuff, "%ld", (long) time((time_t *) 0));
+ snprintf(tbuff, sizeof tbuff, "%ld", (long) time((time_t *) 0));
for (; i < 4; i++)
parambuf[i] = tbuff;
}
diff -Naur --recursive inn2-2.3.1.orig/innd/python.c inn2-2.3.1/innd/python.c
--- inn2-2.3.1.orig/innd/python.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innd/python.c Sat Jun 9 03:05:29 2001
@@ -213,17 +213,17 @@
return;
switch (Mode) {
- default: strcpy(oldmode, "unknown"); break;
- case OMrunning: strcpy(oldmode, "running"); break;
- case OMpaused: strcpy(oldmode, "paused"); break;
- case OMthrottled: strcpy(oldmode, "throttled"); break;
+ default: strncpy(oldmode, "unknown", sizeof oldmode); break;
+ case OMrunning: strncpy(oldmode, "running", sizeof oldmode); break;
+ case OMpaused: strncpy(oldmode, "paused", sizeof oldmode); break;
+ case OMthrottled: strncpy(oldmode, "throttled", sizeof oldmode); break;
}
switch (NewMode) {
- default: strcpy(newmode, "unknown"); break;
- case OMrunning: strcpy(newmode, "running"); break;
- case OMpaused: strcpy(newmode, "paused"); break;
- case OMthrottled: strcpy(newmode, "throttled"); break;
+ default: strncpy(newmode, "unknown", sizeof newmode); break;
+ case OMrunning: strncpy(newmode, "running", sizeof newmode); break;
+ case OMpaused: strncpy(newmode, "paused", sizeof newmode); break;
+ case OMthrottled: strncpy(newmode, "throttled", sizeof newmode); break;
}
result = PyObject_CallFunction(mode_method, "sss",
@@ -315,7 +315,7 @@
if (!PyArg_ParseTuple(args, "s#", &msgid, &msgidlen))
return NULL;
- sprintf(tbuff, "%d",time((long *)0));
+ snprintf(tbuff, sizeof tbuff, "%d",time((long *)0));
parambuf[0] = msgid;
parambuf[1] = parambuf[2] = parambuf[3] = tbuff;
diff -Naur --recursive inn2-2.3.1.orig/innd/rc.c inn2-2.3.1/innd/rc.c
--- inn2-2.3.1.orig/innd/rc.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innd/rc.c Sat Jun 9 03:05:29 2001
@@ -325,7 +325,7 @@
argv[1] = "-s ";
i = 2;
if (NNRPReason) {
- (void)sprintf(buff, "-r%s", NNRPReason);
+ (void)snprintf(buff, sizeof buff, "-r%s", NNRPReason);
argv[i++] = buff;
}
if (NNRPTracing)
@@ -495,7 +495,9 @@
if (new->MaxCnx > 0 && new->HoldTime == 0) {
CHANsetActiveCnx(new);
if((new->ActiveCnx > new->MaxCnx) && (new->fd > 0)) {
- sprintf(buff, "You are limited to %d connection%s", new->MaxCnx, (new->MaxCnx != 1) ? "s" : "");
+ snprintf(buff, sizeof buff,
+ "You are limited to %d connection%s",
+ new->MaxCnx, (new->MaxCnx != 1) ? "s" : "");
NCwriteshutdown(new, buff);
syslog(L_NOTICE, "too many connections from %s", rp->Label);
} else {
@@ -1498,7 +1500,7 @@
for (rp = RCpeerlist, i = RCnpeerlist; --i >= 0; rp++)
if (cp->Address.s_addr == rp->Address.s_addr)
return rp->Name;
- (void)strcpy(buff, inet_ntoa(cp->Address));
+ (void)strncpy(buff, inet_ntoa(cp->Address), sizeof buff);
return buff;
}
diff -Naur --recursive inn2-2.3.1.orig/innd/site.c inn2-2.3.1/innd/site.c
--- inn2-2.3.1.orig/innd/site.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innd/site.c Sat Jun 9 03:05:29 2001
@@ -405,13 +405,13 @@
case FEED_TIMEPOSTED:
if (Dirty)
BUFFappend(bp, ITEMSEP, STRLEN(ITEMSEP));
- sprintf(pbuff, "%ld", Data->Posted);
+ snprintf(pbuff, sizeof pbuff, "%ld", Data->Posted);
BUFFappend(bp, pbuff, strlen(pbuff));
break;
case FEED_TIMEEXPIRED:
if (Dirty)
BUFFappend(bp, ITEMSEP, STRLEN(ITEMSEP));
- sprintf(pbuff, "%ld", Data->Expires);
+ snprintf(pbuff, sizeof pbuff, "%ld", Data->Expires);
BUFFappend(bp, pbuff, strlen(pbuff));
break;
case FEED_MESSAGEID:
@@ -507,11 +507,11 @@
(void)strcat(temp, sp->FNLnames.Data);
(void)strcat(temp, &p[1]);
*p = '*';
- (void)sprintf(buff, temp, Data->Name);
+ (void)snprintf(buff, sizeof buff, temp, Data->Name);
DISPOSE(temp);
}
else
- (void)sprintf(buff, sp->Param, Data->Name);
+ (void)snprintf(buff, sizeof buff, sp->Param, Data->Name);
if (NeedShell(buff, argv, ENDOF(argv))) {
argv[0] = SITEshell;
@@ -1122,7 +1122,8 @@
}
p = buff;
- (void)sprintf(buff, "%s%s:\t", sp->Name, sp->IsMaster ? "(*)" : "");
+ (void)snprintf(buff, sizeof buff, "%s%s:\t", sp->Name,
+ sp->IsMaster ? "(*)" : "");
p += strlen(p);
if (sp->Type == FTfunnel) {
diff -Naur --recursive inn2-2.3.1.orig/innd/status.c inn2-2.3.1/innd/status.c
--- inn2-2.3.1.orig/innd/status.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innd/status.c Sat Jun 9 03:05:29 2001
@@ -72,7 +72,7 @@
STATUSlast_time = STATUSgettime(); /* First invocation */
now = time (NULL) ;
- strcpy (start_time, ctime (&now)) ;
+ strncpy (start_time, ctime (&now), sizeof start_time) ;
}
char *PrettySize (float size, char *str)
@@ -112,9 +112,11 @@
#endif /* defined(DO_PERL) */
#if defined(HTML_STATUS)
- sprintf (TempString, "%s/%s", innconf->pathhttp, STATUS_FILE);
+ snprintf (TempString, sizeof TempString, "%s/%s", innconf->pathhttp,
+ STATUS_FILE);
#else
- sprintf (TempString, "%s/%s", innconf->pathlog, STATUS_FILE);
+ snprintf (TempString, sizeof TempString, "%s/%s", innconf->pathlog,
+ STATUS_FILE);
#endif
if ((F = Fopen(TempString, "w", TEMPORARYOPEN)) == NULL)
return;
@@ -134,7 +136,8 @@
tmp = head = NULL;
for (i = 0; (cp = CHANiter(&i, CTnntp)) != NULL; ) {
j = 0;
- strcpy(TempString, cp->Address.s_addr == 0 ? "localhost" : RChostname(cp));
+ strncpy(TempString, cp->Address.s_addr == 0 ? "localhost" : RChostname(cp),
+ sizeof TempString);
for (status = head ; status != NULL ; status = status->next) {
if (strcmp(TempString, status->name) == 0)
break;
@@ -211,7 +214,7 @@
/* Header */
now = time (NULL);
- strcpy (TempString, ctime (&now));
+ strncpy (TempString, ctime (&now), sizeof TempString);
fprintf (F, "Updated: %s", TempString);
fprintf (F, "(peers: %d, active-cxns: %d, sleeping-cxns: %d)\n\n",
peers, activeCxn, sleepingCxns);
diff -Naur --recursive inn2-2.3.1.orig/innd/tcl.c inn2-2.3.1/innd/tcl.c
--- inn2-2.3.1.orig/innd/tcl.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/innd/tcl.c Sat Jun 9 03:05:29 2001
@@ -165,7 +165,7 @@
{
char buf[100];
- sprintf(buf, "%08x",
+ snprintf(buf, sizeof buf, "%08x",
makechecksum(TCLCurrData->Body,
&TCLCurrArticle->Data[TCLCurrArticle->Used] -
TCLCurrData->Body));
diff -Naur --recursive inn2-2.3.1.orig/innd/timer.c inn2-2.3.1/innd/timer.c
--- inn2-2.3.1.orig/innd/timer.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innd/timer.c Sat Jun 9 03:05:29 2001
@@ -79,7 +79,7 @@
char *str;
int i;
- sprintf(buffer, "ME time %d ", secs);
+ snprintf(buffer, sizeof buffer, "ME time %d ", secs);
for (i = 0; i < maxtimer; i++) {
str = "???";
switch (i) {
@@ -97,7 +97,7 @@
case TMR_PERL: str = "perl"; break;
case TMR_PYTHON: str = "python"; break;
}
- sprintf(buf, "%s %d(%d) ", str, cumulative[i], count[i]);
+ snprintf(buf, sizeof buf, "%s %d(%d) ", str, cumulative[i], count[i]);
cumulative[i] = count[i] = 0;
strcat(buffer, buf);
}
diff -Naur --recursive inn2-2.3.1.orig/innfeed/connection.c inn2-2.3.1/innfeed/connection.c
--- inn2-2.3.1.orig/innfeed/connection.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innfeed/connection.c Sat Jun 9 03:05:29 2001
@@ -4084,7 +4084,7 @@
FREE (PointersFreedOnExit) ;
freeTimeoutQueue () ;
- strcpy (dateString,ctime (&now)) ;
+ strncpy (dateString,ctime (&now), sizeof dateString) ;
dateString [24] = '\0' ;
syslog (LOG_NOTICE,STOPPING_PROGRAM,dateString) ;
@@ -4276,47 +4276,47 @@
switch (state)
{
case cxnStartingS:
- strcpy (rval,"cxnStartingS") ;
+ strncpy (rval,"cxnStartingS", sizeof rval) ;
break ;
case cxnWaitingS:
- strcpy (rval,"cxnWaitingS") ;
+ strncpy (rval,"cxnWaitingS", sizeof rval) ;
break ;
case cxnConnectingS:
- strcpy (rval,"cxnConnectingS") ;
+ strncpy (rval,"cxnConnectingS", sizeof rval) ;
break ;
case cxnIdleS:
- strcpy (rval,"cxnIdleS") ;
+ strncpy (rval,"cxnIdleS", sizeof rval) ;
break ;
case cxnIdleTimeoutS:
- strcpy (rval,"cxnIdleTimeoutS") ;
+ strncpy (rval,"cxnIdleTimeoutS", sizeof rval) ;
break ;
case cxnFeedingS:
- strcpy (rval,"cxnFeedingS") ;
+ strncpy (rval,"cxnFeedingS", sizeof rval) ;
break ;
case cxnSleepingS:
- strcpy (rval,"cxnSleepingS") ;
+ strncpy (rval,"cxnSleepingS", sizeof rval) ;
break ;
case cxnFlushingS:
- strcpy (rval,"cxnFlushingS") ;
+ strncpy (rval,"cxnFlushingS", sizeof rval) ;
break ;
case cxnClosingS:
- strcpy (rval,"cxnClosingS") ;
+ strncpy (rval,"cxnClosingS", sizeof rval) ;
break ;
case cxnDeadS:
- strcpy (rval,"cxnDeadS") ;
+ strncpy (rval,"cxnDeadS", sizeof rval) ;
break ;
default:
- sprintf (rval,"UNKNOWN STATE: %d",state) ;
+ snprintf (rval, sizeof rval, "UNKNOWN STATE: %d",state) ;
break ;
}
diff -Naur --recursive inn2-2.3.1.orig/innfeed/host.c inn2-2.3.1/innfeed/host.c
--- inn2-2.3.1.orig/innfeed/host.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/innfeed/host.c Sat Jun 9 03:05:29 2001
@@ -1116,7 +1116,7 @@
if (maxIpNameLen == 0)
{
start = theTime() ;
- strcpy (startTime,ctime (&start)) ;
+ strncpy (startTime,ctime (&start), sizeof startTime) ;
myPid = getpid() ;
}
@@ -2449,9 +2449,11 @@
else
{
const char *logDir = innconf->pathlog;
-
- statusFile = malloc (strlen (logDir) + strlen (filename) + 2) ;
- sprintf (statusFile,"%s/%s",logDir,filename) ;
+ size_t len;
+
+ len = strlen (logDir) + strlen (filename) + 2;
+ statusFile = malloc (len);
+ snprintf (statusFile,len,"%s/%s",logDir,filename) ;
}
if ((fp = fopen (statusFile,"w")) == NULL)
@@ -3210,12 +3212,12 @@
(double) host->gCxnQueue / (host->gArtsOffered ? host->gArtsOffered :1) ,
100.0 * host->blFull / cnt) ;
size=convsize(host->gArtsSizeAccepted, &tsize);
- sprintf(buf,"%.3g %s", size, tsize);
+ snprintf(buf,sizeof buf,"%.3g %s", size, tsize);
fprintf (fp, "accpt size: %-8s drop-deferred: %-5s defer length: %-3.1f\n",
buf, host->params->dropDeferred ? "true " : "false",
(double)host->dlAccum / cnt) ;
size=convsize(host->gArtsSizeRejected, &tsize);
- sprintf(buf,"%.3g %s", size, tsize);
+ snprintf(buf,sizeof buf,"%.3g %s", size, tsize);
fprintf (fp, "rejct size: %-8s min-queue-cxn: %s\n",
buf, host->params->minQueueCxn ? "true " : "false");
diff -Naur --recursive inn2-2.3.1.orig/innfeed/innlistener.c inn2-2.3.1/innfeed/innlistener.c
--- inn2-2.3.1.orig/innfeed/innlistener.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innfeed/innlistener.c Sat Jun 9 03:05:29 2001
@@ -264,7 +264,7 @@
char dateString [30] ;
gHostStats();
- strcpy (dateString,ctime (&now)) ;
+ strncpy (dateString,ctime (&now), sizeof dateString) ;
dateString [24] = '\0' ;
if (fastExit)
@@ -714,7 +714,7 @@
syslog (LOG_ERR, "ME tell(mainFd): %m") ;
else
{
- (void) sprintf (offsetString, "%ld\n",
+ (void) snprintf (offsetString, sizeof offsetString, "%ld\n",
(long)(offset - offsetAdjust) ) ;
if ( lseek (mainFd, (OFFSET_T)0, SEEK_SET) != 0 )
syslog (LOG_ERR, "ME seek(mainFd, 0, 0): %m") ;
@@ -745,13 +745,15 @@
{
pid_t myPid = getpid () ;
const char *tapeDir = getTapeDirectory() ;
+ size_t len;
if (dropArtFile != NULL)
FREE (dropArtFile) ;
- dropArtFile = malloc (pathMax(tapeDir) + 1) ;
+ len = pathMax(tapeDir) + 1;
+ dropArtFile = malloc (len) ;
- sprintf (dropArtFile,"%s/innfeed-dropped.%c%06d",
+ snprintf (dropArtFile,len,"%s/innfeed-dropped.%c%06d",
tapeDir, droppedFileCount + 'A', (int) myPid) ;
if ((droppedFp = fopen (dropArtFile,"w")) == NULL)
diff -Naur --recursive inn2-2.3.1.orig/innfeed/main.c inn2-2.3.1/innfeed/main.c
--- inn2-2.3.1.orig/innfeed/main.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/innfeed/main.c Sat Jun 9 03:05:29 2001
@@ -157,7 +157,7 @@
bool val;
- strcpy (dateString,ctime(&now)) ;
+ strncpy (dateString,ctime(&now), dateString) ;
dateString [24] = '\0' ;
if ((program = strrchr (argv [0],'/')) == NULL)
diff -Naur --recursive inn2-2.3.1.orig/innfeed/misc.c inn2-2.3.1/innfeed/misc.c
--- inn2-2.3.1.orig/innfeed/misc.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/innfeed/misc.c Sat Jun 9 03:05:29 2001
@@ -108,7 +108,8 @@
return ;
now = theTime() ;
- strcpy (timeString, ctime (&now) + 4) ; /* strip off leading day name */
+ strncpy (timeString, ctime (&now) + 4,
+ sizeof timeString) ; /* strip off leading day name */
timeString [15] = '\0' ; /* strip off trailing year and newline */
va_start (ap, fmt) ;
@@ -129,7 +130,7 @@
char *p = NULL ;
int out ;
- strcpy (timeString,ctime (&now)) ;
+ strncpy (timeString,ctime (&now), sizeof timeString) ;
timeString [24] = '\0' ;
fprintf (stderr, "%s %s: ",
@@ -138,7 +139,7 @@
fprintf (stderr,"\n") ;
p = malloc (out + 10) ;
- vsprintf (p,fmt,args) ;
+ vsnprintf (p,out+10,fmt,args) ;
syslog (level,"%s",p) ;
}
@@ -156,7 +157,7 @@
{
char buffer [512] ; /* gag me */
- vsprintf (buffer,fmt,ap) ;
+ vsnprintf (buffer,sizeof buffer,fmt,ap) ;
syslog (level,buffer) ;
}
va_end (ap) ;
@@ -462,15 +463,15 @@
int fd, i ;
pid_t pid = getpid () ;
- strcpy (realName,fileName) ;
+ strncpy (realName,fileName, realName) ;
if ((p = strrchr (realName, '/')) != NULL)
{
*p = '\0' ;
- sprintf (tmpName, "%s/lockf%ld", realName, (long) pid) ;
+ snprintf (tmpName, sizeof tmpName, "%s/lockf%ld", realName, (long) pid) ;
*p = '/' ;
}
else
- sprintf (tmpName, "lockf%ld", (long) pid) ;
+ snprintf (tmpName, sizeof tmpName, "lockf%ld", (long) pid) ;
/* Create the temporary name for the lock file. */
while ((fd = open (tmpName, O_RDWR | O_CREAT | O_EXCL, 0644)) < 0)
@@ -493,7 +494,7 @@
}
/* stick our pid in the temp file. */
- sprintf (buff,"%ld\n",(long) pid) ;
+ snprintf (buff,sizeof buff,"%ld\n",(long) pid) ;
if (write (fd,buff,(size_t) strlen (buff)) != (int) strlen (buff))
{
syslog (LOG_ERR,NO_WRITE_LOCK_PID) ;
@@ -728,9 +729,11 @@
FILE *tmpFp ;
int c ;
int i ;
+ size_t len;
- tmpname = malloc (pathMax(NULL) + 1) ;
- sprintf (tmpname,"%s.XXXXXX",name) ;
+ len = pathMax(NULL) + 1 ;
+ tmpname = malloc (len) ;
+ snprintf (tmpname,len,"%s.XXXXXX",name) ;
mktemp (tmpname) ;
if (currlen <= size)
diff -Naur --recursive inn2-2.3.1.orig/lib/argparse.c inn2-2.3.1/lib/argparse.c
--- inn2-2.3.1.orig/lib/argparse.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/argparse.c Sat Jun 9 03:05:29 2001
@@ -33,7 +33,7 @@
line++;
i = strlen(line);
p = NEW(char, i + 1);
- (void)strcpy(p, line);
+ (void)strncpy(p, line, i + 1);
/* Allocate worst-case amount of space. */
for (*argvp = argv = NEW(char*, i + 2); *p; ) {
diff -Naur --recursive inn2-2.3.1.orig/lib/clientactive.c inn2-2.3.1/lib/clientactive.c
--- inn2-2.3.1.orig/lib/clientactive.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/lib/clientactive.c Sat Jun 9 03:05:29 2001
@@ -98,7 +98,8 @@
if (FromServer == NULL || ToServer == NULL)
return NULL;
- (void)sprintf(CApathname, "%.220s/%s", innconf->pathtmp, _PATH_TEMPACTIVE);
+ (void)snprintf(CApathname, sizeof CApathname, "%.220s/%s",
+ innconf->pathtmp, _PATH_TEMPACTIVE);
(void)mktemp(CApathname);
return CAfp = CA_listopen(CApathname, FromServer, ToServer, request);
}
diff -Naur --recursive inn2-2.3.1.orig/lib/clientlib.c inn2-2.3.1/lib/clientlib.c
--- inn2-2.3.1.orig/lib/clientlib.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/clientlib.c Sat Jun 9 03:05:29 2001
@@ -58,7 +58,7 @@
if (get_server(line2, (int)sizeof line2) < 0)
return -1;
if (atoi(line2) != NNTP_BAD_COMMAND_VAL)
- (void)strcpy(ser_line, line2);
+ (void)strncpy(ser_line, line2, sizeof ser_line);
/* Connected; return server's reply code. */
return atoi(ser_line);
diff -Naur --recursive inn2-2.3.1.orig/lib/date.c inn2-2.3.1/lib/date.c
--- inn2-2.3.1.orig/lib/date.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/lib/date.c Sat Jun 9 03:05:29 2001
@@ -83,7 +83,7 @@
** Given a time_t, a flag saying whether to use local time, a buffer, and
** the length of the buffer, write the contents of a valid RFC 822 / RFC
** 1036 Date header into the buffer (provided it's long enough). Returns
-** true on success, false if the buffer is too long. Use sprintf rather
+** true on success, false if the buffer is too long. Use snprintf rather
** than strftime to be absolutely certain that locales don't result in the
** wrong output. If the time is zero, obtain and use the current time.
*/
@@ -134,7 +134,7 @@
optional in the standard). Assume the struct tm values are sane and
won't overflow the buffer (they would have to be in violation of
ISO/ANSI C to do so). */
- sprintf(buff, "%3.3s, %d %3.3s %d %02d:%02d:%02d %c%02d%02d",
+ snprintf(buff, sizeof buff, "%3.3s, %d %3.3s %d %02d:%02d:%02d %c%02d%02d",
&WEEKDAY[tm.tm_wday][0], tm.tm_mday, &MONTH[tm.tm_mon][0],
1900 + tm.tm_year, tm.tm_hour, tm.tm_min, tm.tm_sec,
(tz_sign > 0) ? '+' : '-', tz_hour_offset, tz_min_offset);
@@ -155,7 +155,8 @@
#endif
}
if (tz_name != NULL && date_length + 4 + strlen(tz_name) <= buflen) {
- sprintf(buff + date_length, " (%s)", tz_name);
+ snprintf(buff + date_length, sizeof buff - date_length,
+ " (%s)", tz_name);
}
return TRUE;
}
diff -Naur --recursive inn2-2.3.1.orig/lib/dbz.c inn2-2.3.1/lib/dbz.c
--- inn2-2.3.1.orig/lib/dbz.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/lib/dbz.c Sat Jun 9 03:05:29 2001
@@ -1628,15 +1628,15 @@
char fn[1024];
#ifdef DO_TAGGED_HASH
- sprintf(fn, "%s.pag", filename);
+ snprintf(fn, sizeof fn, "%s.pag", filename);
unlink(fn);
#else
- sprintf(fn, "%s.exists", filename);
+ snprintf(fn, sizeof fn, "%s.exists", filename);
unlink(fn);
- sprintf(fn, "%s.index", filename);
+ snprintf(fn, sizeof fn, "%s.index", filename);
unlink(fn);
#endif
- sprintf(fn, "%s.dir", filename);
+ snprintf(fn, sizeof fn, "%s.dir", filename);
unlink(fn);
}
diff -Naur --recursive inn2-2.3.1.orig/lib/defdist.c inn2-2.3.1/lib/defdist.c
--- inn2-2.3.1.orig/lib/defdist.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/defdist.c Sat Jun 9 03:05:29 2001
@@ -45,7 +45,8 @@
/* We're probably nnrpd running on the server and the
* file isn't installed. Oh well. */
return NULL;
- (void)sprintf(name, "%.220s/%s", innconf->pathtmp, _PATH_TEMPACTIVE);
+ (void)snprintf(name, sizeof name, "%.220s/%s", innconf->pathtmp,
+ _PATH_TEMPACTIVE);
(void)mktemp(name);
if ((F = CA_listopen(name, FromServer, ToServer,
"distrib.pats")) == NULL)
diff -Naur --recursive inn2-2.3.1.orig/lib/genid.c inn2-2.3.1/lib/genid.c
--- inn2-2.3.1.orig/lib/genid.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/genid.c Sat Jun 9 03:05:29 2001
@@ -36,6 +36,6 @@
if ((p = GetFQDN(domain)) == NULL)
return NULL;
}
- sprintf(buff, "<%s$%s$%d@%s>", sec32, pid32, ++count, p);
+ snprintf(buff, sizeof buff, "<%s$%s$%d@%s>", sec32, pid32, ++count, p);
return buff;
}
diff -Naur --recursive inn2-2.3.1.orig/lib/getconfig.c inn2-2.3.1/lib/getconfig.c
--- inn2-2.3.1.orig/lib/getconfig.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/lib/getconfig.c Sat Jun 9 03:05:29 2001
@@ -51,7 +51,7 @@
if (strchr(f, '/') != NULL) {
return(f);
} else {
- strcpy(pathbuff, p);
+ strncpy(pathbuff, p, sizeof pathbuff);
strcat(pathbuff, "/");
strcat(pathbuff, f);
}
@@ -394,7 +394,7 @@
tmpdir = NEW(char, dirlen);
else
RENEW(tmpdir, char, dirlen);
- sprintf(tmpdir, "TMPDIR=%s", innconf->pathtmp);
+ snprintf(tmpdir, dirlen, "TMPDIR=%s", innconf->pathtmp);
putenv(tmpdir);
/* tmpdir should not be freed for some OS */
if (innconf->enableoverview && innconf->ovmethod == NULL) {
diff -Naur --recursive inn2-2.3.1.orig/lib/getfqdn.c inn2-2.3.1/lib/getfqdn.c
--- inn2-2.3.1.orig/lib/getfqdn.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/getfqdn.c Sat Jun 9 03:05:29 2001
@@ -55,7 +55,7 @@
/* First, see if the main name is a FQDN. It should be. */
if (hp != NULL && strchr(hp->h_name, '.') != NULL) {
if (strlen(hp->h_name) < sizeof buff - 1)
- return strcpy(buff, hp->h_name);
+ return strncpy(buff, hp->h_name, sizeof buff);
/* Doesn't fit; make sure we don't return bad data next time. */
buff[0] = '\0';
return hp->h_name;
@@ -67,7 +67,7 @@
if (strchr(p, '.') != NULL) {
/* Deja-vous all over again. */
if (strlen(p) < sizeof buff - 1)
- return strcpy(buff, p);
+ return strncpy(buff, p, sizeof buff);
buff[0] = '\0';
return p ;
}
diff -Naur --recursive inn2-2.3.1.orig/lib/getmodaddr.c inn2-2.3.1/lib/getmodaddr.c
--- inn2-2.3.1.orig/lib/getmodaddr.c Sat Jun 9 00:24:38 2001
+++ inn2-2.3.1/lib/getmodaddr.c Sat Jun 9 03:05:29 2001
@@ -93,7 +93,7 @@
char buff[BUFSIZ];
char name[SMBUF];
- (void)strcpy(name, group);
+ (void)strncpy(name, group, sizeof name);
address[0] = '\0';
if (FromServer==NULL || ToServer==NULL){
@@ -107,8 +107,8 @@
/*
* Get a local copy of the moderators file from the server.
*/
- (void)sprintf(GMApathname, "%.220s/%s", innconf->pathtmp,
- _PATH_TEMPMODERATORS);
+ (void)snprintf(GMApathname, sizeof GMApathname, "%.220s/%s",
+ innconf->pathtmp, _PATH_TEMPMODERATORS);
(void)mktemp(GMApathname);
GMAfp = GMA_listopen(GMApathname, FromServer, ToServer, "moderators");
/* Fallback to the local copy if the server doesn't have it */
@@ -138,7 +138,7 @@
for (p = name; *p; p++)
if (*p == '.')
*p = '-';
- (void)sprintf(address, save, name);
+ (void)snprintf(address, sizeof address, save, name);
break;
}
}
@@ -155,6 +155,6 @@
for (p = name; *p; p++)
if (*p == '.')
*p = '-';
- (void)sprintf(address, save, name);
+ (void)snprintf(address, sizeof address, save, name);
return address;
}
diff -Naur --recursive inn2-2.3.1.orig/lib/hstrerror.c inn2-2.3.1/lib/hstrerror.c
--- inn2-2.3.1.orig/lib/hstrerror.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/hstrerror.c Sat Jun 9 03:05:29 2001
@@ -27,7 +27,7 @@
if (err > 0 && err < pvt_h_nerr)
return(pvt_h_errlist[err]) ;
else {
- sprintf (buf,"(herrno = %d)", h_errno) ;
+ snprintf (buf, sizeof buf, "(herrno = %d)", h_errno) ;
return(buf);
}
}
diff -Naur --recursive inn2-2.3.1.orig/lib/inet_ntoa.c inn2-2.3.1/lib/inet_ntoa.c
--- inn2-2.3.1.orig/lib/inet_ntoa.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/inet_ntoa.c Sat Jun 9 03:05:29 2001
@@ -60,6 +60,7 @@
char *p;
p = (char *)∈
- (void)sprintf(buff, "%d.%d.%d.%d", UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
+ (void)snprintf(buff, sizeof buff, "%d.%d.%d.%d",
+ UC(p[0]), UC(p[1]), UC(p[2]), UC(p[3]));
return buff;
}
diff -Naur --recursive inn2-2.3.1.orig/lib/lock.c inn2-2.3.1/lib/lock.c
--- inn2-2.3.1.orig/lib/lock.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/lock.c Sat Jun 9 03:05:29 2001
@@ -31,7 +31,7 @@
char buff[72];
int i;
- (void)sprintf(buff, COMMAND, "throttle", (long)getpid());
+ (void)snprintf(buff, sizeof buff, COMMAND, "throttle", (long)getpid());
i = system(buff) >> 8;
if (i)
error("Can't lock");
@@ -49,11 +49,11 @@
int i;
if (IsLocked) {
- (void)sprintf(buff, COMMAND, "go", (long)getpid());
+ (void)snprintf(buff, sizeof buff, COMMAND, "go", (long)getpid());
i = system(buff) >> 8;
if (i)
error("Can't reload");
- (void)sprintf(buff, "ctlinnd go");
+ (void)snprintf(buff, sizeof buff, "ctlinnd go");
i = system(buff) >> 8;
if (i)
error("Can't unlock");
diff -Naur --recursive inn2-2.3.1.orig/lib/perl.c inn2-2.3.1/lib/perl.c
--- inn2-2.3.1.orig/lib/perl.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/perl.c Sat Jun 9 03:05:29 2001
@@ -160,6 +160,7 @@
{
dSP ;
char *argv [3] ;
+ size_t len;
ENTER ;
SAVETMPS ;
@@ -188,8 +189,9 @@
/* If the reload failed we don't want the old definition hanging
around. */
- argv[0] = NEW (char,strlen (function) + strlen ("undef &%s")) ;
- sprintf (argv[0],"undef &%s",function) ;
+ len = strlen (function) + strlen ("undef &%s") ;
+ argv[0] = NEW (char,len) ;
+ snprintf (argv[0],len,"undef &%s",function) ;
perl_call_argv ("_eval_",0,argv) ;
if (SvTRUE(ERRSV)) /* check $@ */ {
diff -Naur --recursive inn2-2.3.1.orig/lib/strerror.c inn2-2.3.1/lib/strerror.c
--- inn2-2.3.1.orig/lib/strerror.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/lib/strerror.c Sat Jun 9 03:05:29 2001
@@ -1,6 +1,6 @@
/* $Revision: 1.1.1.1 $
**
-** Only <errno.h> is needed; the others are just to get the right sprintf()
+** Only <errno.h> is needed; the others are just to get the right snprintf()
** declaration, sigh.
*/
#include <stdio.h>
@@ -23,6 +23,6 @@
if (e >= 0 && e < sys_nerr)
return sys_errlist[e];
- (void)sprintf(buff, "Error code %d\n", e);
+ (void)snprintf(buff, sizeof buff, "Error code %d\n", e);
return buff;
}
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/article.c inn2-2.3.1/nnrpd/article.c
--- inn2-2.3.1.orig/nnrpd/article.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/nnrpd/article.c Sat Jun 9 03:05:29 2001
@@ -458,7 +458,7 @@
}
}
virtualpath = NEW(char, VirtualPathlen + 2);
- sprintf(virtualpath, "!%s", VirtualPath);
+ snprintf(virtualpath, VirtualPathlen + 2, "!%s", VirtualPath);
for (s = path ; s + VirtualPathlen + 1 < ARThandle->data + ARThandle->len ; s++) {
if (*s != *virtualpath || !EQn(s, virtualpath, VirtualPathlen + 1))
continue;
@@ -564,7 +564,8 @@
}
if (pathheader && (VirtualPathlen > 0)) {
virtualpath = NEW(char, VirtualPathlen + 1);
- sprintf(virtualpath, "!%s", VirtualPath);
+ snprintf(virtualpath, VirtualPathlen + 1, "!%s",
+ VirtualPath);
for (s = p ; s + VirtualPathlen + 1 < ARThandle->data + ARThandle->len ; s++) {
if (*s != *virtualpath || !EQn(s, virtualpath, VirtualPathlen + 1))
continue;
@@ -601,7 +602,7 @@
/* Lines estimation taken from Tor Lillqvist <tml at tik.vtt.fi>'s
* posting <TML.92Jul10031233 at hemuli.tik.vtt.fi> in
* news.sysadmin. */
- (void)sprintf(buff, "%d",
+ (void)snprintf(buff, sizeof buff, "%d",
(int)(6.4e-8 * ARThandle->len * ARThandle->len + 0.023 * ARThandle->len - 12));
return buff;
}
@@ -676,7 +677,7 @@
Reply("%s\r\n", ARTnocurrart);
return;
}
- (void)sprintf(buff, "%d", ARTnumber);
+ (void)snprintf(buff, sizeof buff, "%d", ARTnumber);
tart=ARTnumber;
}
else {
@@ -684,7 +685,7 @@
Reply("%s\r\n", ARTnoartingroup);
return;
}
- (void)strcpy(buff, av[1]);
+ (void)strncpy(buff, av[1], sizeof buff);
tart=(ARTNUM)atol(buff);
}
@@ -694,7 +695,7 @@
Reply("%s\r\n", ARTnoartingroup);
return;
}
- (void)sprintf(buff, "%d", ARTnumber);
+ (void)snprintf(buff, sizeof buff, "%d", ARTnumber);
tart=ARTnumber;
}
if (ac > 1)
@@ -981,7 +982,7 @@
p = GetHeader(av[1], IsLines);
if (!p)
continue;
- (void)sprintf(buff, "%d ", i);
+ (void)snprintf(buff, sizeof buff, "%d ", i);
SendIOb(buff, strlen(buff));
SendIOb(p, strlen(p));
SendIOb("\r\n", 2);
@@ -1004,7 +1005,7 @@
p = OVERGetHeader(data, Overview);
if (!p)
continue;
- sprintf(buff, "%lu ", artnum);
+ snprintf(buff, sizeof buff, "%lu ", artnum);
SendIOb(buff, strlen(buff));
SendIOb(p, strlen(p));
SendIOb("\r\n", 2);
@@ -1229,7 +1230,7 @@
continue;
p = GetHeader(header, FALSE);
if (p && wildmat(p, pattern)) {
- sprintf(buff, "%u ", i);
+ snprintf(buff, sizeof buff, "%u ", i);
SendIOb(buff, strlen(buff));
SendIOb(p, strlen(p));
SendIOb("\r\n", 2);
@@ -1255,7 +1256,7 @@
continue;
if ((p = OVERGetHeader(data, Overview)) != NULL) {
if (wildmat(p, pattern)) {
- sprintf(buff, "%lu ", artnum);
+ snprintf(buff, sizeof buff, "%lu ", artnum);
SendIOb(buff, strlen(buff));
SendIOb(p, strlen(p));
SendIOb("\r\n", 2);
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/commands.c inn2-2.3.1/nnrpd/commands.c
--- inn2-2.3.1.orig/nnrpd/commands.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/nnrpd/commands.c Sat Jun 9 03:05:29 2001
@@ -106,11 +106,11 @@
}
if (strchr(_PATH_AUTHDIR,'/') == NULL)
- (void)sprintf(path, "%s/%s/%s/%s", innconf->pathbin, _PATH_AUTHDIR,
- _PATH_AUTHDIR_GENERIC, av[0]);
+ (void)snprintf(path, sizeof path, "%s/%s/%s/%s",
+ innconf->pathbin, _PATH_AUTHDIR, _PATH_AUTHDIR_GENERIC, av[0]);
else
- (void)sprintf(path, "%s/%s/%s", _PATH_AUTHDIR, _PATH_AUTHDIR_GENERIC,
- av[0]);
+ (void)snprintf(path, sizeof path, "%s/%s/%s",
+ _PATH_AUTHDIR, _PATH_AUTHDIR_GENERIC, av[0]);
#if !defined(S_IXUSR) && defined(_S_IXUSR)
#define S_IXUSR _S_IXUSR
@@ -194,8 +194,8 @@
PERMcanpost = strchr(fields[1], 'P') != NULL;
PERMaccessconf->locpost = strchr(fields[1], 'L') != NULL;
if (strchr(fields[1], 'N') != NULL) PERMaccessconf->allownewnews = TRUE;
- sprintf(PERMuser, "%s@%s", fields[2], fields[0]);
- (void)strcpy(PERMpass, fields[3]);
+ snprintf(PERMuser, sizeof PERMuser, "%s@%s", fields[2], fields[0]);
+ (void)strncpy(PERMpass, fields[3], sizeof PERMpass);
(void)strcpy(accesslist, fields[4]);
/*(void)strcpy(writeaccess, fields[5]); future work? */
@@ -219,7 +219,7 @@
if (caseEQ(av[1], "generic")) {
char *logrec = Glom(av);
- strcpy(PERMuser, "<none>");
+ strncpy(PERMuser, "<none>", sizeof PERMuser);
switch (PERMgeneric(av, accesslist)) {
case 1:
@@ -289,8 +289,8 @@
}
Reply("%d Ok\r\n", NNTP_AUTH_OK_VAL);
/* save these values in case you need them later */
- strcpy(PERMuser, User);
- strcpy(PERMpass, Password);
+ strncpy(PERMuser, User, sizeof PERMuser);
+ strncpy(PERMpass, Password, sizeof PERMpass);
PERMneedauth = FALSE;
PERMauthorized = TRUE;
return;
@@ -317,8 +317,8 @@
}
Reply("%d Ok\r\n", NNTP_AUTH_OK_VAL);
/* save these values in case you need them later */
- strcpy(PERMuser, User);
- strcpy(PERMpass, Password);
+ strncpy(PERMuser, User, sizeof PERMuser);
+ strncpy(PERMpass, Password, sizeof PERMpass);
PERMneedauth = FALSE;
PERMauthorized = TRUE;
return;
@@ -793,10 +793,11 @@
q = p;
if ((p = strchr(p, '@')) != NULL) {
*++p = '\0';
- sprintf(idbuff, "%s%s>", q, PERMaccessconf->domain);
+ snprintf(idbuff, sizeof idbuff, "%s%s>", q,
+ PERMaccessconf->domain);
}
} else {
- strcpy(idbuff, p);
+ strncpy(idbuff, p, sizeof idbuff);
}
}
Reply("%d Ok, recommended ID %s\r\n", NNTP_START_POST_VAL, idbuff);
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/group.c inn2-2.3.1/nnrpd/group.c
--- inn2-2.3.1.orig/nnrpd/group.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/nnrpd/group.c Sat Jun 9 03:05:29 2001
@@ -123,7 +123,7 @@
char repbuff[1024];
if (GRPcur) {
- (void)strcpy(buff, GRPcur);
+ (void)strncpy(buff, GRPcur, sizeof buff);
syslog(L_NOTICE, "%s group %s %ld", ClientHost, buff, GRParticles);
GRParticles = 0;
repbuff[0]='\0';
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/misc.c inn2-2.3.1/nnrpd/misc.c
--- inn2-2.3.1.orig/nnrpd/misc.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/nnrpd/misc.c Sat Jun 9 03:05:29 2001
@@ -61,7 +61,7 @@
line++;
i = strlen(line);
p = NEW(char, i + 1);
- (void)strcpy(p, line);
+ (void)strncpy(p, line, i+1);
/* Allocate worst-case amount of space. */
for (*argvp = argv = NEW(char*, i + 2); *p; ) {
@@ -215,7 +215,7 @@
datelen = strlen(av1);
if ((datelen < 6 || datelen > 8) || strlen(av2) != 6)
return -1;
- (void)sprintf(buff, "%s%s", av1, av2);
+ (void)snprintf(buff, sizeof buff, "%s%s", av1, av2);
for (p = buff; *p; p++)
if (!CTYPE(isdigit, (int)*p))
return -1;
@@ -358,7 +358,8 @@
HASH hash;
time_t dummy = ~(time_t)0;
TOKEN token;
- sprintf(buff, "[%s]%c%lu%c%lu%c%lu%c%s\n", HashToText(hash),
+ snprintf(buff, sizeof buff, "[%s]%c%lu%c%lu%c%lu%c%s\n",
+ HashToText(hash),
HIS_FIELDSEP, dummy, HIS_SUBFIELDSEP,
dummy, HIS_SUBFIELDSEP,
dummy, HIS_FIELDSEP, TokenToText(token));
@@ -448,7 +449,7 @@
save = p + 1;
if (IsToken(save) && ((useoffset != TRUE) || (off != NULL))) {
- strcpy(path, save);
+ strncpy(path, save, sizeof path);
return path;
}
@@ -465,7 +466,7 @@
for (p = save; *p; p++)
if (*p == '.')
*p = '/';
- (void)sprintf(path, "%s/%s", innconf->patharticles, save);
+ (void)snprintf(path, sizeof path, "%s/%s", innconf->patharticles, save);
if (stat(path, &Sb) >= 0)
return path;
if (q == NULL)
@@ -673,7 +674,7 @@
unsigned int i;
if (PERMaccessconf->backoff_auth) {
- sprintf(buff,"%s/%s",postrec_dir,user);
+ snprintf(buff,sizeof buff,"%s/%s",postrec_dir,user);
return(buff);
}
@@ -681,13 +682,14 @@
addr[i] = (unsigned char) (0x000000ff & (ip>>(i*8)));
}
- sprintf(dirbuff,"%s/%03d%03d/%03d",postrec_dir,addr[3],addr[2],addr[1]);
+ snprintf(dirbuff,sizeof dirbuff,"%s/%03d%03d/%03d",
+ postrec_dir,addr[3],addr[2],addr[1]);
if (!MakeDirectory(dirbuff,TRUE)) {
syslog(L_ERROR,"%s Unable to create postrec directories '%s': %s",
ClientHost,dirbuff,strerror(errno));
return NULL;
}
- sprintf(buff,"%s/%03d",dirbuff,addr[0]);
+ snprintf(buff,sizeof buff,"%s/%03d",dirbuff,addr[0]);
return(buff);
}
@@ -702,7 +704,7 @@
char temp[SPOOLNAMEBUFF];
int statfailed = 0;
- sprintf(lockname, "%s.lock", path);
+ snprintf(lockname, sizeof lockname, "%s.lock", path);
for (;; sleep(5)) {
int fd;
@@ -712,7 +714,7 @@
fd = open(lockname, O_WRONLY|O_EXCL|O_CREAT, 0600);
if (fd >= 0) {
/* We got the lock! */
- sprintf(temp, "pid:%ld\n", (unsigned long) getpid());
+ snprintf(temp, sizeof temp, "pid:%ld\n", (unsigned long) getpid());
write(fd, temp, strlen(temp));
close(fd);
return(1);
@@ -741,7 +743,7 @@
{
char lockname[SPOOLNAMEBUFF];
- sprintf(lockname, "%s.lock", path);
+ snprintf(lockname, sizeof lockname, "%s.lock", path);
if (unlink(lockname) < 0) {
syslog(L_ERROR, "%s can't unlink lock file: %s", ClientHost,strerror(errno)) ;
}
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/newnews.c inn2-2.3.1/nnrpd/newnews.c
--- inn2-2.3.1.orig/nnrpd/newnews.c Sat Jun 9 00:24:40 2001
+++ inn2-2.3.1/nnrpd/newnews.c Sat Jun 9 03:05:29 2001
@@ -225,7 +225,7 @@
if (innconf->nicenewnews > 0)
nice(innconf->nicenewnews);
- (void)sprintf(line, "%s %s %s %s %s", av[1], av[2], av[3],
+ (void)snprintf(line, sizeof line, "%s %s %s %s %s", av[1], av[2], av[3],
(ac >= 5 && (*av[4] == 'G' || *av[4] == 'U')) ? "GMT" : "local",
(ac >= 5 && *av[ac - 1] == '<') ? av[ac - 1] : "none");
syslog(L_NOTICE, "%s newnews %s", ClientHost, line);
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/nnrpd.c inn2-2.3.1/nnrpd/nnrpd.c
--- inn2-2.3.1.orig/nnrpd/nnrpd.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/nnrpd/nnrpd.c Sat Jun 9 03:05:29 2001
@@ -329,7 +329,7 @@
p = TITLEstart;
*p++ = '-';
- (void)sprintf(buff, "%s %s", ClientHost, what);
+ (void)snprintf(buff, sizeof buff, "%s %s", ClientHost, what);
i = strlen(buff);
if (i > TITLEend - p - 2) {
i = TITLEend - p - 2;
@@ -342,7 +342,7 @@
char buff[BUFSIZ];
union pstun un;
- (void)sprintf(buff, "(nnrpd) %s %s", ClientHost, what);
+ (void)snprintf(buff, sizeof buff, "(nnrpd) %s %s", ClientHost, what);
un.pst_command = buff;
(void)pstat(PSTAT_SETCMD, un, strlen(buff), 0, 0);
#endif /* !defined(_HPUX_SOURCE) */
@@ -430,11 +430,11 @@
if (getpeername(STDIN, (struct sockaddr *)&sin, &length) < 0) {
if (!isatty(STDIN)) {
syslog(L_TRACE, "%s cant getpeername %m", "?");
- (void)strcpy(ClientHost, "?"); /* so stats generation looks correct. */
+ (void)strncpy(ClientHost, "?", sizeof ClientHost); /* so stats generation looks correct. */
Printf("%d I can't get your name. Goodbye.\r\n", NNTP_ACCESS_VAL);
ExitWithStats(1, TRUE);
}
- (void)strcpy(ClientHost, "stdin");
+ (void)strncpy(ClientHost, "stdin", sizeof ClientHost);
ClientIP = 0L;
ServerHost[0] = '\0';
}
@@ -451,7 +451,8 @@
#if defined(DO_NNRP_GETHOSTBYADDR)
HostErrorStr = NULL;
if (!Address2Name(&sin.sin_addr, ClientHost, (int)sizeof ClientHost)) {
- (void)strcpy(ClientHost, inet_ntoa(sin.sin_addr));
+ (void)strncpy(ClientHost, inet_ntoa(sin.sin_addr),
+ sizeof ClientHost);
if (HostErrorStr == NULL) {
syslog(L_NOTICE,
"? cant gethostbyaddr %s %m -- using IP address for access",
@@ -466,11 +467,11 @@
}
else {
ClientAddr = buff;
- (void)strcpy(buff, inet_ntoa(sin.sin_addr));
+ (void)strncpy(buff, inet_ntoa(sin.sin_addr), sizeof buff);
ClientIP = inet_addr(buff);
}
#else
- (void)strcpy(ClientHost, inet_ntoa(sin.sin_addr));
+ (void)strncpy(ClientHost, inet_ntoa(sin.sin_addr), sizeof ClientHost);
ClientIP = inet_addr(ClientHost);
#endif /* defined(DO_NNRP_GETHOSTBYADDR) */
(void)strncpy(ClientIp, inet_ntoa(sin.sin_addr), sizeof(ClientIp));
@@ -483,7 +484,7 @@
#ifdef DO_NNRP_GETHOSTBYADDR
HostErrorStr = NULL;
if (!Address2Name(&sin.sin_addr, ServerHost, sizeof(ServerHost))) {
- strcpy(ServerHost, inet_ntoa(sin.sin_addr));
+ strncpy(ServerHost, inet_ntoa(sin.sin_addr), ServerHost);
if (HostErrorStr == NULL) {
syslog(L_NOTICE,
"? cant gethostbyaddr %s %m -- using IP address for access",
@@ -495,7 +496,7 @@
}
}
#else
- strcpy(ServerHost, inet_ntoa(sin.sin_addr));
+ strncpy(ServerHost, inet_ntoa(sin.sin_addr), sizeof ServerHost);
#endif /* DO_NNRP_GETHOSTBYADDR */
}
@@ -580,7 +581,7 @@
#ifdef HAVE_SSL
if (tls_conn) {
VA_START(fmt);
- vsprintf(buff,fmt, args);
+ vsnprintf(buff,sizeof buff,fmt, args);
va_end(args);
SSL_write(tls_conn, buff, strlen(buff));
} else {
@@ -599,7 +600,7 @@
/* Copy output, but strip trailing CR-LF. Note we're assuming here
that no output line can ever be longer than 2045 characters. */
- vsprintf(buff, fmt, args);
+ vsnprintf(buff, sizeof buff, fmt, args);
va_end(args);
p = buff + strlen(buff) - 1;
while (p >= buff && (*p == '\n' || *p == '\r'))
@@ -619,7 +620,7 @@
if (tls_conn) {
VA_START(fmt);
- vsprintf(buff,fmt, args);
+ vsnprintf(buff, sizeof buff, fmt, args);
va_end(args);
SSL_write(tls_conn, buff, strlen(buff));
} else {
@@ -779,7 +780,7 @@
LLOGenable=FALSE;
GRPcur = NULL;
MaxBytesPerSecond = 0;
- strcpy(Username, "unknown");
+ strncpy(Username, "unknown", Username);
openlog("nnrpd", L_OPENLOG_FLAGS | LOG_PID, LOG_INN_PROG);
@@ -1047,7 +1048,7 @@
}
#endif /* NNRP_LOADLIMIT > 0 */
- strcpy (LogName, "?");
+ strncpy (LogName, "?", LogName);
/* Catch SIGPIPE so that we can exit out of long write loops */
(void)xsignal(SIGPIPE, CatchPipe);
@@ -1088,7 +1089,8 @@
gettimeofday(&tv,NULL);
count += pid;
vid = tv.tv_sec ^ tv.tv_usec ^ pid ^ count;
- sprintf(LocalLogFileName, "%s/tracklogs/log-%d", innconf->pathlog,vid);
+ snprintf(LocalLogFileName, sizeof LocalLogFileName,
+ "%s/tracklogs/log-%d", innconf->pathlog,vid);
if ((locallog=fopen(LocalLogFileName, "w")) != NULL) {
syslog(L_NOTICE, "%s Local Logging begins (%s) %s",ClientHost, Username, LocalLogFileName);
fprintf(locallog, "%s Tracking Enabled (%s)\n", ClientHost, Username);
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/perl.c inn2-2.3.1/nnrpd/perl.c
--- inn2-2.3.1.orig/nnrpd/perl.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/nnrpd/perl.c Sat Jun 9 03:05:29 2001
@@ -158,7 +158,7 @@
}
x = strlen(p) + strlen(s) + 3;
t = NEW(char, x);
- sprintf(t,"%s: %s",p,s);
+ snprintf(t,x,"%s: %s",p,s);
OtherHeaders[i++] = t;
HeaderLen += x;
}
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/perm.c inn2-2.3.1/nnrpd/perm.c
--- inn2-2.3.1.orig/nnrpd/perm.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/nnrpd/perm.c Sat Jun 9 03:05:29 2001
@@ -569,7 +569,8 @@
}
TEST_CONFIG(oldtype, bit);
if (bit) {
- sprintf(buff, "Duplicated '%s' field in authgroup.", oldname);
+ snprintf(buff, sizeof buff, "Duplicated '%s' field in authgroup.",
+ oldname);
ReportError(f, buff);
}
@@ -678,7 +679,8 @@
}
TEST_CONFIG(oldtype, bit);
if (bit) {
- sprintf(buff, "Duplicated '%s' field in accessgroup.", oldname);
+ snprintf(buff, sizeof buff, "Duplicated '%s' field in accessgroup.",
+ oldname);
ReportError(f, buff);
}
if (caseEQ(tok->name, "on") || caseEQ(tok->name, "true") || caseEQ(tok->name, "yes"))
@@ -1229,7 +1231,7 @@
uname = auth_realms[i]->default_user;
}
if (uname) {
- strcpy(PERMuser, uname);
+ strncpy(PERMuser, uname, sizeof PERMuser);
uname = strchr(PERMuser, '@');
if (!uname && auth_realms[i]->default_domain) {
/* append the default domain to the username */
@@ -1292,7 +1294,7 @@
while (runame == NULL && i--)
runame = AuthenticateUser(auth_realms[i], uname, pass);
if (runame) {
- strcpy(PERMuser, runame);
+ strncpy(PERMuser, runame, sizeof PERMuser);
uname = strchr(PERMuser, '@');
if (!uname && auth_realms[i]->default_domain) {
/* append the default domain to the username */
@@ -1417,11 +1419,13 @@
}
VirtualPathlen = strlen(PERMaccessconf->domain) + strlen("!");
VirtualPath = NEW(char, VirtualPathlen + 1);
- sprintf(VirtualPath, "%s!", PERMaccessconf->domain);
+ snprintf(VirtualPath, VirtualPathlen + 1, "%s!",
+ PERMaccessconf->domain);
} else {
VirtualPathlen = strlen(PERMaccessconf->pathhost) + strlen("!");
VirtualPath = NEW(char, VirtualPathlen + 1);
- sprintf(VirtualPath, "%s!", PERMaccessconf->pathhost);
+ snprintf(VirtualPath, VirtualPathlen + 1, "%s!",
+ PERMaccessconf->pathhost);
}
} else
VirtualPathlen = 0;
@@ -1701,7 +1705,7 @@
static void HandleProgLine(char *ln)
{
if (!strncmp(ln, "User:", strlen("User:")))
- strcpy(ubuf, ln+strlen("User:"));
+ strncpy(ubuf, ln+strlen("User:"), sizeof ubuf);
}
/* messages from a programs stderr */
@@ -1827,13 +1831,15 @@
EXECSTUFF *foo;
int done = 0;
char buf[BIG_BUFFER];
+ size_t len;
if (!auth->res_methods)
return(0);
- resdir = NEW(char, strlen(cpcatpath(innconf->pathbin, _PATH_AUTHDIR)) +
- 1 + strlen(_PATH_AUTHDIR_NOPASS) + 1 + 1);
- sprintf(resdir, "%s/%s/", cpcatpath(innconf->pathbin, _PATH_AUTHDIR),
+ len = strlen(cpcatpath(innconf->pathbin, _PATH_AUTHDIR)) +
+ 1 + strlen(_PATH_AUTHDIR_NOPASS) + 1 + 1;
+ resdir = NEW(char, len);
+ snprintf(resdir, len, "%s/%s/", cpcatpath(innconf->pathbin, _PATH_AUTHDIR),
_PATH_AUTHDIR_NOPASS);
ubuf[0] = '\0';
@@ -1848,8 +1854,9 @@
cp = COPY(auth->res_methods[i]->program);
args = 0;
Argify(cp, &args);
- arg0 = NEW(char, strlen(resdir)+strlen(args[0])+1);
- sprintf(arg0, "%s%s", resdir, args[0]);
+ len = strlen(resdir)+strlen(args[0])+1;
+ arg0 = NEW(char, len);
+ snprintf(arg0, len, "%s%s", resdir, args[0]);
/* exec the resolver */
foo = ExecProg(arg0, args);
if (foo) {
@@ -1892,13 +1899,15 @@
EXECSTUFF *foo;
int done = 0;
char buf[BIG_BUFFER];
+ size_t len;
if (!auth->auth_methods)
return(0);
- resdir = NEW(char, strlen(cpcatpath(innconf->pathbin, _PATH_AUTHDIR)) +
- 1 + strlen(_PATH_AUTHDIR_PASSWD) + 1 + 1);
- sprintf(resdir, "%s/%s/", cpcatpath(innconf->pathbin, _PATH_AUTHDIR),
+ len = strlen(cpcatpath(innconf->pathbin, _PATH_AUTHDIR)) +
+ 1 + strlen(_PATH_AUTHDIR_PASSWD) + 1 + 1;
+ resdir = NEW(char, len);
+ snprintf(resdir, len, "%s/%s/", cpcatpath(innconf->pathbin, _PATH_AUTHDIR),
_PATH_AUTHDIR_PASSWD);
ubuf[0] = '\0';
@@ -1917,8 +1926,9 @@
cp = COPY(auth->auth_methods[i]->program);
args = 0;
Argify(cp, &args);
- arg0 = NEW(char, strlen(resdir)+strlen(args[0])+1);
- sprintf(arg0, "%s%s", resdir, args[0]);
+ len = strlen(resdir)+strlen(args[0])+1;
+ arg0 = NEW(char, len);
+ snprintf(arg0, len, "%s%s", resdir, args[0]);
/* exec the authenticator */
foo = ExecProg(arg0, args);
if (foo) {
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/post.c inn2-2.3.1/nnrpd/post.c
--- inn2-2.3.1.orig/nnrpd/post.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/nnrpd/post.c Sat Jun 9 03:05:29 2001
@@ -209,11 +209,13 @@
&& p[hp->Size] == ':'
&& caseEQn(p, hp->Name, hp->Size)) {
if (hp->Type == HTobs) {
- (void)sprintf(Error, "Obsolete \"%s\" header", hp->Name);
+ (void)snprintf(Error, sizeof Error,
+ "Obsolete \"%s\" header", hp->Name);
return NULL;
}
if (hp->Value) {
- (void)sprintf(Error, "Duplicate \"%s\" header", hp->Name);
+ (void)snprintf(Error, sizeof Error,
+ "Duplicate \"%s\" header", hp->Name);
return NULL;
}
for (q = &p[hp->Size + 1]; ISWHITE(*q); q++)
@@ -233,7 +235,8 @@
/* Get start of next header; if it's a blank line, we hit the end. */
if ((p = NextHeader(p)) == NULL) {
- (void)strcpy(Error, "Article has no body -- just headers");
+ (void)strncpy(Error, "Article has no body -- just headers",
+ sizeof Error);
return NULL;
}
if (*p == '\n')
@@ -280,7 +283,8 @@
/* SUPPRESS 530 *//* Empty body for statement */
;
else {
- (void)sprintf(Error, "\"%s\" is not a valid control message",
+ (void)snprintf(Error, sizeof Error,
+ "\"%s\" is not a valid control message",
MaxLength(ctrl,ctrl));
return Error;
}
@@ -304,7 +308,8 @@
do {
for (dp = BadDistribs; *dp; dp++)
if (wildmat(p, *dp)) {
- (void)sprintf(Error, "Illegal distribution \"%s\"", MaxLength(p,p));
+ (void)snprintf(Error, sizeof Error,
+ "Illegal distribution \"%s\"", MaxLength(p,p));
return Error;
}
} while ((p = strtok((char *)NULL, SEPS)) != NULL);
@@ -336,17 +341,20 @@
char *error;
pid_t pid;
BOOL addvirtual = FALSE;
+ size_t len;
/* Various things need Now to be set. */
if (GetTimeInfo(&Now) < 0) {
- sprintf(Error, "Can't get the time, %s", strerror(errno));
+ snprintf(Error, sizeof Error, "Can't get the time, %s",
+ strerror(errno));
return Error;
}
/* Do some preliminary fix-ups. */
for (hp = Table; hp < ENDOF(Table); hp++) {
if (!hp->CanSet && hp->Value) {
- (void)sprintf(Error, "Can't set system \"%s\" header", hp->Name);
+ (void)snprintf(Error, sizeof Error,
+ "Can't set system \"%s\" header", hp->Name);
return Error;
}
if (hp->Value) {
@@ -362,13 +370,16 @@
* unauthenticated data. */
if (PERMauthorized && HDR(_sender) == NULL) {
if (PERMuser[0] == '\0') {
- (void)sprintf(sendbuff, "%s@%s", "UNKNOWN", ClientHost);
+ (void)snprintf(sendbuff, sizeof sendbuff, "%s@%s",
+ "UNKNOWN", ClientHost);
} else {
if ((p = strchr(PERMuser, '@')) == NULL) {
- (void)sprintf(sendbuff, "%s@%s", PERMuser, ClientHost);
+ (void)snprintf(sendbuff, sizeof sendbuff, "%s@%s",
+ PERMuser, ClientHost);
} else {
*p = '\0';
- (void)sprintf(sendbuff, "%s@%s", PERMuser, ClientHost);
+ (void)snprintf(sendbuff, sizeof sendbuff, "%s@%s",
+ PERMuser, ClientHost);
*p = '@';
}
}
@@ -454,8 +465,9 @@
if (addvirtual) {
if (newpath != NULL)
DISPOSE(newpath);
- newpath = NEW(char, VirtualPathlen + strlen(HDR(_path)) + 1);
- sprintf(newpath, "%s%s", VirtualPath, HDR(_path));
+ len = VirtualPathlen + strlen(HDR(_path)) + 1;
+ newpath = NEW(char, len);
+ snprintf(newpath, len, "%s%s", VirtualPath, HDR(_path));
HDR(_path) = newpath;
}
@@ -482,7 +494,7 @@
/* Set Organization */
if (HDR(_organization) == NULL
&& (p = PERMaccessconf->organization) != NULL) {
- (void)strcpy(orgbuff, p);
+ (void)strncpy(orgbuff, p, orgbuff);
HDR(_organization) = orgbuff;
}
@@ -491,7 +503,7 @@
/* Approved; left alone. */
/* Set Lines */
- (void)sprintf(linebuff, "%d", linecount);
+ (void)snprintf(linebuff, sizeof linebuff, "%d", linecount);
HDR(_lines) = linebuff;
/* Supersedes; left alone. */
@@ -513,7 +525,8 @@
else
if ((p = GetFQDN(PERMaccessconf->domain)) == NULL)
p = "unknown";
- sprintf(tracebuff, "%s %ld %ld %s (%d %3.3s %d %02d:%02d:%02d GMT)",
+ snprintf(tracebuff, sizeof tracebuff,
+ "%s %ld %ld %s (%d %3.3s %d %02d:%02d:%02d GMT)",
p, (long) t, (long) pid, ClientIp,
gmt->tm_mday, &MONTHS[3 * gmt->tm_mon], 1900 + gmt->tm_year,
gmt->tm_hour, gmt->tm_min, gmt->tm_sec);
@@ -521,12 +534,12 @@
/* X-Complaints-To; set */
if ((p = PERMaccessconf->complaints) != NULL)
- sprintf (complaintsbuff, "%s",p) ;
+ snprintf (complaintsbuff, sizeof complaintsbuff, "%s",p) ;
else {
if ((p = PERMaccessconf->fromhost) != NULL && strchr(NEWSMASTER, '@') == NULL)
- sprintf (complaintsbuff, "%s@%s", NEWSMASTER, p);
+ snprintf (complaintsbuff, sizeof complaintsbuff, "%s@%s", NEWSMASTER, p);
else
- sprintf (complaintsbuff, "%s", NEWSMASTER);
+ snprintf (complaintsbuff, sizeof complaintsbuff, "%s", NEWSMASTER);
}
HDR(_xcomplaintsto) = complaintsbuff ;
@@ -539,7 +552,8 @@
/* Now make sure everything is there. */
for (hp = Table; hp < ENDOF(Table); hp++)
if (hp->Type == HTreq && hp->Value == NULL) {
- (void)sprintf(Error, "Required \"%s\" header is missing", hp->Name);
+ (void)snprintf(Error, sizeof Error,
+ "Required \"%s\" header is missing", hp->Name);
return Error;
}
@@ -603,7 +617,8 @@
/* Try to get the address first. */
if ((address = GetModeratorAddress(NULL, NULL, group, PERMaccessconf->moderatormailer)) == NULL) {
- (void)sprintf(Error, "No mailing address for \"%s\" -- %s",
+ (void)snprintf(Error, sizeof Error,
+ "No mailing address for \"%s\" -- %s",
group, "ask your news administrator to fix this");
DISPOSE(group);
return Error;
@@ -614,7 +629,7 @@
* in case %s isn't in inconf->mta) and send the headers. */
if ((mta = innconf->mta) == NULL)
return "Can't start mailer - mta not set";
- (void)sprintf(buff, innconf->mta, address);
+ (void)snprintf(buff, sizeof buff, innconf->mta, address);
if ((F = popen(buff, "w")) == NULL)
return "Can't start mailer";
(void)fprintf(F, "To: %s\n", address);
@@ -649,7 +664,8 @@
}
i = pclose(F);
if (i) {
- (void)sprintf(Error, "Mailer exited with status %d -- %s",
+ (void)snprintf(Error, sizeof Error,
+ "Mailer exited with status %d -- %s",
i, "Article might not have been mailed");
return Error;
}
@@ -693,7 +709,8 @@
grplist[0] = p;
grplist[1] = NULL;
if (!PERMmatch(PERMpostlist, grplist)) {
- sprintf(Error, "You are not allowed to post to %s\r\n", p);
+ snprintf(Error, sizeof Error,
+ "You are not allowed to post to %s\r\n", p);
}
}
if (!OVgroupstats(p, NULL, NULL, NULL, &flag))
@@ -712,7 +729,7 @@
} else {
if (reply != NULL) {
syslog(L_TRACE, "PY_authorize() returned a refuse string for user %s at %s who wants to read %s: %s", PERMuser, ClientHost, p, reply);
- (void)sprintf(Error, "%s\r\n", reply);
+ (void)snprintf(Error, sizeof Error, "%s\r\n", reply);
break;
}
}
@@ -727,14 +744,14 @@
case NF_FLAG_IGNORE:
case NF_FLAG_NOLOCAL:
if (!PERMaccessconf->locpost)
- (void)sprintf(Error, "Postings to \"%s\" are not allowed here.",
- p);
+ (void)snprintf(Error, sizeof Error,
+ "Postings to \"%s\" are not allowed here.", p);
break;
case NF_FLAG_EXCLUDED:
/* Do NOT return an error. */
break;
case NF_FLAG_ALIAS:
- (void)sprintf(Error,
+ (void)snprintf(Error, sizeof Error,
"The newsgroup \"%s\" has been renamed.\n", p);
break;
}
@@ -742,7 +759,8 @@
DISPOSE(groups);
if (!FoundOne && !IsNewgroup)
- (void)sprintf(Error, "No valid newsgroups in \"%s\"", MaxLength(hdr,hdr));
+ (void)snprintf(Error, sizeof Error,
+ "No valid newsgroups in \"%s\"", MaxLength(hdr,hdr));
if (Error[0]) {
tmpPtr = DDend(h);
DISPOSE(tmpPtr) ;
@@ -751,7 +769,7 @@
p = DDend(h);
if (HDR(_distribution) == NULL && *p) {
- (void)strcpy(distbuff, p);
+ (void)strncpy(distbuff, p, sizeof distbuff);
HDR(_distribution) = distbuff;
}
DISPOSE(p);
@@ -792,7 +810,7 @@
(void)fprintf(ToServer, "ihave %s\r\n", HDR(_messageid));
if (FLUSH_ERROR(ToServer)
|| fgets(buff, buffsize, FromServer) == NULL) {
- (void)sprintf(buff, CANTSEND, "IHAVE", strerror(errno));
+ (void)snprintf(buff, buffsize, CANTSEND, "IHAVE", strerror(errno));
return -1;
}
return atoi(buff);
@@ -816,7 +834,8 @@
char path[BUFSIZ];
/* Initialize the returned error message */
- sprintf(CANTSPOOL, "%s and can't write text to local spool file", Error);
+ snprintf(CANTSPOOL, sizeof CANTSPOOL,
+ "%s and can't write text to local spool file", Error);
/* Try to write it to the spool dir. */
TempName(SpoolDir, temp);
@@ -931,7 +950,7 @@
int result;
char SDir[255];
- sprintf(TrackID,"%s/trackposts/track.", innconf->pathlog);
+ snprintf(TrackID, sizeof TrackID, "%s/trackposts/track.", innconf->pathlog);
/* Set up the other headers list. */
if (OtherHeaders == NULL) {
@@ -973,7 +992,7 @@
HeaderCleanFrom(frombuf);
p = strchr(frombuf, '@');
if (p) {
- strcpy(frombuf, p+1);
+ strncpy(frombuf, p+1, sizeof frombuf);
p = strrchr(frombuf, '.');
if (!p) {
if (modgroup)
@@ -995,7 +1014,7 @@
}
if ((PERMaccessconf->localmaxartsize > 0) &&
(strlen(article) > PERMaccessconf->localmaxartsize)) {
- (void)sprintf(Error,
+ (void)snprintf(Error, sizeof Error,
"Article is bigger then local limit of %ld bytes\n",
PERMaccessconf->localmaxartsize);
if (modgroup)
@@ -1008,7 +1027,8 @@
if ((p = (char *)HandleHeaders(article)) != NULL) {
if (idbuff) {
if (modgroup)
- sprintf(idbuff, "(mailed to moderator for %s)", modgroup);
+ snprintf(idbuff, sizeof idbuff,
+ "(mailed to moderator for %s)", modgroup);
else
(void)strncpy(idbuff, HDR(_messageid), SMBUF - 1);
idbuff[SMBUF - 1] = '\0';
@@ -1021,7 +1041,7 @@
}
else if (strncmp(p, "SPOOL", 5) == 0) {
syslog(L_NOTICE, "%s post %s", ClientHost, p);
- strcpy(SDir, innconf->pathincoming);
+ strncpy(SDir, innconf->pathincoming, sizeof SDir);
if (modgroup)
{
DISPOSE(modgroup);
@@ -1046,7 +1066,7 @@
if (idbuff != NULL) {
char *retstr;
retstr = MailArticle(modgroup, article);
- strcpy (idbuff,"(mailed to moderator)") ;
+ strncpy (idbuff,"(mailed to moderator)", sizeof idbuff) ;
return retstr;
}
return MailArticle(modgroup, article);
@@ -1075,9 +1095,10 @@
* attempt to recover from this by spooling it locally */
if (i < 0) {
if (buff[0])
- (void)strcpy(Error, buff);
+ (void)strncpy(Error, buff, sizeof Error);
else
- (void)sprintf(Error, CANTSEND, "connect request", strerror(errno));
+ (void)snprintf(Error, sizeof Error, CANTSEND,
+ "connect request", strerror(errno));
return Spoolit(article,Error);
}
if (Tracing)
@@ -1093,14 +1114,14 @@
if (i == NNTP_AUTH_NEEDED_VAL) {
/* Send authorization. */
if (NNTPsendpassword(PERMaccessconf->nnrpdposthost, FromServer, ToServer) < 0) {
- (void)sprintf(Error, "Can't authorize with %s",
+ (void)snprintf(Error, sizeof Error, "Can't authorize with %s",
PERMaccessconf->nnrpdposthost ? PERMaccessconf->nnrpdposthost : "innd");
return Spoolit(article,Error);
}
i = OfferArticle(buff, (int)sizeof buff, FromServer, ToServer);
}
if (i != NNTP_SENDIT_VAL) {
- (void)strcpy(Error, buff);
+ (void)strncpy(Error, buff, sizeof Error);
SendQuit(FromServer, ToServer);
return (i != NNTP_HAVEIT_VAL ? Spoolit(article, Error) : Error) ;
}
@@ -1123,7 +1144,7 @@
(void)fprintf(ToServer, "%s\r\n", OtherHeaders[i]);
(void)fprintf(ToServer, "\r\n");
if (FLUSH_ERROR(ToServer)) {
- (void)sprintf(Error, CANTSEND, "headers", strerror(errno));
+ (void)snprintf(Error, sizeof Error, CANTSEND, "headers", strerror(errno));
(void)fclose(FromServer);
(void)fclose(ToServer);
return Spoolit(article, Error);
@@ -1132,7 +1153,7 @@
/* Send the article, get the server's reply. */
if (NNTPsendarticle(article, ToServer, TRUE) < 0
|| fgets(buff, sizeof buff, FromServer) == NULL) {
- (void)sprintf(Error, CANTSEND, "article", strerror(errno));
+ (void)snprintf(Error, sizeof Error, CANTSEND, "article", strerror(errno));
(void)fclose(FromServer);
(void)fclose(ToServer);
return Spoolit(article, Error);
@@ -1140,7 +1161,7 @@
/* Did the server want the article? */
if ((i = atoi(buff)) != NNTP_TOOKIT_VAL) {
- (void)strcpy(Error, buff);
+ (void)strncpy(Error, buff, sizeof Error);
SendQuit(FromServer, ToServer);
return (i != NNTP_REJECTIT_VAL ? Spoolit(article, Error) : Error) ;
}
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/sasl_config.c inn2-2.3.1/nnrpd/sasl_config.c
--- inn2-2.3.1.orig/nnrpd/sasl_config.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/nnrpd/sasl_config.c Sat Jun 9 03:05:29 2001
@@ -78,8 +78,7 @@
char buf[80];
if (strlen(partition) > 70) return 0;
- strcpy(buf, "partition-");
- strcat(buf, partition);
+ snprintf(buf, sizeof buf, "partition-%s", partition);
return sasl_config_getstring(buf, (char *)0);
}
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/tls.c inn2-2.3.1/nnrpd/tls.c
--- inn2-2.3.1.orig/nnrpd/tls.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/nnrpd/tls.c Sat Jun 9 03:05:29 2001
@@ -283,7 +283,7 @@
}
#ifdef TRUNCATE
if (trunc > 0) {
- sprintf(buf, "%04x - <SPACES/NULS>\n", len+ trunc);
+ sprintf(buf, sizeof buf, "%04x - <SPACES/NULS>\n", len+ trunc);
if (tls_loglevel>0)
Printf("%s", buf);
ret += strlen(buf);
diff -Naur --recursive inn2-2.3.1.orig/nnrpd/track.c inn2-2.3.1/nnrpd/track.c
--- inn2-2.3.1.orig/nnrpd/track.c Thu Jan 11 01:55:23 2001
+++ inn2-2.3.1/nnrpd/track.c Sat Jun 9 03:05:29 2001
@@ -29,8 +29,7 @@
FILE *fd;
char line[MAX_LEN],*p,*pp,*lp;
- strcpy(dbfile, innconf->pathetc);
- strcat(dbfile, "/nnrpd.track");
+ snprintf(dbfile, sizeof dbfile, "%s/nnrpd.track", innconf->pathetc);
RARTon=FALSE;
strcpy(user, "unknown");
diff -Naur --recursive inn2-2.3.1.orig/storage/buffindexed/buffindexed.c inn2-2.3.1/storage/buffindexed/buffindexed.c
--- inn2-2.3.1.orig/storage/buffindexed/buffindexed.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/storage/buffindexed/buffindexed.c Sat Jun 9 03:05:29 2001
@@ -306,7 +306,7 @@
}
*p = '\0';
memset(ovbuff->path, '\0', OVBUFFPASIZ);
- strcpy(ovbuff->path, l);
+ strncpy(ovbuff->path, l, OVBUFFPASIZ);
if (stat(ovbuff->path, &sb) < 0) {
syslog(L_ERROR, "%s: file '%s' does not exist, ignoring '%d'",
LocalLogName, ovbuff->path, ovbuff->index);
@@ -426,7 +426,7 @@
char *p;
if (sizeof(OFFSET_T) <= 4) {
- sprintf(buf, (leadingzeros) ? "%016lx" : "%lx", offset);
+ snprintf(buf, sizeof buf, (leadingzeros) ? "%016lx" : "%lx", offset);
} else {
int i;
@@ -886,10 +886,10 @@
return FALSE;
}
- strcpy(dirname, innconf->pathdb);
+ strncpy(dirname, innconf->pathdb, sizeof dirname);
groupfn = NEW(char, strlen(dirname) + strlen("/group.index") + 1);
- strcpy(groupfn, dirname);
- strcat(groupfn, "/group.index");
+ strncpy(groupfn, dirname, sizeof groupfn);
+ strncat(groupfn, "/group.index", sizeof groupfn - strlen(groupfn));
if (Needunlink && unlink(groupfn) == 0) {
syslog(L_NOTICE, "%s: all buffers are brandnew, unlink '%s'", LocalLogName, groupfn);
}
@@ -1909,6 +1909,7 @@
void buffindexed_close(void) {
struct stat sb;
OVBUFF *ovbuffnext, *ovbuff = ovbufftab;
+ size_t len;
#ifdef OV_DEBUG
FILE *F = NULL;
pid_t pid;
@@ -1928,9 +1929,10 @@
if (trace->ov_trace[j].occupied != 0 ||
trace->ov_trace[j].freed != 0) {
if (F == NULL) {
- path = NEW(char, strlen(innconf->pathtmp) + 10);
pid = getpid();
- sprintf(path, "%s/%d", innconf->pathtmp, pid);
+ len = strlen(innconf->pathtmp) + 10;
+ path = NEW(char, len);
+ snprintf(path, len, "%s/%d", innconf->pathtmp, pid);
if ((F = fopen(path, "w")) == NULL) {
syslog(L_ERROR, "%s: could not open %s: %m", LocalLogName, path);
break;
@@ -1946,9 +1948,10 @@
}
if ((ntp = name_table) != NULL) {
if (F == NULL) {
- path = NEW(char, strlen(innconf->pathtmp) + 10);
pid = getpid();
- sprintf(path, "%s/%d", innconf->pathtmp, pid);
+ len = strlen(innconf->pathtmp) + 10;
+ path = NEW(char, len);
+ snprintf(path, len, "%s/%d", innconf->pathtmp, pid);
if ((F = fopen(path, "w")) == NULL) {
syslog(L_ERROR, "%s: could not open %s: %m", LocalLogName, path);
}
diff -Naur --recursive inn2-2.3.1.orig/storage/cnfs/cnfs.c inn2-2.3.1/storage/cnfs/cnfs.c
--- inn2-2.3.1.orig/storage/cnfs/cnfs.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/storage/cnfs/cnfs.c Sat Jun 9 03:05:29 2001
@@ -118,7 +118,7 @@
char *p;
if (sizeof(CYCBUFF_OFF_T) <= 4) {
- sprintf(buf, (leadingzeros) ? "%016lx" : "%lx", offset);
+ snprintf(buf, sizeof buf, (leadingzeros) ? "%016lx" : "%lx", offset);
} else {
int i;
@@ -256,7 +256,7 @@
strncpy(rpx.magic, CNFS_MAGICV3, strlen(CNFS_MAGICV3));
strncpy(rpx.name, cycbuff->name, CNFSNASIZ);
strncpy(rpx.path, cycbuff->path, CNFSPASIZ);
- /* Don't use sprintf() directly ... the terminating '\0' causes grief */
+ /* Don't use snprintf() directly ... the terminating '\0' causes grief */
strncpy(rpx.lena, CNFSofft2hex(cycbuff->len, TRUE), CNFSLASIZ);
strncpy(rpx.freea, CNFSofft2hex(cycbuff->free, TRUE), CNFSLASIZ);
strncpy(rpx.cyclenuma, CNFSofft2hex(cycbuff->cyclenum, TRUE), CNFSLASIZ);
@@ -353,7 +353,7 @@
*p = '\0';
cycbuff = NEW(CYCBUFF, 1);
memset(cycbuff->name, '\0', CNFSNASIZ);
- strcpy(cycbuff->name, l);
+ strncpy(cycbuff->name, l, CNFSNASIZ);
l = ++p;
/* Path to cnfs partition */
@@ -364,7 +364,7 @@
}
*p = '\0';
memset(cycbuff->path, '\0', CNFSPASIZ);
- strcpy(cycbuff->path, l);
+ strncpy(cycbuff->path, l, CNFSPASIZ);
if (stat(cycbuff->path, &sb) < 0) {
syslog(L_ERROR, "%s: file '%s' does not exist, ignoring '%s' cycbuff",
LocalLogName, cycbuff->path, cycbuff->name);
@@ -884,9 +884,9 @@
offset > cycbuff->len) {
char bufoff[64], bufmin[64], bufmax[64];
SMseterror(SMERR_INTERNAL, NULL);
- strcpy(bufoff, CNFSofft2hex(offset, FALSE));
- strcpy(bufmin, CNFSofft2hex(cycbuff->minartoffset, FALSE));
- strcpy(bufmax, CNFSofft2hex(cycbuff->len, FALSE));
+ strncpy(bufoff, CNFSofft2hex(offset, FALSE), sizeof bufoff);
+ strncpy(bufmin, CNFSofft2hex(cycbuff->minartoffset, FALSE), sizeof bufmin);
+ strncpy(bufmax, CNFSofft2hex(cycbuff->len, FALSE), sizeof bufmax);
syslog(L_ERROR,
"%s: CNFSUsedBlock: invalid offset %s, min = %s, max = %s",
LocalLogName, bufoff, bufmin, bufmax);
@@ -1316,9 +1316,9 @@
if (innconf->cnfscheckfudgesize != 0 && innconf->maxartsize != 0 &&
(ntohl(cah.size) > innconf->maxartsize + innconf->cnfscheckfudgesize)) {
char buf1[24], buf2[24], buf3[24];
- strcpy(buf1, CNFSofft2hex(cycbuff->free, FALSE));
- strcpy(buf2, CNFSofft2hex(middle, FALSE));
- strcpy(buf3, CNFSofft2hex(limit, FALSE));
+ strncpy(buf1, CNFSofft2hex(cycbuff->free, FALSE), sizeof buf1);
+ strncpy(buf2, CNFSofft2hex(middle, FALSE), sizeof buf2);
+ strncpy(buf3, CNFSofft2hex(limit, FALSE), sizeof buf3);
SMseterror(SMERR_UNDEFINED, "CNFSARTHEADER fudge size overflow");
syslog(L_ERROR, "%s: fudge size overflows bitmaps %s %s:0x%s:0x%s:0x%s: %ld",
LocalLogName, TokenToText(token), cycbuffname, buf1, buf2, buf3, ntohl(cah.size));
diff -Naur --recursive inn2-2.3.1.orig/storage/ov.c inn2-2.3.1/storage/ov.c
--- inn2-2.3.1.orig/storage/ov.c Sat Jun 9 00:24:42 2001
+++ inn2-2.3.1/storage/ov.c Sat Jun 9 03:05:29 2001
@@ -1071,6 +1071,7 @@
BOOL keeper;
BOOL remove;
char *Xref;
+ size_t len;
if (SMprobe(SELFEXPIRE, &token, NULL)) {
if (!OVignoreselfexpire)
@@ -1097,9 +1098,10 @@
if (Group != NULL) {
DISPOSE(Group);
}
- Group = NEW(char, strlen(group) + 1);
- strcpy(Group, group);
- strcat(Group, ":");
+ len = strlen(group) + 1;
+ Group = NEW(char, len);
+ strncpy(Group, group, len);
+ strncat(Group, ":", 1);
Xref = Group;
} else {
if ((Xref = strchr(Xref, ' ')) == NULL) {
diff -Naur --recursive inn2-2.3.1.orig/storage/ov3/ov3.c inn2-2.3.1/storage/ov3/ov3.c
--- inn2-2.3.1.orig/storage/ov3/ov3.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/ov3/ov3.c Sat Jun 9 03:05:29 2001
@@ -154,6 +154,7 @@
char *groupfn;
struct stat sb;
int flag = 0;
+ size_t len;
#ifdef HAVE_RLIMIT
struct rlimit rl;
#endif
@@ -175,10 +176,10 @@
#endif /* HAVE_RLIMIT && RLIMIT_NOFILE */
memset(&CACHEdata, '\0', sizeof(CACHEdata));
- strcpy(dirname, innconf->pathoverview);
- groupfn = NEW(char, strlen(dirname) + strlen("/group.index") + 1);
- strcpy(groupfn, dirname);
- strcat(groupfn, "/group.index");
+ strncpy(dirname, innconf->pathoverview, sizeof dirname);
+ len = strlen(dirname) + strlen("/group.index") + 1;
+ groupfn = NEW(char, len);
+ snprintf(groupfn, len, "%s/group.index", dirname);
GROUPfd = open(groupfn, O_RDWR | O_CREAT, ARTFILE_MODE);
if (GROUPfd < 0) {
syslog(L_FATAL, "tradindexed: could not create %s: %m", groupfn);
@@ -426,8 +427,9 @@
*p = '\0';
freeargify(&groupparts);
+ /* this code doesn't make sense, unless it's doing dangerous stuff */
sprintf(p, "%s.DAT", group);
- strcpy(DATpath, IDXpath);
+ strncpy(DATpath, IDXpath, sizeof DATpath);
sprintf(p, "%s.IDX", group);
unlink(IDXpath);
unlink(DATpath);
@@ -508,7 +510,7 @@
i = argify(sepgroup, &groupparts);
DISPOSE(sepgroup);
- strcpy(IDXpath, innconf->pathoverview);
+ strncpy(IDXpath, innconf->pathoverview, sizeof IDXpath);
strcat(IDXpath, "/");
for (p = IDXpath + strlen(IDXpath), j = 0; j < i; j++) {
*p++ = groupparts[j][0];
@@ -517,8 +519,9 @@
*p = '\0';
freeargify(&groupparts);
+ /* this code doesn't make sense, unless it's doing dangerous stuff */
sprintf(p, "%s.DAT", group);
- strcpy(DATpath, IDXpath);
+ strncpy(DATpath, IDXpath, sizeof DATpath);
sprintf(p, "%s.IDX", group);
gh = NEW(GROUPHANDLE, 1);
@@ -963,10 +966,8 @@
if (delta > ge->base) delta = ge->base;
- strcpy(bakgroup, group);
- strcat(bakgroup, "-BAK");
- strcpy(newgroup, group);
- strcat(newgroup, "-NEW");
+ snprintf (bakgroup, sizeof bakgroup, "%s-BAK", group);
+ snprintf (newgroup, sizeof newgroup, "%s-NEW", group);
OV3getIDXfilename(group, oldidx);
OV3getIDXfilename(newgroup, newidx);
OV3getIDXfilename(bakgroup, bakidx);
@@ -1083,10 +1084,8 @@
return TRUE;
}
- strcpy(bakgroup, group);
- strcat(bakgroup, "-BAK");
- strcpy(newgroup, group);
- strcat(newgroup, "-NEW");
+ snprintf (bakgroup, sizeof bakgroup, "%s-BAK", group);
+ snprintf (newgroup, sizeof newgroup, "%s-NEW", group);
OV3getIDXfilename(group, oldidx);
OV3getIDXfilename(newgroup, newidx);
OV3getIDXfilename(bakgroup, bakidx);
diff -Naur --recursive inn2-2.3.1.orig/storage/ovdb/ovdb.c inn2-2.3.1/storage/ovdb/ovdb.c
--- inn2-2.3.1.orig/storage/ovdb/ovdb.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/ovdb/ovdb.c Sat Jun 9 03:05:29 2001
@@ -599,7 +599,7 @@
if(ret = upgrade_database("version"))
return ret;
for(i = 0; i < ovdb_conf.numdbfiles; i++) {
- sprintf(name, "ov%05d", i);
+ snprintf(name, sizeof name, "ov%05d", i);
if(ret = upgrade_database(name))
return ret;
}
@@ -783,7 +783,7 @@
_dbnames = NEW(char *, ovdb_conf.numdbfiles);
for(i = 0; i < ovdb_conf.numdbfiles; i++) {
- sprintf(name, "ov%05d", i);
+ snprintf(name, sizeof name, "ov%05d", i);
_dbnames[i] = COPY(name);
if(!oneatatime) {
if(ret = open_db_file(i)) {
diff -Naur --recursive inn2-2.3.1.orig/storage/timecaf/caf.c inn2-2.3.1/storage/timecaf/caf.c
--- inn2-2.3.1.orig/storage/timecaf/caf.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/timecaf/caf.c Sat Jun 9 03:05:29 2001
@@ -712,7 +712,9 @@
char nulls[1];
strncpy(realpath, cfpath, SPOOLNAMEBUFF);
- sprintf(path, "%s.%d", cfpath, getpid());/* create path with PID attached */
+ snprintf(path, sizeof path, "%s.%d", cfpath,
+ getpid());/* create path with PID attached */
+
/*
** Shouldn't be anyone else with our pid trying to write to the temp.
** file, but there might be an old one lying around. Nuke it.
@@ -1097,7 +1099,7 @@
CAFErrorStr()
{
if (caf_error == CAF_ERR_IO || caf_error == CAF_ERR_CANTCREATECAF) {
- sprintf(errbuf, "%s errno=%s\n",
+ snprintf(errbuf, sizeof errbuf, "%s errno=%s\n",
(caf_error == CAF_ERR_IO) ? "CAF_ERR_IO" : "CAF_ERR_CANTCREATECAF",
strerror(errno));
return errbuf;
@@ -1116,7 +1118,7 @@
case CAF_ERR_BOGUSPATH:
return "CAF_ERR_BOGUSPATH";
default:
- sprintf(errbuf, "CAF error %d", caf_error);
+ snprintf(errbuf, sizeof errbuf, "CAF error %d", caf_error);
return errbuf;
}
}
diff -Naur --recursive inn2-2.3.1.orig/storage/timecaf/timecaf.c inn2-2.3.1/storage/timecaf/timecaf.c
--- inn2-2.3.1.orig/storage/timecaf/timecaf.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/timecaf/timecaf.c Sat Jun 9 03:05:29 2001
@@ -136,10 +136,13 @@
*/
static char *MakePath(int time, const STORAGECLASS class) {
char *path;
+ size_t len;
/* innconf->patharticles + '/timecaf-zz/xx/xxxx.CF' */
- path = NEW(char, strlen(innconf->patharticles) + 32);
- sprintf(path, "%s/timecaf-%02x/%02x/%02x%02x.CF", innconf->patharticles,
+ len = strlen(innconf->patharticles) + 32;
+ path = NEW(char, len);
+ snprintf(path, len, "%s/timecaf-%02x/%02x/%02x%02x.CF",
+ innconf->patharticles,
class, (time >> 8) & 0xff, (time >> 16) & 0xff, time & 0xff);
return path;
diff -Naur --recursive inn2-2.3.1.orig/storage/timehash/timehash.c inn2-2.3.1/storage/timehash/timehash.c
--- inn2-2.3.1.orig/storage/timehash/timehash.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/timehash/timehash.c Sat Jun 9 03:05:29 2001
@@ -71,10 +71,13 @@
static char *MakePath(int time, int seqnum, const STORAGECLASS class) {
char *path;
+ size_t len;
/* innconf->patharticles + '/time-zz/xx/xx/yyyy-xxxx' */
- path = NEW(char, strlen(innconf->patharticles) + 32);
- sprintf(path, "%s/time-%02x/%02x/%02x/%04x-%04x", innconf->patharticles,
+ len = strlen(innconf->patharticles) + 32;
+ path = NEW(char, len);
+ snprintf(path, len, "%s/time-%02x/%02x/%02x/%04x-%04x",
+ innconf->patharticles,
class, (time >> 16) & 0xff, (time >> 8) & 0xff, seqnum,
(time & 0xff) | ((time >> 16 & 0xff00)));
return path;
diff -Naur --recursive inn2-2.3.1.orig/storage/tradspool/tradspool.c inn2-2.3.1/storage/tradspool/tradspool.c
--- inn2-2.3.1.orig/storage/tradspool/tradspool.c Sat Jun 9 00:24:41 2001
+++ inn2-2.3.1/storage/tradspool/tradspool.c Sat Jun 9 03:05:29 2001
@@ -486,6 +486,7 @@
unsigned long ngnum;
unsigned long artnum;
char *ng, *path;
+ size_t len;
CheckNeedReloadDB();
@@ -497,8 +498,9 @@
ng = FindNGByNum(ngnum);
if (ng == NULL) return NULL;
- path = NEW(char, strlen(ng)+20+strlen(innconf->patharticles));
- sprintf(path, "%s/%s/%lu", innconf->patharticles, ng, artnum);
+ len = strlen(ng)+20+strlen(innconf->patharticles);
+ path = NEW(char, len);
+ snprintf(path, len, "%s/%s/%lu", innconf->patharticles, ng, artnum);
return path;
}
@@ -566,6 +568,7 @@
int i;
char *nonwfarticle; /* copy of article converted to non-wire format */
int nonwflen;
+ size_t len;
xrefhdr = (char *)HeaderFindMem(article.data, article.len, "Xref", 4);
if (xrefhdr == NULL) {
@@ -596,8 +599,9 @@
token = MakeToken(ng, artnum, class);
- path = NEW(char, strlen(innconf->patharticles) + strlen(ng) + 32);
- sprintf(path, "%s/%s/%lu", innconf->patharticles, ng, artnum);
+ len = strlen(innconf->patharticles) + strlen(ng) + 32;
+ path = NEW(char, len);
+ snprintf(path, len, "%s/%s/%lu", innconf->patharticles, ng, artnum);
/* following chunk of code boldly stolen from timehash.c :-) */
if ((fd = open(path, O_CREAT|O_EXCL|O_WRONLY, ARTFILE_MODE)) < 0) {
@@ -667,8 +671,10 @@
DeDotify(ng);
artnum = atol(p);
- linkpath = NEW(char, strlen(innconf->patharticles) + strlen(ng) + 32);
- sprintf(linkpath, "%s/%s/%lu", innconf->patharticles, ng, artnum);
+ len = strlen(innconf->patharticles) + strlen(ng) + 32;
+ linkpath = NEW(char, len);
+ snprintf(linkpath, len, "%s/%s/%lu", innconf->patharticles,
+ ng, artnum);
if (link(path, linkpath) < 0) {
p = strrchr(linkpath, '/');
*p = '\0';
@@ -926,6 +932,7 @@
int i;
BOOL result = TRUE;
unsigned long artnum;
+ size_t len;
if ((path = TokenToPath(token)) == NULL) {
SMseterror(SMERR_UNDEFINED, NULL);
@@ -969,8 +976,9 @@
DeDotify(ng);
artnum = atol(p);
- linkpath = NEW(char, strlen(innconf->patharticles) + strlen(ng) + 32);
- sprintf(linkpath, "%s/%s/%lu", innconf->patharticles, ng, artnum);
+ len = strlen(innconf->patharticles) + strlen(ng) + 32;
+ linkpath = NEW(char, len);
+ snprintf(linkpath, len, "%s/%s/%lu", innconf->patharticles, ng, artnum);
/* hmm, do we want to abort this if one of the symlink unlinks fails? */
if (unlink(linkpath) < 0) result = FALSE;
DISPOSE(linkpath);
@@ -997,6 +1005,7 @@
char *path;
struct stat sb;
unsigned char namelen;
+ size_t len;
while ((de = readdir(dir)) != NULL) {
namelen = strlen(de->d_name);
@@ -1008,7 +1017,8 @@
}
if (!flag) continue; /* if not all digits, skip this entry. */
- path = NEW(char, strlen(dirname)+namelen+2);
+ len = strlen(dirname)+namelen+2;
+ path = NEW(char, len);
strcpy(path, dirname);
strcat(path, "/");
strncpy(&path[strlen(dirname)+1], de->d_name, namelen);
@@ -1039,6 +1049,7 @@
char *xrefhdr, *ng, *p;
unsigned int numxrefs;
STORAGE_SUB *sub;
+ size_t len;
if (article == NULL) {
priv.ngtp = NULL;
@@ -1088,8 +1099,10 @@
break;
}
- priv.curdirname = NEW(char, strlen(innconf->patharticles)+strlen(priv.ngtp->ngname)+2);
- sprintf(priv.curdirname, "%s/%s",innconf->patharticles,priv.ngtp->ngname);
+ len = strlen(innconf->patharticles)+strlen(priv.ngtp->ngname)+2;
+ priv.curdirname = NEW(char, len);
+ snprintf(priv.curdirname, len, "%s/%s", innconf->patharticles,
+ priv.ngtp->ngname);
priv.curdir = opendir(priv.curdirname);
}
@@ -1126,8 +1139,10 @@
DeDotify(ng);
artnum = atol(p);
- linkpath = NEW(char, strlen(innconf->patharticles) + strlen(ng) + 32);
- sprintf(linkpath, "%s/%s/%lu", innconf->patharticles, ng, artnum);
+ len = strlen(innconf->patharticles) + strlen(ng) + 32;
+ linkpath = NEW(char, len);
+ snprintf(linkpath, len, "%s/%s/%lu",
+ innconf->patharticles, ng, artnum);
if (strcmp(path, linkpath) != 0) {
/* this is linked article, skip it */
art->len = 0;
More information about the inn-patches
mailing list