From b316c380ad30a1c23c768544541b7cf56bf9fc0f Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Thu, 26 Dec 2002 17:14:48 +0000 Subject: [PATCH] - replaced some calls to sprintf() with snprintf() -- more secure :-) --- src/ngircd/client.c | 6 +++--- src/ngircd/irc-info.c | 14 +++++++------- src/ngircd/irc-mode.c | 4 ++-- src/ngircd/irc-server.c | 12 ++++++------ src/ngircd/irc.c | 4 ++-- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/ngircd/client.c b/src/ngircd/client.c index f4adf0ee..9d736d49 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -17,7 +17,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: client.c,v 1.70 2002/12/26 17:04:54 alex Exp $"; +static char UNUSED id[] = "$Id: client.c,v 1.71 2002/12/26 17:14:48 alex Exp $"; #include "imp.h" #include @@ -203,7 +203,7 @@ Client_Destroy( CLIENT *Client, CHAR *LogMsg, CHAR *FwdMsg, BOOLEAN SendQuit ) if( ! txt ) txt = "Reason unknown."; /* Netz-Split-Nachricht vorbereiten (noch nicht optimal) */ - if( Client->type == CLIENT_SERVER ) sprintf( msg, "%s: lost server %s", This_Server->id, Client->id ); + if( Client->type == CLIENT_SERVER ) snprintf( msg, sizeof( msg ), "%s: lost server %s", This_Server->id, Client->id ); last = NULL; c = My_Clients; @@ -799,7 +799,7 @@ Client_CheckID( CLIENT *Client, CHAR *ID ) if( strcasecmp( c->id, ID ) == 0 ) { /* die Server-ID gibt es bereits */ - sprintf( str, "ID \"%s\" already registered", ID ); + snprintf( str, sizeof( str ), "ID \"%s\" already registered", ID ); if( Client->conn_id != c->conn_id ) Log( LOG_ERR, "%s (on connection %d)!", str, c->conn_id ); else Log( LOG_ERR, "%s (via network)!", str ); Conn_Close( Client->conn_id, str, str, TRUE ); diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c index 9a4efb67..de50adae 100644 --- a/src/ngircd/irc-info.c +++ b/src/ngircd/irc-info.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $"; +static char UNUSED id[] = "$Id: irc-info.c,v 1.11 2002/12/26 17:14:48 alex Exp $"; #include "imp.h" #include @@ -296,7 +296,7 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req ) /* Nun noch alle Clients ausgeben, die in keinem Channel sind */ c = Client_First( ); - sprintf( rpl, RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" ); + snprintf( rpl, sizeof( rpl ), RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" ); while( c ) { if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' ))) @@ -309,7 +309,7 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req ) { /* Zeile wird zu lang: senden! */ if( ! IRC_WriteStrClient( from, "%s", rpl )) return DISCONNECTED; - sprintf( rpl, RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" ); + snprintf( rpl, sizeof( rpl ), RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" ); } } @@ -636,7 +636,7 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req ) if( ! IRC_WriteStrClient( from, RPL_WHOISSERVER_MSG, Client_ID( from ), Client_ID( c ), Client_ID( Client_Introducer( c )), Client_Info( Client_Introducer( c )))) return DISCONNECTED; /* Channels */ - sprintf( str, RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c )); + snprintf( str, sizeof( str ), RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c )); cl2chan = Channel_FirstChannelOf( c ); while( cl2chan ) { @@ -653,7 +653,7 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req ) { /* Zeile wird zu lang: senden! */ if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED; - sprintf( str, RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c )); + snprintf( str, sizeof( str ), RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c )); } /* naechstes Mitglied suchen */ @@ -794,7 +794,7 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan ) else is_member = FALSE; /* Alle Mitglieder suchen */ - sprintf( str, RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan )); + snprintf( str, sizeof( str ), RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan )); cl2chan = Channel_FirstMember( Chan ); while( cl2chan ) { @@ -815,7 +815,7 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan ) { /* Zeile wird zu lang: senden! */ if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED; - sprintf( str, RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan )); + snprintf( str, sizeof( str ), RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan )); } } diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c index 4827c03f..058bc592 100644 --- a/src/ngircd/irc-mode.c +++ b/src/ngircd/irc-mode.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-mode.c,v 1.26 2002/12/26 17:04:54 alex Exp $"; +static char UNUSED id[] = "$Id: irc-mode.c,v 1.27 2002/12/26 17:14:48 alex Exp $"; #include "imp.h" #include @@ -418,7 +418,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel ) { Channel_ModeDel( Channel, 'l' ); Channel_SetMaxUsers( Channel, l ); - sprintf( argadd, "%ld", l ); + snprintf( argadd, sizeof( argadd ), "%ld", l ); x[0] = *mode_ptr; } } diff --git a/src/ngircd/irc-server.c b/src/ngircd/irc-server.c index 93ae5ee1..60f75659 100644 --- a/src/ngircd/irc-server.c +++ b/src/ngircd/irc-server.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-server.c,v 1.27 2002/12/26 17:04:54 alex Exp $"; +static char UNUSED id[] = "$Id: irc-server.c,v 1.28 2002/12/26 17:14:48 alex Exp $"; #include "imp.h" #include @@ -188,7 +188,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req ) /* alle Member suchen */ cl2chan = Channel_FirstMember( chan ); - sprintf( str, "NJOIN %s :", Channel_Name( chan )); + snprintf( str, sizeof( str ), "NJOIN %s :", Channel_Name( chan )); while( cl2chan ) { cl = Channel_GetClient( cl2chan ); @@ -204,7 +204,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req ) { /* Zeile senden */ if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED; - sprintf( str, "NJOIN %s :", Channel_Name( chan )); + snprintf( str, sizeof( str ), "NJOIN %s :", Channel_Name( chan )); } cl2chan = Channel_NextMember( chan, cl2chan ); @@ -257,7 +257,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req ) } /* Log-Meldung zusammenbauen und ausgeben */ - if(( Client_Hops( c ) > 1 ) && ( Req->prefix[0] )) sprintf( str, "connected to %s, ", Client_ID( from )); + if(( Client_Hops( c ) > 1 ) && ( Req->prefix[0] )) snprintf( str, sizeof( str ), "connected to %s, ", Client_ID( from )); else strcpy( str, "" ); Log( LOG_NOTICE|LOG_snotice, "Server \"%s\" registered (via %s, %s%d hop%s).", Client_ID( c ), Client_ID( Client ), str, Client_Hops( c ), Client_Hops( c ) > 1 ? "s": "" ); @@ -359,9 +359,9 @@ IRC_SQUIT( CLIENT *Client, REQUEST *Req ) if( Req->argv[1][0] ) { if( strlen( Req->argv[1] ) > LINE_LEN ) Req->argv[1][LINE_LEN] = '\0'; - sprintf( msg, "%s (SQUIT from %s).", Req->argv[1], Client_ID( Client )); + snprintf( msg, sizeof( msg ), "%s (SQUIT from %s).", Req->argv[1], Client_ID( Client )); } - else sprintf( msg, "Got SQUIT from %s.", Client_ID( Client )); + else snprintf( msg, sizeof( msg ), "Got SQUIT from %s.", Client_ID( Client )); if( Client_Conn( target ) > NONE ) { diff --git a/src/ngircd/irc.c b/src/ngircd/irc.c index 415c55fb..a2d5f1e8 100644 --- a/src/ngircd/irc.c +++ b/src/ngircd/irc.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc.c,v 1.108 2002/12/26 17:04:54 alex Exp $"; +static char UNUSED id[] = "$Id: irc.c,v 1.109 2002/12/26 17:14:48 alex Exp $"; #include "imp.h" #include @@ -73,7 +73,7 @@ IRC_KILL( CLIENT *Client, REQUEST *Req ) Log( LOG_NOTICE|LOG_snotice, "Got KILL command from \"%s\" for \"%s\": %s", Client_Mask( prefix ), Req->argv[0], Req->argv[1] ); /* build reason string */ - if( Client_Type( Client ) == CLIENT_USER ) sprintf( reason, "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] ); + if( Client_Type( Client ) == CLIENT_USER ) snprintf( reason, sizeof( reason ), "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] ); else strlcpy( reason, Req->argv[1], sizeof( reason )); /* andere Server benachrichtigen */