- replaced some calls to sprintf() with snprintf() -- more secure :-)
authorAlexander Barton <alex@barton.de>
Thu, 26 Dec 2002 17:14:48 +0000 (17:14 +0000)
committerAlexander Barton <alex@barton.de>
Thu, 26 Dec 2002 17:14:48 +0000 (17:14 +0000)
src/ngircd/client.c
src/ngircd/irc-info.c
src/ngircd/irc-mode.c
src/ngircd/irc-server.c
src/ngircd/irc.c

index f4adf0ee65af51f79c006045b164391251f326d0..9d736d49540ec141a2b02cee16c0faaf0e1cc64c 100644 (file)
@@ -17,7 +17,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: client.c,v 1.70 2002/12/26 17:04:54 alex Exp $";
+static char UNUSED id[] = "$Id: client.c,v 1.71 2002/12/26 17:14:48 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -203,7 +203,7 @@ Client_Destroy( CLIENT *Client, CHAR *LogMsg, CHAR *FwdMsg, BOOLEAN SendQuit )
        if( ! txt ) txt = "Reason unknown.";
 
        /* Netz-Split-Nachricht vorbereiten (noch nicht optimal) */
-       if( Client->type == CLIENT_SERVER ) sprintf( msg, "%s: lost server %s", This_Server->id, Client->id );
+       if( Client->type == CLIENT_SERVER ) snprintf( msg, sizeof( msg ), "%s: lost server %s", This_Server->id, Client->id );
 
        last = NULL;
        c = My_Clients;
@@ -799,7 +799,7 @@ Client_CheckID( CLIENT *Client, CHAR *ID )
                if( strcasecmp( c->id, ID ) == 0 )
                {
                        /* die Server-ID gibt es bereits */
-                       sprintf( str, "ID \"%s\" already registered", ID );
+                       snprintf( str, sizeof( str ), "ID \"%s\" already registered", ID );
                        if( Client->conn_id != c->conn_id ) Log( LOG_ERR, "%s (on connection %d)!", str, c->conn_id );
                        else Log( LOG_ERR, "%s (via network)!", str );
                        Conn_Close( Client->conn_id, str, str, TRUE );
index 9a4efb679aa30e26ecc14bfe6d04fd953e2a8d88..de50adae90f46d3249533314d914e16c6dd6af3e 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-info.c,v 1.10 2002/12/26 16:48:14 alex Exp $";
+static char UNUSED id[] = "$Id: irc-info.c,v 1.11 2002/12/26 17:14:48 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -296,7 +296,7 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req )
 
        /* Nun noch alle Clients ausgeben, die in keinem Channel sind */
        c = Client_First( );
-       sprintf( rpl, RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" );
+       snprintf( rpl, sizeof( rpl ), RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" );
        while( c )
        {
                if(( Client_Type( c ) == CLIENT_USER ) && ( Channel_FirstChannelOf( c ) == NULL ) && ( ! strchr( Client_Modes( c ), 'i' )))
@@ -309,7 +309,7 @@ IRC_NAMES( CLIENT *Client, REQUEST *Req )
                        {
                                /* Zeile wird zu lang: senden! */
                                if( ! IRC_WriteStrClient( from, "%s", rpl )) return DISCONNECTED;
-                               sprintf( rpl, RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" );
+                               snprintf( rpl, sizeof( rpl ), RPL_NAMREPLY_MSG, Client_ID( from ), "*", "*" );
                        }
                }
 
@@ -636,7 +636,7 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req )
        if( ! IRC_WriteStrClient( from, RPL_WHOISSERVER_MSG, Client_ID( from ), Client_ID( c ), Client_ID( Client_Introducer( c )), Client_Info( Client_Introducer( c )))) return DISCONNECTED;
 
        /* Channels */
-       sprintf( str, RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c ));
+       snprintf( str, sizeof( str ), RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c ));
        cl2chan = Channel_FirstChannelOf( c );
        while( cl2chan )
        {
@@ -653,7 +653,7 @@ IRC_WHOIS( CLIENT *Client, REQUEST *Req )
                {
                        /* Zeile wird zu lang: senden! */
                        if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED;
-                       sprintf( str, RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c ));
+                       snprintf( str, sizeof( str ), RPL_WHOISCHANNELS_MSG, Client_ID( from ), Client_ID( c ));
                }
 
                /* naechstes Mitglied suchen */
@@ -794,7 +794,7 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
        else is_member = FALSE;
 
        /* Alle Mitglieder suchen */
-       sprintf( str, RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan ));
+       snprintf( str, sizeof( str ), RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan ));
        cl2chan = Channel_FirstMember( Chan );
        while( cl2chan )
        {
@@ -815,7 +815,7 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
                        {
                                /* Zeile wird zu lang: senden! */
                                if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED;
-                               sprintf( str, RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan ));
+                               snprintf( str, sizeof( str ), RPL_NAMREPLY_MSG, Client_ID( Client ), "=", Channel_Name( Chan ));
                        }
                }
 
index 4827c03fbdebd41b3742527a994963b03ce5d960..058bc592dcd5720370fdeed0af1708c39c91d21d 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-mode.c,v 1.26 2002/12/26 17:04:54 alex Exp $";
+static char UNUSED id[] = "$Id: irc-mode.c,v 1.27 2002/12/26 17:14:48 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -418,7 +418,7 @@ Channel_Mode( CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel )
                                                {
                                                        Channel_ModeDel( Channel, 'l' );
                                                        Channel_SetMaxUsers( Channel, l );
-                                                       sprintf( argadd, "%ld", l );
+                                                       snprintf( argadd, sizeof( argadd ), "%ld", l );
                                                        x[0] = *mode_ptr;
                                                }
                                        }
index 93ae5ee174bf13ed3b2e6317647f7208a4610087..60f75659134d3994dea6eacf15acc75a53b0091c 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-server.c,v 1.27 2002/12/26 17:04:54 alex Exp $";
+static char UNUSED id[] = "$Id: irc-server.c,v 1.28 2002/12/26 17:14:48 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -188,7 +188,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
 
                        /* alle Member suchen */
                        cl2chan = Channel_FirstMember( chan );
-                       sprintf( str, "NJOIN %s :", Channel_Name( chan ));
+                       snprintf( str, sizeof( str ), "NJOIN %s :", Channel_Name( chan ));
                        while( cl2chan )
                        {
                                cl = Channel_GetClient( cl2chan );
@@ -204,7 +204,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
                                {
                                        /* Zeile senden */
                                        if( ! IRC_WriteStrClient( Client, "%s", str )) return DISCONNECTED;
-                                       sprintf( str, "NJOIN %s :", Channel_Name( chan ));
+                                       snprintf( str, sizeof( str ), "NJOIN %s :", Channel_Name( chan ));
                                }
                                
                                cl2chan = Channel_NextMember( chan, cl2chan );
@@ -257,7 +257,7 @@ IRC_SERVER( CLIENT *Client, REQUEST *Req )
                }
 
                /* Log-Meldung zusammenbauen und ausgeben */
-               if(( Client_Hops( c ) > 1 ) && ( Req->prefix[0] )) sprintf( str, "connected to %s, ", Client_ID( from ));
+               if(( Client_Hops( c ) > 1 ) && ( Req->prefix[0] )) snprintf( str, sizeof( str ), "connected to %s, ", Client_ID( from ));
                else strcpy( str, "" );
                Log( LOG_NOTICE|LOG_snotice, "Server \"%s\" registered (via %s, %s%d hop%s).", Client_ID( c ), Client_ID( Client ), str, Client_Hops( c ), Client_Hops( c ) > 1 ? "s": "" );
 
@@ -359,9 +359,9 @@ IRC_SQUIT( CLIENT *Client, REQUEST *Req )
        if( Req->argv[1][0] )
        {
                if( strlen( Req->argv[1] ) > LINE_LEN ) Req->argv[1][LINE_LEN] = '\0';
-               sprintf( msg, "%s (SQUIT from %s).", Req->argv[1], Client_ID( Client ));
+               snprintf( msg, sizeof( msg ), "%s (SQUIT from %s).", Req->argv[1], Client_ID( Client ));
        }
-       else sprintf( msg, "Got SQUIT from %s.", Client_ID( Client ));
+       else snprintf( msg, sizeof( msg ), "Got SQUIT from %s.", Client_ID( Client ));
 
        if( Client_Conn( target ) > NONE )
        {
index 415c55fbabc823a334eeb079189745852aaf121f..a2d5f1e8fbfff0ab84f7dc07a0615b195c6ce977 100644 (file)
@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc.c,v 1.108 2002/12/26 17:04:54 alex Exp $";
+static char UNUSED id[] = "$Id: irc.c,v 1.109 2002/12/26 17:14:48 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -73,7 +73,7 @@ IRC_KILL( CLIENT *Client, REQUEST *Req )
        Log( LOG_NOTICE|LOG_snotice, "Got KILL command from \"%s\" for \"%s\": %s", Client_Mask( prefix ), Req->argv[0], Req->argv[1] );
 
        /* build reason string */
-       if( Client_Type( Client ) == CLIENT_USER ) sprintf( reason, "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] );
+       if( Client_Type( Client ) == CLIENT_USER ) snprintf( reason, sizeof( reason ), "KILLed by %s: %s", Client_ID( Client ), Req->argv[1] );
        else strlcpy( reason, Req->argv[1], sizeof( reason ));
 
        /* andere Server benachrichtigen */