Bug#983725: admin.c: use "snprintf()" instead of "sprintf" and add an argument to "db_data_path()"

Sun, 28 Feb 2021 13:27:17 -0800 

Source: nn
Version: 6.7.3-14
Severity: normal
Tags: patch

Dear Maintainer,

>From 903dc0dd6cfcf9aaba6750cc8e6e12a2ec24ce01 Mon Sep 17 00:00:00 2001
>From: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
>Date: Sun, 28 Feb 2021 21:18:29 +0000
>Subject: [PATCH] admin.c: use "snprintf()" instead of "sprintf" and add an
> argument to "db_data_path()"

  Define a variable for the size of arrays.

  Use "snprintf()" instead of "sprintf()".

  Add an argument to "db_data_path()".

Signed-off-by: Bjarni Ingi Gislason <bjarn...@rhi.hi.is>
---
 admin.c | 41 +++++++++++++++++++++++++----------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/admin.c b/admin.c
index bb33404..421aee1 100644
--- a/admin.c
+++ b/admin.c
@@ -127,12 +127,14 @@ loop:
 static int
 admin_confirm(char *action, int must_confirm)
 {
-    char            buffer[100];
+    size_t          nbuffer = 100;
+    char            buffer[nbuffer];
+
 
     if (pre_input && !must_confirm)
        return 1;
 
-    sprintf(buffer, "Confirm %s  Y)es N)o", action);
+    snprintf(buffer, nbuffer, "Confirm %s  Y)es N)o", action);
 
     return get_cmd((char *) NULL, buffer) == 'Y';
 }
@@ -199,7 +201,9 @@ update_master(void)
 static void
 find_files(group_header * gh)
 {
-    char            command[512], name[FILENAME];
+    size_t          ncommand = 512;
+    char            command[ncommand], name[FILENAME];
+
 
     if (gh == NULL) {
        if (db_data_directory == NULL) {
@@ -207,14 +211,14 @@ find_files(group_header * gh)
            return;
        }
        if (db_data_subdirs) {
-           sprintf(command, "cd %s ; ls -l [0-9] | %s", db_data_directory, 
pager);
+           snprintf(command, ncommand, "cd %s ; ls -l [0-9] | %s", 
db_data_directory, pager);
        }
        else {
-           sprintf(command, "ls -l %s | %s", db_data_directory, pager);
+           snprintf(command, ncommand, "ls -l %s | %s", db_data_directory, 
pager);
        }
     }
     else {
-       sprintf(command, "ls -l %s", db_data_path(name, gh, '*'));
+       snprintf(command, ncommand, "ls -l %s", db_data_path(name, FILENAME, 
gh, '*'));
     }
 
     system(command);
@@ -743,7 +747,9 @@ master_admin(void)
 static void
 log_admin(void)
 {
-    char            command[FILENAME + 100], c;
+    size_t          ncommand = FILENAME + 100;
+    char            command[ncommand], c;
+
 
     if (pre_input && *pre_input == NUL) {
        c = SP;
@@ -760,7 +766,7 @@ loop:
 
     if (c == '@') {
        if (admin_confirm("Truncation", 0)) {
-           sprintf(command, "%s.old", log_file);
+           snprintf(command, ncommand, "%s.old", log_file);
            unlink(command);
            if (link(log_file, command) < 0)
                goto tr_failed;
@@ -782,7 +788,7 @@ tr_failed:
 
        if ((groupname = get_groupname()) == NULL)
            goto loop;
-       sprintf(command, "fgrep '%s' %s | %s",
+       snprintf(command, ncommand, "fgrep '%s' %s | %s",
                groupname, log_file, pager);
        system(command);
 
@@ -793,14 +799,14 @@ log_tail:
        int             n;
 
        n = isdigit(c) ? 10 * (c - '0') : 10;
-       sprintf(command, "tail -%d %s", n, log_file);
+       snprintf(command, ncommand, "tail -%d %s", n, log_file);
        system(command);
        goto loop;
     }
     if (c == '*') {
        c = '.';
     }
-    sprintf(command, "grep '^%c:' %s | %s", c, log_file, pager);
+    snprintf(command, ncommand, "grep '^%c:' %s | %s", c, log_file, pager);
     system(command);
 
     goto loop;
@@ -810,14 +816,15 @@ log_tail:
 static void
 flag_admin(group_header * gh, char *mode_str, int set_flag)
 {
-    char            buffer[50];
+    size_t          nbuffer = 50;
+    char            buffer[nbuffer];
     int             new_flag = 0;
 
     tputc(NL);
 
     dump_g_flag(gh);
 
-    sprintf(buffer, "%s FLAG", mode_str);
+    snprintf(buffer, nbuffer, "%s FLAG", mode_str);
 
     switch (get_cmd(
              "\nA)lways_digest N)ever_digest M)oderated C)ontrol no_(D)ir",
@@ -878,7 +885,9 @@ flag_admin(group_header * gh, char *mode_str, int set_flag)
 static void
 rmgroup(group_header * gh)
 {
-    char            command[FILENAME * 2];
+    size_t          ncommand = FILENAME * 2;
+    char            command[ncommand];
+
     char           *rmprog;
 
     if (user_id != 0 && !file_exist(news_active, "w")) {
@@ -906,7 +915,7 @@ rmgroup(group_header * gh)
     tprintf("Program %s not found\n", rmprog);
     return;
 rm_ok:
-    sprintf(command, "%s %s", rmprog, gh->group_name);
+    snprintf(command, ncommand, "%s %s", rmprog, gh->group_name);
     system(command);
     any_key(0);
     gh->master_flag &= ~M_VALID;/* just for nnadmin */
@@ -934,7 +943,7 @@ have_group:
        dirbuf[strlen(dirbuf) - 1] = NUL;
        exec_chdir_to = dirbuf;
     }
-    sprintf(gbuf, "GROUP %s", gh->group_name);
+    snprintf(gbuf, FILENAME, "GROUP %s", gh->group_name);
 
     for (;;) {
        switch (get_cmd(
-- 
2.30.1



-- System Information:
Debian Release: bullseye/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), 
LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

-- debconf information excluded

-- 
Bjarni I. Gislason

Reply via email to