Source: nn Version: 6.7.3-14 Severity: normal Tags: patch Dear Maintainer,
>From 903dc0dd6cfcf9aaba6750cc8e6e12a2ec24ce01 Mon Sep 17 00:00:00 2001 >From: Bjarni Ingi Gislason <bjarn...@rhi.hi.is> >Date: Sun, 28 Feb 2021 21:18:29 +0000 >Subject: [PATCH] admin.c: use "snprintf()" instead of "sprintf" and add an > argument to "db_data_path()" Define a variable for the size of arrays. Use "snprintf()" instead of "sprintf()". Add an argument to "db_data_path()". Signed-off-by: Bjarni Ingi Gislason <bjarn...@rhi.hi.is> --- admin.c | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) diff --git a/admin.c b/admin.c index bb33404..421aee1 100644 --- a/admin.c +++ b/admin.c @@ -127,12 +127,14 @@ loop: static int admin_confirm(char *action, int must_confirm) { - char buffer[100]; + size_t nbuffer = 100; + char buffer[nbuffer]; + if (pre_input && !must_confirm) return 1; - sprintf(buffer, "Confirm %s Y)es N)o", action); + snprintf(buffer, nbuffer, "Confirm %s Y)es N)o", action); return get_cmd((char *) NULL, buffer) == 'Y'; } @@ -199,7 +201,9 @@ update_master(void) static void find_files(group_header * gh) { - char command[512], name[FILENAME]; + size_t ncommand = 512; + char command[ncommand], name[FILENAME]; + if (gh == NULL) { if (db_data_directory == NULL) { @@ -207,14 +211,14 @@ find_files(group_header * gh) return; } if (db_data_subdirs) { - sprintf(command, "cd %s ; ls -l [0-9] | %s", db_data_directory, pager); + snprintf(command, ncommand, "cd %s ; ls -l [0-9] | %s", db_data_directory, pager); } else { - sprintf(command, "ls -l %s | %s", db_data_directory, pager); + snprintf(command, ncommand, "ls -l %s | %s", db_data_directory, pager); } } else { - sprintf(command, "ls -l %s", db_data_path(name, gh, '*')); + snprintf(command, ncommand, "ls -l %s", db_data_path(name, FILENAME, gh, '*')); } system(command); @@ -743,7 +747,9 @@ master_admin(void) static void log_admin(void) { - char command[FILENAME + 100], c; + size_t ncommand = FILENAME + 100; + char command[ncommand], c; + if (pre_input && *pre_input == NUL) { c = SP; @@ -760,7 +766,7 @@ loop: if (c == '@') { if (admin_confirm("Truncation", 0)) { - sprintf(command, "%s.old", log_file); + snprintf(command, ncommand, "%s.old", log_file); unlink(command); if (link(log_file, command) < 0) goto tr_failed; @@ -782,7 +788,7 @@ tr_failed: if ((groupname = get_groupname()) == NULL) goto loop; - sprintf(command, "fgrep '%s' %s | %s", + snprintf(command, ncommand, "fgrep '%s' %s | %s", groupname, log_file, pager); system(command); @@ -793,14 +799,14 @@ log_tail: int n; n = isdigit(c) ? 10 * (c - '0') : 10; - sprintf(command, "tail -%d %s", n, log_file); + snprintf(command, ncommand, "tail -%d %s", n, log_file); system(command); goto loop; } if (c == '*') { c = '.'; } - sprintf(command, "grep '^%c:' %s | %s", c, log_file, pager); + snprintf(command, ncommand, "grep '^%c:' %s | %s", c, log_file, pager); system(command); goto loop; @@ -810,14 +816,15 @@ log_tail: static void flag_admin(group_header * gh, char *mode_str, int set_flag) { - char buffer[50]; + size_t nbuffer = 50; + char buffer[nbuffer]; int new_flag = 0; tputc(NL); dump_g_flag(gh); - sprintf(buffer, "%s FLAG", mode_str); + snprintf(buffer, nbuffer, "%s FLAG", mode_str); switch (get_cmd( "\nA)lways_digest N)ever_digest M)oderated C)ontrol no_(D)ir", @@ -878,7 +885,9 @@ flag_admin(group_header * gh, char *mode_str, int set_flag) static void rmgroup(group_header * gh) { - char command[FILENAME * 2]; + size_t ncommand = FILENAME * 2; + char command[ncommand]; + char *rmprog; if (user_id != 0 && !file_exist(news_active, "w")) { @@ -906,7 +915,7 @@ rmgroup(group_header * gh) tprintf("Program %s not found\n", rmprog); return; rm_ok: - sprintf(command, "%s %s", rmprog, gh->group_name); + snprintf(command, ncommand, "%s %s", rmprog, gh->group_name); system(command); any_key(0); gh->master_flag &= ~M_VALID;/* just for nnadmin */ @@ -934,7 +943,7 @@ have_group: dirbuf[strlen(dirbuf) - 1] = NUL; exec_chdir_to = dirbuf; } - sprintf(gbuf, "GROUP %s", gh->group_name); + snprintf(gbuf, FILENAME, "GROUP %s", gh->group_name); for (;;) { switch (get_cmd( -- 2.30.1 -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.9-1 (SMP w/2 CPU threads) Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) -- debconf information excluded -- Bjarni I. Gislason