WC->logged_in = 1;
extract_token(WC->wc_username, &serv_response[4], 0, '|', sizeof WC->wc_username);
- strcpy(WC->wc_password, pass);
+ safestrncpy(WC->wc_password, pass, sizeof WC->wc_password);
WC->axlevel = extract_int(&serv_response[4], 1);
if (WC->axlevel >= 6) {
WC->is_aide = 1;
*/
get_preference("startpage", buf, sizeof buf);
if (strlen(buf)==0) {
- strcpy(buf, "/dotskip&room=_BASEROOM_");
+ safestrncpy(buf, "/dotskip&room=_BASEROOM_", sizeof buf);
set_preference("startpage", buf);
}
http_redirect(buf);
{
char buf[SIZ];
- strcpy(WC->wc_username, "");
- strcpy(WC->wc_password, "");
- strcpy(WC->wc_roomname, "");
+ safestrncpy(WC->wc_username, "", sizeof WC->wc_username);
+ safestrncpy(WC->wc_password, "", sizeof WC->wc_password);
+ safestrncpy(WC->wc_roomname, "", sizeof WC->wc_roomname);
/* Calling output_headers() this way causes the cookies to be un-set */
output_headers(1, 1, 0, 1, 0, 0, 0);
"</div>\n<div id=\"content\">\n"
);
- strcpy(buf, bstr("user"));
+ safestrncpy(buf, bstr("user"), sizeof buf);
if (strlen(buf) > 0)
if (strlen(bstr("axlevel")) > 0) {
serv_printf("VALI %s|%s", buf, bstr("axlevel"));
"<table border=0 width=100%% bgcolor=\"#ffffff\"><tr><td>\n");
wprintf("<center>");
- strcpy(user, &buf[4]);
+ safestrncpy(user, &buf[4], sizeof user);
serv_printf("GREG %s", user);
serv_getln(cmd, sizeof cmd);
if (cmd[0] == '1') {
wprintf("<SPAN CLASS=\"errormsg\">"
"%s</SPAN><br />\n", WC->ImportantMessage);
do_template("endbox");
- strcpy(WC->ImportantMessage, "");
+ safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
}
wprintf("<div id=\"fix_scrollbar_bug\">"
char newpass1[32], newpass2[32];
if (strcmp(bstr("action"), "Change")) {
- strcpy(WC->ImportantMessage,
- "Cancelled. Password was not changed.");
+ safestrncpy(WC->ImportantMessage,
+ "Cancelled. Password was not changed.",
+ sizeof WC->ImportantMessage);
display_main_menu();
return;
}
- strcpy(newpass1, bstr("newpass1"));
- strcpy(newpass2, bstr("newpass2"));
+ safestrncpy(newpass1, bstr("newpass1"), sizeof newpass1);
+ safestrncpy(newpass2, bstr("newpass2"), sizeof newpass2);
if (strcasecmp(newpass1, newpass2)) {
- strcpy(WC->ImportantMessage,
- "They don't match. Password was not changed.");
+ safestrncpy(WC->ImportantMessage,
+ "They don't match. Password was not changed.",
+ sizeof WC->ImportantMessage);
display_changepw();
return;
}
if (strlen(newpass1) == 0) {
- strcpy(WC->ImportantMessage,
- "Blank passwords are not allowed.");
+ safestrncpy(WC->ImportantMessage,
+ "Blank passwords are not allowed.",
+ sizeof WC->ImportantMessage);
display_changepw();
return;
}
u = (struct urlcontent *) malloc(sizeof(struct urlcontent));
u->next = WC->urlstrings;
WC->urlstrings = u;
- strcpy(u->url_key, buf);
+ safestrncpy(u->url_key, buf, sizeof u->url_key);
/* now chop that part off */
for (a = 0; a <= b; ++a)
strcpy(ptr, "");
u->url_data = malloc(strlen(up) + 2);
- strcpy(u->url_data, up);
+ safestrncpy(u->url_data, up, sizeof u->url_data);
u->url_data[b] = 0;
unescape_input(u->url_data);
up = ptr;
"%s</SPAN><br />\n", WC->ImportantMessage);
do_template("endbox");
wprintf("</div>\n");
- strcpy(WC->ImportantMessage, "");
+ safestrncpy(WC->ImportantMessage, "", sizeof WC->ImportantMessage);
}
}
void output_static(char *what)
{
- char buf[4096];
+ char buf[256];
FILE *fp;
struct stat statbuf;
off_t bytes;
char *bigbuffer;
- char content_type[SIZ];
+ char content_type[128];
sprintf(buf, "static/%s", what);
fp = fopen(buf, "rb");
wprintf("Cannot open %s: %s\n", what, strerror(errno));
} else {
if (!strncasecmp(&what[strlen(what) - 4], ".gif", 4))
- strcpy(content_type, "image/gif");
+ safestrncpy(content_type, "image/gif", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".txt", 4))
- strcpy(content_type, "text/plain");
+ safestrncpy(content_type, "text/plain", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".css", 4))
- strcpy(content_type, "text/css");
+ safestrncpy(content_type, "text/css", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".jpg", 4))
- strcpy(content_type, "image/jpeg");
+ safestrncpy(content_type, "image/jpeg", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".png", 4))
- strcpy(content_type, "image/png");
+ safestrncpy(content_type, "image/png", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".ico", 4))
- strcpy(content_type, "image/x-icon");
+ safestrncpy(content_type, "image/x-icon", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".html", 5))
- strcpy(content_type, "text/html");
+ safestrncpy(content_type, "text/html", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".htm", 4))
- strcpy(content_type, "text/html");
+ safestrncpy(content_type, "text/html", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 4], ".wml", 4))
- strcpy(content_type, "text/vnd.wap.wml");
+ safestrncpy(content_type, "text/vnd.wap.wml", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wmls", 5))
- strcpy(content_type, "text/vnd.wap.wmlscript");
+ safestrncpy(content_type, "text/vnd.wap.wmlscript", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wmlc", 5))
- strcpy(content_type, "application/vnd.wap.wmlc");
+ safestrncpy(content_type, "application/vnd.wap.wmlc", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 6], ".wmlsc", 6))
- strcpy(content_type, "application/vnd.wap.wmlscriptc");
+ safestrncpy(content_type, "application/vnd.wap.wmlscriptc", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 5], ".wbmp", 5))
- strcpy(content_type, "image/vnd.wap.wbmp");
+ safestrncpy(content_type, "image/vnd.wap.wbmp", sizeof content_type);
else if (!strncasecmp(&what[strlen(what) - 3], ".js", 3))
- strcpy(content_type, "text/javascript");
+ safestrncpy(content_type, "text/javascript", sizeof content_type);
else
- strcpy(content_type, "application/octet-stream");
+ safestrncpy(content_type, "application/octet-stream", sizeof content_type);
fstat(fileno(fp), &statbuf);
bytes = statbuf.st_size;
- /* lprintf(3, "Static: %s, (%s; %ld bytes)\r\n",
- what, content_type, bytes); */
bigbuffer = malloc(bytes + 2);
fread(bigbuffer, bytes, 1, fp);
fclose(fp);
void change_start_page(void) {
if (bstr("startpage") == NULL) {
- strcpy(WC->ImportantMessage,
- "startpage set to null");
+ safestrncpy(WC->ImportantMessage,
+ "startpage set to null",
+ sizeof WC->ImportantMessage);
display_main_menu();
return;
}
char c_httpauth_pass[SIZ];
char cookie[SIZ];
- strcpy(c_username, "");
- strcpy(c_password, "");
- strcpy(c_roomname, "");
- strcpy(c_httpauth_string, "");
- strcpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER);
- strcpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS);
+ safestrncpy(c_username, "", sizeof c_username);
+ safestrncpy(c_password, "", sizeof c_password);
+ safestrncpy(c_roomname, "", sizeof c_roomname);
+ safestrncpy(c_httpauth_string, "", sizeof c_httpauth_string);
+ safestrncpy(c_httpauth_user, DEFAULT_HTTPAUTH_USER, sizeof c_httpauth_user);
+ safestrncpy(c_httpauth_pass, DEFAULT_HTTPAUTH_PASS, sizeof c_httpauth_pass);
WC->upload_length = 0;
WC->upload = NULL;
hptr = req;
if (hptr == NULL) return;
- strcpy(cmd, hptr->line);
+ safestrncpy(cmd, hptr->line, sizeof cmd);
hptr = hptr->next;
extract_token(method, cmd, 0, ' ', sizeof method);
extract_action(action, cmd);
while (hptr != NULL) {
- strcpy(buf, hptr->line);
+ safestrncpy(buf, hptr->line, sizeof buf);
hptr = hptr->next;
if (!strncasecmp(buf, "Cookie: webcit=", 15)) {
ContentType, ContentLength);
body_start = strlen(content);
- /* Be daring and read it all at once. */
+ /* Read the entire input data at once. */
client_read(WC->http_sock, &content[BytesRead+body_start],
ContentLength);
/* Static content can be sent without connecting to Citadel. */
if (!strcasecmp(action, "static")) {
- strcpy(buf, &cmd[12]);
+ safestrncpy(buf, &cmd[12], sizeof buf);
for (a = 0; a < strlen(buf); ++a)
if (isspace(buf[a]))
buf[a] = 0;
if (buf[0] == '2') {
become_logged_in(c_httpauth_user,
c_httpauth_pass, buf);
- strcpy(WC->httpauth_user, c_httpauth_user);
- strcpy(WC->httpauth_pass, c_httpauth_pass);
+ safestrncpy(WC->httpauth_user, c_httpauth_user, sizeof WC->httpauth_user);
+ safestrncpy(WC->httpauth_pass, c_httpauth_pass, sizeof WC->httpauth_pass);
}
}
}
serv_printf("GOTO %s", c_roomname);
serv_getln(buf, sizeof buf);
if (buf[0] == '2') {
- strcpy(WC->wc_roomname, c_roomname);
+ safestrncpy(WC->wc_roomname, c_roomname, sizeof WC->wc_roomname);
}
}