config.cache
sysdep.h.in
so_locations
+*.ro
+1998-10-12 Nathan Bryant <bryant@cs.usm.maine.edu>
+ * Makefile.in: simplified to use pattern rules; files compiled with
+ -D_REENTRANT go to *.ro to allow the same files to be used with both
+ client and server
+ * tools.c, tools.h: new files; misc routines used by both client and
+ server go here. contains safestrncpy() at the moment.
+ * rooms.c: fix several exploitable buffer overruns
+ * .cvsignore: add *.ro
+
Sun Oct 11 23:17:48 EDT 1998 Art Cancro <ajc@uncnsrd.mt-kisco.ny.us>
* Built some more of the message expiry infrastructure
#
citadel: ipc_c_tcp.o citadel.o rooms.o routines.o routines2.o messages.o \
- commands.o client_chat.o serv_info.o
- $(CC) ipc_c_tcp.o citadel.o rooms.o routines.o routines2.o \
- messages.o commands.o client_chat.o serv_info.o $(LDFLAGS) -o citadel
+ commands.o client_chat.o serv_info.o tools.o $(SNPRINTF)
+ $(CC) $^ $(LDFLAGS) -o citadel
netpoll: netpoll.o config.o ipc_c_tcp.o
$(CC) netpoll.o config.o ipc_c_tcp.o $(LDFLAGS) -o netpoll
-netpoll.o: netpoll.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c netpoll.c
-
-ipc_c_tcp.o: ipc_c_tcp.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c ipc_c_tcp.c
-
-citadel.o: citadel.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c citadel.c
-
-rooms.o: rooms.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c rooms.c
-
-messages.o: messages.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c messages.c
-
-commands.o: commands.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c commands.c
-
-routines.o: routines.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c routines.c
-
-routines2.o: routines2.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c routines2.c
-
-client_chat.o: client_chat.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c client_chat.c
-
-serv_info.o: serv_info.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c serv_info.c
-
+%.o: %.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c $<
#
#
-citserver: citserver.o user_ops.o support.o room_ops.o file_ops.o \
- msgbase.o config.o sysdep.o locate_host.o \
- housekeeping.o database.o control.o logging.o \
- dynloader.o $(SNPRINTF)
+citserver: citserver.ro user_ops.ro support.ro room_ops.ro file_ops.ro \
+ msgbase.ro config.ro sysdep.ro locate_host.ro \
+ housekeeping.ro database.ro control.ro logging.ro \
+ dynloader.ro $(SNPRINTF:.o=.ro)
$(CC) \
- citserver.o user_ops.o room_ops.o file_ops.o support.o \
- msgbase.o config.o sysdep.o locate_host.o \
- housekeeping.o database.o control.o logging.o \
- dynloader.o $(SNPRINTF)\
+ citserver.ro user_ops.ro room_ops.ro file_ops.ro support.ro \
+ msgbase.ro config.ro sysdep.ro locate_host.ro \
+ housekeeping.ro database.ro control.ro logging.ro \
+ dynloader.ro $(SNPRINTF:.o=.ro)\
$(LDFLAGS) $(SERVER_LDFLAGS) $(LIBS) -o citserver
-citserver.o: citserver.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c citserver.c
-
-snprintf.o: snprintf.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c snprintf.c
-
-user_ops.o: user_ops.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c user_ops.c
-
-room_ops.o: room_ops.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c room_ops.c
-
-dynloader.o: dynloader.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c dynloader.c
-
-file_ops.o: file_ops.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c file_ops.c
-
-support.o: support.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c support.c
-
-msgbase.o: msgbase.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c msgbase.c
-
-locate_host.o: locate_host.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c locate_host.c
+%.ro: %.c
+ $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c $< -o $@
modules/serv_chat.so: serv_chat.o
$(CC) -shared -o modules/serv_chat.so serv_chat.o
serv_test.o: serv_test.c
$(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -fPIC -c serv_test.c
-housekeeping.o: housekeeping.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c housekeeping.c
-
-database.o: database.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c database.c
-
-control.o: control.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c control.c
-
-logging.o: logging.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c logging.c
-
-config.o: config.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c config.c
-
-sysdep.o: sysdep.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) $(PTHREAD_DEFS) -c sysdep.c
-
aidepost: aidepost.o config.o
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) aidepost.o config.o $(LDFLAGS) -o aidepost
-
-aidepost.o: aidepost.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c aidepost.c
+ $(CC) aidepost.o config.o $(LDFLAGS) -o aidepost
#
# 'netmailer' needs to run setuid because it generates headers for Internet
$(CC) netmailer.o config.o internetmail.o $(LDFLAGS) -o netmailer
chmod 4755 netmailer
-netmailer.o: netmailer.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c netmailer.c
-
-internetmail.o: internetmail.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c internetmail.c
-
netproc: netproc.o config.o ipc_c_tcp.o
- $(CC) netproc.o config.o ipc_c_tcp.o \
- $(LDFLAGS) -o netproc
-
-netproc.o: netproc.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c netproc.c
+ $(CC) netproc.o config.o ipc_c_tcp.o $(LDFLAGS) -o netproc
citmail: citmail.o config.o internetmail.o
@echo "*"
$(CC) citmail.o config.o internetmail.o $(LDFLAGS) -o citmail
chmod 4755 citmail
-citmail.o: citmail.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c citmail.c
-
mailinglist: mailinglist.o config.o internetmail.o
- $(CC) mailinglist.o config.o internetmail.o \
- $(LDFLAGS) -o mailinglist
-
-mailinglist.o: mailinglist.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c mailinglist.c
+ $(CC) mailinglist.o config.o internetmail.o $(LDFLAGS) -o mailinglist
setup: setup.o
$(CC) setup.o $(CURSES) $(LDFLAGS) -o setup
-setup.o: setup.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c setup.c
-
netsetup: netsetup.o config.o
$(CC) netsetup.o config.o $(LDFLAGS) -o netsetup
-netsetup.o: netsetup.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c netsetup.c
-
proxy: proxy.o ipc_c_tcp.o
$(CC) proxy.o ipc_c_tcp.o $(LDFLAGS) -o proxy
-proxy.o: proxy.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c proxy.c
-
whobbs: whobbs.o ipc_c_tcp.o
$(CC) whobbs.o ipc_c_tcp.o $(LDFLAGS) -o whobbs
-whobbs.o: whobbs.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c whobbs.c
-
userlist: userlist.o ipc_c_tcp.o
$(CC) userlist.o ipc_c_tcp.o $(LDFLAGS) -o userlist
-userlist.o: userlist.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c userlist.c
-
msgform: msgform.o
$(CC) msgform.o $(LDFLAGS) -o msgform
-msgform.o: msgform.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c msgform.c
-
readlog: readlog.o config.o
$(CC) readlog.o config.o $(LDFLAGS) -o readlog
-readlog.o: readlog.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c readlog.c
-
rcit: rcit.o config.o
$(CC) rcit.o config.o $(LDFLAGS) -o rcit
@echo "*"
@echo "* ln -s rcit /usr/bin/rnews"
@echo "*"
-rcit.o: rcit.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c rcit.c
-
stats: stats.o config.o
$(CC) stats.o config.o $(LDFLAGS) -o stats
-stats.o: stats.c
- $(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -c stats.c
-
clean:
- find . -name \*.[o] -print -exec rm -f {} \;
+ find . -name \*.o -print -exec rm -f {} \;
+ find . -name \*.ro -print -exec rm -f {} \;
cleaner: clean
rm -f $(CLIENT_TARGETS) $(SERVER_TARGETS) $(UTIL_TARGETS) \
#include <errno.h>
#include "citadel.h"
#include "rooms.h"
+#include "tools.h"
#define IFEXPERT if (userflags&US_EXPERT)
#define IFNEXPERT if ((userflags&US_EXPERT)==0)
do {
newfloor = (-1);
- strcpy(floorstr,&floorlist[rfloor][0]);
+ safestrncpy(floorstr,floorlist[rfloor],sizeof floorstr);
strprompt("Which floor",floorstr,256);
for (a=0; a<128; ++a) {
if (!strucmp(floorstr,&floorlist[a][0]))
serv_puts("GETA");
serv_gets(buf);
- if (buf[0]=='2') strcpy(raide,&buf[4]);
+ if (buf[0]=='2') safestrncpy(raide,&buf[4],sizeof raide);
else strcpy(raide,"");
if (strlen(raide)==0) strcpy(raide,"none");
strcpy(buf,"200");
}
else {
- sprintf(buf,"QUSR %s",raide);
+ snprintf(buf,sizeof buf,"QUSR %s",raide);
serv_puts(buf);
serv_gets(buf);
if (buf[0]!='2') printf("%s\n",&buf[4]);
printf("Save changes (y/n)? ");
if (yesno()==1) {
- sprintf(buf,"SETR %s|%s|%s|%d|%d|%d",
+ snprintf(buf,sizeof buf,"SETR %s|%s|%s|%d|%d|%d",
rname,rpass,rdir,rflags,rbump,rfloor);
serv_puts(buf);
serv_gets(buf);
printf("%s\n",&buf[4]);
- sprintf(buf,"SETA %s",raide);
+ snprintf(buf,sizeof buf,"SETA %s",raide);
serv_puts(buf);
serv_gets(buf);
if (buf[0]=='2') dotgoto(rname,2);
char buf[256];
if (!strcmp(ugname,"")) return;
- sprintf(buf,"GOTO %s",ugname);
+ snprintf(buf,sizeof buf,"GOTO %s",ugname);
serv_puts(buf);
serv_gets(buf);
if (buf[0]!='2') {
serv_puts(buf);
serv_gets(buf);
if (buf[0]!='2') printf("%s\n",&buf[4]);
- strcpy(buf,ugname);
+ safestrncpy(buf,ugname,sizeof buf);
strcpy(ugname,"");
dotgoto(buf,0);
}
newprompt("Enter filename: ",filename,255);
- sprintf(buf,"OPEN %s",filename);
+ snprintf(buf,sizeof buf,"OPEN %s",filename);
serv_puts(buf);
serv_gets(buf);
if (buf[0]!='2') {
mkdir(tempdir,0700);
- sprintf(buf,"%s/%s",tempdir,filename);
+ snprintf(buf,sizeof buf,"%s/%s",tempdir,filename);
mkfifo(buf, 0777);
/* We do the remainder of this function as a separate process in
return;
}
- sprintf(buf,"%s/%s",tempdir,filename); /* full pathname */
+ snprintf(buf,sizeof buf,"%s/%s",tempdir,filename); /* full pathname */
/* The next fork() creates a second child process that is used for
* the actual file transfer program (usually sz).
sttybbs(0);
signal(SIGINT,SIG_DFL);
signal(SIGQUIT,SIG_DFL);
- sprintf(dbuf,"SHELL=/dev/null; export SHELL; TERM=dumb; export TERM; exec more -d <%s",buf);
+ snprintf(dbuf,sizeof dbuf,"SHELL=/dev/null; export SHELL; TERM=dumb; export TERM; exec more -d <%s",buf);
system(dbuf);
sttybbs(SB_NO_INTR);
exit(0);
newprompt("Name of user? ",aaa,30);
if (aaa[0]==0) return;
- sprintf(bbb,"INVT %s",aaa);
+ snprintf(bbb,sizeof bbb,"INVT %s",aaa);
serv_puts(bbb);
serv_gets(bbb);
printf("%s\n",&bbb[4]);
newprompt("Name of user? ",aaa,30);
if (aaa[0]==0) return;
- sprintf(bbb,"KICK %s",aaa);
+ snprintf(bbb,sizeof bbb,"KICK %s",aaa);
serv_puts(bbb);
serv_gets(bbb);
printf("%s\n",&bbb[4]);
a=yesno();
if (a==0) return;
- sprintf(cmd, "CRE8 1|%s|%d|%s|%d", new_room_name,
+ snprintf(cmd, sizeof cmd, "CRE8 1|%s|%d|%s|%d", new_room_name,
new_room_type, new_room_pass, new_room_floor);
serv_puts(cmd);
serv_gets(cmd);
void enter_bio(void) {
char cmd[256];
- sprintf(cmd,"RBIO %s",fullname);
+ snprintf(cmd,sizeof cmd,"RBIO %s",fullname);
do_edit("your Bio",cmd,"NOOP","EBIO");
}
}
newprompt("Name for new floor: ",newfloorname,255);
- sprintf(buf,"CFLR %s|1",newfloorname);
+ snprintf(buf,sizeof buf,"CFLR %s|1",newfloorname);
serv_puts(buf);
serv_gets(buf);
if (buf[0]=='2') {
if (floorlist[(int)curr_floor][0]==0) load_floorlist();
strprompt("New floor name",&floorlist[(int)curr_floor][0],255);
- sprintf(buf,"EFLR %d|%s",curr_floor,&floorlist[(int)curr_floor][0]);
+ snprintf(buf,sizeof buf,"EFLR %d|%s",curr_floor,
+ &floorlist[(int)curr_floor][0]);
serv_puts(buf);
serv_gets(buf);
printf("%s\n",&buf[4]);
--- /dev/null
+/*
+ * tools.c -- Miscellaneous routines used by both the client and server.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "tools.h"
+
+char *safestrncpy(char *dest, const char *src, size_t n)
+{
+ if (dest == NULL || src == NULL)
+ {
+ fprintf(stderr, "safestrncpy: NULL argument\n");
+ abort();
+ }
+ strncpy(dest, src, n);
+ dest[n - 1] = 0;
+ return dest;
+}
--- /dev/null
+char *safestrncpy(char *dest, const char *src, size_t n);