}
close(pipev[0]);
- write(pipev[1], buf, sprintf(buf, "%lu\n", (unsigned long) uid));
+ write(pipev[1], buf,
+ snprintf(buf, sizeof buf, "%lu\n", (unsigned long) uid));
write(pipev[1], pass, strlen(pass));
write(pipev[1], "\n", 1);
close(pipev[1]);
cdb_delete(CDB_USERSUPP, lowercase_name, strlen(lowercase_name));
/* remove the user's bio file */
- sprintf(filename, "./bio/%ld", usbuf.usernum);
+ snprintf(filename, sizeof filename, "./bio/%ld", usbuf.usernum);
unlink(filename);
/* remove the user's picture */
- sprintf(filename, "./userpics/%ld.gif", usbuf.usernum);
+ snprintf(filename, sizeof filename, "./userpics/%ld.gif", usbuf.usernum);
unlink(filename);
return (0);
CtdlGetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
vbuf.v_lastseen = newlr;
- sprintf(vbuf.v_seen, "*:%ld", newlr);
+ snprintf(vbuf.v_seen, sizeof vbuf.v_seen, "*:%ld", newlr);
CtdlSetRelationship(&vbuf, &CC->usersupp, &CC->quickroom);
lputuser(&CC->usersupp);
lputuser(&USscratch);
/* post a message in Aide> saying what we just did */
- sprintf(bbb, "%s %s %s> by %s\n",
+ snprintf(bbb, sizeof bbb, "%s %s %s> by %s\n",
iuser,
((op == 1) ? "invited to" : "kicked out of"),
CC->quickroom.QRname,
exit(code);
}
-void escapize(char buf[]) {
+static void escapize(char *buf, size_t n) {
char hold[512];
int i;
strcpy(buf, "");
for (i=0; i<strlen(hold); ++i) {
+ size_t tmp = strlen(buf);
+
if (hold[i]=='<')
- sprintf(&buf[strlen(buf)], "<");
+ snprintf(&buf[tmp], n - tmp, "<");
else if (hold[i]=='>')
- sprintf(&buf[strlen(buf)], ">");
+ snprintf(&buf[tmp], n - tmp, ">");
else if (hold[i]==34)
- sprintf(&buf[strlen(buf)], """);
+ snprintf(&buf[tmp], n - tmp, """);
else
- sprintf(&buf[strlen(buf)], "%c", hold[i]);
+ snprintf(&buf[tmp], n - tmp, "%c", hold[i]);
}
}
while (serv_gets(buf), strcmp(buf,"000")) {
/* Escape some stuff if we're using www mode */
- if (www) escapize(buf);
+ if (www) escapize(buf, sizeof buf);
s_pid = extract_int(buf,0);
extract(s_user,buf,1);
{
static char buf[32];
- sprintf(buf,"errno = %d",e);
+ snprintf(buf, sizeof buf, "errno = %d",e);
return(buf);
}
#endif