From 119f5ee3d14919e18afc159074295c51e5f911ba Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Thu, 24 Mar 2005 22:13:58 +0000 Subject: [PATCH] * extract_token() now expects to be supplied with the size of the destination string buffer. This, along with the elimination of other unbounded functions like strcpy(), will allow the removal of the "all string buffers are of size SIZ" assumption (a process which I have already begun), which will hopefully reduce stack consumption. --- citadel/ChangeLog | 8 +++ citadel/citadel.c | 26 ++++----- citadel/citadel_ipc.c | 48 +++++++-------- citadel/citserver.c | 42 +++++++------ citadel/client_chat.c | 6 +- citadel/client_passwords.c | 20 +++---- citadel/commands.c | 10 ++-- citadel/control.c | 12 ++-- citadel/domain.c | 10 ++-- citadel/file_ops.c | 66 +++++++++++---------- citadel/imap_fetch.c | 30 +++++----- citadel/imap_misc.c | 2 +- citadel/imap_store.c | 8 +-- citadel/imap_tools.c | 20 +++---- citadel/internet_addressing.c | 17 +++--- citadel/locate_host.c | 7 +-- citadel/messages.c | 4 +- citadel/msgbase.c | 70 +++++++++++----------- citadel/msgbase.h | 2 +- citadel/policy.c | 8 +-- citadel/room_ops.c | 73 +++++++++++------------ citadel/rooms.c | 26 ++++----- citadel/routines2.c | 94 ++++++++++++++--------------- citadel/serv_bio.c | 22 +++---- citadel/serv_calendar.c | 42 ++++++------- citadel/serv_chat.c | 9 ++- citadel/serv_inetcfg.c | 4 +- citadel/serv_ldap.c | 32 +++++----- citadel/serv_listsub.c | 107 +++++++++++++++++----------------- citadel/serv_mrtg.c | 4 +- citadel/serv_network.c | 102 ++++++++++++++++---------------- citadel/serv_pas2.c | 4 +- citadel/serv_rwho.c | 24 ++++---- citadel/serv_smtp.c | 78 ++++++++++++------------- citadel/serv_spam.c | 2 +- citadel/serv_vandelay.c | 4 +- citadel/serv_vcard.c | 63 ++++++++++---------- citadel/setup.c | 18 +++--- citadel/tools.c | 23 ++++---- citadel/tools.h | 3 +- citadel/user_ops.c | 38 ++++++------ citadel/userlist.c | 6 +- citadel/whobbs.c | 10 ++-- 43 files changed, 604 insertions(+), 600 deletions(-) diff --git a/citadel/ChangeLog b/citadel/ChangeLog index 71eb6333b..0ca147a53 100644 --- a/citadel/ChangeLog +++ b/citadel/ChangeLog @@ -1,4 +1,11 @@ $Log$ + Revision 641.32 2005/03/24 22:13:56 ajc + * extract_token() now expects to be supplied with the size of the + destination string buffer. This, along with the elimination of other + unbounded functions like strcpy(), will allow the removal of the + "all string buffers are of size SIZ" assumption (a process which I have + already begun), which will hopefully reduce stack consumption. + Revision 641.31 2005/03/22 21:53:48 ajc * Oops, forgot to initialize some data structures... @@ -6559,3 +6566,4 @@ Sat Jul 11 00:20:48 EDT 1998 Nathan Bryant Fri Jul 10 1998 Art Cancro * Initial CVS import + diff --git a/citadel/citadel.c b/citadel/citadel.c index b08346f93..ec5cdc574 100644 --- a/citadel/citadel.c +++ b/citadel/citadel.c @@ -220,11 +220,11 @@ void userlist(CtdlIPC *ipc, char *patn) pprintf(" User Name Num L LastCall Calls Posts\n"); pprintf("------------------------- ----- - ---------- ----- -----\n"); while (strlen(listing) > 0) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); if (sigcaught == 0) { - extract(fl, buf, 0); + extract_token(fl, buf, 0, '|', sizeof fl); if (pattern(fl, patn) >= 0) { pprintf("%-25s ", fl); pprintf("%5ld %d ", extract_long(buf, 2), @@ -250,7 +250,7 @@ void userlist(CtdlIPC *ipc, char *patn) */ void load_user_info(char *params) { - extract(fullname, params, 0); + extract_token(fullname, params, 0, '|', sizeof fullname); axlevel = extract_int(params, 1); timescalled = extract_int(params, 2); posted = extract_int(params, 3); @@ -848,7 +848,7 @@ char *SortOnlineUsers(char *listing) { /* Copy the list into a fixed-record-size array for sorting */ for (i=0; inext = NULL; - extract(mptr->march_name, aaa, 0); + extract_token(mptr->march_name, aaa, 0, '|', sizeof mptr->march_name); mptr->march_flags = (unsigned int) extract_int(aaa, 1); mptr->march_floor = (char) extract_int(aaa, 2); mptr->march_order = (char) extract_int(aaa, 3); @@ -396,7 +396,7 @@ int CtdlIPCGotoRoom(CtdlIPC *ipc, const char *room, const char *passwd, } ret = CtdlIPCGenericCommand(ipc, aaa, NULL, 0, NULL, NULL, cret); if (ret / 100 == 2) { - extract(rret[0]->RRname, cret, 0); + extract_token(rret[0]->RRname, cret, 0, '|', sizeof rret[0]->RRname); rret[0]->RRunread = extract_long(cret, 1); rret[0]->RRtotal = extract_long(cret, 2); rret[0]->RRinfoupdated = extract_int(cret, 3); @@ -448,7 +448,7 @@ int CtdlIPCGetMessages(CtdlIPC *ipc, enum MessageList which, int whicharg, if (!*mret) return -1; while (bbb && strlen(bbb)) { - extract_token(aaa, bbb, 0, '\n'); + extract_token(aaa, bbb, 0, '\n', sizeof aaa); remove_token(bbb, 0, '\n'); *mret = (unsigned long *)realloc(*mret, (size_t)((count + 2) * sizeof (unsigned long))); @@ -473,7 +473,7 @@ int CtdlIPCGetSingleMessage(CtdlIPC *ipc, long msgnum, int headers, int as_mime, char *bbb = NULL; size_t bbbsize; int multipart_hunting = 0; - char multipart_prefix[SIZ]; + char multipart_prefix[128]; if (!cret) return -1; if (!mret) return -1; @@ -488,7 +488,7 @@ int CtdlIPCGetSingleMessage(CtdlIPC *ipc, long msgnum, int headers, int as_mime, if (as_mime != 2) { strcpy(mret[0]->mime_chosen, "1"); /* Default chosen-part is "1" */ while (strlen(bbb) > 4 && bbb[4] == '=') { - extract_token(aaa, bbb, 0, '\n'); + extract_token(aaa, bbb, 0, '\n', sizeof aaa); remove_token(bbb, 0, '\n'); if (!strncasecmp(aaa, "nhdr=yes", 8)) @@ -518,14 +518,14 @@ int CtdlIPCGetSingleMessage(CtdlIPC *ipc, long msgnum, int headers, int as_mime, * us to determine which part we want to download. */ else if (!strncasecmp(aaa, "pref=", 5)) { - extract(multipart_prefix, &aaa[5], 1); + extract_token(multipart_prefix, &aaa[5], 1, '|', sizeof multipart_prefix); if (!strcasecmp(multipart_prefix, "multipart/alternative")) { ++multipart_hunting; } } else if (!strncasecmp(aaa, "suff=", 5)) { - extract(multipart_prefix, &aaa[5], 1); + extract_token(multipart_prefix, &aaa[5], 1, '|', sizeof multipart_prefix); if (!strcasecmp(multipart_prefix, "multipart/alternative")) { ++multipart_hunting; @@ -539,11 +539,11 @@ int CtdlIPCGetSingleMessage(CtdlIPC *ipc, long msgnum, int headers, int as_mime, if (ptr) { /* Fill the buffers for the caller */ - extract(ptr->name, &aaa[5], 0); - extract(ptr->filename, &aaa[5], 1); - extract(ptr->number, &aaa[5], 2); - extract(ptr->disposition, &aaa[5], 3); - extract(ptr->mimetype, &aaa[5], 4); + extract_token(ptr->name, &aaa[5], 0, '|', sizeof ptr->name); + extract_token(ptr->filename, &aaa[5], 1, '|', sizeof ptr->filename); + extract_token(ptr->number, &aaa[5], 2, '|', sizeof ptr->number); + extract_token(ptr->disposition, &aaa[5], 3, '|', sizeof ptr->disposition); + extract_token(ptr->mimetype, &aaa[5], 4, '|', sizeof ptr->mimetype); ptr->length = extract_long(&aaa[5], 5); if (!mret[0]->attachments) mret[0]->attachments = ptr; @@ -575,7 +575,7 @@ int CtdlIPCGetSingleMessage(CtdlIPC *ipc, long msgnum, int headers, int as_mime, if (as_mime == 4) { do { if (!strncasecmp(bbb, "Content-type: ", 14)) { - extract_token(mret[0]->content_type, bbb, 0, '\n'); + extract_token(mret[0]->content_type, bbb, 0, '\n', sizeof mret[0]->content_type); strcpy(mret[0]->content_type, &mret[0]->content_type[14]); striplt(mret[0]->content_type); @@ -630,7 +630,7 @@ int CtdlIPCServerInfo(CtdlIPC *ipc, char *cret) int line = 0; while (*listing && strlen(listing)) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); switch (line++) { case 0: ipc->ServInfo.pid = atoi(buf); @@ -752,9 +752,9 @@ int CtdlIPCGetRoomAttributes(CtdlIPC *ipc, struct ctdlroom **qret, char *cret) ret = CtdlIPCGenericCommand(ipc, "GETR", NULL, 0, NULL, NULL, cret); if (ret / 100 == 2) { - extract(qret[0]->QRname, cret, 0); - extract(qret[0]->QRpasswd, cret, 1); - extract(qret[0]->QRdirname, cret, 2); + extract_token(qret[0]->QRname, cret, 0, '|', sizeof qret[0]->QRname); + extract_token(qret[0]->QRpasswd, cret, 1, '|', sizeof qret[0]->QRpasswd); + extract_token(qret[0]->QRdirname, cret, 2, '|', sizeof qret[0]->QRdirname); qret[0]->QRflags = extract_int(cret, 3); qret[0]->QRfloor = extract_int(cret, 4); qret[0]->QRorder = extract_int(cret, 5); @@ -1168,7 +1168,7 @@ int CtdlIPCFileDownload(CtdlIPC *ipc, const char *filename, void **buf, ipc->downloading = 1; bytes = extract_long(cret, 0); last_mod = extract_int(cret, 1); - extract(mimetype, cret, 2); + extract_token(mimetype, cret, 2, '|', sizeof mimetype); ret = CtdlIPCReadDownload(ipc, buf, bytes, resume, progress_gauge_callback, cret); @@ -1213,8 +1213,8 @@ int CtdlIPCAttachmentDownload(CtdlIPC *ipc, long msgnum, const char *part, ipc->downloading = 1; bytes = extract_long(cret, 0); last_mod = extract_int(cret, 1); - extract(filename, cret, 2); - extract(mimetype, cret, 3); + extract_token(filename, cret, 2, '|', sizeof filename); + extract_token(mimetype, cret, 3, '|', sizeof mimetype); /* ret = CtdlIPCReadDownload(ipc, buf, bytes, 0, progress_gauge_callback, cret); */ ret = CtdlIPCHighSpeedReadDownload(ipc, buf, bytes, 0, progress_gauge_callback, cret); ret = CtdlIPCEndDownload(ipc, cret); @@ -1254,7 +1254,7 @@ int CtdlIPCImageDownload(CtdlIPC *ipc, const char *filename, void **buf, ipc->downloading = 1; bytes = extract_long(cret, 0); last_mod = extract_int(cret, 1); - extract(mimetype, cret, 2); + extract_token(mimetype, cret, 2, '|', sizeof mimetype); /* ret = CtdlIPCReadDownload(ipc, buf, bytes, 0, progress_gauge_callback, cret); */ ret = CtdlIPCHighSpeedReadDownload(ipc, buf, bytes, 0, progress_gauge_callback, cret); ret = CtdlIPCEndDownload(ipc, cret); @@ -1694,8 +1694,8 @@ int CtdlIPCAideGetUserParameters(CtdlIPC *ipc, const char *who, ret = CtdlIPCGenericCommand(ipc, aaa, NULL, 0, NULL, NULL, cret); if (ret / 100 == 2) { - extract(uret[0]->fullname, cret, 0); - extract(uret[0]->password, cret, 1); + extract_token(uret[0]->fullname, cret, 0, '|', sizeof uret[0]->fullname); + extract_token(uret[0]->password, cret, 1, '|', sizeof uret[0]->password); uret[0]->flags = extract_int(cret, 2); uret[0]->timescalled = extract_long(cret, 3); uret[0]->posted = extract_long(cret, 4); diff --git a/citadel/citserver.c b/citadel/citserver.c index cb73a2ad6..1fec901a4 100644 --- a/citadel/citserver.c +++ b/citadel/citserver.c @@ -273,8 +273,8 @@ void cmd_time(void) */ int is_public_client(void) { - char buf[SIZ]; - char addrbuf[SIZ]; + char buf[1024]; + char addrbuf[1024]; FILE *fp; int i; struct stat statbuf; @@ -329,7 +329,7 @@ int is_public_client(void) lprintf(CTDL_DEBUG, "Checking whether %s is a local or public client\n", CC->cs_addr); for (i=0; ics_addr, addrbuf)) { lprintf(CTDL_DEBUG, "... yes it is.\n"); return(1); @@ -350,8 +350,8 @@ void cmd_iden(char *argbuf) int dev_code; int cli_code; int rev_level; - char desc[SIZ]; - char from_host[SIZ]; + char desc[128]; + char from_host[128]; struct in_addr addr; int do_lookup = 0; @@ -363,11 +363,11 @@ void cmd_iden(char *argbuf) dev_code = extract_int(argbuf,0); cli_code = extract_int(argbuf,1); rev_level = extract_int(argbuf,2); - extract(desc,argbuf,3); + extract_token(desc, argbuf, 3, '|', sizeof desc); safestrncpy(from_host, config.c_fqdn, sizeof from_host); from_host[sizeof from_host - 1] = 0; - if (num_parms(argbuf)>=5) extract(from_host,argbuf,4); + if (num_parms(argbuf)>=5) extract_token(from_host, argbuf, 4, '|', sizeof from_host); CC->cs_clientdev = dev_code; CC->cs_clienttyp = cli_code; @@ -410,24 +410,24 @@ void cmd_iden(char *argbuf) void cmd_mesg(char *mname) { FILE *mfp; - char targ[SIZ]; - char buf[SIZ]; - char buf2[SIZ]; + char targ[256]; + char buf[256]; + char buf2[256]; char *dirs[2]; - extract(buf,mname,0); + extract_token(buf, mname, 0, '|', sizeof buf); dirs[0]=malloc(64); dirs[1]=malloc(64); strcpy(dirs[0],"messages"); strcpy(dirs[1],"help"); snprintf(buf2, sizeof buf2, "%s.%d.%d", buf, CC->cs_clientdev, CC->cs_clienttyp); - mesg_locate(targ,sizeof targ,buf2,2,(const char **)dirs); + mesg_locate(targ, sizeof targ, buf2, 2, (const char **)dirs); if (strlen(targ) == 0) { snprintf(buf2, sizeof buf2, "%s.%d", buf, CC->cs_clientdev); - mesg_locate(targ,sizeof targ,buf2,2,(const char **)dirs); + mesg_locate(targ, sizeof targ, buf2, 2, (const char **)dirs); if (strlen(targ) == 0) { - mesg_locate(targ,sizeof targ,buf,2,(const char **)dirs); + mesg_locate(targ, sizeof targ, buf, 2, (const char **)dirs); } } free(dirs[0]); @@ -463,8 +463,8 @@ void cmd_mesg(char *mname) void cmd_emsg(char *mname) { FILE *mfp; - char targ[SIZ]; - char buf[SIZ]; + char targ[256]; + char buf[256]; char *dirs[2]; int a; @@ -472,16 +472,14 @@ void cmd_emsg(char *mname) if (CtdlAccessCheck(ac_aide)) return; - extract(buf,mname,0); + extract_token(buf, mname, 0, '|', sizeof buf); for (a=0; a= 2) { - extract(c_user, buf, 0); - extract(c_text, buf, 1); + extract_token(c_user, buf, 0, '|', sizeof c_user); + extract_token(c_text, buf, 1, '|', sizeof c_text); if (num_parms(buf) > 2) { - extract(c_room, buf, 2); + extract_token(c_room, buf, 2, '|', sizeof c_room); scr_printf("Got room %s\n", c_room); } if (strcasecmp(c_text, "NOOP")) { diff --git a/citadel/client_passwords.c b/citadel/client_passwords.c index 5e8dc10de..603588bf7 100644 --- a/citadel/client_passwords.c +++ b/citadel/client_passwords.c @@ -47,7 +47,7 @@ void get_stored_password( FILE *fp; char buf[SIZ]; char buf64[SIZ]; - char hostbuf[SIZ], portbuf[SIZ], ubuf[SIZ], pbuf[SIZ]; + char hostbuf[256], portbuf[256], ubuf[256], pbuf[256]; strcpy(username, ""); strcpy(password, ""); @@ -59,10 +59,10 @@ void get_stored_password( if (fp == NULL) return; while (fgets(buf64, sizeof buf64, fp) != NULL) { CtdlDecodeBase64(buf, buf64, sizeof(buf64)); - extract(hostbuf, buf, 0); - extract(portbuf, buf, 1); - extract(ubuf, buf, 2); - extract(pbuf, buf, 3); + extract_token(hostbuf, buf, 0, '|', sizeof hostbuf); + extract_token(portbuf, buf, 1, '|', sizeof portbuf); + extract_token(ubuf, buf, 2, '|', sizeof ubuf); + extract_token(pbuf, buf, 3, '|', sizeof pbuf); if (!strcasecmp(hostbuf, host)) { if (!strcasecmp(portbuf, port)) { @@ -88,7 +88,7 @@ void set_stored_password( FILE *fp, *oldfp; char buf[SIZ]; char buf64[SIZ]; - char hostbuf[SIZ], portbuf[SIZ], ubuf[SIZ], pbuf[SIZ]; + char hostbuf[256], portbuf[256], ubuf[256], pbuf[256]; determine_pwfilename(pwfile, sizeof pwfile); if (strlen(pwfile)==0) return; @@ -100,10 +100,10 @@ void set_stored_password( if (fp == NULL) fp = fopen("/dev/null", "w"); while (fgets(buf64, sizeof buf64, oldfp) != NULL) { CtdlDecodeBase64(buf, buf64, sizeof(buf64)); - extract(hostbuf, buf, 0); - extract(portbuf, buf, 1); - extract(ubuf, buf, 2); - extract(pbuf, buf, 3); + extract_token(hostbuf, buf, 0, '|', sizeof hostbuf); + extract_token(portbuf, buf, 1, '|', sizeof portbuf); + extract_token(ubuf, buf, 2, '|', sizeof ubuf); + extract_token(pbuf, buf, 3, '|', sizeof pbuf); if ( (strcasecmp(hostbuf, host)) || (strcasecmp(portbuf, port)) ) { diff --git a/citadel/commands.c b/citadel/commands.c index 758df4aa0..892258f62 100644 --- a/citadel/commands.c +++ b/citadel/commands.c @@ -232,8 +232,8 @@ void print_instant(void) instant_msgs = extract_int(buf, 0); timestamp = extract_long(buf, 1); flags = extract_int(buf, 2); - extract(sender, buf, 3); - extract(node, buf, 4); + extract_token(sender, buf, 3, '|', sizeof sender); + extract_token(node, buf, 4, '|', sizeof node); strcpy(last_paged, sender); localtime_r(×tamp, &stamp); @@ -1627,7 +1627,7 @@ char keymenu(char *menuprompt, char *menustring) { } else { for (i=0; i 0) && (strcasecmp(buf, nodename)) ) { strcat(ptr, buf); @@ -95,7 +95,7 @@ int network_talking_to(char *nodename, int operation) { if (nttlist == NULL) break; if (strlen(nttlist) == 0) break; for (i = 0; i < num_tokens(nttlist, '|'); ++i) { - extract(buf, nttlist, i); + extract_token(buf, nttlist, i, '|', sizeof buf); if (!strcasecmp(buf, nodename)) ++retval; } break; @@ -156,16 +156,16 @@ void cmd_delf(char *filename) */ void cmd_movf(char *cmdbuf) { - char filename[SIZ]; - char pathname[SIZ]; - char newpath[SIZ]; - char newroom[SIZ]; - char buf[SIZ]; + char filename[PATH_MAX]; + char pathname[PATH_MAX]; + char newpath[PATH_MAX]; + char newroom[ROOMNAMELEN]; + char buf[PATH_MAX]; int a; struct ctdlroom qrbuf; - extract(filename, cmdbuf, 0); - extract(newroom, cmdbuf, 1); + extract_token(filename, cmdbuf, 0, '|', sizeof filename); + extract_token(newroom, cmdbuf, 1, '|', sizeof newroom); if (CtdlAccessCheck(ac_room_aide)) return; @@ -226,15 +226,15 @@ void cmd_movf(char *cmdbuf) */ void cmd_netf(char *cmdbuf) { - char pathname[SIZ], filename[SIZ], destsys[SIZ], buf[SIZ]; - char outfile[SIZ]; + char pathname[256], filename[256], destsys[256], buf[256]; + char outfile[256]; int a, e; time_t now; FILE *ofp; static int seq = 1; - extract(filename, cmdbuf, 0); - extract(destsys, cmdbuf, 1); + extract_token(filename, cmdbuf, 0, '|', sizeof filename); + extract_token(destsys, cmdbuf, 1, '|', sizeof destsys); if (CtdlAccessCheck(ac_room_aide)) return; @@ -341,11 +341,11 @@ void OpenCmdResult(char *filename, char *mime_type) */ void cmd_open(char *cmdbuf) { - char filename[SIZ]; - char pathname[SIZ]; + char filename[256]; + char pathname[PATH_MAX]; int a; - extract(filename, cmdbuf, 0); + extract_token(filename, cmdbuf, 0, '|', sizeof filename); if (CtdlAccessCheck(ac_logged_in)) return; @@ -391,14 +391,14 @@ void cmd_open(char *cmdbuf) */ void cmd_oimg(char *cmdbuf) { - char filename[SIZ]; - char pathname[SIZ]; + char filename[256]; + char pathname[PATH_MAX]; struct ctdluser usbuf; char which_user[USERNAME_SIZE]; int which_floor; int a; - extract(filename, cmdbuf, 0); + extract_token(filename, cmdbuf, 0, '|', sizeof filename); if (strlen(filename) == 0) { cprintf("%d You must specify a file name.\n", @@ -413,7 +413,7 @@ void cmd_oimg(char *cmdbuf) } if (!strcasecmp(filename, "_userpic_")) { - extract(which_user, cmdbuf, 1); + extract_token(which_user, cmdbuf, 1, '|', sizeof which_user); if (getuser(&usbuf, which_user) != 0) { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); @@ -455,8 +455,8 @@ void cmd_uopn(char *cmdbuf) { int a; - extract(CC->upl_file, cmdbuf, 0); - extract(CC->upl_comment, cmdbuf, 1); + extract_token(CC->upl_file, cmdbuf, 0, '|', sizeof CC->upl_file); + extract_token(CC->upl_comment, cmdbuf, 1, '|', sizeof CC->upl_comment); if (CtdlAccessCheck(ac_logged_in)) return; @@ -514,7 +514,7 @@ void cmd_uopn(char *cmdbuf) void cmd_uimg(char *cmdbuf) { int is_this_for_real; - char basenm[SIZ]; + char basenm[256]; int which_floor; int a; @@ -524,7 +524,7 @@ void cmd_uimg(char *cmdbuf) } is_this_for_real = extract_int(cmdbuf, 0); - extract(basenm, cmdbuf, 1); + extract_token(basenm, cmdbuf, 1, '|', sizeof basenm); if (CC->upload_fp != NULL) { cprintf("%d You already have an upload file open.\n", ERROR + RESOURCE_BUSY); @@ -588,7 +588,7 @@ void cmd_uimg(char *cmdbuf) */ void cmd_clos(void) { - char buf[SIZ]; + char buf[256]; if (CC->download_fp == NULL) { cprintf("%d You don't have a download file open.\n", @@ -683,7 +683,7 @@ void cmd_read(char *cmdbuf) long start_pos; size_t bytes; size_t actual_bytes; - char buf[4096]; + char *buf = NULL; start_pos = extract_long(cmdbuf, 0); bytes = extract_int(cmdbuf, 1); @@ -694,12 +694,14 @@ void cmd_read(char *cmdbuf) return; } - if (bytes > 4096) bytes = 4096; + if (bytes > 100000) bytes = 100000; + buf = malloc(bytes + 1); fseek(CC->download_fp, start_pos, 0); actual_bytes = fread(buf, 1, bytes, CC->download_fp); cprintf("%d %d\n", BINARY_FOLLOWS, (int)actual_bytes); client_write(buf, actual_bytes); + free(buf); } @@ -710,7 +712,7 @@ void cmd_read(char *cmdbuf) void cmd_writ(char *cmdbuf) { int bytes; - char buf[4096]; + char *buf; unbuffer_output(); @@ -721,15 +723,17 @@ void cmd_writ(char *cmdbuf) return; } - if (bytes > 4096) { - cprintf("%d You may not write more than 4096 bytes.\n", + if (bytes > 100000) { + cprintf("%d You may not write more than 100000 bytes.\n", ERROR + TOO_BIG); return; } cprintf("%d %d\n", SEND_BINARY, bytes); + buf = malloc(bytes + 1); client_read(buf, bytes); fwrite(buf, bytes, 1, CC->upload_fp); + free(buf); } @@ -740,7 +744,7 @@ void cmd_writ(char *cmdbuf) */ void cmd_ndop(char *cmdbuf) { - char pathname[SIZ]; + char pathname[256]; struct stat statbuf; if (strlen(CC->net_node) == 0) { diff --git a/citadel/imap_fetch.c b/citadel/imap_fetch.c index cee9785c5..3d59567f3 100644 --- a/citadel/imap_fetch.c +++ b/citadel/imap_fetch.c @@ -322,12 +322,12 @@ void imap_output_envelope_from(struct CtdlMessage *msg) { * fields. But we can use it for "To" and possibly others. */ void imap_output_envelope_addr(char *addr) { - char individual_addr[SIZ]; + char individual_addr[256]; int num_addrs; int i; - char user[SIZ]; - char node[SIZ]; - char name[SIZ]; + char user[256]; + char node[256]; + char name[256]; if (addr == NULL) { cprintf("NIL "); @@ -346,7 +346,7 @@ void imap_output_envelope_addr(char *addr) { /* Output them one by one. */ for (i=0; i0) have_cbtype = 1; if (have_cbtype) { - extract_token(cbmaintype, cbtype, 0, '/'); - extract_token(cbsubtype, cbtype, 1, '/'); + extract_token(cbmaintype, cbtype, 0, '/', sizeof cbmaintype); + extract_token(cbsubtype, cbtype, 1, '/', sizeof cbsubtype); } else { strcpy(cbmaintype, "TEXT"); @@ -1122,15 +1122,15 @@ void imap_pick_range(char *supplied_range, int is_uid) { */ num_sets = num_tokens(actual_range, ','); for (s=0; s= 2) { - extract_token(histr, setstr, 1, ':'); + extract_token(histr, setstr, 1, ':', sizeof histr); if (!strcmp(histr, "*")) snprintf(histr, sizeof histr, "%ld", LONG_MAX); } else { - strcpy(histr, lostr); + safestrncpy(histr, lostr, sizeof histr); } lo = atol(lostr); hi = atol(histr); diff --git a/citadel/imap_misc.c b/citadel/imap_misc.c index c26ee32c2..0ddd8d401 100644 --- a/citadel/imap_misc.c +++ b/citadel/imap_misc.c @@ -224,7 +224,7 @@ void imap_do_append_flags(long new_msgnum, char *new_message_flags) { safestrncpy(flags, new_message_flags, sizeof flags); for (i=0; icm_fields[i] = @@ -1001,7 +1001,7 @@ void choose_preferred(char *name, char *filename, char *partnum, char *disp, void *content, char *cbtype, size_t length, char *encoding, void *cbuserdata) { - char buf[SIZ]; + char buf[1024]; int i; struct ma_info *ma; @@ -1009,7 +1009,7 @@ void choose_preferred(char *name, char *filename, char *partnum, char *disp, if (ma->is_ma > 0) { for (i=0; ipreferred_formats, '|'); ++i) { - extract(buf, CC->preferred_formats, i); + extract_token(buf, CC->preferred_formats, i, '|', sizeof buf); if (!strcasecmp(buf, cbtype)) { strcpy(ma->chosen_part, partnum); } @@ -1039,7 +1039,7 @@ void output_preferred(char *name, char *filename, char *partnum, char *disp, * list, we can simply output it verbatim. */ for (i=0; ipreferred_formats, '|'); ++i) { - extract(buf, CC->preferred_formats, i); + extract_token(buf, CC->preferred_formats, i, '|', sizeof buf); if (!strcasecmp(buf, cbtype)) { /* Yeah! Go! W00t!! */ @@ -1609,12 +1609,11 @@ void cmd_msgp(char *cmdbuf) void cmd_opna(char *cmdbuf) { long msgid; - char desired_section[SIZ]; + char desired_section[128]; msgid = extract_long(cmdbuf, 0); - extract(desired_section, cmdbuf, 1); + extract_token(desired_section, cmdbuf, 1, '|', sizeof desired_section); safestrncpy(CC->download_desired_section, desired_section, sizeof CC->download_desired_section); - CtdlOutputMsg(msgid, MT_DOWNLOAD, 0, 1, 1); } @@ -2078,7 +2077,7 @@ long CtdlSubmitMsg(struct CtdlMessage *msg, /* message to save */ if (recps != NULL) if (recps->num_room > 0) for (i=0; irecp_room, '|'); ++i) { - extract(recipient, recps->recp_room, i); + extract_token(recipient, recps->recp_room, i, '|', sizeof recipient); lprintf(CTDL_DEBUG, "Delivering to local room <%s>\n", recipient); CtdlSaveMsgPointerInRoom(recipient, newmsgid, 0); } @@ -2095,7 +2094,7 @@ long CtdlSubmitMsg(struct CtdlMessage *msg, /* message to save */ if (recps != NULL) if (recps->num_local > 0) for (i=0; irecp_local, '|'); ++i) { - extract(recipient, recps->recp_local, i); + extract_token(recipient, recps->recp_local, i, '|', sizeof recipient); lprintf(CTDL_DEBUG, "Delivering private local mail to <%s>\n", recipient); if (getuser(&userbuf, recipient) == 0) { @@ -2124,14 +2123,14 @@ long CtdlSubmitMsg(struct CtdlMessage *msg, /* message to save */ if (recps != NULL) if (recps->num_ignet > 0) for (i=0; irecp_ignet, '|'); ++i) { - extract(recipient, recps->recp_ignet, i); + extract_token(recipient, recps->recp_ignet, i, '|', sizeof recipient); hold_R = msg->cm_fields['R']; hold_D = msg->cm_fields['D']; msg->cm_fields['R'] = malloc(SIZ); - msg->cm_fields['D'] = malloc(SIZ); - extract_token(msg->cm_fields['R'], recipient, 0, '@'); - extract_token(msg->cm_fields['D'], recipient, 1, '@'); + msg->cm_fields['D'] = malloc(128); + extract_token(msg->cm_fields['R'], recipient, 0, '@', SIZ); + extract_token(msg->cm_fields['D'], recipient, 1, '@', 128); serialize_message(&smr, msg); if (smr.len > 0) { @@ -2175,7 +2174,7 @@ long CtdlSubmitMsg(struct CtdlMessage *msg, /* message to save */ for (i=0; irecp_internet, '|'); ++i) { size_t tmp = strlen(instr); - extract(recipient, recps->recp_internet, i); + extract_token(recipient, recps->recp_internet, i, '|', sizeof recipient); snprintf(&instr[tmp], SIZ * 2 - tmp, "remote|%s|0||\n", recipient); } @@ -2504,7 +2503,7 @@ struct recptypes *validate_recipients(char *recipients) { } if (num_recps > 0) for (i=0; i\n", i, this_recp); mailtype = alias(this_recp); @@ -2658,10 +2657,10 @@ void cmd_ent0(char *entargs) unbuffer_output(); post = extract_int(entargs, 0); - extract(recp, entargs, 1); + extract_token(recp, entargs, 1, '|', sizeof recp); anon_flag = extract_int(entargs, 2); format_type = extract_int(entargs, 3); - extract(subject, entargs, 4); + extract_token(subject, entargs, 4, '|', sizeof subject); do_confirm = extract_int(entargs, 6); /* first check to make sure the request is valid. */ @@ -2680,7 +2679,7 @@ void cmd_ent0(char *entargs) ERROR + HIGHER_ACCESS_REQUIRED); return; } - extract(newusername, entargs, 5); + extract_token(newusername, entargs, 5, '|', sizeof newusername); memset(CC->fake_postname, 0, sizeof(CC->fake_postname) ); safestrncpy(CC->fake_postname, newusername, sizeof(CC->fake_postname) ); @@ -2968,7 +2967,7 @@ int CtdlCopyMsgToRoom(long msgnum, char *dest) { void cmd_move(char *args) { long num; - char targ[SIZ]; + char targ[ROOMNAMELEN]; struct ctdlroom qtemp; int err; int is_copy = 0; @@ -2976,7 +2975,7 @@ void cmd_move(char *args) int permit = 0; num = extract_long(args, 0); - extract(targ, args, 1); + extract_token(targ, args, 1, '|', sizeof targ); targ[ROOMNAMELEN - 1] = 0; is_copy = extract_int(args, 2); @@ -3290,7 +3289,7 @@ char *CtdlGetSysConfig(char *sysconfname) { getroom(&CC->room, hold_rm); if (conf != NULL) do { - extract_token(buf, conf, 0, '\n'); + extract_token(buf, conf, 0, '\n', sizeof buf); strcpy(conf, &conf[strlen(buf)+1]); } while ( (strlen(conf)>0) && (strlen(buf)>0) ); @@ -3317,7 +3316,8 @@ void CtdlPutSysConfig(char *sysconfname, char *sysconfdata) { /* * Determine whether a given Internet address belongs to the current user */ -int CtdlIsMe(char *addr) { +int CtdlIsMe(char *addr, int addr_buf_len) +{ struct recptypes *recp; int i; @@ -3330,7 +3330,7 @@ int CtdlIsMe(char *addr) { } for (i=0; inum_local; ++i) { - extract(addr, recp->recp_local, i); + extract_token(addr, recp->recp_local, i, '|', addr_buf_len); if (!strcasecmp(addr, CC->user.fullname)) { free(recp); return(1); @@ -3346,12 +3346,12 @@ int CtdlIsMe(char *addr) { * Citadel protocol command to do the same */ void cmd_isme(char *argbuf) { - char addr[SIZ]; + char addr[256]; if (CtdlAccessCheck(ac_logged_in)) return; - extract(addr, argbuf, 0); + extract_token(addr, argbuf, 0, '|', sizeof addr); - if (CtdlIsMe(addr)) { + if (CtdlIsMe(addr, sizeof addr)) { cprintf("%d %s\n", CIT_OK, addr); } else { diff --git a/citadel/msgbase.h b/citadel/msgbase.h index 876b6e46d..009f975c5 100644 --- a/citadel/msgbase.h +++ b/citadel/msgbase.h @@ -147,4 +147,4 @@ struct CtdlMessage *CtdlMakeMessage( char *preformatted_text /* ...or NULL to read text from client */ ); int CtdlCheckInternetMailPermission(struct ctdluser *who); -int CtdlIsMe(char *addr); +int CtdlIsMe(char *addr, int addr_buf_len); diff --git a/citadel/policy.c b/citadel/policy.c index c5f10b83d..b2c489e51 100644 --- a/citadel/policy.c +++ b/citadel/policy.c @@ -86,9 +86,9 @@ void GetExpirePolicy(struct ExpirePolicy *epbuf, struct ctdlroom *qrbuf) { void cmd_gpex(char *argbuf) { struct ExpirePolicy exp; struct floor *fl; - char which[SIZ]; + char which[128]; - extract(which, argbuf, 0); + extract_token(which, argbuf, 0, '|', sizeof which); if (!strcasecmp(which, "room")) { memcpy(&exp, &CC->room.QRep, sizeof(struct ExpirePolicy)); } @@ -117,10 +117,10 @@ void cmd_gpex(char *argbuf) { void cmd_spex(char *argbuf) { struct ExpirePolicy exp; struct floor flbuf; - char which[SIZ]; + char which[128]; memset(&exp, 0, sizeof(struct ExpirePolicy)); - extract(which, argbuf, 0); + extract_token(which, argbuf, 0, '|', sizeof which); exp.expire_mode = extract_int(argbuf, 1); exp.expire_value = extract_int(argbuf, 2); diff --git a/citadel/room_ops.c b/citadel/room_ops.c index a03b349b5..b49d7ed17 100644 --- a/citadel/room_ops.c +++ b/citadel/room_ops.c @@ -893,27 +893,27 @@ void cmd_goto(char *gargs) int c; int ok = 0; int ra; - char augmented_roomname[SIZ]; - char towhere[SIZ]; - char password[SIZ]; + char augmented_roomname[ROOMNAMELEN]; + char towhere[ROOMNAMELEN]; + char password[32]; int transiently = 0; if (CtdlAccessCheck(ac_logged_in)) return; - extract(towhere, gargs, 0); - extract(password, gargs, 1); + extract_token(towhere, gargs, 0, '|', sizeof towhere); + extract_token(password, gargs, 1, '|', sizeof password); transiently = extract_int(gargs, 2); getuser(&CC->user, CC->curr_user); if (!strcasecmp(towhere, "_BASEROOM_")) - strcpy(towhere, config.c_baseroom); + safestrncpy(towhere, config.c_baseroom, sizeof towhere); if (!strcasecmp(towhere, "_MAIL_")) - strcpy(towhere, MAILROOM); + safestrncpy(towhere, MAILROOM, sizeof towhere); if (!strcasecmp(towhere, "_BITBUCKET_")) - strcpy(towhere, config.c_twitroom); + safestrncpy(towhere, config.c_twitroom, sizeof towhere); /* First try a regular match */ @@ -925,7 +925,7 @@ void cmd_goto(char *gargs) &CC->user, towhere); c = getroom(&QRscratch, augmented_roomname); if (c == 0) - strcpy(towhere, augmented_roomname); + safestrncpy(towhere, augmented_roomname, sizeof towhere); } /* And if the room was found... */ @@ -1245,7 +1245,7 @@ int CtdlRenameRoom(char *old_name, char *new_name, int new_floor) { */ void cmd_setr(char *args) { - char buf[SIZ]; + char buf[256]; int new_order = 0; int r; int new_floor; @@ -1267,7 +1267,7 @@ void cmd_setr(char *args) } else { strcpy(new_name, ""); } - extract(&new_name[strlen(new_name)], args, 0); + extract_token(&new_name[strlen(new_name)], args, 0, '|', (sizeof new_name - strlen(new_name))); r = CtdlRenameRoom(CC->room.QRname, new_name, new_floor); @@ -1309,7 +1309,7 @@ void cmd_setr(char *args) lgetroom(&CC->room, CC->room.QRname); /* Directory room */ - extract(buf, args, 2); + extract_token(buf, args, 2, '|', sizeof buf); buf[15] = 0; safestrncpy(CC->room.QRdirname, buf, sizeof CC->room.QRdirname); @@ -1347,7 +1347,7 @@ void cmd_setr(char *args) if (num_parms(args) >= 7) CC->room.QRorder = (char) new_order; /* Room password */ - extract(buf, args, 1); + extract_token(buf, args, 1, '|', sizeof buf); buf[10] = 0; safestrncpy(CC->room.QRpasswd, buf, sizeof CC->room.QRpasswd); @@ -1371,8 +1371,7 @@ void cmd_setr(char *args) /* Create a room directory if necessary */ if (CC->room.QRflags & QR_DIRECTORY) { - snprintf(buf, sizeof buf, "./files/%s", - CC->room.QRdirname); + snprintf(buf, sizeof buf, "./files/%s", CC->room.QRdirname); mkdir(buf, 0755); } snprintf(buf, sizeof buf, "%s> edited by %s\n", CC->room.QRname, CC->curr_user); @@ -1700,21 +1699,21 @@ unsigned create_room(char *new_room_name, void cmd_cre8(char *args) { int cre8_ok; - char new_room_name[SIZ]; + char new_room_name[ROOMNAMELEN]; int new_room_type; - char new_room_pass[SIZ]; + char new_room_pass[32]; int new_room_floor; int new_room_view; - char aaa[SIZ]; + char *notification_message = NULL; unsigned newflags; struct floor *fl; int avoid_access = 0; cre8_ok = extract_int(args, 0); - extract(new_room_name, args, 1); + extract_token(new_room_name, args, 1, '|', sizeof new_room_name); new_room_name[ROOMNAMELEN - 1] = 0; new_room_type = extract_int(args, 2); - extract(new_room_pass, args, 3); + extract_token(new_room_pass, args, 3, '|', sizeof new_room_pass); avoid_access = extract_int(args, 5); new_room_view = extract_int(args, 6); new_room_pass[9] = 0; @@ -1795,21 +1794,19 @@ void cmd_cre8(char *args) new_room_view); /* post a message in Aide> describing the new room */ - safestrncpy(aaa, new_room_name, sizeof aaa); - strcat(aaa, "> created by "); - strcat(aaa, CC->user.fullname); - if (newflags & QR_MAILBOX) - strcat(aaa, " [personal]"); - else if (newflags & QR_PRIVATE) - strcat(aaa, " [private]"); - if (newflags & QR_GUESSNAME) - strcat(aaa, "[guessname] "); - if (newflags & QR_PASSWORDED) { - strcat(aaa, "\n Password: "); - strcat(aaa, new_room_pass); - } - strcat(aaa, "\n"); - aide_message(aaa); + notification_message = malloc(1024); + snprintf(notification_message, 1024, + "%s> created by %s%s%s%s%s%s\n", + new_room_name, + CC->user.fullname, + ((newflags & QR_MAILBOX) ? " [personal]" : ""), + ((newflags & QR_PRIVATE) ? " [private]" : ""), + ((newflags & QR_GUESSNAME) ? " [hidden]" : ""), + ((newflags & QR_PASSWORDED) ? " Password: " : ""), + ((newflags & QR_PASSWORDED) ? new_room_pass : "") + ); + aide_message(notification_message); + free(notification_message); cprintf("%d '%s' has been created.\n", CIT_OK, new_room_name); } @@ -1886,13 +1883,13 @@ void cmd_lflr(void) */ void cmd_cflr(char *argbuf) { - char new_floor_name[SIZ]; + char new_floor_name[256]; struct floor flbuf; int cflr_ok; int free_slot = (-1); int a; - extract(new_floor_name, argbuf, 0); + extract_token(new_floor_name, argbuf, 0, '|', sizeof new_floor_name); cflr_ok = extract_int(argbuf, 1); if (CtdlAccessCheck(ac_aide)) return; @@ -2010,7 +2007,7 @@ void cmd_eflr(char *argbuf) return; } if (np >= 2) - extract(flbuf.f_name, argbuf, 1); + extract_token(flbuf.f_name, argbuf, 1, '|', sizeof flbuf.f_name); lputfloor(&flbuf, floor_num); cprintf("%d Ok\n", CIT_OK); diff --git a/citadel/rooms.c b/citadel/rooms.c index 562e04e06..bb088a1af 100644 --- a/citadel/rooms.c +++ b/citadel/rooms.c @@ -79,9 +79,9 @@ void load_floorlist(CtdlIPC *ipc) return; } while (*listing && strlen(listing)) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); - extract(floorlist[extract_int(buf, 0)], buf, 1); + extract_token(floorlist[extract_int(buf, 0)], buf, 1, '|', SIZ); } free(listing); } @@ -841,10 +841,10 @@ void download(CtdlIPC *ipc, int proto) */ void roomdir(CtdlIPC *ipc) { - char flnm[SIZ]; + char flnm[256]; char flsz[32]; - char comment[SIZ]; - char buf[SIZ]; + char comment[256]; + char buf[256]; char *listing = NULL; /* Returned directory listing */ int r; @@ -854,17 +854,17 @@ void roomdir(CtdlIPC *ipc) return; } - extract(comment, buf, 0); - extract(flnm, buf, 1); + extract_token(comment, buf, 0, '|', sizeof comment); + extract_token(flnm, buf, 1, '|', sizeof flnm); pprintf("\nDirectory of %s on %s\n", flnm, comment); pprintf("-----------------------\n"); while (*listing && strlen(listing)) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); - extract(flnm, buf, 0); - extract(flsz, buf, 1); - extract(comment, buf, 2); + extract_token(flnm, buf, 0, '|', sizeof flnm); + extract_token(flsz, buf, 1, '|', sizeof flsz); + extract_token(comment, buf, 2, '|', sizeof comment); if (strlen(flnm) <= 14) pprintf("%-14s %8s %s\n", flnm, flsz, comment); else @@ -1076,7 +1076,7 @@ void readinfo(CtdlIPC *ipc) */ void whoknows(CtdlIPC *ipc) { - char buf[SIZ]; + char buf[256]; char *listing = NULL; int r; @@ -1086,7 +1086,7 @@ void whoknows(CtdlIPC *ipc) return; } while (strlen(listing) > 0) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); if (sigcaught == 0) pprintf("%s\n", buf); diff --git a/citadel/routines2.c b/citadel/routines2.c index 3202f7996..9e0c5aa68 100644 --- a/citadel/routines2.c +++ b/citadel/routines2.c @@ -90,16 +90,16 @@ void entregis(CtdlIPC *ipc) { /* register with name and address */ char buf[SIZ]; - char tmpname[SIZ]; - char tmpaddr[SIZ]; - char tmpcity[SIZ]; - char tmpstate[SIZ]; - char tmpzip[SIZ]; - char tmpphone[SIZ]; + char tmpname[30]; + char tmpaddr[25]; + char tmpcity[15]; + char tmpstate[3]; + char tmpzip[11]; + char tmpphone[15]; char tmpemail[SIZ]; - char tmpcountry[SIZ]; - char diruser[SIZ]; - char dirnode[SIZ]; + char tmpcountry[32]; + char diruser[256]; + char dirnode[256]; char holdemail[SIZ]; char *reg = NULL; int ok = 0; @@ -120,25 +120,25 @@ void entregis(CtdlIPC *ipc) while (reg && strlen(reg) > 0) { - extract_token(buf, reg, 0, '\n'); + extract_token(buf, reg, 0, '\n', sizeof buf); remove_token(reg, 0, '\n'); if (a == 2) - strcpy(tmpname, buf); + safestrncpy(tmpname, buf, sizeof tmpname); else if (a == 3) - strcpy(tmpaddr, buf); + safestrncpy(tmpaddr, buf, sizeof tmpaddr); else if (a == 4) - strcpy(tmpcity, buf); + safestrncpy(tmpcity, buf, sizeof tmpcity); else if (a == 5) - strcpy(tmpstate, buf); + safestrncpy(tmpstate, buf, sizeof tmpstate); else if (a == 6) - strcpy(tmpzip, buf); + safestrncpy(tmpzip, buf, sizeof tmpzip); else if (a == 7) - strcpy(tmpphone, buf); + safestrncpy(tmpphone, buf, sizeof tmpphone); else if (a == 9) - strcpy(tmpemail, buf); + safestrncpy(tmpemail, buf, sizeof tmpemail); else if (a == 10) - strcpy(tmpcountry, buf); + safestrncpy(tmpcountry, buf, sizeof tmpcountry); ++a; } } @@ -152,12 +152,12 @@ void entregis(CtdlIPC *ipc) do { ok = 1; - strcpy(holdemail, tmpemail); + safestrncpy(holdemail, tmpemail, sizeof holdemail); strprompt("Email address", tmpemail, 31); r = CtdlIPCDirectoryLookup(ipc, tmpemail, buf); if (r / 100 == 2) { - extract_token(diruser, buf, 0, '@'); - extract_token(dirnode, buf, 1, '@'); + extract_token(diruser, buf, 0, '@', sizeof diruser); + extract_token(dirnode, buf, 1, '@', sizeof dirnode); striplt(diruser); striplt(dirnode); if ((strcasecmp(diruser, fullname)) @@ -169,13 +169,13 @@ void entregis(CtdlIPC *ipc) "It is already in use by %s @ %s.\n", diruser, dirnode); ok = 0; - strcpy(tmpemail, holdemail); + safestrncpy(tmpemail, holdemail, sizeof tmpemail); } } } while (ok == 0); /* now send the registration info back to the server */ - reg = (char *)realloc(reg, 4096); /* Overkill? */ + reg = (char *)realloc(reg, SIZ); if (reg) { sprintf(reg, "%s\n%s\n%s\n%s\n%s\n%s\n%s\n%s\n", tmpname, tmpaddr, tmpcity, tmpstate, @@ -259,7 +259,7 @@ void cli_upload(CtdlIPC *ipc) if (haschar(tbuf, '/')) extract_token(tbuf, flnm, num_tokens(tbuf, '/') - 1, - '/' + '/', sizeof tbuf ); /* filename.1, filename.2, etc */ if (a > 0) { @@ -425,7 +425,7 @@ int val_user(CtdlIPC *ipc, char *user, int do_validate) if (r / 100 == 1) { a = 0; do { - extract_token(buf, resp, 0, '\n'); + extract_token(buf, resp, 0, '\n', sizeof buf); remove_token(resp, 0, '\n'); ++a; if (a == 1) @@ -501,7 +501,7 @@ void validate(CtdlIPC *ipc) if (r / 100 == 2) scr_printf("%s\n", cmd); if (r / 100 == 3) { - extract(buf, cmd, 0); + extract_token(buf, cmd, 0, '|', sizeof buf); if (val_user(ipc, buf, 1) != 0) finished = 1; } } while (finished == 0); @@ -593,7 +593,7 @@ void list_bio(CtdlIPC *ipc) return; } while (strlen(resp)) { - extract_token(buf, resp, 0, '\n'); + extract_token(buf, resp, 0, '\n', sizeof buf); remove_token(resp, 0, '\n'); if ((pos + strlen(buf) + 5) > screenwidth) { pprintf("\n"); @@ -630,7 +630,7 @@ void read_bio(CtdlIPC *ipc) return; } while (strlen(resp)) { - extract_token(buf, resp, 0, '\n'); + extract_token(buf, resp, 0, '\n', sizeof buf); remove_token(resp, 0, '\n'); pprintf("%s\n", buf); } @@ -663,7 +663,7 @@ void do_system_configuration(CtdlIPC *ipc) if (r / 100 == 1) { a = 0; while (strlen(resp)) { - extract_token(buf, resp, 0, '\n'); + extract_token(buf, resp, 0, '\n', sizeof buf); remove_token(resp, 0, '\n'); if (a < NUM_CONFIGS) { strcpy(&sc[a][0], buf); @@ -916,7 +916,7 @@ void do_internet_configuration(CtdlIPC *ipc) r = CtdlIPCGetSystemConfigByType(ipc, INTERNETCFG, &resp, buf); if (r / 100 == 1) { while (strlen(resp)) { - extract_token(buf, resp, 0, '\n'); + extract_token(buf, resp, 0, '\n', sizeof buf); remove_token(resp, 0, '\n'); ++num_recs; if (num_recs == 1) recs = malloc(sizeof(char *)); @@ -936,10 +936,10 @@ void do_internet_configuration(CtdlIPC *ipc) for (i=0; i */ char *x_big_msgbuf = NULL; @@ -681,9 +681,8 @@ void cmd_sexp(char *argbuf) else lun = CC->user.fullname; - extract(x_user, argbuf, 0); - - extract(x_msg, argbuf, 1); + extract_token(x_user, argbuf, 0, '|', sizeof x_user); + extract_token(x_msg, argbuf, 1, '|', sizeof x_msg); if (!x_user[0]) { cprintf("%d You were not previously paged.\n", ERROR + NO_SUCH_USER); diff --git a/citadel/serv_inetcfg.c b/citadel/serv_inetcfg.c index 93ff9990f..89b5e5d66 100644 --- a/citadel/serv_inetcfg.c +++ b/citadel/serv_inetcfg.c @@ -61,7 +61,7 @@ void inetcfg_setTo(struct CtdlMessage *msg) { if (conf != NULL) { do { - extract_token(buf, conf, 0, '\n'); + extract_token(buf, conf, 0, '\n', sizeof buf); strcpy(conf, &conf[strlen(buf)+1]); } while ( (strlen(conf)>0) && (strlen(buf)>0) ); @@ -93,7 +93,7 @@ void spamstrings_setTo(struct CtdlMessage *msg) { n = num_tokens(conf, '\n'); for (i=0; istring = strdup(buf); sptr->next = spamstrings; diff --git a/citadel/serv_ldap.c b/citadel/serv_ldap.c index ca81ae5d9..1dff8761f 100644 --- a/citadel/serv_ldap.c +++ b/citadel/serv_ldap.c @@ -220,14 +220,14 @@ void ctdl_vcard_to_ldap(struct CtdlMessage *msg, int op) { int have_addr = 0; int have_cn = 0; - char givenname[SIZ]; - char sn[SIZ]; - char uid[SIZ]; - char street[SIZ]; - char city[SIZ]; - char state[SIZ]; - char zipcode[SIZ]; - char calFBURL[SIZ]; + char givenname[128]; + char sn[128]; + char uid[256]; + char street[256]; + char city[128]; + char state[3]; + char zipcode[10]; + char calFBURL[256]; if (dirserver == NULL) return; if (msg == NULL) return; @@ -290,8 +290,8 @@ void ctdl_vcard_to_ldap(struct CtdlMessage *msg, int op) { if (v->numprops) for (i=0; i<(v->numprops); ++i) if (striplt(v->prop[i].value), strlen(v->prop[i].value) > 0) { if (!strcasecmp(v->prop[i].name, "n")) { - extract_token(sn, v->prop[i].value, 0, ';'); - extract_token(givenname, v->prop[i].value, 1, ';'); + extract_token(sn, v->prop[i].value, 0, ';', sizeof sn); + extract_token(givenname, v->prop[i].value, 1, ';', sizeof givenname); } if (!strcasecmp(v->prop[i].name, "fn")) { @@ -335,17 +335,17 @@ void ctdl_vcard_to_ldap(struct CtdlMessage *msg, int op) { have_addr = 1; strcpy(street, ""); extract_token(&street[strlen(street)], - v->prop[i].value, 0, ';'); /* po box */ + v->prop[i].value, 0, ';', (sizeof street - strlen(street))); /* po box */ strcat(street, " "); extract_token(&street[strlen(street)], - v->prop[i].value, 1, ';'); /* extend addr */ + v->prop[i].value, 1, ';', (sizeof street - strlen(street))); /* extend addr */ strcat(street, " "); extract_token(&street[strlen(street)], - v->prop[i].value, 2, ';'); /* street */ + v->prop[i].value, 2, ';', (sizeof street - strlen(street))); /* street */ striplt(street); - extract_token(city, v->prop[i].value, 3, ';'); - extract_token(state, v->prop[i].value, 4, ';'); - extract_token(zipcode, v->prop[i].value, 5, ';'); + extract_token(city, v->prop[i].value, 3, ';', sizeof city); + extract_token(state, v->prop[i].value, 4, ';', sizeof state); + extract_token(zipcode, v->prop[i].value, 5, ';', sizeof zipcode); attrs = realloc(attrs, (sizeof(LDAPMod *) * ++num_attrs) ); attrs[num_attrs-1] = malloc(sizeof(LDAPMod)); diff --git a/citadel/serv_listsub.c b/citadel/serv_listsub.c index e7481d139..1e668ca48 100644 --- a/citadel/serv_listsub.c +++ b/citadel/serv_listsub.c @@ -83,13 +83,13 @@ void listsub_generate_token(char *buf) { void do_subscribe(char *room, char *email, char *subtype, char *webpage) { struct ctdlroom qrbuf; FILE *ncfp; - char filename[SIZ]; - char token[SIZ]; - char confirmation_request[SIZ]; - char buf[SIZ]; - char urlroom[SIZ]; - char scancmd[SIZ]; - char scanemail[SIZ]; + char filename[256]; + char token[256]; + char confirmation_request[512]; + char buf[512]; + char urlroom[ROOMNAMELEN]; + char scancmd[64]; + char scanemail[256]; int found_sub = 0; if (getroom(&qrbuf, room) != 0) { @@ -116,8 +116,8 @@ void do_subscribe(char *room, char *email, char *subtype, char *webpage) { if (ncfp != NULL) { while (fgets(buf, sizeof buf, ncfp) != NULL) { buf[strlen(buf)-1] = 0; - extract(scancmd, buf, 0); - extract(scanemail, buf, 1); + extract_token(scancmd, buf, 0, '|', sizeof scancmd); + extract_token(scanemail, buf, 1, '|', sizeof scanemail); if ((!strcasecmp(scancmd, "listrecp")) || (!strcasecmp(scancmd, "digestrecp"))) { if (!strcasecmp(scanemail, email)) { @@ -195,13 +195,13 @@ void do_subscribe(char *room, char *email, char *subtype, char *webpage) { void do_unsubscribe(char *room, char *email, char *webpage) { struct ctdlroom qrbuf; FILE *ncfp; - char filename[SIZ]; - char token[SIZ]; - char buf[SIZ]; - char confirmation_request[SIZ]; - char urlroom[SIZ]; - char scancmd[SIZ]; - char scanemail[SIZ]; + char filename[256]; + char token[256]; + char buf[512]; + char confirmation_request[512]; + char urlroom[ROOMNAMELEN]; + char scancmd[256]; + char scanemail[256]; int found_sub = 0; if (getroom(&qrbuf, room) != 0) { @@ -229,8 +229,8 @@ void do_unsubscribe(char *room, char *email, char *webpage) { if (ncfp != NULL) { while (fgets(buf, sizeof buf, ncfp) != NULL) { buf[strlen(buf)-1] = 0; - extract(scancmd, buf, 0); - extract(scanemail, buf, 1); + extract_token(scancmd, buf, 0, '|', sizeof scancmd); + extract_token(scanemail, buf, 1, '|', sizeof scanemail); if ((!strcasecmp(scancmd, "listrecp")) || (!strcasecmp(scancmd, "digestrecp"))) { if (!strcasecmp(scanemail, email)) { @@ -309,18 +309,18 @@ void do_unsubscribe(char *room, char *email, char *webpage) { void do_confirm(char *room, char *token) { struct ctdlroom qrbuf; FILE *ncfp; - char filename[SIZ]; - char line_token[SIZ]; + char filename[256]; + char line_token[256]; long line_offset; int line_length; - char buf[SIZ]; - char cmd[SIZ]; - char email[SIZ]; - char subtype[SIZ]; + char buf[512]; + char cmd[256]; + char email[256]; + char subtype[128]; int success = 0; - char address_to_unsubscribe[SIZ]; - char scancmd[SIZ]; - char scanemail[SIZ]; + char address_to_unsubscribe[256]; + char scancmd[256]; + char scanemail[256]; char *holdbuf = NULL; int linelen = 0; int buflen = 0; @@ -352,17 +352,17 @@ void do_confirm(char *room, char *token) { (fgets(buf, sizeof buf, ncfp) != NULL) ) { buf[strlen(buf)-1] = 0; line_length = strlen(buf); - extract(cmd, buf, 0); + extract_token(cmd, buf, 0, '|', sizeof cmd); if (!strcasecmp(cmd, "subpending")) { - extract(email, buf, 1); - extract(subtype, buf, 2); - extract(line_token, buf, 3); + extract_token(email, buf, 1, '|', sizeof email); + extract_token(subtype, buf, 2, '|', sizeof subtype); + extract_token(line_token, buf, 3, '|', sizeof line_token); if (!strcasecmp(token, line_token)) { if (!strcasecmp(subtype, "digest")) { - strcpy(buf, "digestrecp|"); + safestrncpy(buf, "digestrecp|", sizeof buf); } else { - strcpy(buf, "listrecp|"); + safestrncpy(buf, "listrecp|", sizeof buf); } strcat(buf, email); strcat(buf, "|"); @@ -379,9 +379,10 @@ void do_confirm(char *room, char *token) { } } if (!strcasecmp(cmd, "unsubpending")) { - extract(line_token, buf, 2); + extract_token(line_token, buf, 2, '|', sizeof line_token); if (!strcasecmp(token, line_token)) { - extract(address_to_unsubscribe, buf, 1); + extract_token(address_to_unsubscribe, buf, 1, '|', + sizeof address_to_unsubscribe); } } } @@ -402,8 +403,8 @@ void do_confirm(char *room, char *token) { while (line_offset = ftell(ncfp), (fgets(buf, sizeof buf, ncfp) != NULL) ) { buf[strlen(buf)-1]=0; - extract(scancmd, buf, 0); - extract(scanemail, buf, 1); + extract_token(scancmd, buf, 0, '|', sizeof scancmd); + extract_token(scanemail, buf, 1, '|', sizeof scanemail); if ( (!strcasecmp(scancmd, "listrecp")) && (!strcasecmp(scanemail, address_to_unsubscribe)) ) { @@ -464,37 +465,37 @@ void do_confirm(char *room, char *token) { */ void cmd_subs(char *cmdbuf) { - char opr[SIZ]; - char room[SIZ]; - char email[SIZ]; - char subtype[SIZ]; - char token[SIZ]; - char webpage[SIZ]; + char opr[256]; + char room[ROOMNAMELEN]; + char email[256]; + char subtype[256]; + char token[256]; + char webpage[256]; - extract(opr, cmdbuf, 0); + extract_token(opr, cmdbuf, 0, '|', sizeof opr); if (!strcasecmp(opr, "subscribe")) { - extract(subtype, cmdbuf, 3); + extract_token(subtype, cmdbuf, 3, '|', sizeof subtype); if ( (strcasecmp(subtype, "list")) && (strcasecmp(subtype, "digest")) ) { cprintf("%d Invalid subscription type '%s'\n", ERROR + ILLEGAL_VALUE, subtype); } else { - extract(room, cmdbuf, 1); - extract(email, cmdbuf, 2); - extract(webpage, cmdbuf, 4); + extract_token(room, cmdbuf, 1, '|', sizeof room); + extract_token(email, cmdbuf, 2, '|', sizeof email); + extract_token(webpage, cmdbuf, 4, '|', sizeof webpage); do_subscribe(room, email, subtype, webpage); } } else if (!strcasecmp(opr, "unsubscribe")) { - extract(room, cmdbuf, 1); - extract(email, cmdbuf, 2); - extract(webpage, cmdbuf, 3); + extract_token(room, cmdbuf, 1, '|', sizeof room); + extract_token(email, cmdbuf, 2, '|', sizeof email); + extract_token(webpage, cmdbuf, 3, '|', sizeof webpage); do_unsubscribe(room, email, webpage); } else if (!strcasecmp(opr, "confirm")) { - extract(room, cmdbuf, 1); - extract(token, cmdbuf, 2); + extract_token(room, cmdbuf, 1, '|', sizeof room); + extract_token(token, cmdbuf, 2, '|', sizeof token); do_confirm(room, token); } else { diff --git a/citadel/serv_mrtg.c b/citadel/serv_mrtg.c index 1783e5865..a28896cb1 100644 --- a/citadel/serv_mrtg.c +++ b/citadel/serv_mrtg.c @@ -110,9 +110,9 @@ void mrtg_messages(void) { * Fetch data for MRTG */ void cmd_mrtg(char *argbuf) { - char which[SIZ]; + char which[32]; - extract(which, argbuf, 0); + extract_token(which, argbuf, 0, '|', sizeof which); if (!strcasecmp(which, "users")) { mrtg_users(); diff --git a/citadel/serv_network.c b/citadel/serv_network.c index 794c8449f..8d90f311c 100644 --- a/citadel/serv_network.c +++ b/citadel/serv_network.c @@ -124,13 +124,13 @@ struct FilterList *load_filter_list(void) { /* Use the string tokenizer to grab one line at a time */ for (i=0; ifl_user, buf, 0); + extract_token(nptr->fl_user, buf, 0, '|', sizeof nptr->fl_user); striplt(nptr->fl_user); - extract(nptr->fl_room, buf, 1); + extract_token(nptr->fl_room, buf, 1, '|', sizeof nptr->fl_room); striplt(nptr->fl_room); - extract(nptr->fl_node, buf, 2); + extract_token(nptr->fl_node, buf, 2, '|', sizeof nptr->fl_node); striplt(nptr->fl_node); /* Cowardly refuse to add an any/any/any entry that would @@ -223,11 +223,11 @@ void read_network_map(void) { /* Use the string tokenizer to grab one line at a time */ for (i=0; inodename, buf, 0); + extract_token(nmptr->nodename, buf, 0, '|', sizeof nmptr->nodename); nmptr->lastcontact = extract_long(buf, 1); - extract(nmptr->nexthop, buf, 2); + extract_token(nmptr->nexthop, buf, 2, '|', sizeof nmptr->nexthop); nmptr->next = the_netmap; the_netmap = nmptr; } @@ -308,14 +308,14 @@ int is_valid_node(char *nexthop, char *secret, char *node) { /* Use the string tokenizer to grab one line at a time */ for (i=0; icm_fields['P'], '!'); if (bang > 1) for (i=0; i<(bang-1); ++i) { extract_token(buf, msg->cm_fields['P'], - i, '!'); + i, '!', sizeof buf); if (!strcasecmp(buf, mptr->remote_nodename)) { send = 0; } @@ -812,9 +812,9 @@ void network_spoolout_room(char *room_to_spool) { char filename[SIZ]; char buf[SIZ]; char instr[SIZ]; - char nodename[SIZ]; - char roomname[SIZ]; - char nexthop[SIZ]; + char nodename[256]; + char roomname[ROOMNAMELEN]; + char nexthop[256]; FILE *fp; struct SpoolControl sc; struct namelist *nptr = NULL; @@ -845,7 +845,7 @@ void network_spoolout_room(char *room_to_spool) { while (fgets(buf, sizeof buf, fp) != NULL) { buf[strlen(buf)-1] = 0; - extract(instr, buf, 0); + extract_token(instr, buf, 0, '|', sizeof instr); if (!strcasecmp(instr, "lastsent")) { sc.lastsent = extract_long(buf, 1); } @@ -853,21 +853,21 @@ void network_spoolout_room(char *room_to_spool) { nptr = (struct namelist *) malloc(sizeof(struct namelist)); nptr->next = sc.listrecps; - extract(nptr->name, buf, 1); + extract_token(nptr->name, buf, 1, '|', sizeof nptr->name); sc.listrecps = nptr; } else if (!strcasecmp(instr, "participate")) { nptr = (struct namelist *) malloc(sizeof(struct namelist)); nptr->next = sc.participates; - extract(nptr->name, buf, 1); + extract_token(nptr->name, buf, 1, '|', sizeof nptr->name); sc.participates = nptr; } else if (!strcasecmp(instr, "digestrecp")) { nptr = (struct namelist *) malloc(sizeof(struct namelist)); nptr->next = sc.digestrecps; - extract(nptr->name, buf, 1); + extract_token(nptr->name, buf, 1, '|', sizeof nptr->name); sc.digestrecps = nptr; } else if (!strcasecmp(instr, "ignet_push_share")) { @@ -875,8 +875,8 @@ void network_spoolout_room(char *room_to_spool) { * purge nodes which do not exist from room network * configurations at this time. */ - extract(nodename, buf, 1); - extract(roomname, buf, 2); + extract_token(nodename, buf, 1, '|', sizeof nodename); + extract_token(roomname, buf, 2, '|', sizeof roomname); strcpy(nexthop, "xxx"); if (is_valid_node(nexthop, NULL, nodename) == 0) { if (strlen(nexthop) == 0) { @@ -1018,11 +1018,11 @@ int network_sync_to(char *target_node) { struct SpoolControl sc; int num_spooled = 0; int found_node = 0; - char buf[SIZ]; - char sc_type[SIZ]; - char sc_node[SIZ]; - char sc_room[SIZ]; - char filename[SIZ]; + char buf[256]; + char sc_type[256]; + char sc_node[256]; + char sc_room[256]; + char filename[256]; FILE *fp; /* Grab the configuration line we're looking for */ @@ -1035,9 +1035,9 @@ int network_sync_to(char *target_node) { } while (fgets(buf, sizeof buf, fp) != NULL) { buf[strlen(buf)-1] = 0; - extract(sc_type, buf, 0); - extract(sc_node, buf, 1); - extract(sc_room, buf, 2); + extract_token(sc_type, buf, 0, '|', sizeof sc_type); + extract_token(sc_node, buf, 1, '|', sizeof sc_node); + extract_token(sc_room, buf, 2, '|', sizeof sc_room); if ( (!strcasecmp(sc_type, "ignet_push_share")) && (!strcasecmp(sc_node, target_node)) ) { found_node = 1; @@ -1078,11 +1078,11 @@ int network_sync_to(char *target_node) { */ void cmd_nsyn(char *argbuf) { int num_spooled; - char target_node[SIZ]; + char target_node[256]; if (CtdlAccessCheck(ac_aide)) return; - extract(target_node, argbuf, 0); + extract_token(target_node, argbuf, 0, '|', sizeof target_node); num_spooled = network_sync_to(target_node); if (num_spooled >= 0) { cprintf("%d Spooled %d messages.\n", CIT_OK, num_spooled); @@ -1114,7 +1114,7 @@ void network_queue_room(struct ctdlroom *qrbuf, void *data) { * Learn topology from path fields */ void network_learn_topology(char *node, char *path) { - char nexthop[SIZ]; + char nexthop[256]; struct NetMap *nmptr; strcpy(nexthop, ""); @@ -1122,7 +1122,7 @@ void network_learn_topology(char *node, char *path) { if (num_tokens(path, '!') < 3) return; for (nmptr = the_netmap; nmptr != NULL; nmptr = nmptr->next) { if (!strcasecmp(nmptr->nodename, node)) { - extract_token(nmptr->nexthop, path, 0, '!'); + extract_token(nmptr->nexthop, path, 0, '!', sizeof nmptr->nexthop); nmptr->lastcontact = time(NULL); return; } @@ -1132,7 +1132,7 @@ void network_learn_topology(char *node, char *path) { nmptr = (struct NetMap *) malloc(sizeof (struct NetMap)); strcpy(nmptr->nodename, node); nmptr->lastcontact = time(NULL); - extract_token(nmptr->nexthop, path, 0, '!'); + extract_token(nmptr->nexthop, path, 0, '!', sizeof nmptr->nexthop); nmptr->next = the_netmap; the_netmap = nmptr; } @@ -1729,13 +1729,13 @@ bail: sock_close(sock); */ void network_poll_other_citadel_nodes(int full_poll) { int i; - char linebuf[SIZ]; + char linebuf[256]; char node[SIZ]; - char host[SIZ]; - char port[SIZ]; - char secret[SIZ]; + char host[256]; + char port[256]; + char secret[256]; int poll = 0; - char spoolfile[SIZ]; + char spoolfile[256]; if (working_ignetcfg == NULL) { lprintf(CTDL_DEBUG, "No nodes defined - not polling\n"); @@ -1744,17 +1744,17 @@ void network_poll_other_citadel_nodes(int full_poll) { /* Use the string tokenizer to grab one line at a time */ for (i=0; i 0) && (strlen(secret) > 0) && (strlen(host) > 0) && strlen(port) > 0) { poll = full_poll; if (poll == 0) { - sprintf(spoolfile, "./network/spoolout/%s", - node); + snprintf(spoolfile, sizeof spoolfile, + "./network/spoolout/%s", node); if (access(spoolfile, R_OK) == 0) { poll = 1; } @@ -1860,16 +1860,16 @@ void network_do_queue(void) { */ void cmd_netp(char *cmdbuf) { - char node[SIZ]; - char pass[SIZ]; + char node[256]; + char pass[256]; int v; - char secret[SIZ]; - char nexthop[SIZ]; + char secret[256]; + char nexthop[256]; /* Authenticate */ - extract(node, cmdbuf, 0); - extract(pass, cmdbuf, 1); + extract_token(node, cmdbuf, 0, '|', sizeof node); + extract_token(pass, cmdbuf, 1, '|', sizeof pass); if (doing_queue) { lprintf(CTDL_WARNING, "Network node <%s> refused - spooling", node); diff --git a/citadel/serv_pas2.c b/citadel/serv_pas2.c index c3f31cea3..0de1a66ee 100644 --- a/citadel/serv_pas2.c +++ b/citadel/serv_pas2.c @@ -34,7 +34,7 @@ void cmd_pas2(char *argbuf) { - char pw[SIZ]; + char pw[256]; char hexstring[MD5_HEXSTRING_SIZE]; @@ -50,7 +50,7 @@ void cmd_pas2(char *argbuf) return; } - extract(pw, argbuf, 0); + extract_token(pw, argbuf, 0, '|', sizeof pw); if (getuser(&CC->user, CC->curr_user)) { diff --git a/citadel/serv_rwho.c b/citadel/serv_rwho.c index 6b1d1abac..0123145f0 100644 --- a/citadel/serv_rwho.c +++ b/citadel/serv_rwho.c @@ -162,17 +162,17 @@ void cmd_rwho(char *argbuf) { */ void cmd_rchg(char *argbuf) { - char newroomname[SIZ]; + char newroomname[ROOMNAMELEN]; - extract(newroomname, argbuf, 0); + extract_token(newroomname, argbuf, 0, '|', sizeof newroomname); newroomname[ROOMNAMELEN-1] = 0; if (strlen(newroomname) > 0) { safestrncpy(CC->fake_roomname, newroomname, sizeof(CC->fake_roomname) ); - } + } else { - strcpy(CC->fake_roomname, ""); - } + safestrncpy(CC->fake_roomname, "", sizeof CC->fake_roomname); + } cprintf("%d OK\n", CIT_OK); } @@ -181,16 +181,16 @@ void cmd_rchg(char *argbuf) */ void cmd_hchg(char *argbuf) { - char newhostname[SIZ]; + char newhostname[64]; - extract(newhostname, argbuf, 0); + extract_token(newhostname, argbuf, 0, '|', sizeof newhostname); if (strlen(newhostname) > 0) { safestrncpy(CC->fake_hostname, newhostname, sizeof(CC->fake_hostname) ); - } + } else { - strcpy(CC->fake_hostname, ""); - } + safestrncpy(CC->fake_hostname, "", sizeof CC->fake_hostname); + } cprintf("%d OK\n", CIT_OK); } @@ -201,9 +201,9 @@ void cmd_hchg(char *argbuf) void cmd_uchg(char *argbuf) { - char newusername[SIZ]; + char newusername[USERNAME_SIZE]; - extract(newusername, argbuf, 0); + extract_token(newusername, argbuf, 0, '|', sizeof newusername); if (CtdlAccessCheck(ac_aide)) return; diff --git a/citadel/serv_smtp.c b/citadel/serv_smtp.c index a354110c8..c628aa4d9 100644 --- a/citadel/serv_smtp.c +++ b/citadel/serv_smtp.c @@ -311,41 +311,41 @@ void smtp_get_pass(char *argbuf) { * */ void smtp_auth(char *argbuf) { - char buf[SIZ]; - char method[SIZ]; - char encoded_authstring[SIZ]; - char decoded_authstring[SIZ]; - char ident[SIZ]; - char user[SIZ]; - char pass[SIZ]; + char username_prompt[64]; + char method[64]; + char encoded_authstring[1024]; + char decoded_authstring[1024]; + char ident[256]; + char user[256]; + char pass[256]; if (CC->logged_in) { cprintf("504 5.7.4 Already logged in.\r\n"); return; } - extract_token(method, argbuf, 0, ' '); + extract_token(method, argbuf, 0, ' ', sizeof method); if (!strncasecmp(method, "login", 5) ) { if (strlen(argbuf) >= 7) { smtp_get_user(&argbuf[6]); } else { - CtdlEncodeBase64(buf, "Username:", 9); - cprintf("334 %s\r\n", buf); + CtdlEncodeBase64(username_prompt, "Username:", 9); + cprintf("334 %s\r\n", username_prompt); SMTP->command_state = smtp_user; } return; } if (!strncasecmp(method, "plain", 5) ) { - extract_token(encoded_authstring, argbuf, 1, ' '); + extract_token(encoded_authstring, argbuf, 1, ' ', sizeof encoded_authstring); CtdlDecodeBase64(decoded_authstring, encoded_authstring, strlen(encoded_authstring) ); - strcpy(ident, decoded_authstring); - strcpy(user, &decoded_authstring[strlen(ident) + 1] ); - strcpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2] ); + safestrncpy(ident, decoded_authstring, sizeof ident); + safestrncpy(user, &decoded_authstring[strlen(ident) + 1], sizeof user); + safestrncpy(pass, &decoded_authstring[strlen(ident) + strlen(user) + 2], sizeof pass); if (CtdlLoginExistingUser(user) == login_ok) { if (CtdlTryPassword(pass) == pass_ok) { @@ -983,7 +983,7 @@ void smtp_try(const char *key, const char *addr, int *status, sock = (-1); for (mx=0; (mx\n", buf); sock = sock_connect(buf, "25", "tcp"); snprintf(dsn, SIZ, "Could not connect: %s", strerror(errno)); @@ -1186,9 +1186,9 @@ void smtp_do_bounce(char *instr) { /* See if it's time to give up on delivery of this message */ for (i=0; i addr=<%s> status=%d dsn=<%s>\n", @@ -1326,11 +1326,11 @@ int smtp_purge_completed_deliveries(char *instr) { lines = num_tokens(instr, '\n'); for (i=0; i\n", buf); sock = sock_connect(buf, SPAMASSASSIN_PORT, "tcp"); if (sock >= 0) lprintf(CTDL_DEBUG, "Connected!\n"); diff --git a/citadel/serv_vandelay.c b/citadel/serv_vandelay.c index 922e1dc27..46a2a56c0 100644 --- a/citadel/serv_vandelay.c +++ b/citadel/serv_vandelay.c @@ -573,7 +573,7 @@ void artv_do_import(void) { void cmd_artv(char *cmdbuf) { - char cmd[SIZ]; + char cmd[32]; static int is_running = 0; if (CtdlAccessCheck(ac_internal)) return; @@ -587,7 +587,7 @@ void cmd_artv(char *cmdbuf) { strcpy(artv_tempfilename1, tmpnam(NULL)); strcpy(artv_tempfilename2, tmpnam(NULL)); - extract(cmd, cmdbuf, 0); + extract_token(cmd, cmdbuf, 0, '|', sizeof cmd); if (!strcasecmp(cmd, "export")) artv_do_export(); else if (!strcasecmp(cmd, "import")) artv_do_import(); else cprintf("%d illegal command\n", ERROR + ILLEGAL_VALUE); diff --git a/citadel/serv_vcard.c b/citadel/serv_vcard.c index 5dd95868f..d1f747e69 100644 --- a/citadel/serv_vcard.c +++ b/citadel/serv_vcard.c @@ -636,11 +636,11 @@ void cmd_greg(char *argbuf) struct ctdluser usbuf; struct vCard *v; char *s; - char who[SIZ]; - char adr[SIZ]; - char buf[SIZ]; + char who[USERNAME_SIZE]; + char adr[256]; + char buf[256]; - extract(who, argbuf, 0); + extract_token(who, argbuf, 0, '|', sizeof who); if (!(CC->logged_in)) { cprintf("%d Not logged in.\n", ERROR + NOT_LOGGED_IN); @@ -671,13 +671,13 @@ void cmd_greg(char *argbuf) s = vcard_get_prop(v, "adr", 0, 0, 0); snprintf(adr, sizeof adr, "%s", s ? s : " ");/* address... */ - extract_token(buf, adr, 2, ';'); + extract_token(buf, adr, 2, ';', sizeof buf); cprintf("%s\n", buf); /* street */ - extract_token(buf, adr, 3, ';'); + extract_token(buf, adr, 3, ';', sizeof buf); cprintf("%s\n", buf); /* city */ - extract_token(buf, adr, 4, ';'); + extract_token(buf, adr, 4, ';', sizeof buf); cprintf("%s\n", buf); /* state */ - extract_token(buf, adr, 5, ';'); + extract_token(buf, adr, 5, ';', sizeof buf); cprintf("%s\n", buf); /* zip */ s = vcard_get_prop(v, "tel;home", 0, 0, 0); @@ -696,7 +696,7 @@ void cmd_greg(char *argbuf) s = vcard_get_prop(v, "adr", 0, 0, 0); snprintf(adr, sizeof adr, "%s", s ? s : " ");/* address... */ - extract_token(buf, adr, 6, ';'); + extract_token(buf, adr, 6, ';', sizeof buf); cprintf("%s\n", buf); /* country */ cprintf("000\n"); } @@ -706,14 +706,14 @@ void cmd_greg(char *argbuf) * When a user is being created, create his/her vCard. */ void vcard_newuser(struct ctdluser *usbuf) { - char buf[SIZ]; - char vname[SIZ]; + char buf[256]; + char vname[256]; - char lastname[SIZ]; - char firstname[SIZ]; - char middlename[SIZ]; - char honorific_prefixes[SIZ]; - char honorific_suffixes[SIZ]; + char lastname[256]; + char firstname[256]; + char middlename[256]; + char honorific_prefixes[256]; + char honorific_suffixes[256]; struct vCard *v; int i; @@ -722,42 +722,43 @@ void vcard_newuser(struct ctdluser *usbuf) { * fully expanded vCard name based on the number of * words in the name */ - strcpy(lastname, ""); - strcpy(firstname, ""); - strcpy(middlename, ""); - strcpy(honorific_prefixes, ""); - strcpy(honorific_suffixes, ""); + safestrncpy(lastname, "", sizeof lastname); + safestrncpy(firstname, "", sizeof firstname); + safestrncpy(middlename, "", sizeof middlename); + safestrncpy(honorific_prefixes, "", sizeof honorific_prefixes); + safestrncpy(honorific_suffixes, "", sizeof honorific_suffixes); - strcpy(buf, usbuf->fullname); + safestrncpy(buf, usbuf->fullname, sizeof buf); /* Honorific suffixes */ if (num_tokens(buf, ',') > 1) { - extract_token(honorific_suffixes, buf, (num_tokens(buf, ' ') - 1), ','); + extract_token(honorific_suffixes, buf, (num_tokens(buf, ' ') - 1), ',', + sizeof honorific_suffixes); remove_token(buf, (num_tokens(buf, ',') - 1), ','); } /* Find a last name */ - extract_token(lastname, buf, (num_tokens(buf, ' ') - 1), ' '); + extract_token(lastname, buf, (num_tokens(buf, ' ') - 1), ' ', sizeof lastname); remove_token(buf, (num_tokens(buf, ' ') - 1), ' '); /* Find honorific prefixes */ if (num_tokens(buf, ' ') > 2) { - extract_token(honorific_prefixes, buf, 0, ' '); + extract_token(honorific_prefixes, buf, 0, ' ', sizeof honorific_prefixes); remove_token(buf, 0, ' '); } /* Find a middle name */ if (num_tokens(buf, ' ') > 1) { - extract_token(middlename, buf, (num_tokens(buf, ' ') - 1), ' '); + extract_token(middlename, buf, (num_tokens(buf, ' ') - 1), ' ', sizeof middlename); remove_token(buf, (num_tokens(buf, ' ') - 1), ' '); } /* Anything left is probably the first name */ - strcpy(firstname, buf); + safestrncpy(firstname, buf, sizeof firstname); striplt(firstname); /* Compose the structured name */ - sprintf(vname, "%s;%s;%s;%s;%s", lastname, firstname, middlename, + snprintf(vname, sizeof vname, "%s;%s;%s;%s;%s", lastname, firstname, middlename, honorific_prefixes, honorific_suffixes); lprintf(CTDL_DEBUG, "Converted <%s> to <%s>\n", usbuf->fullname, vname); @@ -894,12 +895,12 @@ EOH: CtdlFreeMessage(msg); * Query Directory */ void cmd_qdir(char *argbuf) { - char citadel_addr[SIZ]; - char internet_addr[SIZ]; + char citadel_addr[256]; + char internet_addr[256]; if (CtdlAccessCheck(ac_logged_in)) return; - extract(internet_addr, argbuf, 0); + extract_token(internet_addr, argbuf, 0, '|', sizeof internet_addr); if (CtdlDirectoryLookup(citadel_addr, internet_addr) != 0) { cprintf("%d %s was not found.\n", diff --git a/citadel/setup.c b/citadel/setup.c index 776f30c20..261662671 100644 --- a/citadel/setup.c +++ b/citadel/setup.c @@ -120,10 +120,10 @@ void set_init_entry(char *which_entry, char *new_state) { while(fgets(buf, sizeof buf, fp) != NULL) { if (num_tokens(buf, ':') == 4) { - extract_token(entry, buf, 0, ':'); - extract_token(levels, buf, 1, ':'); - extract_token(state, buf, 2, ':'); - extract_token(prog, buf, 3, ':'); /* includes 0x0a LF */ + extract_token(entry, buf, 0, ':', sizeof entry); + extract_token(levels, buf, 1, ':', sizeof levels); + extract_token(state, buf, 2, ':', sizeof state); + extract_token(prog, buf, 3, ':', sizeof prog); /* includes 0x0a LF */ if (!strcmp(entry, which_entry)) { strcpy(state, new_state); @@ -173,8 +173,8 @@ void locate_init_entry(char *init_entry, char *looking_for) { } else { while (fgets(buf, sizeof buf, infp) != NULL) { buf[strlen(buf) - 1] = 0; - extract_token(entry, buf, 0, ':'); - extract_token(prog, buf, 3, ':'); + extract_token(entry, buf, 0, ':', sizeof entry); + extract_token(prog, buf, 3, ':', sizeof prog); if (!strncasecmp(prog, looking_for, strlen(looking_for))) { ++have_entry; @@ -278,7 +278,7 @@ int yesno(char *question) newtCenteredWindow(76, prompt_window_height, "Question"); form = newtForm(NULL, NULL, 0); for (i=0; i= 2) { - extract_token(histr, setstr, 1, ':'); + extract_token(histr, setstr, 1, ':', sizeof histr); if (!strcmp(histr, "*")) { snprintf(histr, sizeof histr, "%ld", LONG_MAX); } diff --git a/citadel/tools.h b/citadel/tools.h index c29d43441..f34eef4be 100644 --- a/citadel/tools.h +++ b/citadel/tools.h @@ -1,7 +1,7 @@ /* $Id$ */ char *safestrncpy(char *dest, const char *src, size_t n); int num_tokens (const char *source, char tok); -void extract_token(char *dest, const char *source, int parmnum, char separator); +void extract_token(char *dest, const char *source, int parmnum, char separator, int maxlen); int extract_int (const char *source, int parmnum); long extract_long (const char *source, int parmnum); unsigned long extract_unsigned_long(const char *source, int parmnum); @@ -21,7 +21,6 @@ int strncasecmp(char *, char *, int); #define strcasecmp(x,y) strncasecmp(x,y,INT_MAX); #endif -#define extract(dest,source,parmnum) extract_token(dest,source,parmnum,(char)'|') #define num_parms(source) num_tokens(source,(char)'|') void stripout(char *str, char leftboundary, char rightboundary); void stripallbut(char *str, char leftboundary, char rightboundary); diff --git a/citadel/user_ops.c b/citadel/user_ops.c index 4c7ed660a..a9757e2db 100644 --- a/citadel/user_ops.c +++ b/citadel/user_ops.c @@ -417,10 +417,10 @@ int CtdlLoginExistingUser(char *trythisname) */ void cmd_user(char *cmdbuf) { - char username[SIZ]; + char username[256]; int a; - extract(username, cmdbuf, 0); + extract_token(username, cmdbuf, 0, '|', sizeof username); striplt(username); a = CtdlLoginExistingUser(username); @@ -684,10 +684,10 @@ int CtdlTryPassword(char *password) void cmd_pass(char *buf) { - char password[SIZ]; + char password[256]; int a; - extract(password, buf, 0); + extract_token(password, buf, 0, '|', sizeof password); a = CtdlTryPassword(password); switch (a) { @@ -778,7 +778,7 @@ int create_user(char *newusername, int become_user) { struct ctdluser usbuf; struct ctdlroom qrbuf; - char username[SIZ]; + char username[256]; char mailboxname[ROOMNAMELEN]; uid_t uid; @@ -790,7 +790,7 @@ int create_user(char *newusername, int become_user) struct passwd *p = (struct passwd *) getpwnam(username); if (p != NULL) { - extract_token(username, p->pw_gecos, 0, ','); + extract_token(username, p->pw_gecos, 0, ',', sizeof username); uid = p->pw_uid; } else { uid = (-1); @@ -877,7 +877,7 @@ int create_user(char *newusername, int become_user) void cmd_newu(char *cmdbuf) { int a; - char username[SIZ]; + char username[26]; if (config.c_disable_newu) { cprintf("%d Self-service user account creation " @@ -894,7 +894,7 @@ void cmd_newu(char *cmdbuf) ERROR + MAX_SESSIONS_EXCEEDED, config.c_nodename, config.c_maxsessions); } - extract(username, cmdbuf, 0); + extract_token(username, cmdbuf, 0, '|', sizeof username); username[25] = 0; strproc(username); @@ -962,16 +962,16 @@ void cmd_setp(char *new_pw) void cmd_creu(char *cmdbuf) { int a; - char username[SIZ]; - char password[SIZ]; + char username[26]; + char password[32]; struct ctdluser tmp; if (CtdlAccessCheck(ac_aide)) { return; } - extract(username, cmdbuf, 0); - extract(password, cmdbuf, 1); + extract_token(username, cmdbuf, 0, '|', sizeof username); + extract_token(password, cmdbuf, 1, '|', sizeof password); username[25] = 0; password[31] = 0; strproc(username); @@ -1295,11 +1295,11 @@ void cmd_gnur(void) */ void cmd_vali(char *v_args) { - char user[SIZ]; + char user[128]; int newax; struct ctdluser userbuf; - extract(user, v_args, 0); + extract_token(user, v_args, 0, '|', sizeof user); newax = extract_int(v_args, 1); if (CtdlAccessCheck(ac_aide)) { @@ -1437,13 +1437,13 @@ void cmd_qusr(char *who) void cmd_agup(char *cmdbuf) { struct ctdluser usbuf; - char requested_user[SIZ]; + char requested_user[128]; if (CtdlAccessCheck(ac_aide)) { return; } - extract(requested_user, cmdbuf, 0); + extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user); if (getuser(&usbuf, requested_user) != 0) { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); return; @@ -1469,7 +1469,7 @@ void cmd_agup(char *cmdbuf) void cmd_asup(char *cmdbuf) { struct ctdluser usbuf; - char requested_user[SIZ]; + char requested_user[128]; char notify[SIZ]; int np; int newax; @@ -1478,14 +1478,14 @@ void cmd_asup(char *cmdbuf) if (CtdlAccessCheck(ac_aide)) return; - extract(requested_user, cmdbuf, 0); + extract_token(requested_user, cmdbuf, 0, '|', sizeof requested_user); if (lgetuser(&usbuf, requested_user) != 0) { cprintf("%d No such user.\n", ERROR + NO_SUCH_USER); return; } np = num_parms(cmdbuf); if (np > 1) - extract(usbuf.password, cmdbuf, 1); + extract_token(usbuf.password, cmdbuf, 1, '|', sizeof usbuf.password); if (np > 2) usbuf.flags = extract_int(cmdbuf, 2); if (np > 3) diff --git a/citadel/userlist.c b/citadel/userlist.c index 00534037d..59a398d79 100644 --- a/citadel/userlist.c +++ b/citadel/userlist.c @@ -47,11 +47,11 @@ void userlist(CtdlIPC *ipc) { printf(" User Name Num L LastCall Calls Posts\n"); printf("------------------------- ----- - ---------- ----- -----\n"); while (strlen(listing) > 0) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); - extract(fl,buf,0); + extract_token(fl, buf, 0, '|', sizeof fl); printf("%-25s ",fl); - printf("%5ld %d ",extract_long(buf,2), + printf("%5ld %d ", extract_long(buf,2), extract_int(buf,1)); lc = extract_long(buf,3); localtime_r(&lc, &tmbuf); diff --git a/citadel/whobbs.c b/citadel/whobbs.c index 42cba2227..80fb72f3e 100644 --- a/citadel/whobbs.c +++ b/citadel/whobbs.c @@ -128,17 +128,17 @@ int main(int argc, char **argv) while (strlen(listing) > 0) { - extract_token(buf, listing, 0, '\n'); + extract_token(buf, listing, 0, '\n', sizeof buf); remove_token(listing, 0, '\n'); /* Escape some stuff if we're using www mode */ if (www) escapize(buf, sizeof buf); s_pid = extract_int(buf,0); - extract(s_user,buf,1); - extract(s_room,buf,2); - extract(s_host,buf,3); - extract(s_client,buf,4); + extract_token(s_user, buf, 1, '|', sizeof s_user); + extract_token(s_room, buf, 2, '|', sizeof s_room); + extract_token(s_host, buf, 3, '|', sizeof s_host); + extract_token(s_client, buf, 4, '|', sizeof s_client); if (s_pid != my_pid) { if (www) printf(""); -- 2.30.2