Search
j0ke.net Open Build Service
>
Projects
>
city-map
>
webalizer
> webalizer-2.01-10-overflow.diff
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File webalizer-2.01-10-overflow.diff of Package webalizer
--- dns_resolv.c +++ dns_resolv.c @@ -156,7 +156,7 @@ strncpy (log_rec->hostname, ((struct dnsRecord *)response.data)->hostName, MAXHOST); - log_rec->hostname[MAXHOST]=0; + log_rec->hostname[MAXHOST-1]=0; if (debug_mode) fprintf(stderr," found: %s (%ld)\n", log_rec->hostname, alignedRecord.timeStamp); @@ -263,7 +263,8 @@ continue; /* go get next record if any */ } - strcpy(tmp_buf, buffer); /* save buffer in case of error */ + memset(tmp_buf, 0, sizeof(tmp_buf)); + strncpy(tmp_buf, buffer, sizeof(tmp_buf)-1); /* save buffer in case of error */ if(parse_record(buffer)) /* parse the record */ { if((log_rec.addr.s_addr = inet_addr(log_rec.hostname)) != INADDR_NONE) @@ -369,8 +370,8 @@ { DNODEPTR trav; - char child_buf[MAXHOST]; - char dns_buf[MAXHOST]; + char child_buf[MAXHOST+1] = {0}; + char dns_buf[MAXHOST+1] = {0}; int i; int pid; int nof_children = 0; @@ -445,8 +446,8 @@ size,strlen(res_ent->h_name)); /* If long hostname, take max domain name part */ - if ((size = strlen(res_ent->h_name)) > MAXHOST-2) - strcpy(child_buf,(res_ent->h_name+(size-MAXHOST+1))); + if ((size = strlen(res_ent->h_name)) > MAXHOST) + strcpy(child_buf,(res_ent->h_name+(size-MAXHOST))); else strcpy(child_buf, res_ent->h_name); size = strlen(child_buf); } --- graphs.c +++ graphs.c @@ -654,7 +654,7 @@ gdImageLine(im, CX, CY, gdata.x, gdata.y, black); gdImageFill(im, gdata.mx, gdata.my, i+4); - sprintf(buffer,"%s (%d%%)",legend[i], percent); + snprintf(buffer, sizeof(buffer),"%s (%d%%)",legend[i], percent); x=480-(strlen(buffer)*7); gdImageString(im,gdFontMediumBold, x+1, y+1, buffer, black); gdImageString(im,gdFontMediumBold, x, y, buffer, i+4); @@ -667,7 +667,7 @@ gdata=*calc_arc(s_arc,1.0); gdImageFill(im, gdata.mx, gdata.my, white); - sprintf(buffer,"%s (%d%%)",msg_h_other,100-(int)(s_arc*100)); + snprintf(buffer, sizeof(buffer),"%s (%d%%)",msg_h_other,100-(int)(s_arc*100)); x=480-(strlen(buffer)*7); gdImageString(im,gdFontMediumBold, x+1, y+1, buffer, black); gdImageString(im,gdFontMediumBold, x, y, buffer, white); --- output.c +++ output.c @@ -295,14 +295,14 @@ hist_lday[i] = l_day; /* fill in filenames */ - sprintf(html_fname,"usage_%04d%02d.%s",cur_year,cur_month,html_ext); - sprintf(png1_fname,"daily_usage_%04d%02d.png",cur_year,cur_month); - sprintf(png2_fname,"hourly_usage_%04d%02d.png",cur_year,cur_month); + snprintf(html_fname, sizeof(html_fname),"usage_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(png1_fname, sizeof(png1_fname),"daily_usage_%04d%02d.png",cur_year,cur_month); + snprintf(png2_fname, sizeof(png2_fname),"hourly_usage_%04d%02d.png",cur_year,cur_month); /* create PNG images for web page */ if (daily_graph) { - sprintf(dtitle,"%s %s %d",msg_hmth_du,l_month[cur_month-1],cur_year); + snprintf(dtitle, sizeof(dtitle),"%s %s %d",msg_hmth_du,l_month[cur_month-1],cur_year); month_graph6 ( png1_fname, /* filename */ dtitle, /* graph title */ cur_month, /* graph month */ @@ -317,7 +317,7 @@ if (hourly_graph) { - sprintf(htitle,"%s %s %d",msg_hmth_hu,l_month[cur_month-1],cur_year); + snprintf(htitle, sizeof(htitle),"%s %s %d",msg_hmth_hu,l_month[cur_month-1],cur_year); day_graph3( png2_fname, htitle, th_hit, @@ -329,7 +329,7 @@ /* first, open the file */ if ( (out_fp=open_out_file(html_fname))==NULL ) return 1; - sprintf(buffer,"%s %d",l_month[cur_month-1],cur_year); + snprintf(buffer, sizeof(buffer),"%s %d",l_month[cur_month-1],cur_year); write_html_head(buffer, out_fp); month_links(); month_total_table(); @@ -938,12 +938,12 @@ int i=(h_grp)?1:0; /* generate file name */ - sprintf(site_fname,"site_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(site_fname, sizeof(site_fname),"site_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(site_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_sites); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_sites); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1143,12 +1143,12 @@ int i=(u_grp)?1:0; /* generate file name */ - sprintf(url_fname,"url_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(url_fname, sizeof(url_fname),"url_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(url_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_url); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_url); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1414,12 +1414,12 @@ int i=(r_grp)?1:0; /* generate file name */ - sprintf(ref_fname,"ref_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(ref_fname, sizeof(ref_fname),"ref_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(ref_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_ref); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_ref); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1566,12 +1566,12 @@ int i=(a_grp)?1:0; /* generate file name */ - sprintf(agent_fname,"agent_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(agent_fname, sizeof(agent_fname),"agent_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(agent_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_agent); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_agent); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1700,12 +1700,12 @@ if (!tot_num) return 0; /* generate file name */ - sprintf(search_fname,"search_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(search_fname, sizeof(search_fname),"search_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(search_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_search); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_search); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1843,12 +1843,12 @@ int i=(i_grp)?1:0; /* generate file name */ - sprintf(user_fname,"user_%04d%02d.%s",cur_year,cur_month,html_ext); + snprintf(user_fname, sizeof(user_fname),"user_%04d%02d.%s",cur_year,cur_month,html_ext); /* open file */ if ( (out_fp=open_out_file(user_fname))==NULL ) return 0; - sprintf(buffer,"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_uname); + snprintf(buffer, sizeof(buffer),"%s %d - %s",l_month[cur_month-1],cur_year,msg_h_uname); write_html_head(buffer, out_fp); fprintf(out_fp,"<FONT SIZE=\"-1\"></CENTER><PRE>\n"); @@ -1998,8 +1998,8 @@ pie_data[i]=top_ctrys[i]->count; /* load the array */ pie_legend[i]=top_ctrys[i]->desc; } - sprintf(pie_title,"%s %s %d",msg_ctry_use,l_month[cur_month-1],cur_year); - sprintf(pie_fname,"ctry_usage_%04d%02d.png",cur_year,cur_month); + snprintf(pie_title, sizeof(pie_title),"%s %s %d",msg_ctry_use,l_month[cur_month-1],cur_year); + snprintf(pie_fname, sizeof(pie_fname),"ctry_usage_%04d%02d.png",cur_year,cur_month); pie_chart(pie_fname,pie_title,t_hit,pie_data,pie_legend); /* do it */ @@ -2063,7 +2063,7 @@ u_long cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/site_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/site_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2106,7 +2106,7 @@ u_long cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/url_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/url_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2146,7 +2146,7 @@ u_long cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/ref_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/ref_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2185,7 +2185,7 @@ u_char cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/agent_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/agent_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2224,7 +2224,7 @@ u_long cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/user_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/user_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2267,7 +2267,7 @@ u_char cnt=a_ctr; /* generate file name */ - sprintf(filename,"%s/search_%04d%02d.%s", + snprintf(filename, sizeof(filename),"%s/search_%04d%02d.%s", (dump_path)?dump_path:".",cur_year,cur_month,dump_ext); /* open file */ @@ -2312,7 +2312,7 @@ if (verbose>1) printf("%s\n",msg_gen_sum); - sprintf(buffer,"%s %s",msg_main_us,hname); + snprintf(buffer, sizeof(buffer),"%s %s",msg_main_us,hname); for (i=0;i<12;i++) /* get last month in history */ { @@ -2338,7 +2338,7 @@ hist_visit); /* data set 6 */ /* now do html stuff... */ - sprintf(index_fname,"index.%s",html_ext); + snprintf(index_fname, sizeof(index_fname),"index.%s",html_ext); if ( (out_fp=fopen(index_fname,"w")) == NULL) { --- parser.c +++ parser.c @@ -162,7 +162,7 @@ if (i<1 || i>31) return 0; /* format date/time field */ - sprintf(log_rec.datetime,"[%02d/%s/%4d:%s -0000]",i,cpx,j,cpy); + snprintf(log_rec.datetime, sizeof(log_rec.datetime),"[%02d/%s/%4d:%s -0000]",i,cpx,j,cpy); /* skip seconds... */ while (*cp1!=0 && cp1<eob) cp1++; @@ -196,8 +196,8 @@ while (*cp1==0) cp1++; /* fabricate an appropriate request string based on direction */ - if (*cp1=='i') sprintf(log_rec.url,"\"POST %s HTTP/1.0\"",cpx); - else sprintf(log_rec.url,"\"GET %s HTTP/1.0\"",cpx); + if (*cp1=='i') snprintf(log_rec.url, sizeof(log_rec.url),"\"POST %s HTTP/1.0\"",cpx); + else snprintf(log_rec.url, sizeof(log_rec.url),"\"GET %s HTTP/1.0\"",cpx); if (cp1<eob) cp1++; if (cp1<eob) cp1++; --- preserve.c +++ preserve.c @@ -203,7 +203,7 @@ /* first, save the easy stuff */ /* Header record */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "# Webalizer V%s-%s Incremental Data - %02d/%02d/%04d %02d:%02d:%02d\n", version,editlvl,cur_month,cur_day,cur_year,cur_hour,cur_min,cur_sec); if (fputs(buffer,fp)==EOF) return 1; /* error exit */ --- webalizer.c +++ webalizer.c @@ -263,7 +263,7 @@ /* add default index. alias */ add_nlist("index.",&index_alias); - sprintf(tmp_buf,"%s/webalizer.conf",ETCDIR); + snprintf(tmp_buf, sizeof(tmp_buf),"%s/webalizer.conf",ETCDIR); /* check for default config file */ if (!access("webalizer.conf",F_OK)) get_config("webalizer.conf");
