From 6ec9bd3db7586fe90bdfecaf6235f9998b96a43f Mon Sep 17 00:00:00 2001
From: rswindell <>
Date: Fri, 15 Jun 2012 21:31:49 +0000
Subject: [PATCH] More safe string copying/formatting.

---
 src/sbbs3/newuser.cpp | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/sbbs3/newuser.cpp b/src/sbbs3/newuser.cpp
index efc52f79fd..a711d1f50b 100644
--- a/src/sbbs3/newuser.cpp
+++ b/src/sbbs3/newuser.cpp
@@ -8,7 +8,7 @@
  * @format.tab-size 4		(Plain Text/Source Code File Header)			*
  * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
  *																			*
- * Copyright 2011 Rob Swindell - http://www.synchro.net/copyright.html		*
+ * Copyright 2012 Rob Swindell - http://www.synchro.net/copyright.html		*
  *																			*
  * This program is free software; you can redistribute it and/or			*
  * modify it under the terms of the GNU General Public License				*
@@ -90,11 +90,11 @@ BOOL sbbs_t::newuser()
 			getstr(str,40,K_UPPER);
 			if(!strcmp(str,cfg.new_pass))
 				break;
-			sprintf(tmp,"NUP Attempted: '%s'",str);
+			SAFEPRINTF(tmp,"NUP Attempted: '%s'",str);
 			logline(LOG_NOTICE,"N!",tmp); 
 		}
 		if(c==4) {
-			sprintf(str,"%snupguess.msg",cfg.text_dir);
+			SAFEPRINTF(str,"%snupguess.msg",cfg.text_dir);
 			if(fexist(str))
 				printfile(str,P_NOABORT);
 			hangup();
@@ -116,7 +116,7 @@ BOOL sbbs_t::newuser()
 	SAFECOPY(useron.comp,client_name);	/* hostname or CID name */
 	SAFECOPY(useron.note,cid);			/* IP address or CID number */
 	if((i=userdatdupe(0,U_NOTE,LEN_NOTE,cid, /* del */true))!=0) {	/* Duplicate IP address */
-		sprintf(useron.comment,"Warning: same IP address as user #%d %s"
+		SAFEPRINTF2(useron.comment,"Warning: same IP address as user #%d %s"
 			,i,username(&cfg,i,str));
 		logline(LOG_NOTICE,"N!",useron.comment); 
 	}
@@ -234,7 +234,7 @@ BOOL sbbs_t::newuser()
 			SAFECOPY(useron.name,useron.alias);
 		if(!online) return(FALSE);
 		if(!useron.handle[0])
-			sprintf(useron.handle,"%.*s",LEN_HANDLE,useron.alias);
+			SAFECOPY(useron.handle,useron.alias);
 		while((cfg.uq&UQ_HANDLE) && online) {
 			bputs(text[EnterYourHandle]);
 			if(!getstr(useron.handle,LEN_HANDLE
@@ -320,21 +320,21 @@ BOOL sbbs_t::newuser()
 			break; 
 	}
 	if(!online) return(FALSE);
-	sprintf(str,"New user: %s",useron.alias);
+	SAFEPRINTF(str,"New user: %s",useron.alias);
 	logline("N",str);
 	if(!online) return(FALSE);
 	CLS;
-	sprintf(str,"%ssbbs.msg",cfg.text_dir);
+	SAFEPRINTF(str,"%ssbbs.msg",cfg.text_dir);
 	printfile(str,P_NOABORT);
 	if(lncntr)
 		pause();
 	CLS;
-	sprintf(str,"%ssystem.msg",cfg.text_dir);
+	SAFEPRINTF(str,"%ssystem.msg",cfg.text_dir);
 	printfile(str,P_NOABORT);
 	if(lncntr)
 		pause();
 	CLS;
-	sprintf(str,"%snewuser.msg",cfg.text_dir);
+	SAFEPRINTF(str,"%snewuser.msg",cfg.text_dir);
 	printfile(str,P_NOABORT);
 	if(lncntr)
 		pause();
@@ -404,12 +404,12 @@ BOOL sbbs_t::newuser()
 			console&=~(CON_R_ECHOX|CON_L_ECHOX);
 			if(!strcmp(str,useron.pass)) break;
 			if(cfg.sys_misc&SM_ECHO_PW) 
-				sprintf(tmp,"%s FAILED Password verification: '%s' instead of '%s'"
+				SAFEPRINTF3(tmp,"%s FAILED Password verification: '%s' instead of '%s'"
 					,useron.alias
 					,str
 					,useron.pass);
 			else
-				sprintf(tmp,"%s FAILED Password verification"
+				SAFEPRINTF(tmp,"%s FAILED Password verification"
 					,useron.alias);
 			logline(LOG_NOTICE,nulstr,tmp);
 			if(++c==4) {
@@ -428,7 +428,7 @@ BOOL sbbs_t::newuser()
 		getstr(str,50,K_UPPER);
 		if(strcmp(str,cfg.new_magic)) {
 			bputs(text[FailedMagicWord]);
-			sprintf(tmp,"%s failed magic word: '%s'",useron.alias,str);
+			SAFEPRINTF2(tmp,"%s failed magic word: '%s'",useron.alias,str);
 			logline("N!",tmp);
 			hangup(); 
 		}
@@ -438,15 +438,15 @@ BOOL sbbs_t::newuser()
 	bputs(text[CheckingSlots]);
 
 	if((i=newuserdat(&cfg,&useron))!=0) {
-		sprintf(str,"user record #%u",useron.number);
+		SAFEPRINTF(str,"user record #%u",useron.number);
 		errormsg(WHERE,ERR_CREATE,str,i);
 		hangup();
 		return(FALSE); 
 	}
-	sprintf(str,"Created user record #%u: %s",useron.number,useron.alias);
+	SAFEPRINTF2(str,"Created user record #%u: %s",useron.number,useron.alias);
 	logline(nulstr,str);
 	if(cfg.new_sif[0]) {
-		sprintf(str,"%suser/%4.4u.dat",cfg.data_dir,useron.number);
+		SAFEPRINTF2(str,"%suser/%4.4u.dat",cfg.data_dir,useron.number);
 		create_sif_dat(cfg.new_sif,str); 
 	}
 	if(!(cfg.uq&UQ_NODEF))
@@ -455,10 +455,10 @@ BOOL sbbs_t::newuser()
 	delallmail(useron.number, MAIL_ANY);
 
 	if(useron.number!=1 && cfg.node_valuser) {
-		sprintf(str,"%sfeedback.msg",cfg.text_dir);
+		SAFEPRINTF(str,"%sfeedback.msg",cfg.text_dir);
 		CLS;
 		printfile(str,P_NOABORT);
-		sprintf(str,text[NewUserFeedbackHdr]
+		safe_snprintf(str,sizeof(str),text[NewUserFeedbackHdr]
 			,nulstr,getage(&cfg,useron.birth),useron.sex,useron.birth
 			,useron.name,useron.phone,useron.comp,useron.modem);
 		email(cfg.node_valuser,str,"New User Validation",WM_EMAIL|WM_SUBJ_RO);
-- 
GitLab