Skip to content
Snippets Groups Projects
Commit 71768851 authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Use safe string copying in get_owner_name() via strlcpy()

parent e6ee94c7
No related branches found
No related tags found
1 merge request!455Update branch with changes from master
......@@ -2068,18 +2068,18 @@ static void get_fileperm(lib_t *lib, dir_t *dir, user_t *user, client_t *client,
*p = 0;
}
static void get_owner_name(file_t *file, char *namestr)
static void get_owner_name(file_t *file, char *namestr, size_t size)
{
char *p;
if (file) {
if (file->hdr.attr & MSG_ANONYMOUS)
strcpy(namestr, ANONYMOUS);
strlcpy(namestr, ANONYMOUS, size);
else
strcpy(namestr, file->from);
strlcpy(namestr, file->from, size);
}
else
strcpy(namestr, scfg.sys_id);
strlcpy(namestr, scfg.sys_id, size);
// Now ensure it's an RCHAR string.
for (p=namestr; *p; p++) {
......@@ -3618,14 +3618,14 @@ static void ctrl_thread(void* arg)
&& (cmd[3] == 'D' || strcmp(startup->index_file_name, mls_fname) == 0)) {
if (cmd[3] == 'T')
sockprintf(sock,sess, "250- Listing %s", startup->index_file_name);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "file", "r", UINT64_MAX, 0, str, NULL, 0, cmd[3] == 'T' ? mls_path : startup->index_file_name);
l++;
}
if(lib<0) { /* Root dir */
if (cmd[3] == 'T' && !*mls_fname) {
sockprintf(sock,sess, "250- Listing root");
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
strcpy(aliaspath, "/");
send_mlsx_entry(fp, sock, sess, mlsx_feats, "dir", (startup->options&FTP_OPT_ALLOW_QWK) ? "elc" : "el", UINT64_MAX, 0, str, NULL, 0, aliaspath);
l++;
......@@ -3641,7 +3641,7 @@ static void ctrl_thread(void* arg)
if (cmd[3] == 'D' || strcmp(str, mls_fname) == 0) {
if (cmd[3] == 'T')
sockprintf(sock,sess, "250- Listing %s", str);
get_owner_name(NULL, owner);
get_owner_name(NULL, owner, sizeof owner);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "file", "r", UINT64_MAX, 0, owner, NULL, 0, cmd[3] == 'T' ? mls_path : str);
l++;
}
......@@ -3721,20 +3721,20 @@ static void ctrl_thread(void* arg)
if (cmd[3] == 'T')
sockprintf(sock,sess, "250- Listing %s", scfg.lib[i]->vdir);
get_libperm(scfg.lib[i], &user, &client, permstr);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "dir", permstr, UINT64_MAX, 0, str, NULL, 0, cmd[3] == 'T' ? mls_path : scfg.lib[i]->vdir);
l++;
}
} else if(dir<0) {
if (cmd[3] == 'T' && !*mls_fname) {
sockprintf(sock,sess, "250- Listing %s", scfg.lib[lib]->vdir);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
SAFEPRINTF(aliaspath, "/%s", scfg.lib[lib]->vdir);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "dir", "el", UINT64_MAX, 0, str, NULL, 0, aliaspath);
l++;
}
if (cmd[3] == 'D') {
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "pdir", (startup->options&FTP_OPT_ALLOW_QWK) ? "elc" : "el", UINT64_MAX, 0, str, NULL, 0, "/");
SAFEPRINTF(aliaspath, "/%s", scfg.lib[lib]->vdir);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "cdir", (startup->options&FTP_OPT_ALLOW_QWK) ? "elc" : "el", UINT64_MAX, 0, str, NULL, 0, aliaspath);
......@@ -3752,7 +3752,7 @@ static void ctrl_thread(void* arg)
if (cmd[3] == 'T')
sockprintf(sock,sess, "250- Listing %s", scfg.dir[i]->vdir);
get_dirperm(scfg.lib[lib], scfg.dir[i], &user, &client, permstr);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
SAFEPRINTF2(aliaspath, "/%s/%s", scfg.lib[lib]->vdir, scfg.dir[i]->vdir);
get_unique(aliaspath, uniq);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "dir", permstr, UINT64_MAX, 0, str, uniq, 0, cmd[3] == 'T' ? mls_path : scfg.dir[i]->vdir);
......@@ -3764,7 +3764,7 @@ static void ctrl_thread(void* arg)
if (cmd[3] == 'T' && !*mls_fname) {
sockprintf(sock,sess, "250- Listing %s/%s",scfg.lib[lib]->vdir,scfg.dir[dir]->vdir);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
SAFEPRINTF2(aliaspath, "/%s/%s", scfg.lib[lib]->vdir, scfg.dir[dir]->vdir);
get_unique(aliaspath, uniq);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "dir", (startup->options&FTP_OPT_ALLOW_QWK) ? "elc" : "el", UINT64_MAX, 0, str, uniq, 0, aliaspath);
......@@ -3772,7 +3772,7 @@ static void ctrl_thread(void* arg)
}
if (cmd[3] == 'D') {
get_libperm(scfg.lib[lib], &user, &client, permstr);
get_owner_name(NULL, str);
get_owner_name(NULL, str, sizeof str);
SAFEPRINTF(aliaspath, "/%s", scfg.lib[lib]->vdir);
send_mlsx_entry(fp, sock, sess, mlsx_feats, "pdir", permstr, UINT64_MAX, 0, str, NULL, 0, aliaspath);
SAFEPRINTF2(aliaspath, "/%s/%s", scfg.lib[lib]->vdir, scfg.dir[dir]->vdir);
......@@ -3795,7 +3795,7 @@ static void ctrl_thread(void* arg)
if (cmd[3] == 'T')
sockprintf(sock,sess, "250- Listing %s", p);
get_fileperm(scfg.lib[lib], scfg.dir[dir], &user, &client, f, permstr);
get_owner_name(f, str);
get_owner_name(f, str, sizeof str);
SAFEPRINTF3(aliaspath, "/%s/%s/%s", scfg.lib[lib]->vdir, scfg.dir[dir]->vdir, f->name);
get_unique(aliaspath, uniq);
f->size = f->cost;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment