diff --git a/src/sbbs3/userdat.c b/src/sbbs3/userdat.c
index 6309e8bbfdbddc0430ff0aa30cc69d33761eec3a..68bf4e9e2c812b1274429a7e62272d73cdb7c50e 100644
--- a/src/sbbs3/userdat.c
+++ b/src/sbbs3/userdat.c
@@ -69,7 +69,7 @@ uint DLLCALL matchuser(scfg_t* cfg, const char *name, BOOL sysop_alias)
(!stricmp(name,"SYSOP") || !stricmp(name,"POSTMASTER") || !stricmp(name,cfg->sys_id)))
return(1);
- sprintf(str,"%suser/name.dat",cfg->data_dir);
+ SAFEPRINTF(str,"%suser/name.dat",cfg->data_dir);
if((file=nopen(str,O_RDONLY))==-1)
return(0);
length=(long)filelength(file);
@@ -135,7 +135,7 @@ uint DLLCALL total_users(scfg_t* cfg)
if(!VALID_CFG(cfg))
return(0);
- sprintf(str,"%suser/user.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/user.dat", cfg->data_dir);
if((file=nopen(str,O_RDONLY|O_DENYNONE))==-1)
return(0);
length=(long)filelength(file);
@@ -164,7 +164,7 @@ uint DLLCALL lastuser(scfg_t* cfg)
if(!VALID_CFG(cfg))
return(0);
- sprintf(str,"%suser/user.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/user.dat", cfg->data_dir);
if((length=(long)flength(str))>0)
return((uint)(length/U_LEN));
return(0);
@@ -182,7 +182,7 @@ BOOL DLLCALL del_lastuser(scfg_t* cfg)
if(!VALID_CFG(cfg))
return(FALSE);
- sprintf(str,"%suser/user.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/user.dat", cfg->data_dir);
if((file=nopen(str,O_RDWR|O_DENYNONE))==-1)
return(FALSE);
length=(long)filelength(file);
@@ -215,7 +215,7 @@ int DLLCALL getuserdat(scfg_t* cfg, user_t *user)
if(!VALID_CFG(cfg) || user_number<1)
return(-1);
- sprintf(userdat,"%suser/user.dat",cfg->data_dir);
+ SAFEPRINTF(userdat,"%suser/user.dat",cfg->data_dir);
if((file=nopen(userdat,O_RDONLY|O_DENYNONE))==-1)
return(errno);
@@ -502,7 +502,7 @@ int DLLCALL putuserdat(scfg_t* cfg, user_t* user)
putrec(userdat,U_UNUSED,U_LEN-(U_UNUSED)-2,crlf);
putrec(userdat,U_UNUSED+(U_LEN-(U_UNUSED)-2),2,crlf);
- sprintf(str,"%suser/user.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/user.dat", cfg->data_dir);
if((file=nopen(str,O_RDWR|O_CREAT|O_DENYNONE))==-1) {
return(errno);
}
@@ -556,7 +556,7 @@ char* DLLCALL username(scfg_t* cfg, int usernumber, char *name)
name[0]=0;
return(name);
}
- sprintf(str,"%suser/name.dat",cfg->data_dir);
+ SAFEPRINTF(str,"%suser/name.dat",cfg->data_dir);
if(flength(str)<1L) {
name[0]=0;
return(name);
@@ -595,7 +595,7 @@ int DLLCALL putusername(scfg_t* cfg, int number, char *name)
if(!VALID_CFG(cfg) || name==NULL || number<1)
return(-1);
- sprintf(str,"%suser/name.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/name.dat", cfg->data_dir);
if((file=nopen(str,O_RDWR|O_CREAT))==-1)
return(errno);
length=(long)filelength(file);
@@ -610,7 +610,7 @@ int DLLCALL putusername(scfg_t* cfg, int number, char *name)
return(-3);
}
if(length<(((long)number-1)*(LEN_ALIAS+2))) {
- sprintf(str,"%*s",LEN_ALIAS,nulstr);
+ SAFEPRINTF2(str,"%*s",LEN_ALIAS,nulstr);
memset(str,ETX,LEN_ALIAS);
strcat(str,crlf);
lseek(file,0L,SEEK_END);
@@ -687,7 +687,7 @@ int DLLCALL getnodedat(scfg_t* cfg, uint number, node_t *node, int* fdp)
return(-1);
memset(node,0,sizeof(node_t));
- sprintf(str,"%snode.dab",cfg->ctrl_dir);
+ SAFEPRINTF(str,"%snode.dab",cfg->ctrl_dir);
if((file=nopen(str,O_RDWR|O_DENYNONE))==-1)
return(errno);
@@ -850,21 +850,21 @@ char* DLLCALL nodestatus(scfg_t* cfg, node_t* node, char* buf, size_t buflen)
strcpy(str,"Networking");
break;
case NODE_LOGON:
- sprintf(str,"At logon prompt %s"
+ SAFEPRINTF(str,"At logon prompt %s"
,node_connection_desc(node->connection, tmp));
break;
case NODE_EVENT_WAITING:
strcpy(str,"Waiting for all nodes to become inactive");
break;
case NODE_EVENT_LIMBO:
- sprintf(str,"Waiting for node %d to finish external event"
+ SAFEPRINTF(str,"Waiting for node %d to finish external event"
,node->aux);
break;
case NODE_EVENT_RUNNING:
strcpy(str,"Running external event");
break;
case NODE_NEWUSER:
- sprintf(str,"New user applying for access %s"
+ SAFEPRINTF(str,"New user applying for access %s"
,node_connection_desc(node->connection, tmp));
break;
case NODE_QUIET:
@@ -1058,7 +1058,7 @@ uint DLLCALL userdatdupe(scfg_t* cfg, uint usernumber, uint offset, uint datlen
return(0);
truncsp(dat);
- sprintf(str,"%suser/user.dat", cfg->data_dir);
+ SAFEPRINTF(str,"%suser/user.dat", cfg->data_dir);
if((file=nopen(str,O_RDONLY|O_DENYNONE))==-1)
return(0);
length=(long)filelength(file);
@@ -1118,7 +1118,7 @@ int DLLCALL putsmsg(scfg_t* cfg, int usernumber, char *strin)
if(*strin==0)
return(0);
- sprintf(str,"%smsgs/%4.4u.msg",cfg->data_dir,usernumber);
+ SAFEPRINTF2(str,"%smsgs/%4.4u.msg",cfg->data_dir,usernumber);
if((file=nopen(str,O_WRONLY|O_CREAT|O_APPEND))==-1) {
return(errno);
}
@@ -1166,7 +1166,7 @@ char* DLLCALL getsmsg(scfg_t* cfg, int usernumber)
}
}
- sprintf(str,"%smsgs/%4.4u.msg",cfg->data_dir,usernumber);
+ SAFEPRINTF2(str,"%smsgs/%4.4u.msg",cfg->data_dir,usernumber);
if(flength(str)<1L)
return(NULL);
if((file=nopen(str,O_RDWR))==-1)
@@ -1203,7 +1203,7 @@ char* DLLCALL getnmsg(scfg_t* cfg, int node_num)
node.misc&=~NODE_NMSG; /* clear the NMSG flag */
putnodedat(cfg,node_num,&node,file);
- sprintf(str,"%smsgs/n%3.3u.msg",cfg->data_dir,node_num);
+ SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg->data_dir,node_num);
if(flength(str)<1L)
return(NULL);
if((file=nopen(str,O_RDWR))==-1)
@@ -1244,7 +1244,7 @@ int DLLCALL putnmsg(scfg_t* cfg, int num, char *strin)
if(*strin==0)
return(0);
- sprintf(str,"%smsgs/n%3.3u.msg",cfg->data_dir,num);
+ SAFEPRINTF2(str,"%smsgs/n%3.3u.msg",cfg->data_dir,num);
if((file=nopen(str,O_WRONLY|O_CREAT))==-1)
return(errno);
lseek(file,0L,SEEK_END); /* Instead of opening with O_APPEND */
@@ -1854,7 +1854,7 @@ int DLLCALL getuserrec(scfg_t* cfg, int usernumber,int start, int length, char *
if(!VALID_CFG(cfg) || usernumber<1 || str==NULL)
return(-1);
- sprintf(path,"%suser/user.dat",cfg->data_dir);
+ SAFEPRINTF(path,"%suser/user.dat",cfg->data_dir);
if((file=nopen(path,O_RDONLY|O_DENYNONE))==-1)
return(errno);
if(usernumber<1
@@ -1908,7 +1908,7 @@ int DLLCALL putuserrec(scfg_t* cfg, int usernumber,int start, uint length, const
if(!VALID_CFG(cfg) || usernumber<1 || str==NULL)
return(-1);
- sprintf(str2,"%suser/user.dat",cfg->data_dir);
+ SAFEPRINTF(str2,"%suser/user.dat",cfg->data_dir);
if((file=nopen(str2,O_RDWR|O_DENYNONE))==-1)
return(errno);
@@ -1960,7 +1960,7 @@ ulong DLLCALL adjustuserrec(scfg_t* cfg, int usernumber, int start, int length,
if(!VALID_CFG(cfg) || usernumber<1)
return(0);
- sprintf(path,"%suser/user.dat",cfg->data_dir);
+ SAFEPRINTF(path,"%suser/user.dat",cfg->data_dir);
if((file=nopen(path,O_RDWR|O_DENYNONE))==-1)
return(0);
@@ -2223,7 +2223,7 @@ char* DLLCALL alias(scfg_t* cfg, const char* name, char* buf)
p=(char*)name;
- sprintf(fname,"%salias.cfg",cfg->ctrl_dir);
+ SAFEPRINTF(fname,"%salias.cfg",cfg->ctrl_dir);
if((fp=fopen(fname,"r"))==NULL)
return((char*)name);
@@ -2289,7 +2289,7 @@ int DLLCALL newuserdat(scfg_t* cfg, user_t* user)
if(!VALID_CFG(cfg) || user==NULL)
return(-1);
- sprintf(str,"%suser/name.dat",cfg->data_dir);
+ SAFEPRINTF(str,"%suser/name.dat",cfg->data_dir);
if(fexist(str)) {
if((stream=fnopen(&file,str,O_RDONLY))==NULL) {
return(errno);
@@ -2333,24 +2333,27 @@ int DLLCALL newuserdat(scfg_t* cfg, user_t* user)
if((err=putuserdat(cfg,user))!=0)
return(err);
- sprintf(str,"%sfile/%04u.in",cfg->data_dir,user->number); /* delete any files */
+ SAFEPRINTF2(str,"%sfile/%04u.in",cfg->data_dir,user->number); /* delete any files */
delfiles(str,ALLFILES); /* waiting for user */
rmdir(str);
- sprintf(tmp,"%04u.*",user->number);
- sprintf(str,"%sfile",cfg->data_dir);
+ SAFEPRINTF(tmp,"%04u.*",user->number);
+ SAFEPRINTF(str,"%sfile",cfg->data_dir);
delfiles(str,tmp);
- sprintf(str,"%suser",cfg->data_dir);
+ SAFEPRINTF(str,"%suser",cfg->data_dir);
delfiles(str,tmp);
+ SAFEPRINTF2(str,"%suser/%04u",cfg->data_dir,user->number);
+ delfiles(str,ALLFILES);
+ rmdir(str);
- sprintf(str,"%suser/ptrs/%04u.ixb",cfg->data_dir,user->number); /* msg ptrs */
+ SAFEPRINTF2(str,"%suser/ptrs/%04u.ixb",cfg->data_dir,user->number); /* msg ptrs */
remove(str);
- sprintf(str,"%smsgs/%04u.msg",cfg->data_dir,user->number); /* delete short msg */
+ SAFEPRINTF2(str,"%smsgs/%04u.msg",cfg->data_dir,user->number); /* delete short msg */
remove(str);
/* Update daily statistics database (for system and node) */
for(i=0;i<2;i++) {
- sprintf(str,"%sdsts.dab",i ? cfg->ctrl_dir : cfg->node_dir);
+ SAFEPRINTF(str,"%sdsts.dab",i ? cfg->ctrl_dir : cfg->node_dir);
if((file=nopen(str,O_RDWR))==-1)
continue;
memset(&stats,0,sizeof(stats));
@@ -2572,7 +2575,7 @@ BOOL DLLCALL filter_ip(scfg_t* cfg, char* prot, char* reason, char* host
if(ip_addr==NULL)
return(FALSE);
- sprintf(ip_can,"%sip.can",cfg->text_dir);
+ SAFEPRINTF(ip_can,"%sip.can",cfg->text_dir);
if(fname==NULL)
fname=ip_can;