Due to another sighted stack variable overflow in answer(), using safe ASCIIZ

string formatting/copy functions and macros. text/answer.* filenames are now case insensitive on *nix (now consistent with all other menu files).

Due to another sighted stack variable overflow in answer(), using safe ASCIIZ
7838c53d · rswindell · 3d9b7e86 · 7838c53d
Commit 7838c53d authored 13 years ago by rswindell
--- a/src/sbbs3/answer.cpp
+++ b/src/sbbs3/answer.cpp
@@ -8,7 +8,7 @@
 * @format.tab-size 4		(Plain Text/Source Code File Header)			*
 * @format.use-tabs true	(see http://www.synchro.net/ptsc_hdr.html)		*
 *																			*
- * Copyright 2011 Rob Swindell - http://www.synchro.net/copyright.html		*
+ * Copyright 2012 Rob Swindell - http://www.synchro.net/copyright.html		*
 *																			*
 * This program is free software; you can redistribute it and/or			*
 * modify it under the terms of the GNU General Public License				*
@@ -56,17 +56,17 @@ bool sbbs_t::answer()
 	memset(&tm,0,sizeof(tm));
    localtime_r(&now,&tm); 
-	sprintf(str,"%s  %s %s %02d %u            Node %3u"
+	safe_snprintf(str,sizeof(str),"%s  %s %s %02d %u            Node %3u"
 		,hhmmtostr(&cfg,&tm,str2)
 		,wday[tm.tm_wday]
        ,mon[tm.tm_mon],tm.tm_mday,tm.tm_year+1900,cfg.node_num);
 	logline("@ ",str);
-	sprintf(str,"%s  %s [%s]", connection, client_name, cid);
+	safe_snprintf(str,sizeof(str),"%s  %s [%s]", connection, client_name, cid);
 	logline("@+:",str);
 	if(client_ident[0]) {
-		sprintf(str,"Identity: %s",client_ident);
+		safe_snprintf(str,sizeof(str),"Identity: %s",client_ident);
 		logline("@*",str);
 	}
@@ -120,12 +120,12 @@ bool sbbs_t::answer()
 							rioctl(IOFI);       /* flush input buffer */
 							bputs(text[InvalidLogon]);
 							if(cfg.sys_misc&SM_ECHO_PW)
-								sprintf(str,"(%04u)  %-25s  FAILED Password attempt: '%s'"
+								safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt: '%s'"
 									,0,useron.alias,tmp);
 							else
-								sprintf(str,"(%04u)  %-25s  FAILED Password attempt"
+								safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt"
 									,0,useron.alias);
-								logline(LOG_NOTICE,"+!",str);
+							logline(LOG_NOTICE,"+!",str);
 							bputs(text[PasswordPrompt]);
 							console|=CON_R_ECHOX;
 							getstr(tmp,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
@@ -150,12 +150,12 @@ bool sbbs_t::answer()
 							badlogin(useron.alias, tmp);
 							bputs(text[InvalidLogon]);
 							if(cfg.sys_misc&SM_ECHO_PW)
-								sprintf(str,"(%04u)  %-25s  FAILED Password attempt: '%s'"
+								safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt: '%s'"
 									,0,useron.alias,tmp);
 							else
-								sprintf(str,"(%04u)  %-25s  FAILED Password attempt"
+								safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt"
 									,0,useron.alias);
-								logline(LOG_NOTICE,"+!",str);
+							logline(LOG_NOTICE,"+!",str);
 						}
 						lprintf(LOG_WARNING,"Node %d !CLIENT IP NOT LISTED in %s"
 							,cfg.node_num,path);
@@ -204,10 +204,10 @@ bool sbbs_t::answer()
 					rioctl(IOFI);       /* flush input buffer */
 					bputs(text[InvalidLogon]);
 					if(cfg.sys_misc&SM_ECHO_PW)
-						sprintf(str,"(%04u)  %-25s  FAILED Password attempt: '%s'"
+						safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt: '%s'"
 							,0,useron.alias,tmp);
 					else
-						sprintf(str,"(%04u)  %-25s  FAILED Password attempt"
+						safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt"
 							,0,useron.alias);
 					/* crash here Sept-12-2010
 					   str	0x06b3fc4c "(0000)  Guest                      FAILED Password attempt: 'alex2010@sdf.lonestar.org'"
@@ -240,12 +240,12 @@ bool sbbs_t::answer()
 					badlogin(useron.alias, tmp);
 					bputs(text[InvalidLogon]);
 					if(cfg.sys_misc&SM_ECHO_PW)
-						sprintf(str,"(%04u)  %-25s  FAILED Password attempt: '%s'"
+						safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt: '%s'"
 							,0,useron.alias,tmp);
 					else
-						sprintf(str,"(%04u)  %-25s  FAILED Password attempt"
+						safe_snprintf(str,sizeof(str),"(%04u)  %-25s  FAILED Password attempt"
 							,0,useron.alias);
-						logline(LOG_NOTICE,"+!",str);
+					logline(LOG_NOTICE,"+!",str);
 				}
 				useron.number=0;
 				hangup();
@@ -277,9 +277,7 @@ bool sbbs_t::answer()
 	i=l=0;
 	tos=1;
 	lncntr=0;
-	strcpy(str,VERSION_NOTICE);
+	safe_snprintf(str, sizeof(str), "%s  %s", VERSION_NOTICE, COPYRIGHT_NOTICE);
-	strcat(str,"  ");
-	strcat(str,COPYRIGHT_NOTICE);
 	strip_ctrl(str, str);
 	center(str);
@@ -399,21 +397,27 @@ bool sbbs_t::answer()
 	if(!useron.number) {	/* manual/regular logon */
 		/* Display ANSWER screen */
-		sprintf(str,"%sanswer",cfg.text_dir);
-		sprintf(tmp,"%s.rip",str);
-		sprintf(path,"%s.html",str);
-		sprintf(str2,"%s.ans",str);
-		if(autoterm&RIP && fexist(tmp))
-			strcat(str,".rip");
-		else if(autoterm&HTML && fexist(path))
-			strcat(str,".html");
-		else if(autoterm&ANSI && fexist(str2))
-			strcat(str,".ans");
-		else
-			strcat(str,".asc");
 		rioctl(IOSM|PAUSE);
 		sys_status|=SS_PAUSEON;
-		printfile(str,P_NOABORT);
+		SAFEPRINTF(str,"%sanswer",cfg.text_dir);
+		SAFEPRINTF(path,"%s.rip",str);
+		if((autoterm&RIP) && fexistcase(path))
+			printfile(path,P_NOABORT);
+		else {
+			SAFEPRINTF(path,"%s.html",str);
+			if((autoterm&HTML) && fexistcase(path))
+				printfile(path,P_NOABORT);
+			else {
+				SAFEPRINTF(path,"%s.ans",str);
+				if((autoterm&ANSI) && fexistcase(path))
+					printfile(path,P_NOABORT);
+				else {
+					SAFEPRINTF(path,"%s.asc",str);
+					if(fexistcase(path))
+						printfile(path, P_NOABORT);
+				}
+			}
+		}
 		sys_status&=~SS_PAUSEON;
 		exec_bin(cfg.login_mod,&main_csi);
 	} else	/* auto logon here */