1 diff -ru BitchX-old/source/banlist.c BitchX/source/banlist.c
2 --- BitchX-old/source/banlist.c 2002-02-28 06:22:46.000000000 +0200
3 +++ BitchX/source/banlist.c 2003-03-13 20:09:01.000000000 +0200
8 - sprintf(banstr, "*!*@%s", cluster(ip));
9 + snprintf(banstr, sizeof(banstr), "*!*@%s", cluster(ip));
13 - sprintf(banstr, "*!*%s@%s", t1, cluster(host));
14 + snprintf(banstr, sizeof(banstr), "*!*%s@%s", t1, cluster(host));
17 - sprintf(banstr, "*!*@%s", host);
18 + snprintf(banstr, sizeof(banstr), "*!*@%s", host);
21 - sprintf(banstr, "*!*@*%s", strrchr(host, '.'));
22 + snprintf(banstr, sizeof(banstr), "*!*@*%s", strrchr(host, '.'));
25 - sprintf(banstr, "*!%s@%s", t, cluster(host));
26 + snprintf(banstr, sizeof(banstr), "*!%s@%s", t, cluster(host));
29 malloc_sprintf(&tmpstr, "*!*%s@%s", t1, host);
30 - strcpy(banstr, screw(tmpstr));
31 + strmcpy(banstr, screw(tmpstr), sizeof(banstr)-1);
37 - sprintf(banstr, "%s!*%s@%s", nick, t1, host);
38 + snprintf(banstr, sizeof(banstr), "%s!*%s@%s", nick, t1, host);
42 diff -ru BitchX-old/source/ctcp.c BitchX/source/ctcp.c
43 --- BitchX-old/source/ctcp.c 2002-02-28 06:22:47.000000000 +0200
44 +++ BitchX/source/ctcp.c 2003-03-13 19:59:35.000000000 +0200
48 len = IRCD_BUFFER_SIZE - (12 + strlen(to));
49 + if (len <= 2) return;
50 putbuf2 = alloca(len);
53 diff -ru BitchX-old/source/misc.c BitchX/source/misc.c
54 --- BitchX-old/source/misc.c 2002-03-24 11:31:07.000000000 +0200
55 +++ BitchX/source/misc.c 2003-03-13 20:02:13.000000000 +0200
56 @@ -3121,19 +3121,19 @@
60 - strcpy(result, hostname);
61 + strmcpy(result, hostname, sizeof(result)-1);
62 *strchr(result, '@') = '\0';
63 if (strlen(result) > 9)
68 - strcat(result, "@");
69 + strmcat(result, "@", sizeof(result)-1);
70 if (!(hostname = strchr(hostname, '@')))
74 - strcpy(host, hostname);
75 + strmcpy(host, hostname, sizeof(host)-1);
77 if (*host && isdigit(*(host + strlen(host) - 1)))
80 for (i = 0; i < count; i++)
81 tmp = strchr(tmp, '.') + 1;
83 - strcat(result, host);
84 - strcat(result, "*");
85 + strmcat(result, host, sizeof(result)-1);
86 + strmcat(result, "*", sizeof(result)-1);
90 @@ -3177,10 +3177,10 @@
94 - strcat(result, "*");
95 + strmcat(result, "*", sizeof(result)-1);
96 if (my_stricmp(host, temphost))
97 - strcat(result, ".");
98 - strcat(result, host);
99 + strmcat(result, ".", sizeof(result)-1);
100 + strmcat(result, host, sizeof(result)-1);
104 diff -ru BitchX-old/source/names.c BitchX/source/names.c
105 --- BitchX-old/source/names.c 2002-03-25 22:47:30.000000000 +0200
106 +++ BitchX/source/names.c 2003-03-13 20:10:26.000000000 +0200
111 - for (; *modes; modes++)
112 + for (; *modes && strlen(nmodes) < sizeof(nmodes)-2; modes++)
114 isbanned = isopped = isvoiced = 0;
118 /* modes which can be done multiple times are added here */
120 - for (tucm = ucm; tucm; tucm = tucm->next)
121 + for (tucm = ucm; tucm && strlen(nmodes) < sizeof(nmodes)-2; tucm = tucm->next)
125 diff -ru BitchX-old/source/notice.c BitchX/source/notice.c
126 --- BitchX-old/source/notice.c 2002-02-28 06:22:50.000000000 +0200
127 +++ BitchX/source/notice.c 2003-03-13 20:07:39.000000000 +0200
128 @@ -422,10 +422,10 @@
130 char *q = strchr(line, ':');
131 char *port = empty_string;
132 - int conn = !strncmp(line+7, "connect", 7) ? 1 : 0;
133 + int conn = strlen(line) > 7 && !strncmp(line+7, "connect", 7) ? 1 : 0;
134 int dalnet = 0, ircnet = 0;
136 - if (*(line+18) == ':')
137 + if (strlen(line) > 18 && *(line+18) == ':')
140 dalnet = (q == NULL);
142 else sscanf(p, "%s was %s from %s", for_, fr, temp);
145 - sprintf(q, "%s@%s", fr, temp);
146 + snprintf(q, strlen(q)+1, "%s@%s", fr, temp);
149 port = strstr(temp2, "reason:");
150 diff -ru BitchX-old/source/server.c BitchX/source/server.c
151 --- BitchX-old/source/server.c 2002-03-25 07:21:24.000000000 +0200
152 +++ BitchX/source/server.c 2003-03-13 20:10:00.000000000 +0200
153 @@ -474,11 +474,11 @@
157 - junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, server_list[i].ssl_fd);
158 + junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, server_list[i].ssl_fd);
162 - junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE, NULL);
163 + junk = dgets(bufptr, des, 1, BIG_BUFFER_SIZE/2, NULL);
167 @@ -1741,7 +1741,7 @@
169 if (FD_ISSET(des, &rd))
171 - if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE, NULL))
172 + if (!dgets(buffer, des, 0, BIG_BUFFER_SIZE/2, NULL))
176 @@ -1751,7 +1751,7 @@
179 if (new_select(&rd, NULL, &timeout) > 0)
180 - dgets(buffer, des, 1, BIG_BUFFER_SIZE, NULL);
181 + dgets(buffer, des, 1, BIG_BUFFER_SIZE/2, NULL);