AmendHub

Download:

jcs

/

subtext

/

amendments

/

209

*: Move some big char buffers from the stack to the heap

Use FILENAME_MAX in place of 256 where appropriate.

jcs made amendment 209 over 2 years ago
--- folder.c Tue Jul 12 23:32:16 2022 +++ folder.c Fri Jul 15 23:22:49 2022 @@ -344,13 +344,12 @@ unsigned long folder_upload(struct session *s, struct folder *folder, char *initial_filename, char *initial_description) { - char upload_path[256] = { 0 }; struct folder_file file = { 0 }; FILE *fp; SHA1_CTX sha1; struct stat sb; struct zmodem_session *zs; - char *data = NULL, *tmp = NULL, *errorstr = NULL; + char *upload_path = NULL, *data = NULL, *tmp = NULL, *errorstr = NULL; size_t size; short c, n, ret, error; @@ -380,7 +379,8 @@ folder_upload(struct session *s, struct folder *folder session_flush(s); session_pause_return(s, 0, "when you are ready..."); - snprintf(upload_path, sizeof(upload_path), "%s:upload-%08lx%08lx", + upload_path = xmalloc(FILENAME_MAX); + snprintf(upload_path, FILENAME_MAX, "%s:upload-%08lx%08lx", folder->path, xorshift32(), xorshift32()); zs = ZCreateReceiver(s, upload_path); @@ -418,12 +418,13 @@ folder_upload(struct session *s, struct folder *folder session_printf(s, "\r\n\r\n"); if (stat(upload_path, &sb) != 0) { + session_log(s, "[%s] Failed receiving upload, no temp file", + folder->name); session_printf(s, "Failed receiving file, aborting.\r\n"); - session_pause_return(s, '\r', "to continue..."); + session_pause_return(s, CONTROL_C, "to continue..."); ZDestroy(zs); zs = NULL; - session_log(s, "[%s] Failed receiving upload, no temp file", - folder->name); + free(upload_path); return 0; } @@ -431,15 +432,13 @@ folder_upload(struct session *s, struct folder *folder session_log(s, "[%s] Received uploaded file of size %ld but " "supposed to be %ld, canceling", folder->name, sb.st_size, zs->file_size); - session_printf(s, "Uploaded file expected to be {{B}}%ld{{/B}} byte%s, but " "received\r\n" "{{B}}%ld{{/B}} byte%s. Deleting file and canceling upload.\r\n", zs->file_size, zs->file_size == 1 ? "" : "s", sb.st_size, sb.st_size == 1 ? "" : "s"); - session_pause_return(s, '\r', "to continue..."); - + session_pause_return(s, CONTROL_C, "to continue..."); ZDestroy(zs); zs = NULL; goto file_upload_cancel; @@ -638,7 +637,9 @@ file_upload_cancel: file_upload_done: if (file.notes) free(file.notes); - + if (upload_path != NULL) + free(upload_path); + return file.id; } @@ -654,13 +655,13 @@ folder_file_view(struct session *s, struct folder *fol { 'q', "QqXx", "Return to folder" }, { '?', "?", "List these options" }, }; - char path[256]; char time[32]; struct folder_file file; struct username_cache *uploader; struct zmodem_session *zs; struct session_menu_option *dopts = NULL; FILE *fp; + char *path = NULL; char prompt[6 + BOARD_NAME_LENGTH + 8]; size_t n, size; char c; @@ -721,7 +722,8 @@ folder_file_view(struct session *s, struct folder *fol switch (c) { case 'd': - snprintf(path, sizeof(path), "%s:%s", folder->path, + path = xmalloc(FILENAME_MAX); + snprintf(path, FILENAME_MAX, "%s:%s", folder->path, file.filename); fp = fopen(path, "rb"); if (!fp) { @@ -729,6 +731,7 @@ folder_file_view(struct session *s, struct folder *fol folder->name, path); session_printf(s, "{{B}}Error:{{/B}} Failed opening file\r\n"); + free(path); break; } @@ -766,6 +769,7 @@ folder_file_view(struct session *s, struct folder *fol } ZDestroy(zs); zs = NULL; + free(path); session_printf(s, "\r\n"); session_flush(s); @@ -895,7 +899,7 @@ bool folder_file_save(struct folder *folder, struct folder_file *file, char *temp_path) { - char new_name[256]; + char *new_name = NULL; short ret; char *data; size_t size; @@ -923,7 +927,8 @@ folder_file_save(struct folder *folder, struct folder_ bile_flush(folder->bile, true); - snprintf(new_name, sizeof(new_name), "%s:%s", folder->path, + new_name = xmalloc(FILENAME_MAX); + snprintf(new_name, FILENAME_MAX, "%s:%s", folder->path, file->filename); CtoPstr(temp_path); CtoPstr(new_name); @@ -934,9 +939,11 @@ folder_file_save(struct folder *folder, struct folder_ warn("FSRename(%s, 0, %s) failed: %d", temp_path, new_name, ret); bile_delete(folder->bile, FOLDER_FILE_RTYPE, file->id); file->id = 0; + free(new_name); return false; } + free(new_name); return true; } @@ -944,13 +951,14 @@ void folder_delete_file(struct session *s, struct folder *folder, struct folder_file *file) { - char path[256]; + char *path = NULL; short ret; bile_delete(folder->bile, FOLDER_FILE_RTYPE, file->id); bile_flush(folder->bile, true); - snprintf(path, sizeof(path), "%s:%s", folder->path, file->filename); + path = xmalloc(FILENAME_MAX); + snprintf(path, FILENAME_MAX, "%s:%s", folder->path, file->filename); CtoPstr(path); ret = FSDelete(path, 0); PtoCstr(path); @@ -959,6 +967,7 @@ folder_delete_file(struct session *s, struct folder *f session_log(s, "[%s] Failed deleting %s: %d", folder->name, path, ret); + free(path); if (file->notes != NULL) free(file->notes); --- folder.h Mon Jul 11 15:09:01 2022 +++ folder.h Fri Jul 15 23:36:48 2022 @@ -18,6 +18,7 @@ #define __FOLDER_H__ #include <stddef.h> +#include <stdio.h> #include "db.h" #include "sha1.h" @@ -31,7 +32,7 @@ struct folder { bool restricted_viewing; unsigned long last_upload_at; unsigned long file_count; - char path[256]; + char path[FILENAME_MAX]; struct bile *bile; }; --- main.c Thu Jun 30 15:51:33 2022 +++ main.c Fri Jul 15 22:33:17 2022 @@ -103,7 +103,7 @@ main(void) logger_printf(logger, "[db] Updating username cache"); user_cache_usernames(); logger_update_title(); - + if (db->config.telnet_port) telnet_init(); if (db->config.modem_port) @@ -256,10 +256,12 @@ handle_menu(long menu_id) case APPLE_MENU_ID: switch (LoWord(menu_id)) { case APPLE_MENU_ABOUT_ID: { - char vers_s[255]; + char *vers_s; + vers_s = xmalloc(100); sprintf(vers_s, "%s %s", PROGRAM_NAME, get_version(true)); note("%s", vers_s); + free(vers_s); ret = true; break; --- serial.c Wed Jul 13 10:04:04 2022 +++ serial.c Wed Jul 13 16:50:31 2022 @@ -47,7 +47,6 @@ #define baud38400 1 #endif - /* * The number of seconds after a RING that we'll allow a connection to * establish and a session to start, before we hang up and reset the --- session.h Tue Jul 12 11:27:29 2022 +++ session.h Fri Jul 15 22:42:37 2022 @@ -115,7 +115,7 @@ extern struct session_tally session_today_tally; struct session_menu_option { char ret; char key[15]; - char title[100]; + char title[50]; }; void session_load_tally(void); --- sha1.c Thu Jun 30 12:50:27 2022 +++ sha1.c Mon Jul 11 09:07:19 2022 @@ -119,7 +119,6 @@ SHA1Transform(u_int32_t state[5], const u_int8_t buffe void SHA1Init(SHA1_CTX *context) { - /* SHA1 initialization constants */ context->count[0] = 0; context->count[1] = 0; --- util.c Tue Jul 12 17:10:05 2022 +++ util.c Fri Jul 15 23:23:30 2022 @@ -598,9 +598,9 @@ getpath(short vRefNum, Str255 fileName, Str255 *ret, b WDPBRec wdir; HVolumeParam wvol; DirInfo wcinfo; - Str255 name; + char *name = NULL; size_t retlen = 0, len; - char tmpret[256], tmp[256]; + char *tmpret = NULL, *tmp = NULL; char *lastcolon; if (strchr((char *)fileName + 1, ':') != NULL) { @@ -615,35 +615,43 @@ getpath(short vRefNum, Str255 fileName, Str255 *ret, b return 0; } + name = xmalloc(FILENAME_MAX); + wdir.ioVRefNum = wdir.ioWDVRefNum = vRefNum; wdir.ioWDIndex = 0; wdir.ioWDProcID = 0; - wdir.ioNamePtr = (StringPtr)&name; + wdir.ioNamePtr = (StringPtr)name; if (PBGetWDInfo(&wdir, 0) != noErr) { warn("Failed looking up directory"); + free(name); return 1; } - wvol.ioNamePtr = (StringPtr)&name; + wvol.ioNamePtr = (StringPtr)name; wvol.ioVRefNum = vRefNum; wvol.ioVolIndex = 0; if (PBHGetVInfoSync((HParmBlkPtr)&wvol) != noErr) { warn("Failed getting volume info"); + free(name); return 1; } if (wvol.ioVSigWord != 0x4244) { warn("Unknown filesystem type 0x%x", wvol.ioVSigWord); + free(name); return 1; } wcinfo.ioVRefNum = vRefNum; - wcinfo.ioNamePtr = (StringPtr)&name; + wcinfo.ioNamePtr = (StringPtr)name; wcinfo.ioFDirIndex = -1; wcinfo.ioDrParID = wdir.ioWDDirID; wcinfo.ioDrDirID = wdir.ioWDDirID; + tmp = xmalloc(FILENAME_MAX); + tmpret = xmalloc(FILENAME_MAX); + /* go backwards, prepending each folder's parent */ while (wcinfo.ioDrParID != 1) { wcinfo.ioDrDirID = wcinfo.ioDrParID; /* .. */ @@ -655,10 +663,10 @@ getpath(short vRefNum, Str255 fileName, Str255 *ret, b PtoCstr(name); if (retlen == 0) { retlen = len; - strlcpy(tmpret, (char *)name, sizeof(tmpret)); + strlcpy(tmpret, (char *)name, FILENAME_MAX); } else { - strlcpy(tmp, tmpret, sizeof(tmp)); - snprintf(tmpret, sizeof(tmpret), "%s:%s", name, tmp); + strlcpy(tmp, tmpret, FILENAME_MAX); + snprintf(tmpret, FILENAME_MAX, "%s:%s", name, tmp); } } @@ -667,19 +675,25 @@ getpath(short vRefNum, Str255 fileName, Str255 *ret, b memcpy(name, fileName, sizeof(name)); PtoCstr(name); if (retlen == 0) - strlcpy(tmpret, (char *)name, sizeof(tmpret)); + strlcpy(tmpret, name, FILENAME_MAX); else { - strlcat(tmpret, ":", sizeof(tmpret)); - strlcat(tmpret, (char *)name, sizeof(tmpret)); + strlcat(tmpret, ":", FILENAME_MAX); + strlcat(tmpret, name, FILENAME_MAX); } } else if (retlen == 0) { (*ret)[0] = 0; + free(tmp); + free(tmpret); + free(name); return 0; } CtoPstr(tmpret); memcpy(*ret, tmpret, sizeof(tmpret)); - + free(tmp); + free(tmpret); + free(name); + return 0; } @@ -817,7 +831,7 @@ copy_file(Str255 source, Str255 dest, bool overwrite) OSErr copy_file_contents(short source_ref, short dest_ref) { - char buf[1024]; + char *buf; short error; long source_size, count; @@ -831,18 +845,23 @@ copy_file_contents(short source_ref, short dest_ref) error = SetFPos(dest_ref, fsFromStart, 0); if (error) return error; + + buf = xmalloc(1024); + while (source_size > 0) { - count = sizeof(buf); + count = 1024; if (count > source_size) count = source_size; - error = FSRead(source_ref, &count, &buf); + error = FSRead(source_ref, &count, buf); if (error && error != eofErr) break; source_size -= count; - error = FSWrite(dest_ref, &count, &buf); + error = FSWrite(dest_ref, &count, buf); if (error && error != eofErr) break; } + + free(buf); if (error && error != eofErr) return error; --- zmodem.h Mon Jul 11 22:23:09 2022 +++ zmodem.h Fri Jul 15 23:25:30 2022 @@ -51,7 +51,7 @@ struct zmodem_session { FILE *file; unsigned long file_size; - char file_name[256]; + char file_name[64]; char *upload_file_path; unsigned long file_mtime;