Changeset 9a2ae6c for functions.c


Ignore:
Timestamp:
Nov 17, 2008, 6:53:45 PM (15 years ago)
Author:
Geoffrey Thomas <geofft@mit.edu>
Branches:
master, debian, release-1.10, release-1.4, release-1.5, release-1.6, release-1.7, release-1.8, release-1.9
Children:
9711a6e
Parents:
2c09826
git-author:
Geoffrey Thomas <geofft@mit.edu> (11/17/08 02:20:31)
git-committer:
Geoffrey Thomas <geofft@mit.edu> (11/17/08 18:53:45)
Message:
Clean up some uses of owl_malloc/sprintf to owl_sprintf for security.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • functions.c

    r2c09826 r9a2ae6c  
    26222622
    26232623  /* name for the filter */
    2624   filtname=owl_malloc(strlen(shortuser)+20);
    2625   sprintf(filtname, "user-%s", shortuser);
     2624  filtname=owl_sprintf("user-%s", shortuser);
    26262625
    26272626  /* if it already exists then go with it.  This lets users override */
     
    26332632  f=owl_malloc(sizeof(owl_filter));
    26342633
    2635   argbuff=owl_malloc(strlen(longuser)+1000);
    2636   sprintf(argbuff, "( type ^zephyr$ and filter personal and ");
    2637   sprintf(argbuff, "%s ( ( direction ^in$ and sender ^%s$ ) or ( direction ^out$ and recipient ^%s$ ) ) )", argbuff, longuser, longuser);
    2638   sprintf(argbuff, "%s or ( ( class ^login$ ) and ( sender ^%s$ ) )", argbuff, longuser);
     2634  argbuff=owl_sprintf("( type ^zephyr$ and filter personal and "
     2635      "( ( direction ^in$ and sender ^%1$s$ ) or ( direction ^out$ and "
     2636      "recipient ^%1$s$ ) ) ) or ( ( class ^login$ ) and ( sender ^%1$s$ ) )",
     2637      longuser);
    26392638
    26402639  owl_filter_init_fromstring(f, filtname, argbuff);
     
    26642663
    26652664  /* name for the filter */
    2666   filtname=owl_malloc(strlen(user)+40);
    2667   sprintf(filtname, "aimuser-%s", user);
     2665  filtname=owl_sprintf("aimuser-%s", user);
    26682666
    26692667  /* if it already exists then go with it.  This lets users override */
     
    26772675  escuser = owl_text_quote(user, OWL_REGEX_QUOTECHARS, OWL_REGEX_QUOTEWITH);
    26782676
    2679   argbuff=owl_malloc(1000);
    2680   sprintf(argbuff,
    2681           "( type ^aim$ and ( ( sender ^%s$ and recipient ^%s$ ) or ( sender ^%s$ and recipient ^%s$ ) ) )",
    2682           escuser, owl_global_get_aim_screenname_for_filters(&g),
    2683           owl_global_get_aim_screenname_for_filters(&g), escuser);
     2677  argbuff = owl_sprintf(
     2678      "( type ^aim$ and ( ( sender ^%1$s$ and recipient ^%2$s$ ) or "
     2679      "( sender ^%2$s$ and recipient ^%1$s$ ) ) )",
     2680      escuser, owl_global_get_aim_screenname_for_filters(&g));
    26842681
    26852682  owl_filter_init_fromstring(f, filtname, argbuff);
Note: See TracChangeset for help on using the changeset viewer.