Protect ip2name against buffer overflows and replace characters that are valid in...

[thirdparty/sarg.git] / report.c

diff --git a/report.c b/report.c
index d06903252e00b18848dc71a0c0ead81f0c7ea8de..10d790df9f66fa3b77cb5102e376a5275fe8db60 100644 (file)
--- a/report.c
+++ b/report.c
@@ -128,7 +128,7 @@ void gerarel()
          if(strcmp(Ip2Name,"yes") == 0) {
             if(strcmp(accip,ipantes) != 0) {
                strcpy(ipantes,accip);
-               ip2name(accip);
+               ip2name(accip,sizeof(accip));
                strcpy(nameantes,accip);
             } else strcpy(accip,nameantes);
          }
@@ -193,10 +193,11 @@ void gerarel()
             ind2++;
            strcpy(siteind,accurl);
            str=siteind;
-           for(z1=0; z1<strlen(str); z1++) {
-           if(str[z1]=='?' || str[z1]=='-' || str[z1]=='.' || str[z1]==':' || str[z1]=='/' || str[z1]=='\\')
-                            str[z1]='_';
-            }
+           for(z1=0; str[z1]; z1++) {
+              if(str[z1]=='?' || str[z1]=='-' || str[z1]=='.' || str[z1]==':' || str[z1]=='/' || str[z1]=='\\' || str[z1]=='*' ||
+              str[z1]=='\'' || str[z1]=='\"' || str[z1]=='$')
+                 str[z1]='_';
+        }
            sprintf(arqtt,"%s/%s",dirname,accuser);
            if(access(arqtt, R_OK) != 0)
                my_mkdir(arqtt);
@@ -240,7 +241,7 @@ void gerarel()
 
             strcpy(u2,user);
             if(strcmp(Ip2Name,"yes") == 0)
-               ip2name(u2);
+               ip2name(u2,sizeof(u2));
             if(UserTabFile[0] != '\0') {
                sprintf(warea,":%s:",u2);
                if((str=(char *) strstr(userfile,warea)) != (char *) NULL ) {