Protection against buffer overflows in getword and friends and report the origin...

[thirdparty/sarg.git] / siteuser.c

diff --git a/siteuser.c b/siteuser.c
index f656395a0c7f1149b141ee0ce9eec1a35451c9b4..9de29559ae52ca81b803dc669235be72a491eea3 100644 (file)
--- a/siteuser.c
+++ b/siteuser.c
@@ -121,7 +121,10 @@ void siteuser()
    strcat(users," ");
 
    while(fgets(buf,sizeof(buf),fp_in)!=NULL) {
-      getword(user,buf,' ');
+      if (getword(user,sizeof(user),buf,' ')<0) {
+         printf("SARG: Maybe you have an invalid user in the %s file of the siteuser.\n",general2);
+         exit(1);
+      }
       if(strcmp(user,"TOTAL") == 0)
          continue;
       if(userip)
@@ -152,10 +155,19 @@ void siteuser()
       if(strcmp(Ip2Name,"yes") == 0)
          ip2name(user);
 
-      getword(nacc,buf,' ');
+      if (getword(nacc,sizeof(nacc),buf,' ')<0){
+         printf("SARG: Maybe you have an invalid number of access in your %s file of the siteuser.\n",general2);
+         exit(1);
+      }
       if (atoi(nacc) > 0) nsitesusers = 1;
-      getword(nbytes,buf,' ');
-      getword(url,buf,' ');
+      if (getword(nbytes,sizeof(nbytes),buf,' ')<0){
+         printf("SARG: Maybe you have an invalid number of bytes in your %s file of the siteuser.\n",general2);
+         exit(1);
+      }
+      if (getword(url,sizeof(url),buf,' ')<0) {
+         printf("SARG: Maybe you have an invalid url in your %s file of the siteuser.\n",general2);
+         exit(1);
+      }
 
       if(!regs) {
          strcpy(ourl,url);