char denied_sort[MAXLEN];
char authfail_unsort[MAXLEN];
char start_hour[128];
- char end_hour[128];
char *linebuf;
const char *url;
char *full_url;
NRedirectorLogs=0;
for (ilf=0 ; ilf<ILF_Last ; ilf++) ilf_count[ilf]=0;
- sprintf(ExcludeCodes,"%s/exclude_codes",SYSCONFDIR);
+ snprintf(ExcludeCodes,sizeof(ExcludeCodes),"%s/exclude_codes",SYSCONFDIR);
strcpy(GraphDaysBytesBarColor,"orange");
strcpy(BgColor,"#ffffff");
strcpy(TxColor,"#000000");
SquidGuardConf[0]='\0';
DansGuardianConf[0]='\0';
start_hour[0]='\0';
- end_hour[0]='\0';
hm_str[0]='\0';
HostAliasFile[0]='\0';
if(access(ParsedOutputLog,R_OK) != 0) {
my_mkdir(ParsedOutputLog);
}
- sprintf(arq_log,"%s/sarg_temp.log",ParsedOutputLog);
+ if (snprintf(arq_log,sizeof(arq_log),"%s/sarg_temp.log",ParsedOutputLog)>=sizeof(arq_log)) {
+ debuga(_("File name too long: %s/sarg_temp.log"),ParsedOutputLog);
+ exit(EXIT_FAILURE);
+ }
if((fp_log=MY_FOPEN(arq_log,"w"))==NULL) {
debuga(_("(log) Cannot open log file: %s - %s\n"),arq_log,strerror(errno));
exit(EXIT_FAILURE);
// include_users
if(IncludeUsers[0] != '\0') {
- sprintf(val1,":%s:",user);
+ snprintf(val1,sizeof(val1),":%s:",user);
if((str=(char *) strstr(IncludeUsers,val1)) == (char *) NULL )
continue;
}
}
if(puser) {
- sprintf(wuser,":%s:",user);
+ snprintf(wuser,sizeof(wuser),":%s:",user);
if(strstr(userfile, wuser) == 0)
continue;
}
if((str=(char *) strstr(linebuf, "[SmartFilter:")) != (char *) NULL ) {
fixendofline(str);
- sprintf(smartfilter,"\"%s\"",str+1);
- } else sprintf(smartfilter,"\"\"");
+ snprintf(smartfilter,sizeof(smartfilter),"\"%s\"",str+1);
+ } else strcpy(smartfilter,"\"\"");
nopen=0;
prev_ufile=NULL;
fclose(fp_authfail);
if(fp_log != NULL) {
+ char end_hour[128];
+ char val2[40];
+ char val4[255];//val4 must not be bigger than arq_log without fixing the strcpy below
+
fclose(fp_log);
- strcpy(end_hour,tbuf2);
+ strncpy(end_hour,tbuf2,sizeof(end_hour)-1);
+ end_hour[sizeof(end_hour)-1]='\0';
strftime(val2,sizeof(val2),"%d%m%Y",&period.start);
strftime(val1,sizeof(val1),"%d%m%Y",&period.end);
- sprintf(val4,"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour);
+ if (snprintf(val4,sizeof(val4),"%s/sarg-%s_%s-%s_%s.log",ParsedOutputLog,val2,start_hour,val1,end_hour)>=sizeof(val4)) {
+ debuga(_("File name too long: %s/sarg-%s_%s-%s_%s.log"),ParsedOutputLog,val2,start_hour,val1,end_hour);
+ exit(EXIT_FAILURE);
+ }
if (rename(arq_log,val4)) {
debuga(_("failed to rename %s to %s - %s\n"),arq_log,val4,strerror(errno));
} else {
No double quotes around ParsedOutputLogCompress because it may contain command line options. If double quotes are
necessary around the command name, put them in the configuration file.
*/
- sprintf(val1,"%s \"%s\"",ParsedOutputLogCompress,arq_log);
+ if (snprintf(val1,sizeof(val1),"%s \"%s\"",ParsedOutputLogCompress,arq_log)>=sizeof(val1)) {
+ debuga(_("Command too long: %s \"%s\""),ParsedOutputLogCompress,arq_log);
+ exit(EXIT_FAILURE);
+ }
cstatus=system(val1);
if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
debuga(_("command return status %d\n"),WEXITSTATUS(cstatus));
char data[15];
char hora[15];
char smartcat[256];
- char smartheader[15];
+ char smartheader[50];
char ftime[128];
char smartuser[MAXLEN];
int fuser=0;
ouser[0]='\0';
- strcpy(smartheader,_("SmartFilter"));
+ strncpy(smartheader,_("SmartFilter"),sizeof(smartheader)-1);
+ smartheader[sizeof(smartheader)-1]='\0';
strup(smartheader);
- sprintf(smart_in,"%s/smartfilter.unsort",outdirname);
- sprintf(sites,"%s/sarg-sites",outdirname);
- sprintf(smart_ou,"%s/smartfilter.log",outdirname);
- sprintf(report,"%s/smartfilter.html",outdirname);
+ if (snprintf(smart_in,sizeof(smart_in),"%s/smartfilter.unsort",outdirname)>=sizeof(smart_in)) {
+ debuga(_("File name too long: %s/smartfilter.unsort"),outdirname);
+ exit(EXIT_FAILURE);
+ }
+ if (snprintf(sites,sizeof(sites),"%s/sarg-sites",outdirname)>=sizeof(sites)) {
+ debuga(_("File name too long: %s/sarg-sites"),outdirname);
+ exit(EXIT_FAILURE);
+ }
+ if (snprintf(smart_ou,sizeof(smart_ou),"%s/smartfilter.log",outdirname)>=sizeof(smart_ou)) {
+ debuga(_("File name too long: %s/smartfilter.log"),outdirname);
+ exit(EXIT_FAILURE);
+ }
+ if (snprintf(report,sizeof(report),"%s/smartfilter.html",outdirname)>=sizeof(report)) {
+ debuga(_("File name too long: %s/smartfilter.html"),outdirname);
+ exit(EXIT_FAILURE);
+ }
if (snprintf(csort,sizeof(csort),"sort -n -t \"\t\" -k 1,1 -k 2,2 -k 3,3 -o \"%s\" \"%s\"",smart_ou,smart_in)>=sizeof(csort)) {
debuga(_("cannot build the sort command to sort file %s\n"),smart_in);