Removed fscanf that is prone to buffer overflows.

Size of buffers increased.

diff --git a/topuser.c b/topuser.c
index 89a78e52f4c4b0c4f594d3a378bb7ead97bd63f0..9a230d5f1d50a8749f207019e7c781ed9c0ac3cd 100644 (file)
--- a/topuser.c
+++ b/topuser.c
@@ -48,6 +48,9 @@ int topuser()
    int  topcount=0;
    char *s;
    int cstatus;
+   char warea[1500];
+   char user2[MAXLEN];
+   char name[MAXLEN];
 
    ipantes[0]='\0';
    nameantes[0]='\0';
@@ -74,12 +77,53 @@ int topuser()
     exit(1);
    }
 
-   fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac);
+   //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac);
+   fgets(warea,sizeof(warea),fp_in);
+   if (getword(user,sizeof(user),warea,' ')<0) {
+      printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+      exit(1);
+   }
 
    strcpy(olduser,user);
    totuser=1;
 
    while(!feof(fp_in)) {
+      if (getword(nacc,sizeof(nacc),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(nbytes,sizeof(nbytes),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(url,sizeof(url),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(ip,sizeof(ip),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(time,sizeof(time),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(date,sizeof(date),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(elap,sizeof(elap),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(incac,sizeof(incac),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(oucac,sizeof(oucac),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
       if(strcmp(olduser,user) != 0) {
          if(strcmp(user,"TOTAL") != 0)
             totuser++;
@@ -89,8 +133,7 @@ int topuser()
          my_lltoa(tnelap,val3,15);
          my_lltoa(tnincache,val4,15);
          my_lltoa(tnoucache,val5,15);
-         sprintf(preg,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5);
-         fputs(preg,fp_top2);
+         fprintf(fp_top2,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5);
 
         strcpy(olduser,user);
          ttnbytes+=tnbytes;
@@ -111,7 +154,12 @@ int topuser()
       tnincache+=my_atoll(incac);
       tnoucache+=my_atoll(oucac);
 
-      fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac);
+      //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,time,date,elap,incac,oucac);
+      fgets(warea,sizeof(warea),fp_in);
+      if (getword(user,sizeof(user),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
 
       if(strcmp(user,"TOTAL") == 0)
          continue;
@@ -122,8 +170,7 @@ int topuser()
    my_lltoa(tnelap,val3,15);
    my_lltoa(tnincache,val4,15);
    my_lltoa(tnoucache,val5,15);
-   sprintf(preg,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5);
-   fputs(preg,fp_top2);
+   fprintf(fp_top2,"%s %s %s %s %s %s\n",olduser,val1,val2,val3,val4,val5);
 
    ttnbytes+=tnbytes;
    ttnacc+=tnacc;

diff --git a/totger.c b/totger.c
index 5334d48b946874e285d7823d80c508ab305c69fb..e6543ef696fee2d795ba898fbe456f2e999355e1 100644 (file)
--- a/totger.c
+++ b/totger.c
@@ -35,9 +35,10 @@ int totalger(const char *dirname, int debug, const char *outdir)
    long long int tnbytes=0;
    long long int telap=0;
    long long int tincache=0, toucache=0;
-   char wger[MAXLEN], user[MAXLEN], nacc[10], nbytes[10], url[1024];
-   char ip[MAXLEN], hora[9], data[11], elap[15];
-   char incac[15], oucac[15];
+   char wger[MAXLEN], user[MAXLEN], nacc[16], nbytes[16], url[2048];
+   char ip[MAXLEN], hora[9], data[11], elap[16];
+   char incac[16], oucac[16];
+   char warea[1500];
 
    strcpy(wger,dirname);
    strcat(wger,"/sarg-general");
@@ -47,17 +48,59 @@ int totalger(const char *dirname, int debug, const char *outdir)
       exit(1);
    }
 
-   fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac);
+   //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac);
+   fgets(warea,sizeof(warea),fp_in);
 
    while(!feof(fp_in))
    {
+      if (getword(user,sizeof(user),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(nacc,sizeof(nacc),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(nbytes,sizeof(nbytes),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(url,sizeof(url),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(ip,sizeof(ip),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(hora,sizeof(hora),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(data,sizeof(data),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(elap,sizeof(elap),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(incac,sizeof(incac),warea,' ')<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
+      if (getword(oucac,sizeof(oucac),warea,0)<0) {
+         printf("SARG: Maybe you have a broken record or garbage in your %s file.\n",wger);
+         exit(1);
+      }
       tnacc+=my_atoll(nacc);
       tnbytes+=my_atoll(nbytes);
       telap+=my_atoll(elap);
       tincache+=my_atoll(incac);
       toucache+=my_atoll(oucac);
 
-      fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac);
+      //fscanf(fp_in,"%s%s%s%s%s%s%s%s%s%s",user,nacc,nbytes,url,ip,hora,data,elap,incac,oucac);
+      fgets(warea,sizeof(warea),fp_in);
    }
 
    fclose(fp_in);