From 8ef7a8b8d8c5cb6d6408b0c83f0bda95e49d4119 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20Marchal?=
 <fmarchal@users.sourceforge.net>
Date: Mon, 1 Mar 2010 11:29:18 +0000
Subject: [PATCH] Remove string copies and protect against possible buffer
 overflow

---
 sort.c | 43 +++++++++++++++++++++++--------------------
 1 file changed, 23 insertions(+), 20 deletions(-)

diff --git a/sort.c b/sort.c
index abd4522..e03cf09 100644
--- a/sort.c
+++ b/sort.c
@@ -38,32 +38,32 @@ void tmpsort(void)
 
    char csort[MAXLEN];
    char arqou[MAXLEN], arqin[MAXLEN], wnome[MAXLEN];
-   char field1[10]="2,2";
-   char field2[10]="1,1";
-   char field3[10]="3,3";
-   char order[4]="-r";
+   const char *field1="2,2";
+   const char *field2="1,1";
+   const char *field3="3,3";
+   const char *order="-r";
 
    if(indexonly) return;
    if((ReportType & REPORT_TYPE_USERS_SITES) == 0) return;
 
    strup(UserSortField);
    if(strcmp(UserSortField,"CONNECT") == 0) {
-      strcpy(field1,"1,1");
-      strcpy(field2,"2,2");
-      strcpy(field3,"3,3");
+      field1="1,1";
+      field2="2,2";
+      field3="3,3";
    } else if(strcmp(UserSortField,"SITE") == 0) {
-      strcpy(field1,"3,3");
-      strcpy(field2,"2,2");
-      strcpy(field3,"1,1");
+      field1="3,3";
+      field2="2,2";
+      field3="1,1";
    } else if(strcmp(UserSortField,"TIME") == 0) {
-      strcpy(field1,"5,5");
-      strcpy(field2,"2,2");
-      strcpy(field3,"1,1");
+      field1="5,5";
+      field2="2,2";
+      field3="1,1";
    }
 
    strlow(UserSortOrder);
    if(strcmp(UserSortOrder,"normal") == 0)
-      order[0]='\0';
+      order="";
 
    dirp = opendir(tmp);
    while ((direntp = readdir( dirp )) != NULL ){
@@ -115,8 +115,9 @@ void sort_users_log(const char *tmp, int debug)
    char user[MAXLEN];
    char wdname[MAXLEN];
    int cstatus;
-   const char unsortext[]=".unsort";
    int dlen;
+   int clen;
+   const char unsortext[]=".unsort";
 
    if(debug) {
       debuga("%s",text[138]);
@@ -138,15 +139,19 @@ void sort_users_log(const char *tmp, int debug)
          strncpy(user,direntp->d_name,dlen);
          user[dlen]=0;
       } else {
-         bzero(user, MAXLEN);
+         user[0]='\0';
       }
 
       if(strcmp(direntp->d_name,"download.unsort") == 0)
-         sprintf(csort,"sort -T \"%s\" -k 3,3 -k 1,1 -k 2,2 -k 5,5 -o \"%s/%s.log\" \"%s/%s.unsort\"",
+         clen=snprintf(csort,sizeof(csort),"sort -T \"%s\" -k 3,3 -k 1,1 -k 2,2 -k 5,5 -o \"%s/%s.log\" \"%s/%s.unsort\"",
               tmp, wtmp, user, wtmp, user);
       else
-         sprintf(csort,"sort -T \"%s\" -k 5,5 -k 1,1 -k 2,2 -o \"%s/%s.log\" \"%s/%s.unsort\"",
+         clen=snprintf(csort,sizeof(csort),"sort -T \"%s\" -k 5,5 -k 1,1 -k 2,2 -o \"%s/%s.log\" \"%s/%s.unsort\"",
               tmp, wtmp, user, wtmp, user);
+      if (clen>=sizeof(csort)) {
+         fprintf(stderr, "SARG: user name too long to sort %s\n",csort);
+         exit(1);
+      }
       cstatus=system(csort);
       if (!WIFEXITED(cstatus) || WEXITSTATUS(cstatus)) {
          fprintf(stderr, "SARG: sort command return status %d\n",WEXITSTATUS(cstatus));
@@ -158,8 +163,6 @@ void sort_users_log(const char *tmp, int debug)
          exit(1);
       }
       unlink(wdname);
-      bzero(user, MAXLEN);
-
    }
    (void)closedir( dirp );
 
-- 
2.47.2