1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0149
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=174924
---
demo.c | 2 +-
editor.c | 12 ++++++------
file.c | 2 +-
highscore.c | 6 +++---
misc.c | 2 +-
preview.c | 2 +-
6 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/demo.c b/demo.c
index 9084e70..f4fc2cd 100644
--- a/demo.c
+++ b/demo.c
@@ -154,7 +154,7 @@ static void DoBlocks(display, window)
/* Construct the demo level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/demo.data", str);
+ snprintf(levelPath, sizeof(levelPath),"%s/demo.data", str);
else
sprintf(levelPath, "%s/demo.data", LEVEL_INSTALL_DIR);
diff --git a/editor.c b/editor.c
index f2bb9ed..66d0679 100644
--- a/editor.c
+++ b/editor.c
@@ -213,7 +213,7 @@ static void DoLoadLevel(display, window)
/* Construct the Edit level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/editor.data", str);
+ snprintf(levelPath,sizeof(levelPath)-1, "%s/editor.data", str);
else
sprintf(levelPath, "%s/editor.data", LEVEL_INSTALL_DIR);
@@ -958,8 +958,8 @@ static void LoadALevel(display)
if ((num > 0) && (num <= MAX_NUM_LEVELS))
{
/* Construct the Edit level filename */
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
else
sprintf(levelPath, "%s/level%02ld.data",
LEVEL_INSTALL_DIR, (u_long) num);
@@ -1017,9 +1017,9 @@ static void SaveALevel(display)
num = atoi(str);
if ((num > 0) && (num <= MAX_NUM_LEVELS))
{
- /* Construct the Edit level filename */
- if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str2, (u_long) num);
+ /* Construct the Edit level filename */
+ if ((str2 = getenv("XBOING_LEVELS_DIR")) != NULL)
+ snprintf(levelPath, sizeof(levelPath)-1,"%s/level%02ld.data", str2, (u_long) num);
else
sprintf(levelPath, "%s/level%02ld.data",
LEVEL_INSTALL_DIR, (u_long) num);
diff --git a/file.c b/file.c
index 4c043cd..99a0854 100644
--- a/file.c
+++ b/file.c
@@ -139,7 +139,7 @@ void SetupStage(display, window)
/* Construct the level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02ld.data", str, newLevel);
+ snprintf(levelPath,sizeof(levelPath), "%s/level%02ld.data", str, newLevel);
else
sprintf(levelPath, "%s/level%02ld.data", LEVEL_INSTALL_DIR, newLevel);
diff --git a/highscore.c b/highscore.c
index f0db3e9..792273e 100644
--- a/highscore.c
+++ b/highscore.c
@@ -1023,7 +1023,7 @@ int ReadHighScoreTable(type)
{
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
}
@@ -1095,7 +1095,7 @@ int WriteHighScoreTable(type)
{
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
}
@@ -1218,7 +1218,7 @@ static int LockUnlock(cmd)
/* Use the environment variable if it exists */
if ((str = getenv("XBOING_SCORE_FILE")) != NULL)
- strcpy(filename, str);
+ strncpy(filename, str, sizeof(filename)-1);
else
strcpy(filename, HIGH_SCORE_FILE);
diff --git a/misc.c b/misc.c
index f3ab37e..7f3ddce 100644
--- a/misc.c
+++ b/misc.c
@@ -427,7 +427,7 @@ char *GetHomeDir()
*/
if ((ptr = getenv("HOME")) != NULL)
- (void) strcpy(dest, ptr);
+ (void) strncpy(dest, ptr,sizeof(dest)-1);
else
{
/* HOME variable is not present so get USER var */
diff --git a/preview.c b/preview.c
index 41c1187..687f566 100644
--- a/preview.c
+++ b/preview.c
@@ -139,7 +139,7 @@ static void DoLoadLevel(display, window)
/* Construct the Preview level filename */
if ((str = getenv("XBOING_LEVELS_DIR")) != NULL)
- sprintf(levelPath, "%s/level%02d.data", str, lnum);
+ snprintf(levelPath, sizeof(levelPath)-1, "%s/level%02d.data", str, lnum);
else
sprintf(levelPath, "%s/level%02d.data", LEVEL_INSTALL_DIR, lnum);
--
2.15.1
|