Mini security audit

git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@5333 e03df62e-2008-0410-955e-edbf42e46eb7

8 files changed, 19 insertions, 27 deletions

diff --git a/src/channels.cpp b/src/channels.cpp
index 28052de98..3e4f995ae 100644
--- a/src/channels.cpp
+++ b/src/channels.cpp
@@ -304,7 +304,7 @@ chanrec* chanrec::JoinUser(InspIRCd* Instance, userrec *user, const char* cn, bo
 					MOD_RESULT = 0;
 					FOREACH_RESULT_I(Instance,I_OnCheckBan,OnCheckBan(user, Ptr));
 					char mask[MAXBUF];
-					sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString());
+					snprintf(mask, MAXBUF, "%s!%s@%s",user->nick, user->ident, user->GetIPString());
 					if (!MOD_RESULT)
 					{
 						if (Ptr->IsBanned(user))
@@ -443,7 +443,7 @@ chanrec* chanrec::ForceChan(InspIRCd* Instance, chanrec* Ptr,ucrec *a,userrec* u
 bool chanrec::IsBanned(userrec* user)
 {
 	char mask[MAXBUF];
-	sprintf(mask,"%s!%s@%s",user->nick, user->ident, user->GetIPString());
+	snprintf(mask, MAXBUF, "%s!%s@%s", user->nick, user->ident, user->GetIPString());
 	for (BanList::iterator i = this->bans.begin(); i != this->bans.end(); i++)
 	{
 		/* This allows CIDR ban matching
diff --git a/src/cmd_modules.cpp b/src/cmd_modules.cpp
index 22e3a32bb..3e7f63399 100644
--- a/src/cmd_modules.cpp
+++ b/src/cmd_modules.cpp
@@ -82,7 +82,7 @@ CmdResult cmd_modules::Handle (const char** parameters, int pcnt, userrec *user)
 								if (ServerInstance->Config->implement_lists[i][it])
 								{
 									snprintf(data,MAXBUF,"%s=>%c ",itab[it],(ServerInstance->Config->implement_lists[i][it] ? '1' : '0'));
-									strncat(dlist,data,MAXBUF);
+									strlcat(dlist,data,MAXBUF);
 								}
 								it++;
 							}
diff --git a/src/command_parse.cpp b/src/command_parse.cpp
index 881e1abc7..8722a2145 100644
--- a/src/command_parse.cpp
+++ b/src/command_parse.cpp
@@ -518,7 +518,7 @@ bool CommandParser::ReloadCommand(const char* cmd)
 		dlclose(command->second);
 		RFCCommands.erase(command);
 
-		sprintf(filename, "cmd_%s.so", commandname);
+		snprintf(filename, MAXBUF, "cmd_%s.so", commandname);
 		this->LoadCommand(filename);
 
 		return true;
diff --git a/src/modules/extra/m_pgsql.cpp b/src/modules/extra/m_pgsql.cpp
index ed068fdf1..103c9edfc 100644
--- a/src/modules/extra/m_pgsql.cpp
+++ b/src/modules/extra/m_pgsql.cpp
@@ -523,7 +523,7 @@ public:
 		
 		sqlsuccess = new char[strlen(SQLSUCCESS)+1];
 		
-		strcpy(sqlsuccess, SQLSUCCESS);
+		strlcpy(sqlsuccess, SQLSUCCESS, strlen(SQLSUCCESS)+1);
 
 		OnRehash("");
 	}
diff --git a/src/modules/m_check.cpp b/src/modules/m_check.cpp
index 86bc9cef5..17ed26e3a 100644
--- a/src/modules/m_check.cpp
+++ b/src/modules/m_check.cpp
@@ -127,7 +127,7 @@ class cmd_check : public command_t
 				 * find how many connections from this user's IP -- unlike Asuka,
 				 * I define a clone as coming from the same host. --w00t
 				 */
-				sprintf(ptr, "%lu    ", i->second->GlobalCloneCount());
+				snprintf(ptr, MAXBUF, "%lu    ", i->second->GlobalCloneCount());
 				
 				if (flags & UCMODE_OP)
 				{
@@ -144,8 +144,8 @@ class cmd_check : public command_t
 					strcat(ptr, "+");
 				}
 				
-				sprintf(tmpbuf, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
-				strcat(ptr, tmpbuf);
+				snprintf(tmpbuf, MAXBUF, "%s (%s@%s) %s ", i->second->nick, i->second->ident, i->second->dhost, i->second->fullname);
+				strlcat(ptr, tmpbuf, MAXBUF);
 				
 				user->WriteServ(checkstr + " member " + ptr);
 			}
diff --git a/src/modules/m_opermd5.cpp b/src/modules/m_opermd5.cpp
index 1e085deae..57eb2c5ef 100644
--- a/src/modules/m_opermd5.cpp
+++ b/src/modules/m_opermd5.cpp
@@ -252,23 +252,17 @@ void MyMD5(void *dest, void *orig, int len)
 
 void GenHash(const char* src, char* dest)
 {
-	int i = 0;
 	unsigned char bytes[16];
-	char hash[1024];
-	*hash = 0;
+	const char* xtab = "0123456789abcdef";
+
 	MyMD5((char*)bytes,(void*)src,strlen(src));
-	for (i = 0; i < 16; i++)
+
+	for (int i = 0; i < 16; i++)
 	{
-		const char* xtab = "0123456789abcdef";
-		unsigned char lo = xtab[bytes[i] % 16];
-		unsigned char hi = xtab[bytes[i] / 16];
-		char hx[3];
-		hx[0] = hi;
-		hx[1] = lo;
-		hx[2] = '\0';
-		strcat(hash,hx);
+		*dest++ = xtab[bytes[i] % 16];
+		*dest++ = xtab[bytes[i] / 16];
 	}
-	strcpy(dest,hash);
+	*dest++ = 0;
 }
 
 /** Handle /MKPASSWD
diff --git a/src/modules/m_randquote.cpp b/src/modules/m_randquote.cpp
index 46af34f63..b68eb5aa5 100644
--- a/src/modules/m_randquote.cpp
+++ b/src/modules/m_randquote.cpp
@@ -43,18 +43,16 @@ class cmd_randquote : public command_t
 	{
 		std::string str;
 		int fsize;
-		char buf[MAXBUF];
+
 		if (q_file == "" || quotes->Exists())
 		{
 			fsize = quotes->FileSize();
 			str = quotes->GetLine(rand() % fsize);
-			sprintf(buf,"NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
-			user->WriteServ(std::string(buf));
+			user->WriteServ("NOTICE %s :%s%s%s",user->nick,prefix.c_str(),str.c_str(),suffix.c_str());
 		}
 		else
 		{
-			sprintf(buf, "NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
-			user->WriteServ(std::string(buf));
+			user->WriteServ("NOTICE %s :Your administrator specified an invalid quotes file, please bug them about this.", user->nick);
 			return CMD_FAILURE;
 		}
 		return CMD_SUCCESS;
diff --git a/src/modules/m_tline.cpp b/src/modules/m_tline.cpp
index ccb560428..bde4737a7 100644
--- a/src/modules/m_tline.cpp
+++ b/src/modules/m_tline.cpp
@@ -57,7 +57,7 @@ class cmd_tline : public command_t
 			else
 			{
 				char host[MAXBUF];
-				sprintf(host, "%s@%s", u->second->ident, u->second->GetIPString());
+				snprintf(host, MAXBUF, "%s@%s", u->second->ident, u->second->GetIPString());
 				if (match(host, parameters[0], true))
 				{
 					n_matched++;