From 727a02219228a429027261aa66a09413651a1cb5 Mon Sep 17 00:00:00 2001 From: Mike Dvorkin Date: Sat, 1 Jan 2011 23:29:46 -0800 Subject: [PATCH] Avoid buffer overflow when formatting activity log --- src/note.c | 10 +++++----- src/project.c | 10 +++++----- src/task.c | 20 ++++++++++---------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/note.c b/src/note.c index 59ad7e4..ea438a3 100644 --- a/src/note.c +++ b/src/note.c @@ -26,15 +26,15 @@ static int note_find_current(int id, PNote *ppn) return *ppn ? (*(PNote *)ppn)->id : 0; } -static void note_log_create(PTask pt, PNote pn, POptions po) +static void note_log_create(PTask pt, PNote pn) { Action a = { pt->project_id, pt->id, pn->id, { 0 } }; - sprintf(a.message, "created note %d: %s (task %d)", pn->id, po->note.message, pn->task_id); + sprintf(a.message, "created note %d: %s (task %d)", pn->id, pn->message, pn->task_id); pit_action(&a); } -static void note_log_update(PTask pt, PNote pn, POptions po) +static void note_log_update(PTask pt, PNote pn) { Action a = { pt->project_id, pt->id, pn->id, { 0 } }; @@ -67,7 +67,7 @@ static void note_create(POptions po) pn = (PNote)pit_table_insert(notes, (char *)&n); pit_table_mark(notes, pn->id); pt->number_of_notes++; - note_log_create(pt, pn, po); + note_log_create(pt, pn); pit_db_save(); } } @@ -83,7 +83,7 @@ static void note_update(int id, POptions po) strncpy(pn->username, current_user(), sizeof(pn->username) - 1); pit_table_mark(notes, pn->id); - note_log_update((PTask)pit_table_find(tasks, pn->task_id), pn, po); + note_log_update((PTask)pit_table_find(tasks, pn->task_id), pn); pit_db_save(); } diff --git a/src/project.c b/src/project.c index 226331f..cf249f8 100644 --- a/src/project.c +++ b/src/project.c @@ -37,11 +37,11 @@ static int project_find_current(int id, PProject *ppp) return *ppp ? (*(PProject *)ppp)->id : 0; } -static void project_log_create(PProject pp, POptions po) +static void project_log_create(PProject pp) { Action a = { pp->id, 0 }; - sprintf(a.message, "created project %d: %s (status: %s)", pp->id, po->project.name, po->project.status); + sprintf(a.message, "created project %d: %s (status: %s)", pp->id, pp->name, pp->status); pit_action(&a); } @@ -52,13 +52,13 @@ static void project_log_update(PProject pp, POptions po) sprintf(a.message, "updated project %d:", pp->id); if (po->project.name) { - sprintf(a.message + strlen(a.message), " (name: %s", po->project.name); + sprintf(a.message + strlen(a.message), " (name: %s", pp->name); empty = FALSE; } else { sprintf(a.message + strlen(a.message), " %s (", pp->name); } if (po->project.status) { - sprintf(a.message + strlen(a.message), "%sstatus: %s", (empty ? "" : ", "), po->project.status); + sprintf(a.message + strlen(a.message), "%sstatus: %s", (empty ? "" : ", "), pp->status); } strcat(a.message, ")"); pit_action(&a); @@ -130,7 +130,7 @@ static void project_create(POptions po) pp = (PProject)pit_table_insert(projects, (char *)&p); pit_table_mark(projects, pp->id); - project_log_create(pp, po); + project_log_create(pp); pit_db_save(); } } diff --git a/src/task.c b/src/task.c index be43fe8..d8b3f1a 100644 --- a/src/task.c +++ b/src/task.c @@ -26,13 +26,13 @@ static int task_find_current(int id, PTask *ppt) return *ppt ? (*(PTask *)ppt)->id : 0; } -static void task_log_create(PTask pt, POptions po) +static void task_log_create(PTask pt) { Action a = { pt->project_id, pt->id, 0 }; - sprintf(a.message, "created task %d: %s (status: %s, priority: %s", pt->id, po->task.name, po->task.status, po->task.priority); - if (po->task.date > 0) sprintf(a.message + strlen(a.message), ", date: %s", format_date(po->task.date)); - if (po->task.time > 0) sprintf(a.message + strlen(a.message), ", time: %s", format_time(po->task.time)); + sprintf(a.message, "created task %d: %s (status: %s, priority: %s", pt->id, pt->name, pt->status, pt->priority); + if (pt->date > 0) sprintf(a.message + strlen(a.message), ", date: %s", format_date(pt->date)); + if (pt->time > 0) sprintf(a.message + strlen(a.message), ", time: %s", format_time(pt->time)); sprintf(a.message + strlen(a.message), ", project: %d)", pt->project_id); pit_action(&a); } @@ -44,24 +44,24 @@ static void task_log_update(PTask pt, POptions po) sprintf(a.message, "updated task %d:", pt->id); if (po->task.name) { - sprintf(a.message + strlen(a.message), " (name: %s", po->task.name); + sprintf(a.message + strlen(a.message), " (name: %s", pt->name); empty = FALSE; } else { sprintf(a.message + strlen(a.message), " %s (", pt->name); } if (po->task.status) { - sprintf(a.message + strlen(a.message), "%sstatus: %s", (empty ? "" : ", "), po->task.status); + sprintf(a.message + strlen(a.message), "%sstatus: %s", (empty ? "" : ", "), pt->status); empty = FALSE; } if (po->task.priority) { - sprintf(a.message + strlen(a.message), "%spriority: %s", (empty ? "" : ", "), po->task.priority); + sprintf(a.message + strlen(a.message), "%spriority: %s", (empty ? "" : ", "), pt->priority); empty = FALSE; } if (po->task.date) { if (po->task.date < 0) { sprintf(a.message + strlen(a.message), "%sdate: none", (empty ? "" : ", ")); } else { - sprintf(a.message + strlen(a.message), "%sdate: %s", (empty ? "" : ", "), format_date(po->task.date)); + sprintf(a.message + strlen(a.message), "%sdate: %s", (empty ? "" : ", "), format_date(pt->date)); } empty = FALSE; } @@ -69,7 +69,7 @@ static void task_log_update(PTask pt, POptions po) if (po->task.time < 0) { sprintf(a.message + strlen(a.message), "%stime: none", (empty ? "" : ", ")); } else { - sprintf(a.message + strlen(a.message), "%stime: %s", (empty ? "" : ", "), format_time(po->task.time)); + sprintf(a.message + strlen(a.message), "%stime: %s", (empty ? "" : ", "), format_time(pt->time)); } empty = FALSE; } @@ -142,7 +142,7 @@ static void task_create(POptions po) pt = (PTask)pit_table_insert(tasks, (char *)&t); pit_table_mark(tasks, pt->id); pp->number_of_tasks++; - task_log_create(pt, po); + task_log_create(pt); pit_db_save(); } }