diff --git a/swad_ID.c b/swad_ID.c index 64ac3ac9..1cd906bf 100644 --- a/swad_ID.c +++ b/swad_ID.c @@ -178,6 +178,7 @@ unsigned ID_GetListUsrCodsFromUsrID (struct UsrData *UsrDat, char *Query; MYSQL_RES *mysql_res; MYSQL_ROW row; + size_t Length; unsigned NumID; unsigned NumUsr; bool CheckPassword = false; @@ -189,14 +190,17 @@ unsigned ID_GetListUsrCodsFromUsrID (struct UsrData *UsrDat, CheckPassword = true; /***** Allocate memory for query string *****/ - if ((Query = (char *) malloc (512 + UsrDat->IDs.Num * (1 + ID_MAX_LENGTH_USR_ID + 1))) == NULL) + Length = 512 + UsrDat->IDs.Num * (1 + ID_MAX_LENGTH_USR_ID + 1) - 1; + if ((Query = (char *) malloc (Length + 1)) == NULL) Lay_ShowErrorAndExit ("Not enough memory to store list of user's IDs."); /***** Get user's code(s) from database *****/ - strcpy (Query,CheckPassword ? "SELECT DISTINCT(usr_IDs.UsrCod) FROM usr_IDs,usr_data" - " WHERE usr_IDs.UsrID IN (" : - "SELECT DISTINCT(UsrCod) FROM usr_IDs" - " WHERE UsrID IN ("); + strncpy (Query,CheckPassword ? "SELECT DISTINCT(usr_IDs.UsrCod) FROM usr_IDs,usr_data" + " WHERE usr_IDs.UsrID IN (" : + "SELECT DISTINCT(UsrCod) FROM usr_IDs" + " WHERE UsrID IN (",Length); + Query[Length] = '\0'; + for (NumID = 0; NumID < UsrDat->IDs.Num; NumID++) diff --git a/swad_centre.c b/swad_centre.c index 3c7a9d21..90383d31 100644 --- a/swad_centre.c +++ b/swad_centre.c @@ -1264,7 +1264,7 @@ static void Ctr_GetPhotoAttribution (long CtrCod,char **PhotoAttribution) Lay_ShowErrorAndExit ("Error allocating memory for photo attribution."); strncpy (*PhotoAttribution,row[0],Length); - PhotoAttribution[Length] = '\0'; + (*PhotoAttribution)[Length] = '\0'; } } diff --git a/swad_changelog.h b/swad_changelog.h index 41c3a251..89f9916b 100644 --- a/swad_changelog.h +++ b/swad_changelog.h @@ -189,13 +189,14 @@ /****************************** Public constants *****************************/ /*****************************************************************************/ -#define Log_PLATFORM_VERSION "SWAD 16.112 (2017-01-13)" +#define Log_PLATFORM_VERSION "SWAD 16.113 (2017-01-13)" #define CSS_FILE "swad16.111.5.css" #define JS_FILE "swad16.101.js" // Number of lines (includes comments but not blank lines) has been got with the following command: // nl swad*.c swad*.h css/swad*.css py/swad*.py js/swad*.js soap/swad*?.h sql/swad*.sql | tail -1 /* + Version 16.113: Jan 13, 2017 Some strcpy changed to strncpy. (211497 lines) Version 16.112: Jan 13, 2017 Some strcpy changed to strncpy. (211415 lines) Version 16.111.16:Dec 30, 2016 Fixed minor bug in user's ID, reported by Coverity. (211185 lines) Version 16.111.15:Dec 30, 2016 Fixed bug in forums, reported by Coverity. (211182 lines) diff --git a/swad_country.c b/swad_country.c index 45c7ac3b..b3a114a7 100644 --- a/swad_country.c +++ b/swad_country.c @@ -1413,8 +1413,9 @@ static void Cty_GetMapAttribution (long CtyCod,char **MapAttribution) Length = strlen (row[0]); if (((*MapAttribution) = (char *) malloc (Length + 1)) == NULL) Lay_ShowErrorAndExit ("Error allocating memory for map attribution."); + strncpy (*MapAttribution,row[0],Length); - MapAttribution[Length] = '\0'; + (*MapAttribution)[Length] = '\0'; } } diff --git a/swad_follow.c b/swad_follow.c index c7af32f0..2b9b8779 100644 --- a/swad_follow.c +++ b/swad_follow.c @@ -934,7 +934,7 @@ void Fol_GetNotifFollower (char *SummaryStr,char **ContentStr) SummaryStr[0] = '\0'; if ((*ContentStr = (char *) malloc (1))) - strcpy (*ContentStr,""); + *ContentStr[0] = '\0'; } /*****************************************************************************/ diff --git a/swad_forum.c b/swad_forum.c index 4c64e0b1..090be840 100644 --- a/swad_forum.c +++ b/swad_forum.c @@ -1394,13 +1394,15 @@ static void For_GetPstData (long PstCod,long *UsrCod,time_t *CreatTimeUTC, /*****************************************************************************/ // This function may be called inside a web service, so don't report error -void For_GetSummaryAndContentForumPst (char *SummaryStr,char **ContentStr, +void For_GetSummaryAndContentForumPst (char SummaryStr[Cns_MAX_BYTES_TEXT + 1], + char **ContentStr, long PstCod, unsigned MaxChars,bool GetContent) { char Query[512]; MYSQL_RES *mysql_res; MYSQL_ROW row; + size_t Length; SummaryStr[0] = '\0'; // Return nothing on error @@ -1417,16 +1419,22 @@ void For_GetSummaryAndContentForumPst (char *SummaryStr,char **ContentStr, row = mysql_fetch_row (mysql_res); /***** Copy subject *****/ - strcpy (SummaryStr,row[0]); + strncpy (SummaryStr,row[0],Cns_MAX_BYTES_TEXT); + SummaryStr[Cns_MAX_BYTES_TEXT] = '\0'; + if (MaxChars) Str_LimitLengthHTMLStr (SummaryStr,MaxChars); /***** Copy content *****/ if (GetContent) { - if ((*ContentStr = (char *) malloc (strlen (row[1])+1)) == NULL) + Length = strlen (row[1]); + + if ((*ContentStr = (char *) malloc (Length + 1)) == NULL) Lay_ShowErrorAndExit ("Error allocating memory for notification content."); - strcpy (*ContentStr,row[1]); + + strncpy (*ContentStr,row[1],Length); + (*ContentStr)[Length] = '\0'; } } mysql_free_result (mysql_res); @@ -2125,7 +2133,7 @@ static void For_WriteLinkToAForum (For_ForumType_t ForumType,bool ShowNumOfPosts unsigned Level,bool IsLastItemInLevel[1+For_FORUM_MAX_LEVELS]) { char Icon[512]; - char ForumName[512]; + char ForumName[For_MAX_BYTES_FORUM_NAME + 1]; For_SetForumName (ForumType, &Gbl.Forum.Ins, @@ -2182,7 +2190,8 @@ void For_SetForumName (For_ForumType_t ForumType, struct Centre *Ctr, struct Degree *Deg, struct Course *Crs, - char *ForumName,Txt_Language_t Language,bool UseHTMLEntities) + char ForumName[For_MAX_BYTES_FORUM_NAME + 1], + Txt_Language_t Language,bool UseHTMLEntities) { extern const char *Txt_General; extern const char *Txt_General_NO_HTML[1+Txt_NUM_LANGUAGES]; @@ -2192,7 +2201,8 @@ void For_SetForumName (For_ForumType_t ForumType, switch (ForumType) { case For_FORUM_COURSE_USRS: - strcpy (ForumName,Crs->ShrtName); + strncpy (ForumName,Crs->ShrtName,For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_COURSE_TCHS: sprintf (ForumName,"%s%s",Crs->ShrtName, @@ -2200,7 +2210,8 @@ void For_SetForumName (For_ForumType_t ForumType, Txt_only_teachers_NO_HTML[Language]); break; case For_FORUM_DEGREE_USRS: - strcpy (ForumName,Deg->ShrtName); + strncpy (ForumName,Deg->ShrtName,For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_DEGREE_TCHS: sprintf (ForumName,"%s%s",Deg->ShrtName, @@ -2208,7 +2219,8 @@ void For_SetForumName (For_ForumType_t ForumType, Txt_only_teachers_NO_HTML[Language]); break; case For_FORUM_CENTRE_USRS: - strcpy (ForumName,Ctr->ShrtName); + strncpy (ForumName,Ctr->ShrtName,For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_CENTRE_TCHS: sprintf (ForumName,"%s%s",Ctr->ShrtName, @@ -2216,7 +2228,8 @@ void For_SetForumName (For_ForumType_t ForumType, Txt_only_teachers_NO_HTML[Language]); break; case For_FORUM_INSTIT_USRS: - strcpy (ForumName,Ins->ShrtName); + strncpy (ForumName,Ins->ShrtName,For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_INSTIT_TCHS: sprintf (ForumName,"%s%s",Ins->ShrtName, @@ -2224,8 +2237,10 @@ void For_SetForumName (For_ForumType_t ForumType, Txt_only_teachers_NO_HTML[Language]); break; case For_FORUM_GLOBAL_USRS: - strcpy (ForumName,UseHTMLEntities ? Txt_General : - Txt_General_NO_HTML[Language]); + strncpy (ForumName,UseHTMLEntities ? Txt_General : + Txt_General_NO_HTML[Language], + For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_GLOBAL_TCHS: sprintf (ForumName,"%s%s", @@ -2235,7 +2250,8 @@ void For_SetForumName (For_ForumType_t ForumType, Txt_only_teachers_NO_HTML[Language]); break; case For_FORUM_SWAD_USRS: - strcpy (ForumName,Cfg_PLATFORM_SHORT_NAME); + strncpy (ForumName,Cfg_PLATFORM_SHORT_NAME,For_MAX_BYTES_FORUM_NAME); + ForumName[For_MAX_BYTES_FORUM_NAME] = '\0'; break; case For_FORUM_SWAD_TCHS: sprintf (ForumName,"%s%s",Cfg_PLATFORM_SHORT_NAME, diff --git a/swad_forum.h b/swad_forum.h index b1429fda..fa32f408 100644 --- a/swad_forum.h +++ b/swad_forum.h @@ -84,6 +84,8 @@ typedef enum } For_ForumOrderType_t; #define For_DEFAULT_ORDER For_LAST_MSG +#define For_MAX_BYTES_FORUM_NAME (512 - 1) + /*****************************************************************************/ /***************************** Public prototypes *****************************/ /*****************************************************************************/ @@ -97,7 +99,8 @@ unsigned long For_GetNumPostsUsr (long UsrCod); void For_DeleteThrFromReadThrs (long ThrCod); void For_RemoveUsrFromReadThrs (long UsrCod); -void For_GetSummaryAndContentForumPst (char *SummaryStr,char **ContentStr, +void For_GetSummaryAndContentForumPst (char SummaryStr[Cns_MAX_BYTES_TEXT + 1], + char **ContentStr, long PstCod, unsigned MaxChars,bool GetContent); @@ -109,7 +112,8 @@ void For_SetForumName (For_ForumType_t ForumType, struct Centre *Ctr, struct Degree *Deg, struct Course *Crs, - char *ForumName,Txt_Language_t Language,bool UseHTMLEntities); + char ForumName[For_MAX_BYTES_FORUM_NAME + 1], + Txt_Language_t Language,bool UseHTMLEntities); unsigned For_GetNumThrsWithNewPstsInForum (For_ForumType_t ForumType,unsigned NumThreads); void For_ShowForumThrs (void); unsigned For_GetNumTotalForumsOfType (For_ForumType_t ForumType, diff --git a/swad_group.c b/swad_group.c index 828f6775..6f63a2af 100644 --- a/swad_group.c +++ b/swad_group.c @@ -2497,7 +2497,8 @@ void Grp_GetListGrpTypesAndGrpsInThisCrs (Grp_WhichGroupTypes_t WhichGroupTypes) Lay_ShowErrorAndExit ("Wrong code of group."); /* Get group name (row[1]) */ - strcpy (Grp->GrpName,row[1]); + strncpy (Grp->GrpName,row[1],Grp_MAX_LENGTH_GROUP_NAME); + Grp->GrpName[Grp_MAX_LENGTH_GROUP_NAME] = '\0'; /* Get max number of students of group (row[2]) and number of current students */ Grp->MaxStudents = Grp_ConvertToNumMaxStdsGrp (row[2]); @@ -2625,7 +2626,8 @@ static void Grp_GetDataOfGroupTypeByCod (struct GroupType *GrpTyp) /***** Get some data of group type *****/ row = mysql_fetch_row (mysql_res); - strcpy (GrpTyp->GrpTypName,row[0]); + strncpy (GrpTyp->GrpTypName,row[0],Grp_MAX_LENGTH_GROUP_TYPE_NAME); + GrpTyp->GrpTypName[Grp_MAX_LENGTH_GROUP_TYPE_NAME] = '\0'; GrpTyp->MandatoryEnrollment = (row[1][0] == 'Y'); GrpTyp->MultipleEnrollment = (row[2][0] == 'Y'); GrpTyp->MustBeOpened = (row[3][0] == 'Y'); @@ -2711,13 +2713,15 @@ void Grp_GetDataOfGroupByCod (struct GroupData *GrpDat) Lay_ShowErrorAndExit ("Wrong code of course."); /* Get the name of the group type (row[2]) */ - strcpy (GrpDat->GrpTypName,row[2]); + strncpy (GrpDat->GrpTypName,row[2],Grp_MAX_LENGTH_GROUP_TYPE_NAME); + GrpDat->GrpTypName[Grp_MAX_LENGTH_GROUP_TYPE_NAME] = '\0'; /* Get whether a student may be in one or multiple groups (row[3]) */ GrpDat->MultipleEnrollment = (row[3][0] == 'Y'); /* Get the name of the group (row[4]) */ - strcpy (GrpDat->GrpName,row[4]); + strncpy (GrpDat->GrpName,row[4],Grp_MAX_LENGTH_GROUP_NAME); + GrpDat->GrpName[Grp_MAX_LENGTH_GROUP_NAME] = '\0'; /* Get maximum number of students (row[5]) */ GrpDat->MaxStudents = Grp_ConvertToNumMaxStdsGrp (row[5]); @@ -4014,7 +4018,9 @@ void Grp_RenameGroupType (void) } /***** Show the form again *****/ - strcpy (Gbl.CurrentCrs.Grps.GrpTyp.GrpTypName,NewNameGrpTyp); + strncpy (Gbl.CurrentCrs.Grps.GrpTyp.GrpTypName,NewNameGrpTyp, + Grp_MAX_LENGTH_GROUP_TYPE_NAME); + Gbl.CurrentCrs.Grps.GrpTyp.GrpTypName[Grp_MAX_LENGTH_GROUP_TYPE_NAME] = '\0'; Grp_ReqEditGroups (); } @@ -4085,7 +4091,8 @@ void Grp_RenameGroup (void) } /***** Show the form again *****/ - strcpy (Gbl.CurrentCrs.Grps.GrpName,NewNameGrp); + strncpy (Gbl.CurrentCrs.Grps.GrpName,NewNameGrp,Grp_MAX_LENGTH_GROUP_NAME); + Gbl.CurrentCrs.Grps.GrpName[Grp_MAX_LENGTH_GROUP_NAME] = '\0'; Grp_ReqEditGroups (); } diff --git a/swad_group.h b/swad_group.h index 4d1275a2..0cc9e640 100644 --- a/swad_group.h +++ b/swad_group.h @@ -55,8 +55,8 @@ struct GroupData long GrpCod; long GrpTypCod; long CrsCod; - char GrpTypName[Grp_MAX_LENGTH_GROUP_TYPE_NAME+1]; - char GrpName[Grp_MAX_LENGTH_GROUP_NAME+1]; + char GrpTypName[Grp_MAX_LENGTH_GROUP_TYPE_NAME + 1]; + char GrpName[Grp_MAX_LENGTH_GROUP_NAME + 1]; unsigned MaxStudents; int Vacant; bool Open; // Group is open? @@ -66,7 +66,7 @@ struct GroupData struct Group { long GrpCod; // Code of group - char GrpName[Grp_MAX_LENGTH_GROUP_NAME+1]; // Name of group + char GrpName[Grp_MAX_LENGTH_GROUP_NAME + 1]; // Name of group unsigned MaxStudents; unsigned NumStudents; // Number of students in the group bool Open; // Group is open? diff --git a/swad_holiday.c b/swad_holiday.c index 4ed5d8a7..dcaf8661 100644 --- a/swad_holiday.c +++ b/swad_holiday.c @@ -312,7 +312,8 @@ void Hld_GetListHolidays (void) Hld->PlcCod = Str_ConvertStrCodToLongCod (row[1]); /* Get the full name of the place (row[2]) */ - strcpy (Hld->PlaceFullName,row[2]); + strncpy (Hld->PlaceFullName,row[2],Plc_MAX_LENGTH_PLACE_FULL_NAME); + Hld->PlaceFullName[Plc_MAX_LENGTH_PLACE_FULL_NAME] = '\0'; /* Get type (row[3]) */ Hld->HldTyp = Hld_GetTypeOfHoliday (row[3]); @@ -336,7 +337,8 @@ void Hld_GetListHolidays (void) } /* Get the name of the holiday/non school period (row[6]) */ - strcpy (Hld->Name,row[6]); + strncpy (Hld->Name,row[6],Hld_MAX_LENGTH_HOLIDAY_NAME); + Hld->Name[Hld_MAX_LENGTH_HOLIDAY_NAME] = '\0'; } } @@ -402,7 +404,8 @@ static void Hld_GetDataOfHolidayByCod (struct Holiday *Hld) Hld->PlcCod = Str_ConvertStrCodToLongCod (row[0]); /* Get the full name of the place (row[1]) */ - strcpy (Hld->PlaceFullName,row[1]); + strncpy (Hld->PlaceFullName,row[1],Plc_MAX_LENGTH_PLACE_FULL_NAME); + Hld->PlaceFullName[Plc_MAX_LENGTH_PLACE_FULL_NAME] = '\0'; /* Get type (row[2]) */ Hld->HldTyp = Hld_GetTypeOfHoliday (row[2]); @@ -426,7 +429,8 @@ static void Hld_GetDataOfHolidayByCod (struct Holiday *Hld) } /* Get the name of the holiday/non school period (row[5]) */ - strcpy (Hld->Name,row[5]); + strncpy (Hld->Name,row[5],Hld_MAX_LENGTH_HOLIDAY_NAME); + Hld->Name[Hld_MAX_LENGTH_HOLIDAY_NAME] = '\0'; } /***** Free structure that stores the query result *****/ @@ -694,7 +698,9 @@ void Hld_ChangeHolidayPlace (void) /***** Show the form again *****/ Hld->PlcCod = NewPlace.PlcCod; - strcpy (Hld->PlaceFullName,NewPlace.FullName); + strncpy (Hld->PlaceFullName,NewPlace.FullName,Plc_MAX_LENGTH_PLACE_FULL_NAME); + Hld->PlaceFullName[Plc_MAX_LENGTH_PLACE_FULL_NAME] = '\0'; + Hld_EditHolidays (); } @@ -889,7 +895,9 @@ void Hld_RenameHoliday (void) } /***** Show the form again *****/ - strcpy (Hld->Name,NewHldName); + strncpy (Hld->Name,NewHldName,Hld_MAX_LENGTH_HOLIDAY_NAME); + Hld->Name[Hld_MAX_LENGTH_HOLIDAY_NAME] = '\0'; + Hld_EditHolidays (); } diff --git a/swad_holiday.h b/swad_holiday.h index 91986717..2e42dc38 100644 --- a/swad_holiday.h +++ b/swad_holiday.h @@ -53,11 +53,11 @@ struct Holiday { long HldCod; long PlcCod; - char PlaceFullName[Plc_MAX_LENGTH_PLACE_FULL_NAME+1]; + char PlaceFullName[Plc_MAX_LENGTH_PLACE_FULL_NAME + 1]; Hld_HolidayType_t HldTyp; struct Date StartDate; struct Date EndDate; - char Name[Hld_MAX_LENGTH_HOLIDAY_NAME+1]; + char Name[Hld_MAX_LENGTH_HOLIDAY_NAME + 1]; }; typedef enum diff --git a/swad_image.c b/swad_image.c index eb9e9609..ab4be950 100644 --- a/swad_image.c +++ b/swad_image.c @@ -343,17 +343,24 @@ void Img_GetImageFromForm (int NumImgInForm,struct Image *Image, /*****************************************************************************/ /********* Set parameters names depending on number of image in form *********/ /*****************************************************************************/ -// If NumImgInForm < 0, params have no suffix +// If NumImgInForm < 0, params have no suffix // If NumImgInForm >= 0, the number is a suffix of the params void Img_SetParamNames (struct ParamUploadImg *ParamUploadImg,int NumImgInForm) { if (NumImgInForm < 0) // One unique image in form ==> no suffix needed { - strcpy (ParamUploadImg->Action,"ImgAct"); - strcpy (ParamUploadImg->File ,"ImgFil"); - strcpy (ParamUploadImg->Title ,"ImgTit"); - strcpy (ParamUploadImg->URL ,"ImgURL"); + strncpy (ParamUploadImg->Action,"ImgAct",Img_MAX_LENGTH_PARAM_UPLOAD_IMG); + ParamUploadImg->Action[Img_MAX_LENGTH_PARAM_UPLOAD_IMG] = '\0'; + + strncpy (ParamUploadImg->File ,"ImgFil",Img_MAX_LENGTH_PARAM_UPLOAD_IMG); + ParamUploadImg->File [Img_MAX_LENGTH_PARAM_UPLOAD_IMG] = '\0'; + + strncpy (ParamUploadImg->Title ,"ImgTit",Img_MAX_LENGTH_PARAM_UPLOAD_IMG); + ParamUploadImg->Title [Img_MAX_LENGTH_PARAM_UPLOAD_IMG] = '\0'; + + strncpy (ParamUploadImg->URL ,"ImgURL",Img_MAX_LENGTH_PARAM_UPLOAD_IMG); + ParamUploadImg->URL [Img_MAX_LENGTH_PARAM_UPLOAD_IMG] = '\0'; } else // Several images in form ==> add suffix { diff --git a/swad_image.h b/swad_image.h index 0c8550cb..a6fda76b 100644 --- a/swad_image.h +++ b/swad_image.h @@ -99,12 +99,13 @@ struct Image }; /***** Parameters used in a form to upload an image *****/ +#define Img_MAX_LENGTH_PARAM_UPLOAD_IMG (16 - 1) struct ParamUploadImg { - char Action[16]; - char File[16]; - char Title[16]; - char URL[16]; + char Action[Img_MAX_LENGTH_PARAM_UPLOAD_IMG + 1]; + char File [Img_MAX_LENGTH_PARAM_UPLOAD_IMG + 1]; + char Title [Img_MAX_LENGTH_PARAM_UPLOAD_IMG + 1]; + char URL [Img_MAX_LENGTH_PARAM_UPLOAD_IMG + 1]; }; /*****************************************************************************/ diff --git a/swad_info.c b/swad_info.c index 0678bff2..5323a188 100644 --- a/swad_info.c +++ b/swad_info.c @@ -2141,8 +2141,8 @@ void Inf_EditRichTxtInfo (void) void Inf_RecAndChangePlainTxtInfo (void) { - char Txt_HTMLFormat[Cns_MAX_BYTES_LONG_TEXT+1]; - char Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT+1]; + char Txt_HTMLFormat [Cns_MAX_BYTES_LONG_TEXT + 1]; + char Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT + 1]; /***** Set info type *****/ Gbl.CurrentCrs.Info.Type = Inf_AsignInfoType (); @@ -2150,7 +2150,10 @@ void Inf_RecAndChangePlainTxtInfo (void) /***** Get text with course information from form *****/ Par_GetParameter (Par_PARAM_SINGLE,"Txt",Txt_HTMLFormat, Cns_MAX_BYTES_LONG_TEXT,NULL); - strcpy (Txt_MarkdownFormat,Txt_HTMLFormat); + + strncpy (Txt_MarkdownFormat,Txt_HTMLFormat,Cns_MAX_BYTES_LONG_TEXT); + Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT] = '\0'; + Str_ChangeFormat (Str_FROM_FORM,Str_TO_HTML, Txt_HTMLFormat,Cns_MAX_BYTES_LONG_TEXT,true); // Store in HTML format (not rigorous) Str_ChangeFormat (Str_FROM_FORM,Str_TO_MARKDOWN, @@ -2176,8 +2179,8 @@ void Inf_RecAndChangePlainTxtInfo (void) void Inf_RecAndChangeRichTxtInfo (void) { - char Txt_HTMLFormat[Cns_MAX_BYTES_LONG_TEXT+1]; - char Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT+1]; + char Txt_HTMLFormat [Cns_MAX_BYTES_LONG_TEXT + 1]; + char Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT + 1]; /***** Set info type *****/ Gbl.CurrentCrs.Info.Type = Inf_AsignInfoType (); @@ -2185,7 +2188,10 @@ void Inf_RecAndChangeRichTxtInfo (void) /***** Get text with course information from form *****/ Par_GetParameter (Par_PARAM_SINGLE,"Txt",Txt_HTMLFormat, Cns_MAX_BYTES_LONG_TEXT,NULL); - strcpy (Txt_MarkdownFormat,Txt_HTMLFormat); + + strncpy (Txt_MarkdownFormat,Txt_HTMLFormat,Cns_MAX_BYTES_LONG_TEXT); + Txt_MarkdownFormat[Cns_MAX_BYTES_LONG_TEXT] = '\0'; + Str_ChangeFormat (Str_FROM_FORM,Str_TO_HTML, Txt_HTMLFormat,Cns_MAX_BYTES_LONG_TEXT,true); // Store in HTML format (not rigorous) Str_ChangeFormat (Str_FROM_FORM,Str_TO_MARKDOWN, diff --git a/swad_institution.c b/swad_institution.c index 221f7bd6..d38bcc8c 100644 --- a/swad_institution.c +++ b/swad_institution.c @@ -1028,14 +1028,16 @@ void Ins_GetListInstitutions (long CtyCod,Ins_GetExtraData_t GetExtraData) Ins->RequesterUsrCod = Str_ConvertStrCodToLongCod (row[3]); /* Get the short name of the institution (row[4]) */ - strcpy (Ins->ShrtName,row[4]); + strncpy (Ins->ShrtName,row[4],Ins_MAX_LENGTH_INSTIT_SHRT_NAME); + Ins->ShrtName[Ins_MAX_LENGTH_INSTIT_SHRT_NAME] = '\0'; /* Get the full name of the institution (row[5]) */ strncpy (Ins->FullName,row[5],Ins_MAX_LENGTH_INSTIT_FULL_NAME); Ins->FullName[Ins_MAX_LENGTH_INSTIT_FULL_NAME] = '\0'; /* Get the URL of the institution (row[6]) */ - strcpy (Ins->WWW,row[6]); + strncpy (Ins->WWW,row[6],Cns_MAX_LENGTH_WWW); + Ins->WWW[Cns_MAX_LENGTH_WWW] = '\0'; /* Get extra data */ switch (GetExtraData) @@ -1123,14 +1125,16 @@ bool Ins_GetDataOfInstitutionByCod (struct Instit *Ins, Ins->RequesterUsrCod = Str_ConvertStrCodToLongCod (row[2]); /* Get the short name of the institution (row[3]) */ - strcpy (Ins->ShrtName,row[3]); + strncpy (Ins->ShrtName,row[3],Ins_MAX_LENGTH_INSTIT_SHRT_NAME); + Ins->ShrtName[Ins_MAX_LENGTH_INSTIT_SHRT_NAME] = '\0'; /* Get the full name of the institution (row[4]) */ strncpy (Ins->FullName,row[4],Ins_MAX_LENGTH_INSTIT_FULL_NAME); Ins->FullName[Ins_MAX_LENGTH_INSTIT_FULL_NAME] = '\0'; /* Get the URL of the institution (row[5]) */ - strcpy (Ins->WWW,row[5]); + strncpy (Ins->WWW,row[5],Cns_MAX_LENGTH_WWW); + Ins->WWW[Cns_MAX_LENGTH_WWW] = '\0'; /* Get extra data */ if (GetExtraData == Ins_GET_EXTRA_DATA) @@ -1179,7 +1183,9 @@ void Ins_GetShortNameOfInstitutionByCod (struct Instit *Ins) { /***** Get the short name of this institution *****/ row = mysql_fetch_row (mysql_res); - strcpy (Ins->ShrtName,row[0]); + + strncpy (Ins->ShrtName,row[0],Ins_MAX_LENGTH_INSTIT_SHRT_NAME); + Ins->ShrtName[Ins_MAX_LENGTH_INSTIT_SHRT_NAME] = '\0'; } /***** Free structure that stores the query result *****/ @@ -1856,7 +1862,9 @@ void Ins_ChangeInsWWW (void) { /***** Update database changing old WWW by new WWW *****/ Ins_UpdateInsWWWDB (Ins->InsCod,NewWWW); - strcpy (Ins->WWW,NewWWW); + + strncpy (Ins->WWW,NewWWW,Cns_MAX_LENGTH_WWW); + Ins->WWW[Cns_MAX_LENGTH_WWW] = '\0'; /***** Write message to show the change made *****/ sprintf (Gbl.Message,Txt_The_new_web_address_is_X,NewWWW); @@ -1887,7 +1895,9 @@ void Ins_ChangeInsWWWInConfig (void) { /***** Update database changing old WWW by new WWW *****/ Ins_UpdateInsWWWDB (Gbl.CurrentIns.Ins.InsCod,NewWWW); - strcpy (Gbl.CurrentIns.Ins.WWW,NewWWW); + + strncpy (Gbl.CurrentIns.Ins.WWW,NewWWW,Cns_MAX_LENGTH_WWW); + Gbl.CurrentIns.Ins.WWW[Cns_MAX_LENGTH_WWW] = '\0'; /***** Write message to show the change made *****/ sprintf (Gbl.Message,Txt_The_new_web_address_is_X,NewWWW); diff --git a/swad_institution.h b/swad_institution.h index 955f8e64..a2a14d05 100644 --- a/swad_institution.h +++ b/swad_institution.h @@ -61,9 +61,9 @@ struct Instit long CtyCod; Ins_Status_t Status; // Institution status long RequesterUsrCod; // User code of the person who requested the creation of this institution - char ShrtName[Ins_MAX_LENGTH_INSTIT_SHRT_NAME+1]; - char FullName[Ins_MAX_LENGTH_INSTIT_FULL_NAME+1]; - char WWW[Cns_MAX_LENGTH_WWW+1]; + char ShrtName[Ins_MAX_LENGTH_INSTIT_SHRT_NAME + 1]; + char FullName[Ins_MAX_LENGTH_INSTIT_FULL_NAME + 1]; + char WWW[Cns_MAX_LENGTH_WWW + 1]; unsigned NumUsrsWhoClaimToBelongToIns; unsigned NumCtrs; unsigned NumDegs; diff --git a/swad_link.c b/swad_link.c index 01e51259..2c3b70b4 100644 --- a/swad_link.c +++ b/swad_link.c @@ -232,13 +232,16 @@ void Lnk_GetListLinks (void) Lay_ShowErrorAndExit ("Wrong code of institutional link."); /* Get the short name of the link (row[1]) */ - strcpy (Lnk->ShrtName,row[1]); + strncpy (Lnk->ShrtName,row[1],Lnk_MAX_LENGTH_LINK_SHRT_NAME); + Lnk->ShrtName[Lnk_MAX_LENGTH_LINK_SHRT_NAME] = '\0'; /* Get the full name of the link (row[2]) */ - strcpy (Lnk->FullName,row[2]); + strncpy (Lnk->FullName,row[2],Lnk_MAX_LENGTH_LINK_FULL_NAME); + Lnk->FullName[Lnk_MAX_LENGTH_LINK_FULL_NAME] = '\0'; /* Get the URL of the link (row[3]) */ - strcpy (Lnk->WWW,row[3]); + strncpy (Lnk->WWW,row[3],Cns_MAX_LENGTH_WWW); + Lnk->WWW[Cns_MAX_LENGTH_WWW] = '\0'; } } else @@ -277,13 +280,16 @@ void Lnk_GetDataOfLinkByCod (struct Link *Lnk) row = mysql_fetch_row (mysql_res); /* Get the short name of the link (row[0]) */ - strcpy (Lnk->ShrtName,row[0]); + strncpy (Lnk->ShrtName,row[0],Lnk_MAX_LENGTH_LINK_SHRT_NAME); + Lnk->ShrtName[Lnk_MAX_LENGTH_LINK_SHRT_NAME] = '\0'; /* Get the full name of the link (row[1]) */ - strcpy (Lnk->FullName,row[1]); + strncpy (Lnk->FullName,row[1],Lnk_MAX_LENGTH_LINK_FULL_NAME); + Lnk->FullName[Lnk_MAX_LENGTH_LINK_FULL_NAME] = '\0'; /* Get the URL of the link (row[2]) */ - strcpy (Lnk->WWW,row[2]); + strncpy (Lnk->WWW,row[2],Cns_MAX_LENGTH_WWW); + Lnk->WWW[Cns_MAX_LENGTH_WWW] = '\0'; } /***** Free structure that stores the query result *****/ @@ -545,7 +551,9 @@ static void Lnk_RenameLink (Cns_ShrtOrFullName_t ShrtOrFullName) } /***** Show the form again *****/ - strcpy (CurrentLnkName,NewLnkName); + strncpy (CurrentLnkName,NewLnkName,MaxLength); + CurrentLnkName[MaxLength] = '\0'; + Lnk_EditLinks (); } @@ -602,7 +610,9 @@ void Lnk_ChangeLinkWWW (void) Lay_ShowAlert (Lay_WARNING,Txt_You_can_not_leave_the_web_address_empty); /***** Show the form again *****/ - strcpy (Lnk->WWW,NewWWW); + strncpy (Lnk->WWW,NewWWW,Cns_MAX_LENGTH_WWW); + Lnk->WWW[Cns_MAX_LENGTH_WWW] = '\0'; + Lnk_EditLinks (); } diff --git a/swad_link.h b/swad_link.h index 521558a8..15bfc9c3 100644 --- a/swad_link.h +++ b/swad_link.h @@ -37,9 +37,9 @@ struct Link { long LnkCod; - char ShrtName[Lnk_MAX_LENGTH_LINK_SHRT_NAME+1]; - char FullName[Lnk_MAX_LENGTH_LINK_FULL_NAME+1]; - char WWW[Cns_MAX_LENGTH_WWW+1]; + char ShrtName[Lnk_MAX_LENGTH_LINK_SHRT_NAME + 1]; + char FullName[Lnk_MAX_LENGTH_LINK_FULL_NAME + 1]; + char WWW[Cns_MAX_LENGTH_WWW + 1]; }; /*****************************************************************************/ diff --git a/swad_mail.c b/swad_mail.c index d2d22b01..44a7991a 100644 --- a/swad_mail.c +++ b/swad_mail.c @@ -288,10 +288,12 @@ static void Mai_GetListMailDomainsAllowedForNotif (void) Lay_ShowErrorAndExit ("Wrong code of mail domain."); /* Get the mail domain (row[1]) */ - strcpy (Mai->Domain,row[1]); + strncpy (Mai->Domain,row[1],Mai_MAX_LENGTH_MAIL_DOMAIN); + Mai->Domain[Mai_MAX_LENGTH_MAIL_DOMAIN] = '\0'; /* Get the mail domain info (row[2]) */ - strcpy (Mai->Info,row[2]); + strncpy (Mai->Info,row[2],Mai_MAX_LENGTH_MAIL_INFO); + Mai->Info[Mai_MAX_LENGTH_MAIL_INFO] = '\0'; /* Get number of users (row[3]) */ if (sscanf (row[3],"%u",&(Mai->NumUsrs)) != 1) @@ -392,10 +394,12 @@ void Mai_GetDataOfMailDomainByCod (struct Mail *Mai) row = mysql_fetch_row (mysql_res); /* Get the short name of the mail (row[0]) */ - strcpy (Mai->Domain,row[0]); + strncpy (Mai->Domain,row[0],Mai_MAX_LENGTH_MAIL_DOMAIN); + Mai->Domain[Mai_MAX_LENGTH_MAIL_DOMAIN] = '\0'; /* Get the full name of the mail (row[1]) */ - strcpy (Mai->Info,row[1]); + strncpy (Mai->Info,row[1],Mai_MAX_LENGTH_MAIL_INFO); + Mai->Info[Mai_MAX_LENGTH_MAIL_INFO] = '\0'; } /***** Free structure that stores the query result *****/ @@ -649,7 +653,9 @@ static void Mai_RenameMailDomain (Cns_ShrtOrFullName_t ShrtOrFullName) } /***** Show the form again *****/ - strcpy (CurrentMaiName,NewMaiName); + strncpy (CurrentMaiName,NewMaiName,MaxLength); + CurrentMaiName[MaxLength] = '\0'; + Mai_EditMailDomains (); } @@ -1033,7 +1039,8 @@ bool Mai_GetEmailFromUsrCod (struct UsrData *UsrDat) row = mysql_fetch_row (mysql_res); /* Get email */ - strcpy (UsrDat->Email,row[0]); + strncpy (UsrDat->Email,row[0],Usr_MAX_BYTES_USR_EMAIL); + UsrDat->Email[Usr_MAX_BYTES_USR_EMAIL] = '\0'; UsrDat->EmailConfirmed = (row[1][0] == 'Y'); @@ -1665,7 +1672,7 @@ void Mai_ConfirmEmail (void) MYSQL_ROW row; char MailKey[Mai_LENGTH_EMAIL_CONFIRM_KEY+1]; long UsrCod; - char Email[Usr_MAX_BYTES_USR_EMAIL+1]; + char Email[Usr_MAX_BYTES_USR_EMAIL + 1]; bool KeyIsCorrect = false; bool Confirmed; @@ -1683,7 +1690,8 @@ void Mai_ConfirmEmail (void) UsrCod = Str_ConvertStrCodToLongCod (row[0]); /* Get user's email */ - strcpy (Email,row[1]); + strncpy (Email,row[1],Usr_MAX_BYTES_USR_EMAIL); + Email[Usr_MAX_BYTES_USR_EMAIL] = '\0'; KeyIsCorrect = true; } diff --git a/swad_mail.h b/swad_mail.h index 6d9604df..e8a01fe1 100644 --- a/swad_mail.h +++ b/swad_mail.h @@ -46,8 +46,8 @@ typedef enum struct Mail { long MaiCod; - char Domain[Mai_MAX_LENGTH_MAIL_DOMAIN+1]; - char Info[Mai_MAX_LENGTH_MAIL_INFO+1]; + char Domain[Mai_MAX_LENGTH_MAIL_DOMAIN + 1]; + char Info[Mai_MAX_LENGTH_MAIL_INFO + 1]; unsigned NumUsrs; }; diff --git a/swad_mark.c b/swad_mark.c index a0a17192..a632af10 100644 --- a/swad_mark.c +++ b/swad_mark.c @@ -323,7 +323,10 @@ bool Mrk_CheckFileOfMarks (const char *Path,struct MarksProperties *Marks) // Only one table is allowed if (Str_FindStrInFile (FileAllMarks,""); + + /* 3 ending chars */ + strncpy (Ptr,"]]>",3); + + /* Ending null char */ + (*ContentStr)[Length] = '\0'; } } else @@ -850,7 +870,10 @@ void Mrk_GetNotifMyMarks (char *SummaryStr,char **ContentStr, } else { - strcpy (Gbl.Message,"Can not open file with user's marks!"); + strncpy (Gbl.Message,"Can not open file with user's marks!", // TODO: Need translation! + Lay_MAX_BYTES_ALERT); + Gbl.Message[Lay_MAX_BYTES_ALERT] = '\0'; + if ((*ContentStr = (char *) malloc (9+strlen (Gbl.Message)+3+1))) sprintf (*ContentStr,"",Gbl.Message); } @@ -858,7 +881,9 @@ void Mrk_GetNotifMyMarks (char *SummaryStr,char **ContentStr, } else { - strcpy (Gbl.Message,"User's IDs not found!"); + strncpy (Gbl.Message,"User's IDs not found!",Lay_MAX_BYTES_ALERT); // TODO: Need translation! + Gbl.Message[Lay_MAX_BYTES_ALERT] = '\0'; + if ((*ContentStr = (char *) malloc (9+strlen (Gbl.Message)+3+1))) sprintf (*ContentStr,"",Gbl.Message); } diff --git a/swad_mark.h b/swad_mark.h index 9b6ed1d6..d8fc3ee0 100644 --- a/swad_mark.h +++ b/swad_mark.h @@ -52,7 +52,8 @@ void Mrk_ChangeNumRowsFooter (void); bool Mrk_CheckFileOfMarks (const char *Path,struct MarksProperties *Marks); void Mrk_ShowMyMarks (void); -void Mrk_GetNotifMyMarks (char *SummaryStr,char **ContentStr, +void Mrk_GetNotifMyMarks (char SummaryStr[Cns_MAX_BYTES_TEXT + 1], + char **ContentStr, long MrkCod,long UsrCod, unsigned MaxChars,bool GetContent); diff --git a/swad_notification.c b/swad_notification.c index 263144bd..972107b2 100644 --- a/swad_notification.c +++ b/swad_notification.c @@ -318,7 +318,7 @@ void Ntf_ShowMyNotifications (void) struct Degree Deg; struct Course Crs; long Cod; - char ForumName[512]; + char ForumName[For_MAX_BYTES_FORUM_NAME + 1]; time_t DateTimeUTC; // Date-time of the event Ntf_Status_t Status; Ntf_StatusTxt_t StatusTxt; @@ -861,7 +861,8 @@ Ntf_StatusTxt_t Ntf_GetStatusTxtFromStatusBits (Ntf_Status_t Status) /******************* Get notification summary and content ********************/ /*****************************************************************************/ -void Ntf_GetNotifSummaryAndContent (char SummaryStr[Cns_MAX_BYTES_TEXT + 1],char **ContentStr, +void Ntf_GetNotifSummaryAndContent (char SummaryStr[Cns_MAX_BYTES_TEXT + 1], + char **ContentStr, Ntf_NotifyEvent_t NotifyEvent, long Cod,long CrsCod,long UsrCod, unsigned MaxChars,bool GetContent) @@ -1563,7 +1564,7 @@ static void Ntf_SendPendingNotifByEMailToOneUsr (struct UsrData *ToUsrDat,unsign struct Course Crs; long Cod; For_ForumType_t ForumType = (For_ForumType_t) 0; // Initialized to avoid warning - char ForumName[512]; + char ForumName[For_MAX_BYTES_FORUM_NAME + 1]; char Command[2048]; // Command to execute for sending an email int ReturnCode; diff --git a/swad_notification.h b/swad_notification.h index d4e7a0ad..e75ffb75 100644 --- a/swad_notification.h +++ b/swad_notification.h @@ -107,7 +107,8 @@ void Ntf_ShowMyNotifications (void); Ntf_NotifyEvent_t Ntf_GetParamNotifyEvent (void); Ntf_StatusTxt_t Ntf_GetStatusTxtFromStatusBits (Ntf_Status_t Status); -void Ntf_GetNotifSummaryAndContent (char SummaryStr[Cns_MAX_BYTES_TEXT + 1],char **ContentStr, +void Ntf_GetNotifSummaryAndContent (char SummaryStr[Cns_MAX_BYTES_TEXT + 1], + char **ContentStr, Ntf_NotifyEvent_t NotifyEvent, long Cod,long CrsCod,long UsrCod, unsigned MaxChars,bool GetContent); diff --git a/swad_social.c b/swad_social.c index e41d4e20..e95b7b35 100644 --- a/swad_social.c +++ b/swad_social.c @@ -1090,7 +1090,7 @@ static void Soc_WriteSocialNote (const struct SocialNote *SocNot, struct Course Crs; bool ShowPhoto = false; char PhotoURL[PATH_MAX+1]; - char ForumName[512]; + char ForumName[For_MAX_BYTES_FORUM_NAME + 1]; char SummaryStr[Cns_MAX_BYTES_TEXT + 1]; unsigned NumComments; char IdNewComment[Act_MAX_LENGTH_ID]; diff --git a/swad_user.h b/swad_user.h index 4ba17382..ad16fdf5 100644 --- a/swad_user.h +++ b/swad_user.h @@ -133,21 +133,21 @@ struct UsrData char Surname1 [Usr_MAX_BYTES_NAME + 1]; char Surname2 [Usr_MAX_BYTES_NAME + 1]; char FirstName [Usr_MAX_BYTES_NAME + 1]; - char FullName [(Usr_MAX_BYTES_NAME + 1)*3]; + char FullName [(Usr_MAX_BYTES_NAME + 1) * 3]; Usr_Sex_t Sex; - char Email [Usr_MAX_BYTES_USR_EMAIL+1]; + char Email [Usr_MAX_BYTES_USR_EMAIL + 1]; bool EmailConfirmed; - char Photo [Cry_LENGTH_ENCRYPTED_STR_SHA256_BASE64+1]; // Name of public link to photo + char Photo [Cry_LENGTH_ENCRYPTED_STR_SHA256_BASE64 + 1]; // Name of public link to photo Pri_Visibility_t PhotoVisibility; // Who can see user's photo Pri_Visibility_t ProfileVisibility; // Who can see user's public profile long CtyCod; // Country - char OriginPlace [Cns_MAX_BYTES_STRING+1]; + char OriginPlace [Cns_MAX_BYTES_STRING + 1]; struct Date Birthday; - char StrBirthday [Cns_MAX_LENGTH_DATE +1]; - char LocalAddress [Cns_MAX_BYTES_STRING+1]; - char LocalPhone [Usr_MAX_BYTES_PHONE +1]; - char FamilyAddress [Cns_MAX_BYTES_STRING+1]; - char FamilyPhone [Usr_MAX_BYTES_PHONE +1]; + char StrBirthday [Cns_MAX_LENGTH_DATE + 1]; + char LocalAddress [Cns_MAX_BYTES_STRING + 1]; + char LocalPhone [Usr_MAX_BYTES_PHONE + 1]; + char FamilyAddress [Cns_MAX_BYTES_STRING + 1]; + char FamilyPhone [Usr_MAX_BYTES_PHONE + 1]; char *Comments; long InsCtyCod; // Country of the institution long InsCod; // Institution @@ -155,8 +155,8 @@ struct UsrData { long CtrCod; // Centre long DptCod; // Department - char Office [Cns_MAX_BYTES_STRING+1]; - char OfficePhone [Usr_MAX_BYTES_PHONE +1]; + char Office [Cns_MAX_BYTES_STRING + 1]; + char OfficePhone [Usr_MAX_BYTES_PHONE + 1]; } Tch; struct { diff --git a/swad_web_service.c b/swad_web_service.c index f1a520b7..10c0f5ac 100644 --- a/swad_web_service.c +++ b/swad_web_service.c @@ -2803,7 +2803,7 @@ int swad__getNotifications (struct soap *soap, struct Degree Deg; struct Course Crs; long Cod; - char ForumName[512]; + char ForumName[For_MAX_BYTES_FORUM_NAME + 1]; char SummaryStr[Cns_MAX_BYTES_TEXT + 1]; char *ContentStr; Ntf_Status_t Status;