Changed strcpy to strncpy, sprintf to snprintf and query parameter checks to avoid vulnerabilities.

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@1017 e3e1d417-86f3-4887-817a-d78f3d33393f
This commit is contained in:
stan 2004-04-19 16:02:17 +00:00
parent 5c3be53b33
commit b508b2a5ce
16 changed files with 81 additions and 80 deletions

View File

@ -138,7 +138,7 @@ void Config::Load()
{
static char sql[BUFSIZ];
strcpy( sql, "select Name, Value, Type from Config order by Id" );
strncpy( sql, "select Name, Value, Type from Config order by Id", sizeof(sql) );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));

View File

@ -115,7 +115,7 @@ int zmGetDebugEnv( const char * const command )
{
zm_dbg_level = atoi(env_ptr);
}
sprintf( buffer, "ZM_DBG_LOG_%s", command );
snprintf( buffer, sizeof(buffer), "ZM_DBG_LOG_%s", command );
env_ptr = getenv( buffer );
if ( env_ptr != (char *)NULL )
{
@ -130,11 +130,11 @@ int zmGetDebugEnv( const char * const command )
}
if ( zm_dbg_add_log_id == FALSE )
{
strcpy( zm_dbg_log, env_ptr );
strncpy( zm_dbg_log, env_ptr, sizeof(zm_dbg_log) );
}
else
{
sprintf( zm_dbg_log, "%s.%05d", env_ptr, getpid() );
snprintf( zm_dbg_log, sizeof(zm_dbg_log), "%s.%05d", env_ptr, getpid() );
}
}
@ -299,7 +299,7 @@ int zmDbgOutput( const char *fstring, ... )
{
zmDbgSubtractTime( &tp, &zm_dbg_start );
sprintf( time_string, "%ld.%03ld", tp.tv_sec, tp.tv_usec/1000 );
snprintf( time_string, sizeof(time_string), "%ld.%03ld", tp.tv_sec, tp.tv_usec/1000 );
}
else
{

View File

@ -48,7 +48,7 @@ Event::Event( Monitor *p_monitor, struct timeval p_start_time ) : monitor( p_mon
static char start_time_str[32];
strftime( start_time_str, sizeof(start_time_str), "%Y-%m-%d %H:%M:%S", localtime( &start_time.tv_sec ) );
sprintf( sql, "insert into Events ( MonitorId, Name, StartTime ) values ( %d, 'New Event', '%s' )", monitor->Id(), start_time_str );
snprintf( sql, sizeof(sql), "insert into Events ( MonitorId, Name, StartTime ) values ( %d, 'New Event', '%s' )", monitor->Id(), start_time_str );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't insert event: %s", mysql_error( &dbconn ) ));
@ -60,7 +60,7 @@ Event::Event( Monitor *p_monitor, struct timeval p_start_time ) : monitor( p_mon
alarm_frames = 0;
tot_score = 0;
max_score = 0;
sprintf( path, "%s/%s/%d", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id );
snprintf( path, sizeof(path), "%s/%s/%d", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id );
struct stat statbuf;
errno = 0;
@ -84,7 +84,7 @@ Event::~Event()
strftime( end_time_str, sizeof(end_time_str), "%Y-%m-%d %H:%M:%S", localtime( &end_time.tv_sec ) );
sprintf( sql, "update Events set Name='Event-%d', EndTime = '%s', Length = %s%ld.%02ld, Frames = %d, AlarmFrames = %d, TotScore = %d, AvgScore = %d, MaxScore = %d where Id = %d", id, end_time_str, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec, frames, alarm_frames, tot_score, (int)(alarm_frames?(tot_score/alarm_frames):0), max_score, id );
snprintf( sql, sizeof(sql), "update Events set Name='Event-%d', EndTime = '%s', Length = %s%ld.%02ld, Frames = %d, AlarmFrames = %d, TotScore = %d, AvgScore = %d, MaxScore = %d where Id = %d", id, end_time_str, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec, frames, alarm_frames, tot_score, (int)(alarm_frames?(tot_score/alarm_frames):0), max_score, id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't update event: %s", mysql_error( &dbconn ) ));
@ -138,11 +138,11 @@ bool Event::OpenFrameSocket( int monitor_id )
}
char sock_path[PATH_MAX] = "";
sprintf( sock_path, "%s/zmf-%d.sock", (const char *)config.Item( ZM_PATH_SOCKS ), monitor_id );
snprintf( sock_path, sizeof(sock_path), "%s/zmf-%d.sock", (const char *)config.Item( ZM_PATH_SOCKS ), monitor_id );
struct sockaddr_un addr;
strcpy( addr.sun_path, sock_path );
strncpy( addr.sun_path, sock_path, sizeof(addr.sun_path) );
addr.sun_family = AF_UNIX;
if ( connect( sd, (struct sockaddr *)&addr, strlen(addr.sun_path)+sizeof(addr.sun_family)) < 0 )
@ -245,13 +245,13 @@ bool Event::WriteFrameImage( Image *image, struct timeval timestamp, const char
void Event::AddFrames( int n_frames, Image **images, struct timeval **timestamps )
{
static char sql[BUFSIZ];
strcpy( sql, "insert into Frames ( EventId, FrameId, Delta ) values " );
strncpy( sql, "insert into Frames ( EventId, FrameId, Delta ) values ", BUFSIZ );
for ( int i = 0; i < n_frames; i++ )
{
frames++;
static char event_file[PATH_MAX];
sprintf( event_file, capture_file_format, path, frames );
snprintf( event_file, sizeof(event_file), capture_file_format, path, frames );
Debug( 1, ( "Writing pre-capture frame %d", frames ));
WriteFrameImage( images[i], *(timestamps[i]), event_file );
@ -259,7 +259,8 @@ void Event::AddFrames( int n_frames, Image **images, struct timeval **timestamps
struct DeltaTimeval delta_time;
DELTA_TIMEVAL( delta_time, *(timestamps[i]), start_time, DT_PREC_2 );
sprintf( sql+strlen(sql), "( %d, %d, %s%ld.%02ld ), ", id, frames, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec );
int sql_len = strlen(sql);
snprintf( sql+sql_len, sizeof(sql)-sql_len, "( %d, %d, %s%ld.%02ld ), ", id, frames, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec );
}
Debug( 1, ( "Adding %d frames to DB", n_frames ));
@ -276,7 +277,7 @@ void Event::AddFrame( Image *image, struct timeval timestamp, int score, Image *
frames++;
static char event_file[PATH_MAX];
sprintf( event_file, capture_file_format, path, frames );
snprintf( event_file, sizeof(event_file), capture_file_format, path, frames );
Debug( 1, ( "Writing capture frame %d", frames ));
WriteFrameImage( image, timestamp, event_file );
@ -292,7 +293,7 @@ void Event::AddFrame( Image *image, struct timeval timestamp, int score, Image *
Debug( 1, ( "Adding frame %d to DB", frames ));
static char sql[BUFSIZ];
sprintf( sql, "insert into Frames ( EventId, FrameId, Type, Delta, Score ) values ( %d, %d, '%s', %s%ld.%02ld, %d )", id, frames, frame_type, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec, score );
snprintf( sql, sizeof(sql), "insert into Frames ( EventId, FrameId, Type, Delta, Score ) values ( %d, %d, '%s', %s%ld.%02ld, %d )", id, frames, frame_type, delta_time.positive?"":"-", delta_time.sec, delta_time.fsec, score );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't insert frame: %s", mysql_error( &dbconn ) ));
@ -312,7 +313,7 @@ void Event::AddFrame( Image *image, struct timeval timestamp, int score, Image *
if ( alarm_image )
{
sprintf( event_file, analyse_file_format, path, frames );
snprintf( event_file, sizeof(event_file), analyse_file_format, path, frames );
Debug( 1, ( "Writing analysis frame %d", frames ));
WriteFrameImage( alarm_image, timestamp, event_file, true );
@ -323,7 +324,7 @@ void Event::AddFrame( Image *image, struct timeval timestamp, int score, Image *
{
char diag_glob[PATH_MAX] = "";
sprintf( diag_glob, "%s/%s/diag-*.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name() );
snprintf( diag_glob, sizeof(diag_glob), "%s/%s/diag-*.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name() );
glob_t pglob;
int glob_status = glob( diag_glob, 0, 0, &pglob );
if ( glob_status != 0 )
@ -348,7 +349,7 @@ void Event::AddFrame( Image *image, struct timeval timestamp, int score, Image *
if ( diag_file )
{
sprintf( new_diag_path, general_file_format, path, frames, diag_file );
snprintf( new_diag_path, sizeof(new_diag_path), general_file_format, path, frames, diag_file );
if ( rename( diag_path, new_diag_path ) < 0 )
{
@ -369,7 +370,7 @@ void Event::StreamEvent( int event_id, int scale, int rate, int maxfps )
if ( !initialised )
Initialise();
sprintf( sql, "select M.Id, M.Name, E.Frames, max(F.Delta)-min(F.Delta) as Duration from Events as E inner join Monitors as M on E.MonitorId = M.Id inner join Frames as F on E.Id = F.EventId where E.Id = %d group by E.Id", event_id );
snprintf( sql, sizeof(sql), "select M.Id, M.Name, E.Frames, max(F.Delta)-min(F.Delta) as Duration from Events as E inner join Monitors as M on E.MonitorId = M.Id inner join Frames as F on E.Id = F.EventId where E.Id = %d group by E.Id", event_id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));
@ -390,7 +391,7 @@ void Event::StreamEvent( int event_id, int scale, int rate, int maxfps )
exit( mysql_errno( &dbconn ) );
}
sprintf( eventpath, "%s/%s/%s/%d", ZM_PATH_WEB, (const char *)config.Item( ZM_DIR_EVENTS ), dbrow[1], event_id );
snprintf( eventpath, sizeof(eventpath), "%s/%s/%s/%d", ZM_PATH_WEB, (const char *)config.Item( ZM_DIR_EVENTS ), dbrow[1], event_id );
int frames = atoi(dbrow[2]);
int duration = atoi(dbrow[3]);
@ -411,7 +412,7 @@ void Event::StreamEvent( int event_id, int scale, int rate, int maxfps )
mysql_free_result( result );
sprintf( sql, "select FrameId, EventId, Delta from Frames where EventId = %d order by FrameId", event_id );
snprintf( sql, sizeof(sql), "select FrameId, EventId, Delta from Frames where EventId = %d order by FrameId", event_id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));
@ -456,7 +457,7 @@ void Event::StreamEvent( int event_id, int scale, int rate, int maxfps )
Debug( 2, ( "I:%d, DI:%d, LDBI:%d, DD:%lf, LD:%lf, LDBD:%lf, TD:%lf, DU:%d", id, db_id, last_db_id, db_delta, last_delta, last_db_delta, this_delta, delta_us ));
static char filepath[PATH_MAX];
sprintf( filepath, capture_file_format, eventpath, id );
snprintf( filepath, sizeof(filepath), capture_file_format, eventpath, id );
if ( scale == 100 )
{
@ -516,7 +517,7 @@ void Event::StreamMpeg( int event_id, const char *format, int scale, int rate, i
bool timed_frames = (bool)config.Item( ZM_VIDEO_TIMED_FRAMES );
sprintf( sql, "select M.Id, M.Name, E.Frames, max(F.Delta)-min(F.Delta) as Duration from Events as E inner join Monitors as M on E.MonitorId = M.Id inner join Frames as F on E.Id = F.EventId where E.Id = %d group by E.Id", event_id );
snprintf( sql, sizeof(sql), "select M.Id, M.Name, E.Frames, max(F.Delta)-min(F.Delta) as Duration from Events as E inner join Monitors as M on E.MonitorId = M.Id inner join Frames as F on E.Id = F.EventId where E.Id = %d group by E.Id", event_id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));
@ -537,7 +538,7 @@ void Event::StreamMpeg( int event_id, const char *format, int scale, int rate, i
exit( mysql_errno( &dbconn ) );
}
sprintf( eventpath, "%s/%s/%s/%d", ZM_PATH_WEB, (const char *)config.Item( ZM_DIR_EVENTS ), dbrow[1], event_id );
snprintf( eventpath, sizeof(eventpath), "%s/%s/%s/%d", ZM_PATH_WEB, (const char *)config.Item( ZM_DIR_EVENTS ), dbrow[1], event_id );
int frames = atoi(dbrow[2]);
int duration = atoi(dbrow[3]);
@ -558,7 +559,7 @@ void Event::StreamMpeg( int event_id, const char *format, int scale, int rate, i
mysql_free_result( result );
sprintf( sql, "select FrameId, EventId, Delta from Frames where EventId = %d order by FrameId", event_id );
snprintf( sql, sizeof(sql), "select FrameId, EventId, Delta from Frames where EventId = %d order by FrameId", event_id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));
@ -614,7 +615,7 @@ void Event::StreamMpeg( int event_id, const char *format, int scale, int rate, i
if ( (frame_mod == 1) || (((id-1)%frame_mod) == 0) )
{
static char filepath[PATH_MAX];
sprintf( filepath, capture_file_format, eventpath, id );
snprintf( filepath, sizeof(filepath), capture_file_format, eventpath, id );
Image image( filepath );

View File

@ -70,9 +70,9 @@ protected:
timestamp_on_capture = (bool)config.Item( ZM_TIMESTAMP_ON_CAPTURE );
bulk_frame_interval = (int)config.Item( ZM_BULK_FRAME_INTERVAL );
sprintf( capture_file_format, "%%s/%%0%dd-capture.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
sprintf( analyse_file_format, "%%s/%%0%dd-analyse.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
sprintf( general_file_format, "%%s/%%0%dd-%%s.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
snprintf( capture_file_format, sizeof(capture_file_format), "%%s/%%0%dd-capture.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
snprintf( analyse_file_format, sizeof(analyse_file_format), "%%s/%%0%dd-analyse.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
snprintf( general_file_format, sizeof(general_file_format), "%%s/%%0%dd-%%s.jpg", (int)config.Item( ZM_EVENT_IMAGE_DIGITS ) );
}
public:

View File

@ -711,7 +711,7 @@ void Image::Timestamp( const char *label, const time_t when, const Coord &coord
char text[64];
if ( label )
{
sprintf( text, "%s - %s", label, time_text );
snprintf( text, sizeof(text), "%s - %s", label, time_text );
Annotate( text, coord );
}
else

View File

@ -62,7 +62,7 @@ void LocalCamera::Initialise()
{
char device_path[64];
sprintf( device_path, "/dev/video%d", device );
snprintf( device_path, sizeof(device_path), "/dev/video%d", device );
if ( (m_videohandle=open(device_path, O_RDWR)) < 0 )
{
Error(( "Failed to open video device %s: %s", device_path, strerror(errno) ));
@ -256,7 +256,7 @@ bool LocalCamera::GetCurrentSettings( int device, char *output, bool verbose )
char device_path[64];
output[0] = 0;
sprintf( device_path, "/dev/video%d", device );
snprintf( device_path, sizeof(device_path), "/dev/video%d", device );
if ( verbose )
sprintf( output, output+strlen(output), "Checking Video Device: %s\n", device_path );
if ( (m_videohandle=open(device_path, O_RDWR)) <=0 )

View File

@ -85,7 +85,7 @@ Monitor::Monitor(
name = new char[strlen(p_name)+1];
strcpy( name, p_name );
strcpy( label_format, p_label_format );
strncpy( label_format, p_label_format, sizeof(label_format) );
camera = new LocalCamera( p_device, p_channel, p_format, (p_orientation%2)?width:height, (orientation%2)?height:width, p_palette, purpose==CAPTURE );
@ -141,7 +141,7 @@ Monitor::Monitor(
name = new char[strlen(p_name)+1];
strcpy( name, p_name );
strcpy( label_format, p_label_format );
strncpy( label_format, p_label_format, sizeof(label_format) );
camera = new RemoteCamera( p_host, p_port, p_path, (p_orientation%2)?width:height, (orientation%2)?height:width, p_palette, purpose==CAPTURE );
@ -261,7 +261,7 @@ void Monitor::Setup()
{
static char path[PATH_MAX];
strcpy( path, (const char *)config.Item( ZM_DIR_EVENTS ) );
strncpy( path, (const char *)config.Item( ZM_DIR_EVENTS ), sizeof(path) );
struct stat statbuf;
errno = 0;
@ -274,7 +274,7 @@ void Monitor::Setup()
}
}
sprintf( path, "%s/%s", (const char *)config.Item( ZM_DIR_EVENTS ), name );
snprintf( path, sizeof(path), "%s/%s", (const char *)config.Item( ZM_DIR_EVENTS ), name );
errno = 0;
stat( path, &statbuf );
@ -321,7 +321,7 @@ int Monitor::GetImage( int index, int scale ) const
}
static char filename[PATH_MAX];
sprintf( filename, "%s.jpg", name );
snprintf( filename, sizeof(filename), "%s.jpg", name );
if ( !timestamp_on_capture )
{
TimestampImage( &snap_image, snap->timestamp->tv_sec );
@ -571,7 +571,7 @@ void Monitor::DumpZoneImage()
zone_image.Hatch( colour, &(zones[i]->Limits()) );
}
static char filename[PATH_MAX];
sprintf( filename, "%s-Zones.jpg", name );
snprintf( filename, sizeof(filename), "%s-Zones.jpg", name );
zone_image.WriteJpeg( filename );
}
@ -579,10 +579,10 @@ void Monitor::DumpImage( Image *dump_image ) const
{
if ( image_count && !(image_count%10) )
{
static char new_filename[PATH_MAX];
static char filename[PATH_MAX];
sprintf( filename, "%s.jpg", name );
sprintf( new_filename, "%s-new.jpg", name );
static char new_filename[PATH_MAX];
snprintf( filename, sizeof(filename), "%s.jpg", name );
snprintf( new_filename, sizeof(new_filename), "%s-new.jpg", name );
dump_image->WriteJpeg( new_filename );
rename( new_filename, filename );
}
@ -856,11 +856,11 @@ int Monitor::Load( int device, Monitor **&monitors, Purpose purpose )
static char sql[BUFSIZ];
if ( device == -1 )
{
strcpy( sql, "select Id, Name, Function+0, Device, Channel, Format, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Local'" );
strncpy( sql, "select Id, Name, Function+0, Device, Channel, Format, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Local'", sizeof(sql) );
}
else
{
sprintf( sql, "select Id, Name, Function+0, Device, Channel, Format, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Local' and Device = %d", device );
snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Device, Channel, Format, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Local' and Device = %d", device );
}
if ( mysql_query( &dbconn, sql ) )
{
@ -925,11 +925,11 @@ int Monitor::Load( const char *host, const char*port, const char *path, Monitor
static char sql[BUFSIZ];
if ( !host )
{
strcpy( sql, "select Id, Name, Function+0, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Remote'" );
strncpy( sql, "select Id, Name, Function+0, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Remote'", sizeof(sql) );
}
else
{
sprintf( sql, "select Id, Name, Function+0, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Remote' and Host = '%s' and Port = '%s' and Path = '%s'", host, port, path );
snprintf( sql, sizeof(sql), "select Id, Name, Function+0, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Function != 'None' and Type = 'Remote' and Host = '%s' and Port = '%s' and Path = '%s'", host, port, path );
}
if ( mysql_query( &dbconn, sql ) )
{
@ -992,7 +992,7 @@ int Monitor::Load( const char *host, const char*port, const char *path, Monitor
Monitor *Monitor::Load( int id, bool load_zones, Purpose purpose )
{
static char sql[BUFSIZ];
sprintf( sql, "select Id, Name, Type, Function+0, Device, Channel, Format, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Id = %d", id );
snprintf( sql, sizeof(sql), "select Id, Name, Type, Function+0, Device, Channel, Format, Host, Port, Path, Width, Height, Palette, Orientation+0, LabelFormat, LabelX, LabelY, ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, SectionLength, FrameSkip, MaxFPS, FPSReportInterval, RefBlendPerc from Monitors where Id = %d", id );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));
@ -1362,7 +1362,7 @@ unsigned int Monitor::Compare( const Image &comp_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-r.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), name );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-r.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), name );
}
ref_image.WriteJpeg( diag_path );
}
@ -1374,7 +1374,7 @@ unsigned int Monitor::Compare( const Image &comp_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), name );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), name );
}
delta_image->WriteJpeg( diag_path );
}

View File

@ -198,7 +198,7 @@ public:
static char label_text[256];
strftime( label_time_text, sizeof(label_time_text), label_format, localtime( &ts_time ) );
sprintf( label_text, label_time_text, name );
snprintf( label_text, sizeof(label_text), label_time_text, name );
ts_image->Annotate( label_text, label_coord );
}

View File

@ -108,15 +108,15 @@ void RemoteCamera::Initialise()
if ( !request[0] )
{
sprintf( request, "GET %s HTTP/%s\n", path, (const char *)config.Item( ZM_HTTP_VERSION ) );
sprintf( &(request[strlen(request)]), "User-Agent: %s/%s\n", (const char *)config.Item( ZM_HTTP_UA ), ZM_VERSION );
sprintf( &(request[strlen(request)]), "Host: %s\n", host );
sprintf( &(request[strlen(request)]), "Connection: Keep-Alive\n" );
snprintf( request, sizeof(request), "GET %s HTTP/%s\n", path, (const char *)config.Item( ZM_HTTP_VERSION ) );
snprintf( &(request[strlen(request)]), sizeof(request)-strlen(request), "User-Agent: %s/%s\n", (const char *)config.Item( ZM_HTTP_UA ), ZM_VERSION );
snprintf( &(request[strlen(request)]), sizeof(request)-strlen(request), "Host: %s\n", host );
snprintf( &(request[strlen(request)]), sizeof(request)-strlen(request), "Connection: Keep-Alive\n" );
if ( auth )
{
sprintf( &(request[strlen(request)]), "Authorization: Basic %s\n", auth64 );
snprintf( &(request[strlen(request)]), sizeof(request)-strlen(request), "Authorization: Basic %s\n", auth64 );
}
sprintf( &(request[strlen(request)]), "\n" );
snprintf( &(request[strlen(request)]), sizeof(request)-strlen(request), "\n" );
Debug( 2, ( "Request: %s", request ));
}
if ( !timeout.tv_sec )
@ -369,7 +369,7 @@ int RemoteCamera::GetResponse()
if ( !subheader_expr )
{
char subheader_pattern[256] = "";
sprintf( subheader_pattern, "^((?:\r?\n){0,2}?(?:--)?%s\r?\n.+?\r?\n\r?\n)", content_boundary );
snprintf( subheader_pattern, sizeof(subheader_pattern), "^((?:\r?\n){0,2}?(?:--)?%s\r?\n.+?\r?\n\r?\n)", content_boundary );
subheader_expr = new RegExpr( subheader_pattern, PCRE_DOTALL );
}
if ( subheader_expr->Match( (char *)buffer, (int)buffer ) == 2 )
@ -452,7 +452,7 @@ int RemoteCamera::GetResponse()
if ( !content_expr )
{
char content_pattern[256] = "";
sprintf( content_pattern, "^(.+?)(?:\r?\n){1,2}?(?:--)?%s\r?\n", content_boundary );
snprintf( content_pattern, sizeof(content_pattern), "^(.+?)(?:\r?\n){1,2}?(?:--)?%s\r?\n", content_boundary );
content_expr = new RegExpr( content_pattern, PCRE_DOTALL );
}
}

View File

@ -75,7 +75,7 @@ Zone::~Zone()
void Zone::RecordStats( const Event *event )
{
static char sql[BUFSIZ];
sprintf( sql, "insert into Stats set MonitorId=%d, ZoneId=%d, EventId=%d, FrameId=%d, AlarmPixels=%d, FilterPixels=%d, BlobPixels=%d, Blobs=%d, MinBlobSize=%d, MaxBlobSize=%d, MinX=%d, MinY=%d, MaxX=%d, MaxY=%d, Score=%d", monitor->Id(), id, event->Id(), event->Frames()+1, alarm_pixels, alarm_filter_pixels, alarm_blob_pixels, alarm_blobs, min_blob_size, max_blob_size, alarm_box.LoX(), alarm_box.LoY(), alarm_box.HiX(), alarm_box.HiY(), score );
snprintf( sql, sizeof(sql), "insert into Stats set MonitorId=%d, ZoneId=%d, EventId=%d, FrameId=%d, AlarmPixels=%d, FilterPixels=%d, BlobPixels=%d, Blobs=%d, MinBlobSize=%d, MaxBlobSize=%d, MinX=%d, MinY=%d, MaxX=%d, MaxY=%d, Score=%d", monitor->Id(), id, event->Id(), event->Frames()+1, alarm_pixels, alarm_filter_pixels, alarm_blob_pixels, alarm_blobs, min_blob_size, max_blob_size, alarm_box.LoX(), alarm_box.LoY(), alarm_box.HiX(), alarm_box.HiY(), score );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't insert event stats: %s", mysql_error( &dbconn ) ));
@ -125,7 +125,7 @@ bool Zone::CheckAlarms( const Image *delta_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 1 );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 1 );
}
diff_image->WriteJpeg( diag_path );
}
@ -197,7 +197,7 @@ bool Zone::CheckAlarms( const Image *delta_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 2 );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 2 );
}
diff_image->WriteJpeg( diag_path );
}
@ -341,7 +341,7 @@ bool Zone::CheckAlarms( const Image *delta_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 3 );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 3 );
}
diff_image->WriteJpeg( diag_path );
}
@ -391,7 +391,7 @@ bool Zone::CheckAlarms( const Image *delta_image )
static char diag_path[PATH_MAX] = "";
if ( !diag_path[0] )
{
sprintf( diag_path, "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 4 );
snprintf( diag_path, sizeof(diag_path), "%s/%s/diag-%d-%d.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), id, 4 );
}
diff_image->WriteJpeg( diag_path );
}
@ -455,7 +455,7 @@ bool Zone::CheckAlarms( const Image *delta_image )
int Zone::Load( Monitor *monitor, Zone **&zones )
{
static char sql[BUFSIZ];
sprintf( sql, "select Id,Name,Type+0,Units,LoX,LoY,HiX,HiY,AlarmRGB,CheckMethod+0,MinPixelThreshold,MaxPixelThreshold,MinAlarmPixels,MaxAlarmPixels,FilterX,FilterY,MinFilterPixels,MaxFilterPixels,MinBlobPixels,MaxBlobPixels,MinBlobs,MaxBlobs from Zones where MonitorId = %d order by Type, Id", monitor->Id() );
snprintf( sql, sizeof(sql), "select Id,Name,Type+0,Units,LoX,LoY,HiX,HiY,AlarmRGB,CheckMethod+0,MinPixelThreshold,MaxPixelThreshold,MinAlarmPixels,MaxAlarmPixels,FilterX,FilterY,MinFilterPixels,MaxFilterPixels,MinBlobPixels,MaxBlobPixels,MinBlobs,MaxBlobs from Zones where MonitorId = %d order by Type, Id", monitor->Id() );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));

View File

@ -119,9 +119,9 @@ int main( int argc, char *argv[] )
}
char dbg_name_string[16];
sprintf( dbg_name_string, "zma-m%d", id );
snprintf( dbg_name_string, sizeof(dbg_name_string), "zma-m%d", id );
zm_dbg_name = dbg_name_string;
//sprintf( zm_dbg_log, "/tmp/zma-%d.log", id );
//snprintf( zm_dbg_log, sizeof(zm_dbg_log), "/tmp/zma-%d.log", id );
//zm_dbg_level = 1;
zmDbgInit();

View File

@ -130,15 +130,15 @@ int main( int argc, char *argv[] )
char dbg_name_string[16];
if ( device >= 0 )
{
sprintf( dbg_name_string, "zmc-d%d", device );
snprintf( dbg_name_string, sizeof(dbg_name_string), "zmc-d%d", device );
}
else if ( host[0] )
{
sprintf( dbg_name_string, "zmc-h%s", host );
snprintf( dbg_name_string, sizeof(dbg_name_string), "zmc-h%s", host );
}
else
{
sprintf( dbg_name_string, "zmc-m%d", monitor_id );
snprintf( dbg_name_string, sizeof(dbg_name_string), "zmc-m%d", monitor_id );
}
zm_dbg_name = dbg_name_string;

View File

@ -80,7 +80,7 @@ int OpenSocket( int monitor_id )
}
char sock_path[PATH_MAX] = "";
sprintf( sock_path, "%s/zmf-%d.sock", (const char *)config.Item( ZM_PATH_SOCKS ), monitor_id );
snprintf( sock_path, sizeof(sock_path), "%s/zmf-%d.sock", (const char *)config.Item( ZM_PATH_SOCKS ), monitor_id );
if ( unlink( sock_path ) < 0 )
{
Warning(( "Can't unlink '%s': %s", sock_path, strerror(errno) ));
@ -88,7 +88,7 @@ int OpenSocket( int monitor_id )
struct sockaddr_un addr;
strcpy( addr.sun_path, sock_path );
strncpy( addr.sun_path, sock_path, sizeof(addr.sun_path) );
addr.sun_family = AF_UNIX;
if ( bind( sd, (struct sockaddr *)&addr, strlen(addr.sun_path)+sizeof(addr.sun_family)) < 0 )
@ -186,9 +186,9 @@ int main( int argc, char *argv[] )
}
char dbg_name_string[16];
sprintf( dbg_name_string, "zmf-m%d", id );
snprintf( dbg_name_string, sizeof(dbg_name_string), "zmf-m%d", id );
zm_dbg_name = dbg_name_string;
//sprintf( zm_dbg_log, "/tmp/zmf-%d.log", id );
//snprintf( zm_dbg_log, sizeof(zm_dbg_log), "/tmp/zmf-%d.log", id );
//zm_dbg_level = 1;
zmDbgInit();
@ -288,7 +288,7 @@ int main( int argc, char *argv[] )
continue;
}
static char path[PATH_MAX] = "";
sprintf( path, "%s/%s/%ld/%03ld-%s.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), frame_header.event_id, frame_header.frame_id, frame_header.alarm_frame?"analyse":"capture" );
snprintf( path, sizeof(path), "%s/%s/%ld/%03ld-%s.jpg", (const char *)config.Item( ZM_DIR_EVENTS ), monitor->Name(), frame_header.event_id, frame_header.frame_id, frame_header.alarm_frame?"analyse":"capture" );
Debug( 1, ( "Got image, writing to %s", path ));
FILE *fd = 0;

View File

@ -35,7 +35,7 @@ bool fixDevice( int device )
{
char device_path[64];
sprintf( device_path, "/dev/video%d", device );
snprintf( device_path, sizeof(device_path), "/dev/video%d", device );
struct stat stat_buf;
@ -106,8 +106,8 @@ int main( int argc, char *argv[] )
zmDbConnect( ZM_DB_USERA, ZM_DB_PASSA );
static char sql[BUFSIZ];
//sprintf( sql, "select distinct Device from Monitors where Function != 'None' and Type = 'Local'" );
sprintf( sql, "select distinct Device from Monitors where Type = 'Local'" );
//snprintf( sql, sizeof(sql), "select distinct Device from Monitors where Function != 'None' and Type = 'Local'" );
snprintf( sql, sizeof(sql), "select distinct Device from Monitors where Type = 'Local'" );
if ( mysql_query( &dbconn, sql ) )
{
Error(( "Can't run query: %s", mysql_error( &dbconn ) ));

View File

@ -52,11 +52,11 @@ int main( int argc, const char *argv[] )
Debug( 1, ( "Query: %s", query ));
char temp_query[1024];
strcpy( temp_query, query );
strncpy( temp_query, query, sizeof(temp_query) );
char *q_ptr = temp_query;
char *parms[16]; // Shouldn't be more than this
int parm_no = 0;
while( (parms[parm_no] = strtok( q_ptr, "&" )) )
while( (parm_no < 16) && (parms[parm_no] = strtok( q_ptr, "&" )) )
{
parm_no++;
q_ptr = NULL;

View File

@ -92,7 +92,7 @@ bool ValidateAccess( const char *username, const char *password, int mon_id, Fun
}
char sql[BUFSIZ] = "";
sprintf( sql, "select Username, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );
snprintf( sql, sizeof(sql), "select Username, Stream+0, Events+0, Monitors+0, System+0, MonitorIds from Users where Username = '%s' and Password = password('%s') and Enabled = 1", username, password );
if ( mysql_query( &dbconn, sql ) )
{
@ -145,7 +145,7 @@ bool ValidateAccess( const char *username, const char *password, int mon_id, Fun
if ( monitor_ids && monitor_ids[0] )
{
char mon_id_str[256] = "";
strcpy( mon_id_str, monitor_ids );
strncpy( mon_id_str, monitor_ids, sizeof(mon_id_str) );
char *mon_id_str_ptr = mon_id_str;
char *mon_id_ptr = 0;
bool found_mon_id = false;