--- sccw.c.orig Thu Sep 5 19:58:09 1996 +++ sccw.c Sat Sep 7 10:05:52 1996 @@ -22,6 +22,8 @@ extern int AdLib_found(); extern int Play_sound(); +int Ask_numeric(int min, int max); + /* If no config file is found in the users' home directory, then these */ /* defaults will be used instead */ @@ -122,7 +124,8 @@ FILE *f; int ch; fprintf(stdout,"Enter filename : "); - fscanf(stdin,"%s",fname); + fgets(fname, 255, stdin); + fname[strlen(fname) - 1] = '\0'; if ((f = fopen(fname,"rt")) == NULL) { fprintf(stderr,"Error opening file.\n"); @@ -169,7 +172,7 @@ fprintf(stdout," 2. Letters A to Z, digits 0 to 9\n"); fprintf(stdout," 3. Letters A to Z, digits 0 to 9, question mark, slant\n"); fprintf(stdout,"Enter your choice : "); - fscanf(stdin,"%d",&choice); + choice = Ask_numeric(1, 3); return(choice); } @@ -179,8 +182,8 @@ int Ask_num_grps() { int choice; - fprintf(stdout,"Enter number of 5 character groups : "); - fscanf(stdin,"%d",&choice); + fprintf(stdout,"Enter number of 5 character groups (1-200) : "); + choice = Ask_numeric(1, 200); return(choice); } @@ -191,7 +194,7 @@ { int choice; fprintf(stdout,"Enter frequency (100-6000) : "); - fscanf(stdin,"%d",&choice); + choice = Ask_numeric(100, 6000); return(choice); } @@ -205,7 +208,7 @@ { int choice; fprintf(stdout,"Enter volume (0-64) : "); - fscanf(stdin,"%d",&choice); + choice = Ask_numeric(0, 64); return(choice); } @@ -216,7 +219,7 @@ { int choice; fprintf(stdout,"Enter speed (3-50) : "); - fscanf(stdin,"%d",&choice); + choice = Ask_numeric(3, 50); return(choice); } @@ -228,12 +231,51 @@ int Ask_delay() { int choice; - fprintf(stdout,"Enter delay between each character : "); - fscanf(stdin,"%d",&choice); + fprintf(stdout,"Enter delay between each character (1-5) : "); + choice = Ask_numeric(1, 5); return(choice); } /************************************************************************/ +/* Get a numeric value, between min and max (inclusive). */ +/* Written by John Gotts . */ +/************************************************************************/ +int Ask_numeric(int min, int max) +{ + char buffer[LINE_LENGTH]; + int valid = FALSE; + int attempts = 0; + int i; + int number; + while (! valid) + { + attempts++; + if (attempts > 1) + fprintf(stdout,"Try again : "); + fgets(buffer, LINE_LENGTH, stdin); + valid = TRUE; + i = 0; + while (*(buffer + i) != '\0' && ! isspace (*(buffer + i))) + if (! (isdigit (*(buffer + i)))) + { + fprintf (stderr, "Error: Expected a positive integer argument.\n"); + valid = FALSE; + break; + } + else + i++; + if (! i) valid = FALSE; + if (valid) + { + sscanf(buffer, "%d", &number); + if (number < min || number > max) + valid = FALSE; + } + } + return number; +} + +/************************************************************************/ /* This is the nerve center. Nearly everything can be adjusted here */ /************************************************************************/ int menu() @@ -257,8 +299,7 @@ fprintf(stdout,"9. QUIT\n"); fprintf(stdout,"==========================================================\n"); fprintf(stdout,"Enter your choice : "); - fscanf(stdin,"%d",&choice); - getchar(); /* flush from buffer */ + choice = Ask_numeric(1, 9); switch(choice) { case 1: Morse_speed = Ask_speed(); break; @@ -271,7 +312,7 @@ case 8: Send_file(); break; case 9: return(0); break; } - return(1); + return(1); /* To satisfy lint. */ } /************************************************************************/ @@ -288,6 +329,7 @@ cf = fopen(home_dir,"rt"); if (cf== NULL) return(1); /* file doesn't exist - use builtin settings */ + /* Potential security hole. */ fscanf(cf,"%d",&Morse_speed); fscanf(cf,"%d",&AdLib_tone); fscanf(cf,"%d",&AdLib_vol); @@ -328,6 +370,11 @@ int main(int argc, char *argv[]) { time_t *t=NULL,seed; + if (geteuid()) + { + fprintf(stderr,"This program must run as root.\n"); + exit(1); + } ioperm(reg_port,17,1); ioperm(data_port,17,1); if (!(AdLib_found))