kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/archivers/sharutils/files/patch-buffer-check
Simon L. B. Nielsen c79324b8fc Security update to sharutils: 
- Fix two buffer overflows. [1]
- Fix format string handling problems with command line parsing
  shar -o. [2]

Obtained from:	Gentoo [1] [2]
Patch by:	Michael Schröder [2]
VuXML:		26c9e8c6-1c99-11d9-814e-0001020eed82 [1]
Approved by:	erwin
2004-10-13 10:17:01 +00:00

98 lines
2.4 KiB
Text
Raw Blame History

Index: src/shar.c
===================================================================
RCS file: /home/ke/cvsroot/sharutils/src/shar.c,v
retrieving revision 1.22
diff -u -r1.22 shar.c
--- src/shar.c 2 Dec 2002 20:52:10 -0000 1.22
+++ src/shar.c 15 May 2004 09:13:16 -0000
@@ -255,11 +255,11 @@
/* Position for first file in the shar file. */
static off_t first_file_position;
-/* Base for output filename. FIXME: No fix limit in GNU... */
-static char output_base_name[50];
+/* Base for output filename. */
+static char *output_base_name;
-/* Actual output filename. FIXME: No fix limit in GNU... */
-static char output_filename[50];
+/* Actual output filename. */
+static char *output_filename;
static char *submitter_address = NULL;
@@ -1727,7 +1727,12 @@
static void
open_output ()
{
- sprintf (output_filename, output_base_name, ++part_number);
+ size_t l;
+ l = strlen(output_base_name) + 128;
+ if (output_filename)
+ free(output_filename);
+ output_filename = xmalloc(l);
+ snprintf(output_filename, l, output_base_name, ++part_number);
output = fopen (output_filename, "w");
if (!output)
error (EXIT_FAILURE, errno, _("Opening `%s'"), output_filename);
@@ -1907,6 +1912,42 @@
file_size_limit = lim;
}
+
+char *parse_output_base_name(char *arg)
+{
+ int c;
+ int hadarg = 0;
+ char *fmt, *p;
+
+ for (p = arg ; (c = *p++) != 0; )
+ {
+ if (c != '%')
+ continue;
+ c = *p++;
+ if (c == '%')
+ continue;
+ if (hadarg)
+ return 0;
+ while (c != 0 && strchr("#0+- 'I", c) != 0)
+ c = *p++;
+ while (c != 0 && c >= '0' && c <= '9')
+ c = *p++;
+ if (c == '.')
+ c = *p++;
+ while (c != 0 && c >= '0' && c <= '9')
+ c = *p++;
+ if (c == 0 || strchr("diouxX", c) == 0)
+ return 0;
+ hadarg = 1;
+ }
+ fmt = xmalloc(strlen(arg) + (hadarg ? 1 : 6));
+ strcpy(fmt, arg);
+ if (!hadarg)
+ strcat(fmt, ".%02d");
+ return fmt;
+}
+
+
/*---.
| ? |
`---*/
@@ -2047,9 +2088,14 @@
break;
case 'o':
- strcpy (output_base_name, optarg);
- if (!strchr (output_base_name, '%'))
- strcat (output_base_name, ".%02d");
+ if (output_base_name)
+ free (output_base_name);
+ output_base_name = parse_output_base_name(optarg);
+ if (!output_base_name)
+ {
+ fprintf (stderr, _("illegal output prefix\n"));
+ exit (EXIT_FAILURE);
+ }
part_number = 0;
open_output ();
break;
Reference in a new issue View git blame Copy permalink