c79324b8fc
- Fix two buffer overflows. [1] - Fix format string handling problems with command line parsing shar -o. [2] Obtained from: Gentoo [1] [2] Patch by: Michael Schröder [2] VuXML: 26c9e8c6-1c99-11d9-814e-0001020eed82 [1] Approved by: erwin
98 lines
2.4 KiB
Text
98 lines
2.4 KiB
Text
Index: src/shar.c
|
|
===================================================================
|
|
RCS file: /home/ke/cvsroot/sharutils/src/shar.c,v
|
|
retrieving revision 1.22
|
|
diff -u -r1.22 shar.c
|
|
--- src/shar.c 2 Dec 2002 20:52:10 -0000 1.22
|
|
+++ src/shar.c 15 May 2004 09:13:16 -0000
|
|
@@ -255,11 +255,11 @@
|
|
/* Position for first file in the shar file. */
|
|
static off_t first_file_position;
|
|
|
|
-/* Base for output filename. FIXME: No fix limit in GNU... */
|
|
-static char output_base_name[50];
|
|
+/* Base for output filename. */
|
|
+static char *output_base_name;
|
|
|
|
-/* Actual output filename. FIXME: No fix limit in GNU... */
|
|
-static char output_filename[50];
|
|
+/* Actual output filename. */
|
|
+static char *output_filename;
|
|
|
|
static char *submitter_address = NULL;
|
|
|
|
@@ -1727,7 +1727,12 @@
|
|
static void
|
|
open_output ()
|
|
{
|
|
- sprintf (output_filename, output_base_name, ++part_number);
|
|
+ size_t l;
|
|
+ l = strlen(output_base_name) + 128;
|
|
+ if (output_filename)
|
|
+ free(output_filename);
|
|
+ output_filename = xmalloc(l);
|
|
+ snprintf(output_filename, l, output_base_name, ++part_number);
|
|
output = fopen (output_filename, "w");
|
|
if (!output)
|
|
error (EXIT_FAILURE, errno, _("Opening `%s'"), output_filename);
|
|
@@ -1907,6 +1912,42 @@
|
|
file_size_limit = lim;
|
|
}
|
|
|
|
+
|
|
+char *parse_output_base_name(char *arg)
|
|
+{
|
|
+ int c;
|
|
+ int hadarg = 0;
|
|
+ char *fmt, *p;
|
|
+
|
|
+ for (p = arg ; (c = *p++) != 0; )
|
|
+ {
|
|
+ if (c != '%')
|
|
+ continue;
|
|
+ c = *p++;
|
|
+ if (c == '%')
|
|
+ continue;
|
|
+ if (hadarg)
|
|
+ return 0;
|
|
+ while (c != 0 && strchr("#0+- 'I", c) != 0)
|
|
+ c = *p++;
|
|
+ while (c != 0 && c >= '0' && c <= '9')
|
|
+ c = *p++;
|
|
+ if (c == '.')
|
|
+ c = *p++;
|
|
+ while (c != 0 && c >= '0' && c <= '9')
|
|
+ c = *p++;
|
|
+ if (c == 0 || strchr("diouxX", c) == 0)
|
|
+ return 0;
|
|
+ hadarg = 1;
|
|
+ }
|
|
+ fmt = xmalloc(strlen(arg) + (hadarg ? 1 : 6));
|
|
+ strcpy(fmt, arg);
|
|
+ if (!hadarg)
|
|
+ strcat(fmt, ".%02d");
|
|
+ return fmt;
|
|
+}
|
|
+
|
|
+
|
|
/*---.
|
|
| ? |
|
|
`---*/
|
|
@@ -2047,9 +2088,14 @@
|
|
break;
|
|
|
|
case 'o':
|
|
- strcpy (output_base_name, optarg);
|
|
- if (!strchr (output_base_name, '%'))
|
|
- strcat (output_base_name, ".%02d");
|
|
+ if (output_base_name)
|
|
+ free (output_base_name);
|
|
+ output_base_name = parse_output_base_name(optarg);
|
|
+ if (!output_base_name)
|
|
+ {
|
|
+ fprintf (stderr, _("illegal output prefix\n"));
|
|
+ exit (EXIT_FAILURE);
|
|
+ }
|
|
part_number = 0;
|
|
open_output ();
|
|
break;
|