95 lines
2.4 KiB
C
95 lines
2.4 KiB
C
$NetBSD: patch-keytab.c,v 1.1 2021/11/01 21:33:26 fcambus Exp $
|
|
|
|
Fix buffer overflow in 'unknown key sequence' error report.
|
|
|
|
Upstream commit ad97e1337e1e1df934b7f3674fa6c9f7e8eb603f.
|
|
|
|
--- keytab.c.orig 2021-11-01 18:58:59.087368560 +0000
|
|
+++ keytab.c
|
|
@@ -1,5 +1,6 @@
|
|
#include "tweak.h"
|
|
|
|
+#include <stdbool.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
@@ -61,16 +62,33 @@ void bind_key (char *sequence, int len,
|
|
/*
|
|
* Format an ASCII code into a printable description of the key stroke.
|
|
*/
|
|
-static void strkey (char *s, int k) {
|
|
- k &= 255; /* force unsigned */
|
|
- if (k==27)
|
|
- strcpy(s, " ESC");
|
|
- else if (k<32 || k==127)
|
|
- sprintf(s, " ^%c", k ^ 64);
|
|
- else if (k<127)
|
|
- sprintf(s, " %c", k);
|
|
- else
|
|
- sprintf(s, " <0x%2X>", k);
|
|
+struct strkey_state {
|
|
+ char *s, *end;
|
|
+ bool truncated;
|
|
+};
|
|
+static void strkey (struct strkey_state *sks, int k) {
|
|
+ char thisbuf[32];
|
|
+
|
|
+ if (sks->truncated)
|
|
+ return;
|
|
+
|
|
+ if (sks->end - sks->s < 16) {
|
|
+ sks->truncated = true;
|
|
+ strcpy(thisbuf, " ...");
|
|
+ } else {
|
|
+ k &= 255; /* force unsigned */
|
|
+ if (k==27)
|
|
+ strcpy(thisbuf, " ESC");
|
|
+ else if (k<32 || k==127)
|
|
+ sprintf(thisbuf, " ^%c", k ^ 64);
|
|
+ else if (k<127)
|
|
+ sprintf(thisbuf, " %c", k);
|
|
+ else
|
|
+ sprintf(thisbuf, " <0x%2X>", k);
|
|
+ }
|
|
+
|
|
+ strcpy(sks->s, thisbuf);
|
|
+ sks->s += strlen(sks->s);
|
|
}
|
|
|
|
/*
|
|
@@ -89,12 +107,18 @@ void proc_key (void) {
|
|
safe_update = FALSE;
|
|
#endif
|
|
strcpy(message, "Unknown key sequence");
|
|
- strkey(message+strlen(message), last_char);
|
|
+
|
|
+ struct strkey_state sks;
|
|
+ sks.s = message + strlen(message);
|
|
+ sks.end = message + sizeof(message);
|
|
+ sks.truncated = false;
|
|
+
|
|
+ strkey(&sks, last_char);
|
|
kt = base[(unsigned char) last_char];
|
|
if (!kt) {
|
|
display_beep();
|
|
while (display_input_to_flush())
|
|
- strkey(message+strlen(message), display_getkey());
|
|
+ strkey(&sks, display_getkey());
|
|
return;
|
|
}
|
|
|
|
@@ -108,12 +132,12 @@ void proc_key (void) {
|
|
#if defined(unix) && !defined(GO32)
|
|
safe_update = FALSE;
|
|
#endif
|
|
- strkey(message+strlen(message), last_char);
|
|
+ strkey(&sks, last_char);
|
|
kt = kt->e.extended[(unsigned char) last_char];
|
|
if (!kt) {
|
|
display_beep();
|
|
while (display_input_to_flush())
|
|
- strkey(message+strlen(message), display_getkey());
|
|
+ strkey(&sks, display_getkey());
|
|
return;
|
|
}
|
|
}
|