rfivet/uemacs
1
0
Fork 0
mirror of https://github.com/rfivet/uemacs.git synced 2024-11-17 18:16:22 -05:00
Code Releases Activity

Review mlforce to avoid necessity to double '%' in input string, thus avoiding potential buffer overflow in caller functions (mdbugout and write-message).

Browse Source
This commit is contained in:
Renaud 2015-01-15 17:57:12 +08:00
parent 01a84a3ac0
commit 434c9ba7ab
3 changed files with 14 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
display.c
View File

@ -1418,13 +1418,12 @@ void mlwrite(const char *fmt, ...)
* *
* char *s; string to force out * char *s; string to force out
*/ */
void mlforce(char *s) void mlforce( char *s) {
{
int oldcmd; /* original command display flag */ int oldcmd; /* original command display flag */
oldcmd = discmd; /* save the discmd value */ oldcmd = discmd; /* save the discmd value */
discmd = TRUE; /* and turn display on */ discmd = TRUE; /* and turn display on */
mlwrite(s); /* write the string out */ mlwrite( "%s", s) ; /* write the string out */
discmd = oldcmd; /* and restore the original setting */ discmd = oldcmd; /* and restore the original setting */
} }

26
eval.c
View File

@ -799,7 +799,6 @@ int setvar(int f, int n)
int mdbugout( char *fmt, char *s1, char *s2, char *s3) { int mdbugout( char *fmt, char *s1, char *s2, char *s3) {
char outline[ NSTRING] ; /* global string to hold debug line text */ char outline[ NSTRING] ; /* global string to hold debug line text */
int c, size ; /* input from kbd, output to terminal */ int c, size ; /* input from kbd, output to terminal */
char *sp ; /* temp string pointer */
/* insure debug info fits in terminal and buffer width */ /* insure debug info fits in terminal and buffer width */
size = term.t_ncol + 1 ; size = term.t_ncol + 1 ;
@ -809,33 +808,14 @@ int mdbugout( char *fmt, char *s1, char *s2, char *s3) {
/* assignment status ; variable name ; value we tried to assign */ /* assignment status ; variable name ; value we tried to assign */
snprintf( outline, size, fmt, s1, s2, s3) ; snprintf( outline, size, fmt, s1, s2, s3) ;
/* expand '%' to "%%" so mlwrite wont bitch */
sp = outline;
while (*sp)
if (*sp++ == '%') {
char *ep ; /* ptr to end of outline */
/* advance to the end */
ep = --sp;
while (*ep++);
/* null terminate the string one out */
*(ep + 1) = 0;
/* copy backwards */
while (ep-- > sp)
*(ep + 1) = *ep;
/* and advance sp past the new % */
sp += 2;
}
/* write out the debug line */ /* write out the debug line */
mlforce(outline); mlforce( outline) ;
update(TRUE); update( TRUE) ;
/* and get the keystroke to hold the output */ /* and get the keystroke to hold the output */
c = get1key() ; c = get1key() ;
if( c == abortc) if( c == abortc)
mlforce("(Macro aborted)"); mlforce( "(Macro aborted)") ;
return c ; return c ;
} }

33
random.c
View File

@ -1016,10 +1016,9 @@ int adjustmode(int kind, int global)
* *
* int f, n; arguments ignored * int f, n; arguments ignored
*/ */
int clrmes(int f, int n) int clrmes( int f, int n) {
{ mlforce( "") ;
mlforce(""); return TRUE ;
return TRUE;
} }
/* /*
@ -1028,31 +1027,17 @@ int clrmes(int f, int n)
* *
* int f, n; arguments ignored * int f, n; arguments ignored
*/ */
int writemsg(int f, int n) int writemsg( int f, int n) {
{
char *sp; /* pointer into buf to expand %s */
char *np; /* ptr into nbuf */
int status; int status;
char buf[ NSTRING] ; /* buffer to recieve message into */ char buf[ NSTRING] ; /* buffer to recieve message into */
char nbuf[ NSTRING * 2] ; /* buffer to expand string into */
if ((status = status = mlreply( "Message to write: ", buf, sizeof buf - 1) ;
mlreply("Message to write: ", buf, sizeof buf - 1)) != TRUE) if( status != TRUE)
return status; return status ;
/* expand all '%' to "%%" so mlwrite won't expect arguments */
sp = buf;
np = nbuf;
while (*sp) {
*np++ = *sp;
if (*sp++ == '%')
*np++ = '%';
}
*np = '\0';
/* write the message out */ /* write the message out */
mlforce(nbuf); mlforce( buf) ;
return TRUE; return TRUE ;
} }
#if CFENCE #if CFENCE