93 lines
2.6 KiB
Plaintext
93 lines
2.6 KiB
Plaintext
$OpenBSD: patch-aj,v 1.2 1999/04/22 19:05:11 rohee Exp $
|
|
|
|
This patch contains the original patch replacing insecure mktemp()
|
|
usage by secure mkstemp() usage in xvdir.c, as well as the Michael
|
|
Rausch's patch fixing a string buffer where the program failed to
|
|
append '\0'.
|
|
|
|
See ftp://ftp.trilon.com/pub/xv/patches/longname.patch for the original
|
|
patch.
|
|
|
|
It was less annoying to remake the patch than using his one, since it
|
|
isn't ${WRKSRC} relative, and it collides with the original OpenBSD
|
|
patch.
|
|
|
|
--- xvdir.c.reference Wed Apr 21 22:35:43 1999
|
|
+++ xvdir.c Wed Apr 21 22:38:14 1999
|
|
@@ -1213,6 +1213,7 @@
|
|
char *st;
|
|
{
|
|
strncpy(deffname, st, (size_t) MAXFNLEN-1);
|
|
+ deffname[MAXFNLEN-1] = '\0';
|
|
setFName(st);
|
|
}
|
|
|
|
@@ -1620,13 +1621,14 @@
|
|
#else
|
|
strcpy(outFName, "[]xvXXXXXX.lis");
|
|
#endif
|
|
- mktemp(outFName);
|
|
+ fp = fdopen(mkstemp(outFName), "w");
|
|
dopipe = 1;
|
|
}
|
|
|
|
|
|
/* see if file exists (ie, we're overwriting) */
|
|
- if (stat(outFName, &st)==0) { /* stat succeeded, file must exist */
|
|
+ if (dopipe == 0 &&
|
|
+ stat(outFName, &st)==0) { /* stat succeeded, file must exist */
|
|
static char *foo[] = { "\nOk", "\033Cancel" };
|
|
char str[512];
|
|
|
|
@@ -1636,7 +1638,8 @@
|
|
|
|
|
|
/* Open file */
|
|
- fp = fopen(outFName, "w");
|
|
+ if (dopipe == 0)
|
|
+ fp = fopen(outFName, "w");
|
|
if (!fp) {
|
|
char str[512];
|
|
sprintf(str,"Can't write file '%s'\n\n %s.",outFName, ERRSTR(errno));
|
|
|
|
--- /tmp/xv-3.10a.orig/xvbrowse.c Thu Jan 19 18:49:17 1995
|
|
+++ xvbrowse.c Mon Feb 5 23:46:28 1996
|
|
@@ -956,6 +956,7 @@
|
|
char *str;
|
|
{
|
|
strncpy(br->dispstr, str, (size_t) 256);
|
|
+ br->dispstr[255] = '\0';
|
|
drawBrowStr(br);
|
|
XFlush(theDisp);
|
|
}
|
|
@@ -1490,6 +1491,7 @@
|
|
if (StringWidth(str) > ISPACE_WIDE-6) {
|
|
int dotpos;
|
|
strncpy(tmpstr, str, (size_t) 56);
|
|
+ tmpstr[56] = '\0'; /* MR: otherwise it dies on long file names */
|
|
dotpos = strlen(tmpstr);
|
|
strcat(tmpstr,"...");
|
|
|
|
--- /tmp/xv-3.10a.orig/xvpopup.c Thu Jan 19 19:09:31 1995
|
|
+++ xvpopup.c Mon Feb 5 21:50:13 1996
|
|
@@ -560,6 +560,7 @@
|
|
nams[*lenp] = (char *) malloc((size_t) 32);
|
|
if (!nams[*lenp]) { free(vals[*lenp]); continue; }
|
|
strncpy(nams[*lenp], vals[*lenp], (size_t) 31);
|
|
+ nams[*lenp][31] = '\0';
|
|
}
|
|
|
|
if (strlen(nams[*lenp]) > (size_t) 20) { /* fix long names */
|
|
|
|
--- /tmp/xv-3.10a.orig/xvtext.c Sat Jan 14 00:46:28 1995
|
|
+++ xvtext.c Mon Feb 5 21:50:54 1996
|
|
@@ -293,6 +293,7 @@
|
|
tv->textlen = len;
|
|
tv->freeonclose = freeonclose;
|
|
strncpy(tv->title, title, (size_t) TITLELEN-1);
|
|
+ tv->title[TITLELEN-1] = '\0';
|
|
|
|
computeText(tv); /* compute # lines and linestarts array */
|
|
|
|
|