mirror of
https://github.com/rfivet/uemacs.git
synced 2024-12-19 07:46:24 -05:00
Review mlforce to avoid necessity to double '%' in input string, thus avoiding potential buffer overflow in caller functions (mdbugout and write-message).
This commit is contained in:
parent
01a84a3ac0
commit
434c9ba7ab
@ -1418,13 +1418,12 @@ void mlwrite(const char *fmt, ...)
|
||||
*
|
||||
* char *s; string to force out
|
||||
*/
|
||||
void mlforce(char *s)
|
||||
{
|
||||
void mlforce( char *s) {
|
||||
int oldcmd; /* original command display flag */
|
||||
|
||||
oldcmd = discmd; /* save the discmd value */
|
||||
discmd = TRUE; /* and turn display on */
|
||||
mlwrite(s); /* write the string out */
|
||||
mlwrite( "%s", s) ; /* write the string out */
|
||||
discmd = oldcmd; /* and restore the original setting */
|
||||
}
|
||||
|
||||
|
26
eval.c
26
eval.c
@ -799,7 +799,6 @@ int setvar(int f, int n)
|
||||
int mdbugout( char *fmt, char *s1, char *s2, char *s3) {
|
||||
char outline[ NSTRING] ; /* global string to hold debug line text */
|
||||
int c, size ; /* input from kbd, output to terminal */
|
||||
char *sp ; /* temp string pointer */
|
||||
|
||||
/* insure debug info fits in terminal and buffer width */
|
||||
size = term.t_ncol + 1 ;
|
||||
@ -809,33 +808,14 @@ int mdbugout( char *fmt, char *s1, char *s2, char *s3) {
|
||||
/* assignment status ; variable name ; value we tried to assign */
|
||||
snprintf( outline, size, fmt, s1, s2, s3) ;
|
||||
|
||||
/* expand '%' to "%%" so mlwrite wont bitch */
|
||||
sp = outline;
|
||||
while (*sp)
|
||||
if (*sp++ == '%') {
|
||||
char *ep ; /* ptr to end of outline */
|
||||
|
||||
/* advance to the end */
|
||||
ep = --sp;
|
||||
while (*ep++);
|
||||
/* null terminate the string one out */
|
||||
*(ep + 1) = 0;
|
||||
/* copy backwards */
|
||||
while (ep-- > sp)
|
||||
*(ep + 1) = *ep;
|
||||
|
||||
/* and advance sp past the new % */
|
||||
sp += 2;
|
||||
}
|
||||
|
||||
/* write out the debug line */
|
||||
mlforce(outline);
|
||||
update(TRUE);
|
||||
mlforce( outline) ;
|
||||
update( TRUE) ;
|
||||
|
||||
/* and get the keystroke to hold the output */
|
||||
c = get1key() ;
|
||||
if( c == abortc)
|
||||
mlforce("(Macro aborted)");
|
||||
mlforce( "(Macro aborted)") ;
|
||||
|
||||
return c ;
|
||||
}
|
||||
|
33
random.c
33
random.c
@ -1016,10 +1016,9 @@ int adjustmode(int kind, int global)
|
||||
*
|
||||
* int f, n; arguments ignored
|
||||
*/
|
||||
int clrmes(int f, int n)
|
||||
{
|
||||
mlforce("");
|
||||
return TRUE;
|
||||
int clrmes( int f, int n) {
|
||||
mlforce( "") ;
|
||||
return TRUE ;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1028,31 +1027,17 @@ int clrmes(int f, int n)
|
||||
*
|
||||
* int f, n; arguments ignored
|
||||
*/
|
||||
int writemsg(int f, int n)
|
||||
{
|
||||
char *sp; /* pointer into buf to expand %s */
|
||||
char *np; /* ptr into nbuf */
|
||||
int writemsg( int f, int n) {
|
||||
int status;
|
||||
char buf[ NSTRING] ; /* buffer to recieve message into */
|
||||
char nbuf[ NSTRING * 2] ; /* buffer to expand string into */
|
||||
|
||||
if ((status =
|
||||
mlreply("Message to write: ", buf, sizeof buf - 1)) != TRUE)
|
||||
return status;
|
||||
|
||||
/* expand all '%' to "%%" so mlwrite won't expect arguments */
|
||||
sp = buf;
|
||||
np = nbuf;
|
||||
while (*sp) {
|
||||
*np++ = *sp;
|
||||
if (*sp++ == '%')
|
||||
*np++ = '%';
|
||||
}
|
||||
*np = '\0';
|
||||
status = mlreply( "Message to write: ", buf, sizeof buf - 1) ;
|
||||
if( status != TRUE)
|
||||
return status ;
|
||||
|
||||
/* write the message out */
|
||||
mlforce(nbuf);
|
||||
return TRUE;
|
||||
mlforce( buf) ;
|
||||
return TRUE ;
|
||||
}
|
||||
|
||||
#if CFENCE
|
||||
|
Loading…
Reference in New Issue
Block a user