bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent buffer overflow in charset names. Bugreport from Semen Panevin 2:5025/121

Browse Source
This commit is contained in:
Stas Degteff 2011-02-12 22:02:48 +00:00
parent fcd91a8d28
commit b1693b62c7
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
golded3/gccfgg8.cpp
View File

@ -598,10 +598,28 @@ void CfgXlatcharset() {
Map xlt; Map xlt;
char* ptr = strtok(val, " \t\n\r"); char* ptr = strtok(val, " \t\n\r");
short maxtokenlen = sizeof(xlt.imp)-1;
if(ptr) { if(ptr) {
if(strlen(ptr) > maxtokenlen) {
STD_PRINT("* XLATCHARSET parser: Parameter '" << ptr
<< "' too long. It is supposed no more than " << maxtokenlen << " characters. A line 'XLATCHARSET "
<< ptr);
STD_PRINTNL(ptr+strlen(ptr)+1 << "' ignored.");
cfgerrors++;
return;
}
strchg(strupr(strcpy(xlt.imp, ptr)), '_', ' '); strchg(strupr(strcpy(xlt.imp, ptr)), '_', ' ');
ptr = strtok(NULL, " \t\n\r"); ptr = strtok(NULL, " \t\n\r");
if(ptr) { if(ptr) {
if(strlen(ptr) > maxtokenlen) {
STD_PRINT("* XLATCHARSET parser: Parameter '" << ptr
<< "' too long. It is supposed no more than " << maxtokenlen << " characters. A line 'XLATCHARSET "
<< xlt.imp << " " << ptr);
STD_PRINTNL(ptr+strlen(ptr)+1 << "' ignored.");
cfgerrors++;
xlt.imp[0] = '\0';
return;
}
strchg(strupr(strcpy(xlt.exp, ptr)), '_', ' '); strchg(strupr(strcpy(xlt.exp, ptr)), '_', ' ');
ptr = strtok(NULL, " \t\n\r"); ptr = strtok(NULL, " \t\n\r");
if(ptr) { if(ptr) {

31
golded3/gcmisc.cpp
View File

@ -680,7 +680,20 @@ void ReadXlatTables()
} }
break; break;
case 4: case 4:
strcpy(ChsTable.imp, strbtrim(ptr)); {
char *tp = strbtrim(ptr);
if(strlen(tp) >= sizeof(ChsTable.imp)) {
STD_PRINTNL("* " << AddPath(CFG->xlatpath, xlt->mapfile) << ": At line 4 charset name '" << tp
<< "' too long. It is supposed no more than " << sizeof(ChsTable.imp)-1 << " characters. A file ignored.");
cfgerrors++;
ifp.Lseek(0, SEEK_END);
ChsTable.displaylevel = 0;
ChsTable.level = 0;
ChsTable.version = 0;
ChsTable.id = 0;
}
else strcpy(ChsTable.imp, strbtrim(ptr));
}
break; break;
case 5: case 5:
if (ChsTable.level && ChsTable.version!=-1) if (ChsTable.level && ChsTable.version!=-1)
@ -689,7 +702,21 @@ void ReadXlatTables()
strbtrim(ptr), ChsTable.level); strbtrim(ptr), ChsTable.level);
} }
else else
strcpy(ChsTable.exp, strbtrim(ptr)); {
char *tp = strbtrim(ptr);
if(strlen(tp) >= sizeof(ChsTable.exp)) {
STD_PRINTNL("* " << AddPath(CFG->xlatpath, xlt->mapfile) << ": At line 4 charset name '" << tp
<< "' too long. It is supposed no more than " << sizeof(ChsTable.exp)-1 << " characters. A file ignored.");
cfgerrors++;
ifp.Lseek(0, SEEK_END);
ChsTable.displaylevel = 0;
ChsTable.level = 0;
ChsTable.version = 0;
ChsTable.id = 0;
ChsTable.imp[0] = '\0';
}
else strcpy(ChsTable.exp, strbtrim(ptr));
}
break; break;
} }
} }