diff options
author | 2014-04-20 20:18:12 +0000 | |
---|---|---|
committer | 2014-04-20 20:18:12 +0000 | |
commit | fece5afe88597138c5b8649d9a19911461e3622b (patch) | |
tree | 673903aa78a85c00d4d4169be13b68808d419833 | |
parent | c0c47ffe49a70fb77831194f625f593bd29c449e (diff) | |
download | mandoc-fece5afe88597138c5b8649d9a19911461e3622b.tar.gz mandoc-fece5afe88597138c5b8649d9a19911461e3622b.tar.zst mandoc-fece5afe88597138c5b8649d9a19911461e3622b.zip |
fix unchecked snprintf(3) in page header printing:
the length of the title is unknown, and speed doesn't matter here,
so use asprintf/free rather than a static buffer
-rw-r--r-- | man_html.c | 9 | ||||
-rw-r--r-- | man_term.c | 27 | ||||
-rw-r--r-- | mdoc_html.c | 10 | ||||
-rw-r--r-- | mdoc_term.c | 13 |
4 files changed, 37 insertions, 22 deletions
@@ -1,4 +1,4 @@ -/* $Id: man_html.c,v 1.93 2014/04/20 16:46:04 schwarze Exp $ */ +/* $Id: man_html.c,v 1.94 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2013, 2014 Ingo Schwarze <schwarze@openbsd.org> @@ -28,6 +28,7 @@ #include <string.h> #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "man.h" @@ -300,9 +301,10 @@ a2width(const struct man_node *n, struct roffsu *su) static void man_root_pre(MAN_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; b[0] = 0; if (man->vol) @@ -310,7 +312,7 @@ man_root_pre(MAN_ARGS) assert(man->title); assert(man->msec); - snprintf(title, BUFSIZ - 1, "%s(%s)", man->title, man->msec); + mandoc_asprintf(&title, "%s(%s)", man->title, man->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -341,6 +343,7 @@ man_root_pre(MAN_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + free(title); } static void @@ -1,4 +1,4 @@ -/* $Id: man_term.c,v 1.146 2014/04/20 16:46:04 schwarze Exp $ */ +/* $Id: man_term.c,v 1.147 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org> @@ -28,6 +28,7 @@ #include <string.h> #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "man.h" #include "term.h" @@ -1049,9 +1050,9 @@ print_man_nodelist(DECL_ARGS) static void print_man_foot(struct termp *p, const void *arg) { - char title[BUFSIZ]; - size_t datelen; - const struct man_meta *meta; + const struct man_meta *meta; + char *title; + size_t datelen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1071,11 +1072,12 @@ print_man_foot(struct termp *p, const void *arg) if ( ! p->mdocstyle) { term_vspace(p); term_vspace(p); - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", + meta->title, meta->msec); } else if (meta->source) { - strlcpy(title, meta->source, BUFSIZ); + title = mandoc_strdup(meta->source); } else { - title[0] = '\0'; + title = mandoc_strdup(""); } datelen = term_strlen(p, meta->date); @@ -1111,14 +1113,16 @@ print_man_foot(struct termp *p, const void *arg) term_word(p, title); term_flushln(p); + free(title); } static void print_man_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct man_meta *meta; + char buf[BUFSIZ]; + const struct man_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1132,7 +1136,7 @@ print_man_head(struct termp *p, const void *arg) /* Top left corner: manual title and section. */ - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -1183,4 +1187,5 @@ print_man_head(struct termp *p, const void *arg) term_vspace(p); term_vspace(p); } + free(title); } diff --git a/mdoc_html.c b/mdoc_html.c index 04d03f2b..ac1e43b4 100644 --- a/mdoc_html.c +++ b/mdoc_html.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_html.c,v 1.188 2014/04/20 16:46:05 schwarze Exp $ */ +/* $Id: mdoc_html.c,v 1.189 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org> @@ -29,6 +29,7 @@ #include <unistd.h> #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "mdoc.h" @@ -514,9 +515,10 @@ mdoc_root_post(MDOC_ARGS) static int mdoc_root_pre(MDOC_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; strlcpy(b, meta->vol, BUFSIZ); @@ -526,7 +528,7 @@ mdoc_root_pre(MDOC_ARGS) strlcat(b, ")", BUFSIZ); } - snprintf(title, BUFSIZ - 1, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -557,6 +559,8 @@ mdoc_root_pre(MDOC_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + + free(title); return(1); } diff --git a/mdoc_term.c b/mdoc_term.c index 8472b8f3..fac902bc 100644 --- a/mdoc_term.c +++ b/mdoc_term.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_term.c,v 1.265 2014/04/20 19:40:13 schwarze Exp $ */ +/* $Id: mdoc_term.c,v 1.266 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010, 2012, 2013, 2014 Ingo Schwarze <schwarze@openbsd.org> @@ -30,6 +30,7 @@ #include <string.h> #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "term.h" #include "mdoc.h" @@ -441,9 +442,10 @@ print_mdoc_foot(struct termp *p, const void *arg) static void print_mdoc_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct mdoc_meta *meta; + char buf[BUFSIZ]; + const struct mdoc_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct mdoc_meta *)arg; @@ -473,7 +475,7 @@ print_mdoc_head(struct termp *p, const void *arg) strlcat(buf, ")", BUFSIZ); } - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -508,6 +510,7 @@ print_mdoc_head(struct termp *p, const void *arg) p->flags &= ~TERMP_NOSPACE; p->offset = 0; p->rmargin = p->maxrmargin; + free(title); } static size_t |