From fece5afe88597138c5b8649d9a19911461e3622b Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Sun, 20 Apr 2014 20:18:12 +0000 Subject: fix unchecked snprintf(3) in page header printing: the length of the title is unknown, and speed doesn't matter here, so use asprintf/free rather than a static buffer --- man_html.c | 9 ++++++--- man_term.c | 27 ++++++++++++++++----------- mdoc_html.c | 10 +++++++--- mdoc_term.c | 13 ++++++++----- 4 files changed, 37 insertions(+), 22 deletions(-) diff --git a/man_html.c b/man_html.c index 973ae789..092c4c21 100644 --- a/man_html.c +++ b/man_html.c @@ -1,4 +1,4 @@ -/* $Id: man_html.c,v 1.93 2014/04/20 16:46:04 schwarze Exp $ */ +/* $Id: man_html.c,v 1.94 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons * Copyright (c) 2013, 2014 Ingo Schwarze @@ -28,6 +28,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "man.h" @@ -300,9 +301,10 @@ a2width(const struct man_node *n, struct roffsu *su) static void man_root_pre(MAN_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; b[0] = 0; if (man->vol) @@ -310,7 +312,7 @@ man_root_pre(MAN_ARGS) assert(man->title); assert(man->msec); - snprintf(title, BUFSIZ - 1, "%s(%s)", man->title, man->msec); + mandoc_asprintf(&title, "%s(%s)", man->title, man->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -341,6 +343,7 @@ man_root_pre(MAN_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + free(title); } static void diff --git a/man_term.c b/man_term.c index 9aab4707..f3fc4114 100644 --- a/man_term.c +++ b/man_term.c @@ -1,4 +1,4 @@ -/* $Id: man_term.c,v 1.146 2014/04/20 16:46:04 schwarze Exp $ */ +/* $Id: man_term.c,v 1.147 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons * Copyright (c) 2010-2014 Ingo Schwarze @@ -28,6 +28,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "man.h" #include "term.h" @@ -1049,9 +1050,9 @@ print_man_nodelist(DECL_ARGS) static void print_man_foot(struct termp *p, const void *arg) { - char title[BUFSIZ]; - size_t datelen; - const struct man_meta *meta; + const struct man_meta *meta; + char *title; + size_t datelen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1071,11 +1072,12 @@ print_man_foot(struct termp *p, const void *arg) if ( ! p->mdocstyle) { term_vspace(p); term_vspace(p); - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", + meta->title, meta->msec); } else if (meta->source) { - strlcpy(title, meta->source, BUFSIZ); + title = mandoc_strdup(meta->source); } else { - title[0] = '\0'; + title = mandoc_strdup(""); } datelen = term_strlen(p, meta->date); @@ -1111,14 +1113,16 @@ print_man_foot(struct termp *p, const void *arg) term_word(p, title); term_flushln(p); + free(title); } static void print_man_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct man_meta *meta; + char buf[BUFSIZ]; + const struct man_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1132,7 +1136,7 @@ print_man_head(struct termp *p, const void *arg) /* Top left corner: manual title and section. */ - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -1183,4 +1187,5 @@ print_man_head(struct termp *p, const void *arg) term_vspace(p); term_vspace(p); } + free(title); } diff --git a/mdoc_html.c b/mdoc_html.c index 04d03f2b..ac1e43b4 100644 --- a/mdoc_html.c +++ b/mdoc_html.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_html.c,v 1.188 2014/04/20 16:46:05 schwarze Exp $ */ +/* $Id: mdoc_html.c,v 1.189 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -29,6 +29,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "mdoc.h" @@ -514,9 +515,10 @@ mdoc_root_post(MDOC_ARGS) static int mdoc_root_pre(MDOC_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; strlcpy(b, meta->vol, BUFSIZ); @@ -526,7 +528,7 @@ mdoc_root_pre(MDOC_ARGS) strlcat(b, ")", BUFSIZ); } - snprintf(title, BUFSIZ - 1, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -557,6 +559,8 @@ mdoc_root_pre(MDOC_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + + free(title); return(1); } diff --git a/mdoc_term.c b/mdoc_term.c index 8472b8f3..fac902bc 100644 --- a/mdoc_term.c +++ b/mdoc_term.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_term.c,v 1.265 2014/04/20 19:40:13 schwarze Exp $ */ +/* $Id: mdoc_term.c,v 1.266 2014/04/20 20:18:12 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2010, 2012, 2013, 2014 Ingo Schwarze @@ -30,6 +30,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "term.h" #include "mdoc.h" @@ -441,9 +442,10 @@ print_mdoc_foot(struct termp *p, const void *arg) static void print_mdoc_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct mdoc_meta *meta; + char buf[BUFSIZ]; + const struct mdoc_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct mdoc_meta *)arg; @@ -473,7 +475,7 @@ print_mdoc_head(struct termp *p, const void *arg) strlcat(buf, ")", BUFSIZ); } - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -508,6 +510,7 @@ print_mdoc_head(struct termp *p, const void *arg) p->flags &= ~TERMP_NOSPACE; p->offset = 0; p->rmargin = p->maxrmargin; + free(title); } static size_t -- cgit v1.2.3-56-ge451