From e1bb09be17d41880b391cdcbe9d968f8964928ff Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Wed, 23 Apr 2014 16:08:33 +0000 Subject: Audit strlcpy(3)/strlcat(3) usage. * Repair three instances of silent truncation, use asprintf(3). * Change two instances of strlen(3)+malloc(3)+strlcpy(3)+strlcat(3)+... to use asprintf(3) instead to make them less error prone. * Cast the return value of four instances where the destination buffer is known to be large enough to (void). * Completely remove three useless instances of strlcpy(3)/strlcat(3). * Mark two places in -Thtml with XXX that can cause information loss and crashes but are not easy to fix, requiring design changes of some internal interfaces. * The file mandocdb.c remains to be audited. --- mdoc_html.c | 39 ++++++++++++++++++++++----------------- 1 file changed, 22 insertions(+), 17 deletions(-) (limited to 'mdoc_html.c') diff --git a/mdoc_html.c b/mdoc_html.c index ac1e43b4..2dc15c53 100644 --- a/mdoc_html.c +++ b/mdoc_html.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_html.c,v 1.189 2014/04/20 20:18:12 schwarze Exp $ */ +/* $Id: mdoc_html.c,v 1.190 2014/04/23 16:08:33 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -515,18 +515,15 @@ mdoc_root_post(MDOC_ARGS) static int mdoc_root_pre(MDOC_ARGS) { - char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char *title; + char *volume, *title; - strlcpy(b, meta->vol, BUFSIZ); - - if (meta->arch) { - strlcat(b, " (", BUFSIZ); - strlcat(b, meta->arch, BUFSIZ); - strlcat(b, ")", BUFSIZ); - } + if (NULL == meta->arch) + volume = mandoc_strdup(meta->vol); + else + mandoc_asprintf(&volume, "%s (%s)", + meta->vol, meta->arch); mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); @@ -551,7 +548,7 @@ mdoc_root_pre(MDOC_ARGS) PAIR_CLASS_INIT(&tag[0], "head-vol"); PAIR_INIT(&tag[1], ATTR_ALIGN, "center"); print_otag(h, TAG_TD, 2, tag); - print_text(h, b); + print_text(h, volume); print_stagq(h, tt); PAIR_CLASS_INIT(&tag[0], "head-rtitle"); @@ -561,6 +558,7 @@ mdoc_root_pre(MDOC_ARGS) print_tagq(h, t); free(title); + free(volume); return(1); } @@ -993,8 +991,8 @@ mdoc_bl_pre(MDOC_ARGS) PAIR_STYLE_INIT(&tag[0], h); assert(lists[n->norm->Bl.type]); - strlcpy(buf, "list ", BUFSIZ); - strlcat(buf, lists[n->norm->Bl.type], BUFSIZ); + (void)strlcpy(buf, "list ", BUFSIZ); + (void)strlcat(buf, lists[n->norm->Bl.type], BUFSIZ); PAIR_INIT(&tag[1], ATTR_CLASS, buf); /* Set the block's left-hand margin. */ @@ -1363,6 +1361,15 @@ mdoc_fd_pre(MDOC_ARGS) if (NULL != (n = n->next)) { assert(MDOC_TEXT == n->type); + + /* + * XXX This is broken and not easy to fix. + * When using -Oincludes, truncation may occur. + * Dynamic allocation wouldn't help because + * passing long strings to buffmt_includes() + * does not work either. + */ + strlcpy(buf, '<' == *n->string || '"' == *n->string ? n->string + 1 : n->string, BUFSIZ); @@ -1475,10 +1482,8 @@ mdoc_fn_pre(MDOC_ARGS) t = print_otag(h, TAG_B, 1, tag); - if (sp) { - strlcpy(nbuf, sp, BUFSIZ); - print_text(h, nbuf); - } + if (sp) + print_text(h, sp); print_tagq(h, t); -- cgit v1.2.3-56-ge451