diff --git a/src/ChangeLog b/src/ChangeLog index 00e4ef99c..173a66480 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,6 +1,8 @@ 2004-03-07 Andrew V. Samoilov - * achown.c (init_chown_advanced) [ENABLE_NLS]: i18n fix. + * achown.c (init_chown_advanced) [ENABLE_NLS]: i18n fix. + * user.c (extract_line): Add a new parameter (size of the + output buffer) to prevent buffer overflow. 2004-03-05 Pavel Roskin @@ -1489,7 +1491,7 @@ unused defines. * dlg.c: Adjust declarations for match. - * wtools.h: Eliminate the_widget filed in QuickWidget. + * wtools.h: Eliminate the_widget field in QuickWidget. * wtools.c (quick_callback): Allocate widget table dynamically. * dlg.c (widget_redraw): Remove. diff --git a/src/user.c b/src/user.c index 932ce9b23..da193d3b2 100644 --- a/src/user.c +++ b/src/user.c @@ -299,13 +299,15 @@ check_patterns (char *p) /* Copies a whitespace separated argument from p to arg. Returns the point after argument. */ -static char *extract_arg (char *p, char *arg) +static char *extract_arg (char *p, char *arg, int size) { while (*p && (*p == ' ' || *p == '\t' || *p == '\n')) p++; /* support quote space .mnu */ - while (*p && (*p != ' ' || *(p-1) == '\\') && *p != '\t' && *p != '\n') + while (size > 1 && *p && (*p != ' ' || *(p-1) == '\\') && *p != '\t' && *p != '\n') { *arg++ = *p++; + size--; + } *arg = 0; if (!*p || *p == '\n') p --; @@ -388,29 +390,29 @@ static char *test_condition (WEdit *edit_widget, char *p, int *condition) p--; break; case 'f': /* file name pattern */ - p = extract_arg (p, arg); + p = extract_arg (p, arg, sizeof (arg)); *condition = panel && regexp_match (arg, panel->dir.list [panel->selected].fname, match_file); break; case 'y': /* syntax pattern */ if (edit_widget && edit_widget->syntax_type) { - p = extract_arg (p, arg); + p = extract_arg (p, arg, sizeof (arg)); *condition = panel && regexp_match (arg, edit_widget->syntax_type, match_normal); } - break; + break; case 'd': - p = extract_arg (p, arg); + p = extract_arg (p, arg, sizeof (arg)); *condition = panel && regexp_match (arg, panel->cwd, match_file); break; case 't': - p = extract_arg (p, arg); + p = extract_arg (p, arg, sizeof (arg)); *condition = panel && test_type (panel, arg); break; case 'x': /* executable */ { struct stat status; - p = extract_arg (p, arg); + p = extract_arg (p, arg, sizeof (arg)); if (stat (arg, &status) == 0) *condition = is_exe (status.st_mode); else