diff options
Diffstat (limited to 'src/WrFFrI.c')
-rw-r--r-- | src/WrFFrI.c | 36 |
1 files changed, 26 insertions, 10 deletions
diff --git a/src/WrFFrI.c b/src/WrFFrI.c index 5ef5814..e5c9b4b 100644 --- a/src/WrFFrI.c +++ b/src/WrFFrI.c @@ -38,6 +38,8 @@ * Lorens Younes (d93-hyo@nada.kth.se) 4/96 */ +/* October 2004, source code review by Thomas Biege <thomas@suse.de> */ + #include "XpmI.h" #if !defined(NO_ZPIPE) && defined(WIN32) # define popen _popen @@ -98,7 +100,7 @@ XpmWriteFileFromXpmImage(filename, image, info) XpmInfo *info; { xpmData mdata; - char *name, *dot, *s, new_name[BUFSIZ]; + char *name, *dot, *s, new_name[BUFSIZ] = {0}; int ErrorStatus; /* open file to write */ @@ -121,7 +123,8 @@ XpmWriteFileFromXpmImage(filename, image, info) #endif /* let's try to make a valid C syntax name */ if (index(name, '.')) { - strcpy(new_name, name); + strncpy(new_name, name, sizeof(new_name)); + new_name[sizeof(new_name)-1] = 0; /* change '.' to '_' */ name = s = new_name; while ((dot = index(s, '.'))) { @@ -131,7 +134,8 @@ XpmWriteFileFromXpmImage(filename, image, info) } if (index(name, '-')) { if (name != new_name) { - strcpy(new_name, name); + strncpy(new_name, name, sizeof(new_name)); + new_name[sizeof(new_name)-1] = 0; name = new_name; } /* change '-' to '_' */ @@ -248,7 +252,7 @@ WritePixels(file, width, height, cpp, pixels, colors) unsigned int x, y, h; h = height - 1; - if (cpp != 0 && width >= (SIZE_MAX - 3)/cpp) + if (cpp != 0 && width >= (UINT_MAX - 3)/cpp) return XpmNoMemory; p = buf = (char *) XpmMalloc(width * cpp + 3); if (!buf) @@ -300,6 +304,11 @@ WriteExtensions(file, ext, num) /* * open the given file to be written as an xpmData which is returned */ +#ifndef NO_ZPIPE + FILE *s_popen(char *cmd, const char *type); +#else +# define s_popen popen +#endif static int OpenWriteFile(filename, mdata) char *filename; @@ -315,16 +324,23 @@ OpenWriteFile(filename, mdata) mdata->type = XPMFILE; } else { #ifndef NO_ZPIPE - int len = strlen(filename); + size_t len = strlen(filename); + + if(len == 0 || + filename[0] == '/' || + strstr(filename, "../") != NULL || + filename[len-1] == '/') + return(XpmOpenFailed); + if (len > 2 && !strcmp(".Z", filename + (len - 2))) { - sprintf(buf, "compress > \"%s\"", filename); - if (!(mdata->stream.file = popen(buf, "w"))) + snprintf(buf, sizeof(buf), "compress > \"%s\"", filename); + if (!(mdata->stream.file = s_popen(buf, "w"))) return (XpmOpenFailed); mdata->type = XPMPIPE; } else if (len > 3 && !strcmp(".gz", filename + (len - 3))) { - sprintf(buf, "gzip -q > \"%s\"", filename); - if (!(mdata->stream.file = popen(buf, "w"))) + snprintf(buf, sizeof(buf), "gzip -q > \"%s\"", filename); + if (!(mdata->stream.file = s_popen(buf, "w"))) return (XpmOpenFailed); mdata->type = XPMPIPE; @@ -355,7 +371,7 @@ xpmDataClose(mdata) break; #ifndef NO_ZPIPE case XPMPIPE: - pclose(mdata->stream.file); + fclose(mdata->stream.file); break; #endif } |