]>
Commit | Line | Data |
---|---|---|
9a1bc5e5 ER |
1 | To: vim_dev@googlegroups.com |
2 | Subject: Patch 7.3.160 | |
3 | Fcc: outbox | |
4 | From: Bram Moolenaar <Bram@moolenaar.net> | |
5 | Mime-Version: 1.0 | |
6 | Content-Type: text/plain; charset=UTF-8 | |
7 | Content-Transfer-Encoding: 8bit | |
8 | ------------ | |
9 | ||
10 | Patch 7.3.160 | |
11 | Problem: Unsafe string copying. | |
12 | Solution: Use vim_strncpy() instead of strcpy(). Use vim_strcat() instead | |
13 | of strcat(). | |
14 | Files: src/buffer.c, src/ex_docmd.c, src/hardcopy.c, src/menu.c, | |
15 | src/misc1.c, src/misc2.c, src/proto/misc2.pro, src/netbeans.c, | |
16 | src/os_unix.c, src/spell.c, src/syntax.c, src/tag.c | |
17 | ||
18 | *** ../vim-7.3.159/src/buffer.c 2011-02-15 14:24:42.000000000 +0100 | |
19 | --- src/buffer.c 2011-04-11 16:08:38.000000000 +0200 | |
20 | *************** | |
21 | *** 3176,3182 **** | |
22 | /* format: "fname + (path) (1 of 2) - VIM" */ | |
23 | ||
24 | if (curbuf->b_fname == NULL) | |
25 | ! STRCPY(buf, _("[No Name]")); | |
26 | else | |
27 | { | |
28 | p = transstr(gettail(curbuf->b_fname)); | |
29 | --- 3176,3182 ---- | |
30 | /* format: "fname + (path) (1 of 2) - VIM" */ | |
31 | ||
32 | if (curbuf->b_fname == NULL) | |
33 | ! vim_strncpy(buf, (char_u *)_("[No Name]"), IOSIZE - 100); | |
34 | else | |
35 | { | |
36 | p = transstr(gettail(curbuf->b_fname)); | |
37 | *************** | |
38 | *** 3232,3238 **** | |
39 | if (serverName != NULL) | |
40 | { | |
41 | STRCAT(buf, " - "); | |
42 | ! STRCAT(buf, serverName); | |
43 | } | |
44 | else | |
45 | #endif | |
46 | --- 3232,3238 ---- | |
47 | if (serverName != NULL) | |
48 | { | |
49 | STRCAT(buf, " - "); | |
50 | ! vim_strcat(buf, serverName, IOSIZE); | |
51 | } | |
52 | else | |
53 | #endif | |
54 | *** ../vim-7.3.159/src/ex_docmd.c 2011-03-03 15:54:45.000000000 +0100 | |
55 | --- src/ex_docmd.c 2011-04-11 15:43:48.000000000 +0200 | |
56 | *************** | |
57 | *** 5096,5102 **** | |
58 | char_u buff[IOSIZE]; | |
59 | ||
60 | if (n == 1) | |
61 | ! STRCPY(buff, _("1 more file to edit. Quit anyway?")); | |
62 | else | |
63 | vim_snprintf((char *)buff, IOSIZE, | |
64 | _("%d more files to edit. Quit anyway?"), n); | |
65 | --- 5096,5104 ---- | |
66 | char_u buff[IOSIZE]; | |
67 | ||
68 | if (n == 1) | |
69 | ! vim_strncpy(buff, | |
70 | ! (char_u *)_("1 more file to edit. Quit anyway?"), | |
71 | ! IOSIZE - 1); | |
72 | else | |
73 | vim_snprintf((char *)buff, IOSIZE, | |
74 | _("%d more files to edit. Quit anyway?"), n); | |
75 | *** ../vim-7.3.159/src/hardcopy.c 2010-08-15 21:57:25.000000000 +0200 | |
76 | --- src/hardcopy.c 2011-04-11 15:30:09.000000000 +0200 | |
77 | *************** | |
78 | *** 1761,1772 **** | |
79 | { | |
80 | char_u buffer[MAXPATHL + 1]; | |
81 | ||
82 | ! STRCPY(resource->name, name); | |
83 | /* Look for named resource file in runtimepath */ | |
84 | STRCPY(buffer, "print"); | |
85 | add_pathsep(buffer); | |
86 | ! STRCAT(buffer, name); | |
87 | ! STRCAT(buffer, ".ps"); | |
88 | resource->filename[0] = NUL; | |
89 | return (do_in_runtimepath(buffer, FALSE, prt_resource_name, | |
90 | resource->filename) | |
91 | --- 1761,1772 ---- | |
92 | { | |
93 | char_u buffer[MAXPATHL + 1]; | |
94 | ||
95 | ! vim_strncpy(resource->name, (char_u *)name, 63); | |
96 | /* Look for named resource file in runtimepath */ | |
97 | STRCPY(buffer, "print"); | |
98 | add_pathsep(buffer); | |
99 | ! vim_strcat(buffer, (char_u *)name, MAXPATHL); | |
100 | ! vim_strcat(buffer, (char_u *)".ps", MAXPATHL); | |
101 | resource->filename[0] = NUL; | |
102 | return (do_in_runtimepath(buffer, FALSE, prt_resource_name, | |
103 | resource->filename) | |
104 | *** ../vim-7.3.159/src/menu.c 2011-01-04 17:49:25.000000000 +0100 | |
105 | --- src/menu.c 2011-04-11 15:17:21.000000000 +0200 | |
106 | *************** | |
107 | *** 1394,1400 **** | |
108 | int idx; | |
109 | { | |
110 | static vimmenu_T *menu = NULL; | |
111 | ! static char_u tbuffer[256]; /*hack*/ | |
112 | char_u *str; | |
113 | #ifdef FEAT_MULTI_LANG | |
114 | static int should_advance = FALSE; | |
115 | --- 1394,1401 ---- | |
116 | int idx; | |
117 | { | |
118 | static vimmenu_T *menu = NULL; | |
119 | ! #define TBUFFER_LEN 256 | |
120 | ! static char_u tbuffer[TBUFFER_LEN]; /*hack*/ | |
121 | char_u *str; | |
122 | #ifdef FEAT_MULTI_LANG | |
123 | static int should_advance = FALSE; | |
124 | *************** | |
125 | *** 1428,1438 **** | |
126 | { | |
127 | #ifdef FEAT_MULTI_LANG | |
128 | if (should_advance) | |
129 | ! STRCPY(tbuffer, menu->en_dname); | |
130 | else | |
131 | { | |
132 | #endif | |
133 | ! STRCPY(tbuffer, menu->dname); | |
134 | #ifdef FEAT_MULTI_LANG | |
135 | if (menu->en_dname == NULL) | |
136 | should_advance = TRUE; | |
137 | --- 1429,1439 ---- | |
138 | { | |
139 | #ifdef FEAT_MULTI_LANG | |
140 | if (should_advance) | |
141 | ! vim_strncpy(tbuffer, menu->en_dname, TBUFFER_LEN - 2); | |
142 | else | |
143 | { | |
144 | #endif | |
145 | ! vim_strncpy(tbuffer, menu->dname, TBUFFER_LEN - 2); | |
146 | #ifdef FEAT_MULTI_LANG | |
147 | if (menu->en_dname == NULL) | |
148 | should_advance = TRUE; | |
149 | *** ../vim-7.3.159/src/misc1.c 2011-04-11 14:27:34.000000000 +0200 | |
150 | --- src/misc1.c 2011-04-11 16:03:22.000000000 +0200 | |
151 | *************** | |
152 | *** 3332,3350 **** | |
153 | if (pn == 1) | |
154 | { | |
155 | if (n > 0) | |
156 | ! STRCPY(msg_buf, _("1 more line")); | |
157 | else | |
158 | ! STRCPY(msg_buf, _("1 line less")); | |
159 | } | |
160 | else | |
161 | { | |
162 | if (n > 0) | |
163 | ! sprintf((char *)msg_buf, _("%ld more lines"), pn); | |
164 | else | |
165 | ! sprintf((char *)msg_buf, _("%ld fewer lines"), pn); | |
166 | } | |
167 | if (got_int) | |
168 | ! STRCAT(msg_buf, _(" (Interrupted)")); | |
169 | if (msg(msg_buf)) | |
170 | { | |
171 | set_keep_msg(msg_buf, 0); | |
172 | --- 3332,3354 ---- | |
173 | if (pn == 1) | |
174 | { | |
175 | if (n > 0) | |
176 | ! vim_strncpy(msg_buf, (char_u *)_("1 more line"), | |
177 | ! MSG_BUF_LEN - 1); | |
178 | else | |
179 | ! vim_strncpy(msg_buf, (char_u *)_("1 line less"), | |
180 | ! MSG_BUF_LEN - 1); | |
181 | } | |
182 | else | |
183 | { | |
184 | if (n > 0) | |
185 | ! vim_snprintf((char *)msg_buf, MSG_BUF_LEN, | |
186 | ! _("%ld more lines"), pn); | |
187 | else | |
188 | ! vim_snprintf((char *)msg_buf, MSG_BUF_LEN, | |
189 | ! _("%ld fewer lines"), pn); | |
190 | } | |
191 | if (got_int) | |
192 | ! vim_strcat(msg_buf, (char_u *)_(" (Interrupted)"), MSG_BUF_LEN); | |
193 | if (msg(msg_buf)) | |
194 | { | |
195 | set_keep_msg(msg_buf, 0); | |
196 | *** ../vim-7.3.159/src/misc2.c 2010-12-08 13:11:15.000000000 +0100 | |
197 | --- src/misc2.c 2011-04-11 15:30:20.000000000 +0200 | |
198 | *************** | |
199 | *** 1647,1652 **** | |
200 | --- 1647,1674 ---- | |
201 | } | |
202 | ||
203 | /* | |
204 | + * Like strcat(), but make sure the result fits in "tosize" bytes and is | |
205 | + * always NUL terminated. | |
206 | + */ | |
207 | + void | |
208 | + vim_strcat(to, from, tosize) | |
209 | + char_u *to; | |
210 | + char_u *from; | |
211 | + size_t tosize; | |
212 | + { | |
213 | + size_t tolen = STRLEN(to); | |
214 | + size_t fromlen = STRLEN(from); | |
215 | + | |
216 | + if (tolen + fromlen + 1 > tosize) | |
217 | + { | |
218 | + mch_memmove(to + tolen, from, tosize - tolen - 1); | |
219 | + to[tosize - 1] = NUL; | |
220 | + } | |
221 | + else | |
222 | + STRCPY(to + tolen, from); | |
223 | + } | |
224 | + | |
225 | + /* | |
226 | * Isolate one part of a string option where parts are separated with | |
227 | * "sep_chars". | |
228 | * The part is copied into "buf[maxlen]". | |
229 | *** ../vim-7.3.159/src/proto/misc2.pro 2010-08-15 21:57:28.000000000 +0200 | |
230 | --- src/proto/misc2.pro 2011-04-11 15:29:55.000000000 +0200 | |
231 | *************** | |
232 | *** 40,45 **** | |
233 | --- 40,46 ---- | |
234 | void copy_chars __ARGS((char_u *ptr, size_t count, int c)); | |
235 | void del_trailing_spaces __ARGS((char_u *ptr)); | |
236 | void vim_strncpy __ARGS((char_u *to, char_u *from, size_t len)); | |
237 | + void vim_strcat __ARGS((char_u *to, char_u *from, size_t tosize)); | |
238 | int copy_option_part __ARGS((char_u **option, char_u *buf, int maxlen, char *sep_chars)); | |
239 | void vim_free __ARGS((void *x)); | |
240 | int vim_stricmp __ARGS((char *s1, char *s2)); | |
241 | *** ../vim-7.3.159/src/netbeans.c 2011-04-01 15:33:54.000000000 +0200 | |
242 | --- src/netbeans.c 2011-04-11 16:02:51.000000000 +0200 | |
243 | *************** | |
244 | *** 3914,3927 **** | |
245 | } | |
246 | else | |
247 | { | |
248 | ! char_u ebuf[BUFSIZ]; | |
249 | ||
250 | ! STRCPY(ebuf, (char_u *)_("E505: ")); | |
251 | ! STRCAT(ebuf, IObuff); | |
252 | ! STRCAT(ebuf, (char_u *)_("is read-only (add ! to override)")); | |
253 | ! STRCPY(IObuff, ebuf); | |
254 | ! nbdebug((" %s\n", ebuf )); | |
255 | ! emsg(IObuff); | |
256 | } | |
257 | } | |
258 | ||
259 | --- 3914,3925 ---- | |
260 | } | |
261 | else | |
262 | { | |
263 | ! char_u msgbuf[IOSIZE]; | |
264 | ||
265 | ! vim_snprintf((char *)msgbuf, IOSIZE, | |
266 | ! _("E505: %s is read-only (add ! to override)"), IObuff); | |
267 | ! nbdebug((" %s\n", msgbuf)); | |
268 | ! emsg(msgbuf); | |
269 | } | |
270 | } | |
271 | ||
272 | *** ../vim-7.3.159/src/os_unix.c 2011-02-15 17:39:14.000000000 +0100 | |
273 | --- src/os_unix.c 2011-04-11 16:39:11.000000000 +0200 | |
274 | *************** | |
275 | *** 5725,5730 **** | |
276 | --- 5725,5731 ---- | |
277 | if (shell_style == STYLE_PRINT && !did_find_nul) | |
278 | { | |
279 | /* If there is a NUL, set did_find_nul, else set check_spaces */ | |
280 | + buffer[len] = NUL; | |
281 | if (len && (int)STRLEN(buffer) < (int)len - 1) | |
282 | did_find_nul = TRUE; | |
283 | else | |
284 | *************** | |
285 | *** 6594,6600 **** | |
286 | xterm_hints.x = 2; | |
287 | return TRUE; | |
288 | } | |
289 | ! if (mouse_code == NULL) | |
290 | { | |
291 | xterm_trace = 0; | |
292 | return FALSE; | |
293 | --- 6595,6601 ---- | |
294 | xterm_hints.x = 2; | |
295 | return TRUE; | |
296 | } | |
297 | ! if (mouse_code == NULL || STRLEN(mouse_code) > 45) | |
298 | { | |
299 | xterm_trace = 0; | |
300 | return FALSE; | |
301 | *** ../vim-7.3.159/src/spell.c 2011-02-01 13:59:44.000000000 +0100 | |
302 | --- src/spell.c 2011-04-11 15:50:40.000000000 +0200 | |
303 | *************** | |
304 | *** 6957,6963 **** | |
305 | if (ae->ae_add == NULL) | |
306 | *newword = NUL; | |
307 | else | |
308 | ! STRCPY(newword, ae->ae_add); | |
309 | p = word; | |
310 | if (ae->ae_chop != NULL) | |
311 | { | |
312 | --- 6957,6963 ---- | |
313 | if (ae->ae_add == NULL) | |
314 | *newword = NUL; | |
315 | else | |
316 | ! vim_strncpy(newword, ae->ae_add, MAXWLEN - 1); | |
317 | p = word; | |
318 | if (ae->ae_chop != NULL) | |
319 | { | |
320 | *************** | |
321 | *** 6978,6984 **** | |
322 | else | |
323 | { | |
324 | /* suffix: chop/add at the end of the word */ | |
325 | ! STRCPY(newword, word); | |
326 | if (ae->ae_chop != NULL) | |
327 | { | |
328 | /* Remove chop string. */ | |
329 | --- 6978,6984 ---- | |
330 | else | |
331 | { | |
332 | /* suffix: chop/add at the end of the word */ | |
333 | ! vim_strncpy(newword, word, MAXWLEN - 1); | |
334 | if (ae->ae_chop != NULL) | |
335 | { | |
336 | /* Remove chop string. */ | |
337 | *************** | |
338 | *** 8654,8660 **** | |
339 | * Write the .sug file. | |
340 | * Make the file name by changing ".spl" to ".sug". | |
341 | */ | |
342 | ! STRCPY(fname, wfname); | |
343 | len = (int)STRLEN(fname); | |
344 | fname[len - 2] = 'u'; | |
345 | fname[len - 1] = 'g'; | |
346 | --- 8654,8660 ---- | |
347 | * Write the .sug file. | |
348 | * Make the file name by changing ".spl" to ".sug". | |
349 | */ | |
350 | ! vim_strncpy(fname, wfname, MAXPATHL - 1); | |
351 | len = (int)STRLEN(fname); | |
352 | fname[len - 2] = 'u'; | |
353 | fname[len - 1] = 'g'; | |
354 | *************** | |
355 | *** 10261,10267 **** | |
356 | ||
357 | /* The suggested word may replace only part of the bad word, add | |
358 | * the not replaced part. */ | |
359 | ! STRCPY(wcopy, stp->st_word); | |
360 | if (sug.su_badlen > stp->st_orglen) | |
361 | vim_strncpy(wcopy + stp->st_wordlen, | |
362 | sug.su_badptr + stp->st_orglen, | |
363 | --- 10261,10267 ---- | |
364 | ||
365 | /* The suggested word may replace only part of the bad word, add | |
366 | * the not replaced part. */ | |
367 | ! vim_strncpy(wcopy, stp->st_word, MAXWLEN); | |
368 | if (sug.su_badlen > stp->st_orglen) | |
369 | vim_strncpy(wcopy + stp->st_wordlen, | |
370 | sug.su_badptr + stp->st_orglen, | |
371 | *************** | |
372 | *** 13162,13168 **** | |
373 | pbad = badsound2; | |
374 | } | |
375 | ||
376 | ! if (lendiff > 0) | |
377 | { | |
378 | /* Add part of the bad word to the good word, so that we soundfold | |
379 | * what replaces the bad word. */ | |
380 | --- 13162,13168 ---- | |
381 | pbad = badsound2; | |
382 | } | |
383 | ||
384 | ! if (lendiff > 0 && stp->st_wordlen + lendiff < MAXWLEN) | |
385 | { | |
386 | /* Add part of the bad word to the good word, so that we soundfold | |
387 | * what replaces the bad word. */ | |
388 | *************** | |
389 | *** 13875,13881 **** | |
390 | for (i = gap->ga_len - 1; i >= 0; --i) | |
391 | { | |
392 | /* Need to append what follows to check for "the the". */ | |
393 | ! STRCPY(longword, stp[i].st_word); | |
394 | len = stp[i].st_wordlen; | |
395 | vim_strncpy(longword + len, su->su_badptr + stp[i].st_orglen, | |
396 | MAXWLEN - len); | |
397 | --- 13875,13881 ---- | |
398 | for (i = gap->ga_len - 1; i >= 0; --i) | |
399 | { | |
400 | /* Need to append what follows to check for "the the". */ | |
401 | ! vim_strncpy(longword, stp[i].st_word, MAXWLEN); | |
402 | len = stp[i].st_wordlen; | |
403 | vim_strncpy(longword + len, su->su_badptr + stp[i].st_orglen, | |
404 | MAXWLEN - len); | |
405 | *************** | |
406 | *** 14221,14227 **** | |
407 | *t = NUL; | |
408 | } | |
409 | else | |
410 | ! STRCPY(word, s); | |
411 | ||
412 | smp = (salitem_T *)slang->sl_sal.ga_data; | |
413 | ||
414 | --- 14221,14227 ---- | |
415 | *t = NUL; | |
416 | } | |
417 | else | |
418 | ! vim_strncpy(word, s, MAXWLEN - 1); | |
419 | ||
420 | smp = (salitem_T *)slang->sl_sal.ga_data; | |
421 | ||
422 | *** ../vim-7.3.159/src/syntax.c 2011-04-02 15:12:45.000000000 +0200 | |
423 | --- src/syntax.c 2011-04-11 15:44:30.000000000 +0200 | |
424 | *************** | |
425 | *** 8576,8583 **** | |
426 | if (iarg & hl_attr_table[i]) | |
427 | { | |
428 | if (buf[0] != NUL) | |
429 | ! STRCAT(buf, ","); | |
430 | ! STRCAT(buf, hl_name_table[i]); | |
431 | iarg &= ~hl_attr_table[i]; /* don't want "inverse" */ | |
432 | } | |
433 | } | |
434 | --- 8576,8583 ---- | |
435 | if (iarg & hl_attr_table[i]) | |
436 | { | |
437 | if (buf[0] != NUL) | |
438 | ! vim_strcat(buf, (char_u *)",", 100); | |
439 | ! vim_strcat(buf, (char_u *)hl_name_table[i], 100); | |
440 | iarg &= ~hl_attr_table[i]; /* don't want "inverse" */ | |
441 | } | |
442 | } | |
443 | *** ../vim-7.3.159/src/tag.c 2011-02-25 15:13:43.000000000 +0100 | |
444 | --- src/tag.c 2011-04-11 15:34:59.000000000 +0200 | |
445 | *************** | |
446 | *** 806,812 **** | |
447 | p = tag_full_fname(&tagp); | |
448 | if (p == NULL) | |
449 | continue; | |
450 | ! STRCPY(fname, p); | |
451 | vim_free(p); | |
452 | ||
453 | /* | |
454 | --- 806,812 ---- | |
455 | p = tag_full_fname(&tagp); | |
456 | if (p == NULL) | |
457 | continue; | |
458 | ! vim_strncpy(fname, p, MAXPATHL); | |
459 | vim_free(p); | |
460 | ||
461 | /* | |
462 | *** ../vim-7.3.159/src/version.c 2011-04-11 14:29:13.000000000 +0200 | |
463 | --- src/version.c 2011-04-11 16:50:53.000000000 +0200 | |
464 | *************** | |
465 | *** 716,717 **** | |
466 | --- 716,719 ---- | |
467 | { /* Add new patch number below this line */ | |
468 | + /**/ | |
469 | + 160, | |
470 | /**/ | |
471 | ||
472 | -- | |
473 | If someone questions your market projections, simply point out that your | |
474 | target market is "People who are nuts" and "People who will buy any damn | |
475 | thing". Nobody is going to tell you there aren't enough of those people | |
476 | to go around. | |
477 | (Scott Adams - The Dilbert principle) | |
478 | ||
479 | /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ | |
480 | /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ | |
481 | \\\ an exciting new programming language -- http://www.Zimbu.org /// | |
482 | \\\ help me help AIDS victims -- http://ICCF-Holland.org /// |