[packages/libPropList.git] / format-security.patch

--- libPropList-0.10.1/util.c.orig	1999-01-28 08:11:12.000000000 +0100
+++ libPropList-0.10.1/util.c	2014-01-18 23:22:10.186445054 +0100
@@ -200,10 +200,17 @@ char *ManglePath(const char *path)
       
 char *MakeDefaultsFilename()
 {
-  char *env;
-  char actual_filename[255];
+  char *env, *env2, *envh, *actual_filename, *ret;
+  size_t len;
 
   env = (char *)getenv("GNUSTEP_USER_PATH");
+  env2 = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
+  envh = (char *)getenv("HOME");
+
+  len = (env ? strlen(env) : (envh ? (strlen(envh) + 8) : 8)) + 1 + (env2 ? strlen(env2) : 8);
+
+  actual_filename = (char *)MyMalloc(__FILE__, __LINE__, len + 1);
+
   if(!env)
     {
       env = (char *)getenv("HOME");
@@ -213,17 +220,19 @@ char *MakeDefaultsFilename()
 	sprintf(actual_filename, "%s/GNUstep", env);
     }
   else
-    sprintf(actual_filename, env);
+    strcpy(actual_filename, env);
 
-  sprintf(&(actual_filename[strlen(actual_filename)]), "/");
+  strcpy(&(actual_filename[strlen(actual_filename)]), "/");
 
   env = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
   if(!env)
-    sprintf(&(actual_filename[strlen(actual_filename)]), "Defaults");
+    strcpy(&(actual_filename[strlen(actual_filename)]), "Defaults");
   else
-    sprintf(&(actual_filename[strlen(actual_filename)]), env);
+    strcpy(&(actual_filename[strlen(actual_filename)]), env);
 
-  return ManglePath(actual_filename);
+  ret = ManglePath(actual_filename);
+  MyFree(__FILE__, __LINE__, actual_filename);
+  return ret;
 }
 
 BOOL LockFile(char *name)
Commit	Line	Data
a3f1bb5c JB	1	--- libPropList-0.10.1/util.c.orig 1999-01-28 08:11:12.000000000 +0100
	2	+++ libPropList-0.10.1/util.c 2014-01-18 23:22:10.186445054 +0100
	3	@@ -200,10 +200,17 @@ char ManglePath(const char path)
	4
	5	char *MakeDefaultsFilename()
	6	{
	7	- char *env;
	8	- char actual_filename[255];
	9	+ char env, env2, envh, actual_filename, *ret;
	10	+ size_t len;
	11
	12	env = (char *)getenv("GNUSTEP_USER_PATH");
	13	+ env2 = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
	14	+ envh = (char *)getenv("HOME");
	15	+
	16	+ len = (env ? strlen(env) : (envh ? (strlen(envh) + 8) : 8)) + 1 + (env2 ? strlen(env2) : 8);
	17	+
	18	+ actual_filename = (char *)MyMalloc(__FILE__, __LINE__, len + 1);
	19	+
	20	if(!env)
	21	{
	22	env = (char *)getenv("HOME");
	23	@@ -213,17 +220,19 @@ char *MakeDefaultsFilename()
345dde5f WF	24	sprintf(actual_filename, "%s/GNUstep", env);
	25	}
	26	else
	27	- sprintf(actual_filename, env);
	28	+ strcpy(actual_filename, env);
	29
	30	- sprintf(&(actual_filename[strlen(actual_filename)]), "/");
	31	+ strcpy(&(actual_filename[strlen(actual_filename)]), "/");
	32
	33	env = (char *)getenv("GNUSTEP_DEFAULTS_FILE");
	34	if(!env)
	35	- sprintf(&(actual_filename[strlen(actual_filename)]), "Defaults");
	36	+ strcpy(&(actual_filename[strlen(actual_filename)]), "Defaults");
	37	else
	38	- sprintf(&(actual_filename[strlen(actual_filename)]), env);
	39	+ strcpy(&(actual_filename[strlen(actual_filename)]), env);
	40
a3f1bb5c JB	41	- return ManglePath(actual_filename);
	42	+ ret = ManglePath(actual_filename);
	43	+ MyFree(__FILE__, __LINE__, actual_filename);
	44	+ return ret;
345dde5f	45	}
a3f1bb5c JB	46
a3f1bb5c JB	47	BOOL LockFile(char *name)