6.8.2 candidate [Fwd: [Fwd: xorg/xc/programs/xmodmap [POSSIBLY
UNSAFE]]]
Donnie Berkholz
spyderous at gentoo.org
Tue Oct 26 13:43:07 PDT 2004
-----Forwarded Message-----
From: Donnie Berkholz <spyderous at gentoo.org>
To: spyderous at gentoo.org
Subject: [Fwd: xorg/xc/programs/xmodmap [POSSIBLY UNSAFE]]
Date: Fri, 22 Oct 2004 10:34:45 -0700
-----Forwarded Message-----
From: Saren Sandmann Pedersen <sandmann at daimi.au.dk>
To: freedesktop-cvs-commits at pdx.freedesktop.org
Cc: xorg-commit at pdx.freedesktop.org
Subject: xorg/xc/programs/xmodmap [POSSIBLY UNSAFE]
Date: Thu, 14 Oct 2004 17:44:09 -0700
CVS commit by sandmann:
Thu Oct 14 20:43:03 2004 Søren Sandmann <sandmann at redhat.com>
* programs/xmodmap/pf.c (process_line): Fix a
write-to-constant-string issue.
* programs/xmodmap/xmodmap.c (main): Fix several buffer overruns.
M +6 -2 xorg/xc/programs/xmodmap/pf.c 1.2
M +16 -4 xorg/xc/programs/xmodmap/xmodmap.c 1.3 [POSSIBLY UNSAFE: printf]
M +2 -0 xorg/xc/programs/xmodmap/xmodmap.h 1.3
--- xorg/xc/programs/xmodmap/pf.c #1.1.1.1:1.2
@@ -88,5 +88,9 @@ void process_line (buffer)
char *cp;
- len = strlen (buffer);
+ /* copy buffer since it may point to unwritable date */
+ len = strlen(buffer);
+ cp = chk_malloc(len);
+ strcpy(cp, buffer);
+ buffer = cp;
for (i = 0; i < len; i++) { /* look for blank lines */
--- xorg/xc/programs/xmodmap/xmodmap.c #1.2:1.3
@@ -52,4 +52,14 @@ Exit(int status)
}
+void *
+chk_malloc(size_t n_bytes)
+{
+ void *buf = malloc(n_bytes);
+ if (!buf) {
+ fprintf(stderr, "%s: Could not allocate %d bytes\n", ProgramName, (int)n_bytes);
+ Exit(-1);
+ }
+ return buf;
+}
static char *help_message[] = {
@@ -245,7 +255,8 @@ main(int argc, char *argv[])
case 'l':
case 'c': {
- char cmd[80]; /* big enough to hold line */
+ char *cmd;
didAnything = True;
if (++i >= argc) usage ();
+ cmd = chk_malloc (strlen ("remove control = ") + strlen (argv[i]) + 1);
(void) sprintf (cmd, "remove %s = %s",
((arg[1] == 's') ? "shift" :
@@ -266,8 +277,8 @@ main(int argc, char *argv[])
case '4':
case '5': {
- char cmd[80]; /* big enough to hold line */
+ char *cmd;
didAnything = True;
if (++i >= argc) usage ();
-
+ cmd = chk_malloc (strlen ("add modX = ") + strlen (argv[i]) + 1);
(void) sprintf (cmd, "add mod%c = %s", arg[1], argv[i]);
process_line (cmd);
@@ -282,7 +293,8 @@ main(int argc, char *argv[])
case 'l':
case 'c': {
- char cmd[80]; /* big enough to hold line */
+ char *cmd;
didAnything = True;
if (++i >= argc) usage ();
+ cmd = chk_malloc (strlen ("add control = ") + strlen (argv[i]) + 1);
(void) sprintf (cmd, "add %s = %s",
((arg[1] == 's') ? "shift" :
--- xorg/xc/programs/xmodmap/xmodmap.h #1.2:1.3
@@ -57,2 +57,4 @@ extern void PrintKeyTable(Bool exprs, FI
extern void PrintPointerMap(FILE *fp);
extern int SetPointerMap(unsigned char *map, int n);
+
+extern void *chk_malloc(size_t n_bytes);
_______________________________________________
xorg-commit mailing list
xorg-commit at freedesktop.org
http://freedesktop.org/mailman/listinfo/xorg-commit
More information about the release-wranglers
mailing list