[uim-commit] r2167 - branches/r5rs/sigscheme

kzk at freedesktop.org kzk at freedesktop.org
Fri Nov 18 21:49:36 PST 2005 

Author: kzk
Date: 2005-11-18 21:49:27 -0800 (Fri, 18 Nov 2005)
New Revision: 2167

Modified:
   branches/r5rs/sigscheme/io.c
Log:
* sigscheme/io.c
  - (create_valid_path): simplify. use snprintf


Modified: branches/r5rs/sigscheme/io.c
===================================================================
--- branches/r5rs/sigscheme/io.c	2005-11-19 05:09:36 UTC (rev 2166)
+++ branches/r5rs/sigscheme/io.c	2005-11-19 05:49:27 UTC (rev 2167)
@@ -502,48 +502,36 @@
     return SCM_TRUE;
 }
 
-/* FIXME:
- * - Simplify
- * - Avoid using strcat() and strcpy() to increase security. Use strncat(),
- *   strncpy() or other safe functions instead
- */
 /* TODO: reject relative paths to ensure security */
 static char* create_valid_path(const char *filename)
 {
-    char *c_filename = strdup(filename);
     char *filepath   = NULL;
+    int lib_path_len = 0;
+    int filename_len = 0;
 
-    /* construct filepath */
-    if (scm_lib_path) {
-        /* try absolute path */
-        if (file_existsp(c_filename))
-            return c_filename;
+    /* sanity check */
+    SCM_ASSERT(filename);
 
-        /* use scm_lib_path */
-        filepath = (char*)malloc(strlen(scm_lib_path) + strlen(c_filename) + 2);
-        strcpy(filepath, scm_lib_path);
-        strcat(filepath, "/");
-        strcat(filepath, c_filename);
-        if (file_existsp(filepath)) {
-            free(c_filename);
-            return filepath;
-        }
-    }
+    lib_path_len = scm_lib_path ? strlen(scm_lib_path) : 0;
+    filename_len = strlen(filename);
 
-    /* clear */
-    if (filepath)
-        free(filepath);
+    /* try absolute and relative path */
+    if (file_existsp(filename))
+        return strdup(filename);
 
-    /* fallback */
-    filepath = (char*)malloc(strlen(c_filename) + 1);
-    strcpy(filepath, c_filename);
-    if (file_existsp(filepath)) {
-        free(c_filename);
-        return filepath;
+    /* try under scm_lib_path */
+    if (scm_lib_path) {
+        filepath = (char*)malloc(lib_path_len + 1 + filename_len + 1);
+        snprintf(filepath,
+                 lib_path_len + 1 + filename_len + 1,
+                 "%s/%s",
+                 scm_lib_path,
+                 filename);
+        if (file_existsp(filepath))
+            return filepath;
+        free(filepath);
     }
 
-    free(c_filename);
-    free(filepath);
     return NULL;
 }

More information about the uim-commit mailing list