[uim-commit] r1556 - branches/r5rs/sigscheme
yamaken at freedesktop.org
yamaken at freedesktop.org
Fri Sep 23 06:38:08 PDT 2005
Author: yamaken
Date: 2005-09-23 06:38:03 -0700 (Fri, 23 Sep 2005)
New Revision: 1556
Modified:
branches/r5rs/sigscheme/io.c
branches/r5rs/sigscheme/read.c
Log:
* sigscheme/read.c
- (read_word, read_char_sequence): Simplify with strdup()
* sigscheme/io.c
- (create_valid_path): Add FIXME comments
Modified: branches/r5rs/sigscheme/io.c
===================================================================
--- branches/r5rs/sigscheme/io.c 2005-09-23 13:10:20 UTC (rev 1555)
+++ branches/r5rs/sigscheme/io.c 2005-09-23 13:38:03 UTC (rev 1556)
@@ -463,6 +463,11 @@
return SCM_TRUE;
}
+/* FIXME:
+ * - Simplify
+ * - Avoid using strcat() and strcpy() to increase security. Use strncat(),
+ * strncpy() or other safe functions instead
+ */
/* TODO: reject relative paths to ensure security */
static char* create_valid_path(const char *filename)
{
Modified: branches/r5rs/sigscheme/read.c
===================================================================
--- branches/r5rs/sigscheme/read.c 2005-09-23 13:10:20 UTC (rev 1555)
+++ branches/r5rs/sigscheme/read.c 2005-09-23 13:38:03 UTC (rev 1556)
@@ -458,8 +458,7 @@
case '\n': case '\t': case '\"': case '\'':
SCM_PORT_UNGETC(port, c);
stringbuf[stringlen] = '\0';
- dst = (char *)malloc(strlen(stringbuf) + 1);
- strcpy(dst, stringbuf);
+ dst = strdup(stringbuf);
return dst;
default:
@@ -500,8 +499,7 @@
/* return buf */
SCM_PORT_UNGETC(port, c);
stringbuf[stringlen] = '\0';
- dst = (char *)malloc(strlen(stringbuf) + 1);
- strcpy(dst, stringbuf);
+ dst = strdup(stringbuf);
return dst;
default:
More information about the uim-commit
mailing list