From: schwarze Date: Sun, 20 Apr 2014 20:17:36 +0000 (+0000) Subject: fix unchecked snprintf(3) in page header printing: X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=a92c1cd8888ad949057db91d5c4abf986a0b60c0;p=openbsd fix unchecked snprintf(3) in page header printing: the length of the title is unknown, and speed doesn't matter here, so use asprintf/free rather than a static buffer --- diff --git a/usr.bin/mandoc/man_html.c b/usr.bin/mandoc/man_html.c index 979b0d54a0d..8df9f91e7b4 100644 --- a/usr.bin/mandoc/man_html.c +++ b/usr.bin/mandoc/man_html.c @@ -1,4 +1,4 @@ -/* $Id: man_html.c,v 1.52 2014/04/20 16:44:44 schwarze Exp $ */ +/* $Id: man_html.c,v 1.53 2014/04/20 20:17:36 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons * Copyright (c) 2013, 2014 Ingo Schwarze @@ -24,6 +24,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "man.h" @@ -296,9 +297,10 @@ a2width(const struct man_node *n, struct roffsu *su) static void man_root_pre(MAN_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; b[0] = 0; if (man->vol) @@ -306,7 +308,7 @@ man_root_pre(MAN_ARGS) assert(man->title); assert(man->msec); - snprintf(title, BUFSIZ - 1, "%s(%s)", man->title, man->msec); + mandoc_asprintf(&title, "%s(%s)", man->title, man->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -337,6 +339,7 @@ man_root_pre(MAN_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + free(title); } static void diff --git a/usr.bin/mandoc/man_term.c b/usr.bin/mandoc/man_term.c index f23ceecde16..92a2b76f473 100644 --- a/usr.bin/mandoc/man_term.c +++ b/usr.bin/mandoc/man_term.c @@ -1,4 +1,4 @@ -/* $Id: man_term.c,v 1.100 2014/04/20 16:44:44 schwarze Exp $ */ +/* $Id: man_term.c,v 1.101 2014/04/20 20:17:36 schwarze Exp $ */ /* * Copyright (c) 2008-2012 Kristaps Dzonsons * Copyright (c) 2010-2014 Ingo Schwarze @@ -24,6 +24,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "man.h" #include "term.h" @@ -1045,9 +1046,9 @@ print_man_nodelist(DECL_ARGS) static void print_man_foot(struct termp *p, const void *arg) { - char title[BUFSIZ]; - size_t datelen; - const struct man_meta *meta; + const struct man_meta *meta; + char *title; + size_t datelen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1067,11 +1068,12 @@ print_man_foot(struct termp *p, const void *arg) if ( ! p->mdocstyle) { term_vspace(p); term_vspace(p); - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", + meta->title, meta->msec); } else if (meta->source) { - strlcpy(title, meta->source, BUFSIZ); + title = mandoc_strdup(meta->source); } else { - title[0] = '\0'; + title = mandoc_strdup(""); } datelen = term_strlen(p, meta->date); @@ -1107,14 +1109,16 @@ print_man_foot(struct termp *p, const void *arg) term_word(p, title); term_flushln(p); + free(title); } static void print_man_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct man_meta *meta; + char buf[BUFSIZ]; + const struct man_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct man_meta *)arg; assert(meta->title); @@ -1128,7 +1132,7 @@ print_man_head(struct termp *p, const void *arg) /* Top left corner: manual title and section. */ - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -1179,4 +1183,5 @@ print_man_head(struct termp *p, const void *arg) term_vspace(p); term_vspace(p); } + free(title); } diff --git a/usr.bin/mandoc/mdoc_html.c b/usr.bin/mandoc/mdoc_html.c index 81ce865e688..5c44f7f650f 100644 --- a/usr.bin/mandoc/mdoc_html.c +++ b/usr.bin/mandoc/mdoc_html.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_html.c,v 1.71 2014/04/20 16:44:44 schwarze Exp $ */ +/* $Id: mdoc_html.c,v 1.72 2014/04/20 20:17:36 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2014 Ingo Schwarze @@ -25,6 +25,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "html.h" #include "mdoc.h" @@ -510,9 +511,10 @@ mdoc_root_post(MDOC_ARGS) static int mdoc_root_pre(MDOC_ARGS) { + char b[BUFSIZ]; struct htmlpair tag[3]; struct tag *t, *tt; - char b[BUFSIZ], title[BUFSIZ]; + char *title; strlcpy(b, meta->vol, BUFSIZ); @@ -522,7 +524,7 @@ mdoc_root_pre(MDOC_ARGS) strlcat(b, ")", BUFSIZ); } - snprintf(title, BUFSIZ - 1, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); PAIR_SUMMARY_INIT(&tag[0], "Document Header"); PAIR_CLASS_INIT(&tag[1], "head"); @@ -553,6 +555,8 @@ mdoc_root_pre(MDOC_ARGS) print_otag(h, TAG_TD, 2, tag); print_text(h, title); print_tagq(h, t); + + free(title); return(1); } diff --git a/usr.bin/mandoc/mdoc_term.c b/usr.bin/mandoc/mdoc_term.c index 256c599e31c..4f7d9d0effe 100644 --- a/usr.bin/mandoc/mdoc_term.c +++ b/usr.bin/mandoc/mdoc_term.c @@ -1,4 +1,4 @@ -/* $Id: mdoc_term.c,v 1.167 2014/04/20 19:39:35 schwarze Exp $ */ +/* $Id: mdoc_term.c,v 1.168 2014/04/20 20:17:36 schwarze Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons * Copyright (c) 2010, 2012, 2013, 2014 Ingo Schwarze @@ -26,6 +26,7 @@ #include #include "mandoc.h" +#include "mandoc_aux.h" #include "out.h" #include "term.h" #include "mdoc.h" @@ -437,9 +438,10 @@ print_mdoc_foot(struct termp *p, const void *arg) static void print_mdoc_head(struct termp *p, const void *arg) { - char buf[BUFSIZ], title[BUFSIZ]; - size_t buflen, titlen; - const struct mdoc_meta *meta; + char buf[BUFSIZ]; + const struct mdoc_meta *meta; + char *title; + size_t buflen, titlen; meta = (const struct mdoc_meta *)arg; @@ -469,7 +471,7 @@ print_mdoc_head(struct termp *p, const void *arg) strlcat(buf, ")", BUFSIZ); } - snprintf(title, BUFSIZ, "%s(%s)", meta->title, meta->msec); + mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec); titlen = term_strlen(p, title); p->flags |= TERMP_NOBREAK | TERMP_NOSPACE; @@ -504,6 +506,7 @@ print_mdoc_head(struct termp *p, const void *arg) p->flags &= ~TERMP_NOSPACE; p->offset = 0; p->rmargin = p->maxrmargin; + free(title); } static size_t