[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 2/2] Be more careful in guarding against pathological "begin" lin
From: |
Filipe Brandenburger |
Subject: |
[PATCH 2/2] Be more careful in guarding against pathological "begin" lines |
Date: |
Fri, 22 May 2015 08:50:05 -0700 |
From: Bruce Korb <address@hidden>
---
ChangeLog | 5 +++++
src/uudecode.c | 29 ++++++++++++++++++++---------
2 files changed, 25 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 13bf58b448f0..8434437572a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-05-21 Bruce Korb <address@hidden>
+
+ * src/uudecode.c (decode): be more careful in guarding against
+ pathological "begin" lines
+
2015-05-20 Filipe Brandenburger <address@hidden>
Bruce Korb <address@hidden>
Paul Eggert <address@hidden>
diff --git a/src/uudecode.c b/src/uudecode.c
index fa214d3d3a13..0621c9992de4 100644
--- a/src/uudecode.c
+++ b/src/uudecode.c
@@ -63,6 +63,9 @@ static char const cright_years_z[] =
#ifndef _
# define _(str) (str)
#endif
+#ifndef NL
+#define NL '\n'
+#endif
/*=====================================================================\
| uudecode [FILE ...] |
@@ -157,11 +160,11 @@ read_stduu (char const * inname, char const * outname)
if (buf[0] != 'e') break;
if (buf[1] != 'n') break;
if (buf[2] != 'd') break;
- if (buf[3] == '\n')
+ if (buf[3] == NL)
return UUDECODE_EXIT_SUCCESS;
if (buf[3] != '\r') break;
- if (buf[4] == '\n')
+ if (buf[4] == NL)
return UUDECODE_EXIT_SUCCESS;
} while (0);
@@ -384,14 +387,25 @@ decode (char const * inname)
_("%s: Invalid or missing 'begin' line\n"), inname);
}
+ if (strchr (buf, NL) == NULL)
+ goto bad_beginning;
+
if (strncmp (buf, "begin", 5) == 0)
{
char * scan = buf+5;
- if (*scan == '-')
+
+ check_begin_option:
+
+ switch (*scan) {
+ default:
+ goto bad_beginning;
+ case ' ':
+ break;
+ case '-':
{
static char const base64[] = "ase64";
static char const encoded[] = "encoded";
- check_begin_option:
+
if (*++scan == 'b')
{
if (strncmp (scan+1, base64, sizeof (base64) - 1) != 0)
@@ -411,12 +425,9 @@ decode (char const * inname)
scan += sizeof (encoded) - 1; /* 'e' is included */
}
- switch (*scan) {
- case ' ': break; /* no more begin options */
- case '-': goto check_begin_option;
- default: goto bad_beginning;
- }
+ goto check_begin_option;
}
+ }
if (sscanf (scan, " %o %[^\n]", &mode, buf) == 2)
break;
--
2.2.0.rc0.207.ga3a616c
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, (continued)
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Eli Zaretskii, 2015/05/21
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Bruce Korb, 2015/05/21
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Filipe Brandenburger, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Eli Zaretskii, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Andreas Schwab, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Bruce Korb, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Filipe Brandenburger, 2015/05/22
- [PATCH 1/2] Use O_BINARY to detect whether to pass "rb" to popen, Filipe Brandenburger, 2015/05/22
- [PATCH 2/2] Be more careful in guarding against pathological "begin" lines,
Filipe Brandenburger <=
- Re: [PATCH 1/2] Use O_BINARY to detect whether to pass "rb" to popen, cowan, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Bruce Korb, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Filipe Brandenburger, 2015/05/22
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Bruce Korb, 2015/05/23
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Filipe Brandenburger, 2015/05/29
- Re: [PATCH] Use O_BINARY to detect whether to pass "rb" to popen, Bruce Korb, 2015/05/29
- Re: [PATCH 0/4] Cross compiling sharutils, Eric Blake, 2015/05/21
- Re: [PATCH 0/4] Cross compiling sharutils, Eli Zaretskii, 2015/05/21
- Re: [PATCH 0/4] Cross compiling sharutils, Filipe Brandenburger, 2015/05/22
- Re: [PATCH 0/4] Cross compiling sharutils, Eli Zaretskii, 2015/05/22