NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/45633: Improper string handling in cnmagic.c
The following reply was made to PR kern/45633; it has been noted by GNATS.
From: Christian Biere <christianbiere%gmx.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: kern/45633: Improper string handling in cnmagic.c
Date: Sat, 19 Nov 2011 13:39:38 +0100
This is a multi-part message in MIME format.
--Multipart=_Sat__19_Nov_2011_13_39_38_+0100_kbNCZFi0ZSMa+YW2
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I propose the following changes.
See attached unified diff.
--
Christian Biere
--Multipart=_Sat__19_Nov_2011_13_39_38_+0100_kbNCZFi0ZSMa+YW2
Content-Type: text/plain;
name="cnmagic.c.udif"
Content-Disposition: attachment;
filename="cnmagic.c.udif"
Content-Transfer-Encoding: quoted-printable
--- cnmagic.c.orig 2011-11-19 11:44:13.312079005 +0100
+++ cnmagic.c 2011-11-19 13:17:31.542080915 +0100
@@ -68,26 +68,23 @@
=20
for (i =3D 0; i < CNS_LEN; i++) {
c =3D (*magic++) & 0xff;
- n =3D *magic ? i+1 : CNS_TERM;
switch (c) {
case 0:
/* End of string */
if (i =3D=3D 0) {
/* empty string? */
- cn_magic[0] =3D 0;
#ifdef DEBUG
printf("cn_set_magic(): empty!\n");
#endif
- return (0);
}
- do {
+ cn_magic[i] =3D 0;
+ while (i--) {
cn_magic[i] =3D m[i];
- } while (i--);
+ }
return(0);
case 0x27:
/* Escape sequence */
c =3D (*magic++) & 0xff;
- n =3D *magic ? i+1 : CNS_TERM;
switch (c) {
case 0x27:
break;
@@ -103,6 +100,7 @@
/* FALLTHROUGH */
default:
/* Transition to the next state. */
+ n =3D *magic ? i+1 : CNS_TERM;
#ifdef DEBUG
if (!cold)
aprint_normal("mag %d %x:%x\n", i, c, n);
@@ -121,36 +119,51 @@
int
cn_get_magic(char *magic, size_t maglen)
{
- size_t i, c;
+ size_t i, n =3D 0;
+
+#define ADD_CHAR(x) \
+do { \
+ if (n < maglen) \
+ magic[n++] =3D (x); \
+ else \
+ goto error; \
+} while (0)=20
+
+ for (i =3D 0; i < CNS_LEN; /* empty */) {
+ unsigned short c =3D cn_magic[i];
+ i =3D CNS_MAGIC_NEXT(c);
+ if (i =3D=3D 0)
+ goto finish;
=20
- for (i =3D 0; i < CNS_LEN;) {
- c =3D cn_magic[i];
/* Translate a character */
switch (CNS_MAGIC_VAL(c)) {
case CNC_BREAK:
- *magic++ =3D 0x27;
- *magic++ =3D 0x01;
+ ADD_CHAR(0x27);
+ ADD_CHAR(0x01);
break;
case 0:
- *magic++ =3D 0x27;
- *magic++ =3D 0x02;
+ ADD_CHAR(0x27);
+ ADD_CHAR(0x02);
break;
case 0x27:
- *magic++ =3D 0x27;
- *magic++ =3D 0x27;
+ ADD_CHAR(0x27);
+ ADD_CHAR(0x27);
break;
default:
- *magic++ =3D (c & 0x0ff);
+ ADD_CHAR(c & 0x0ff);
break;
}
/* Now go to the next state */
- i =3D CNS_MAGIC_NEXT(c);
- if (i =3D=3D CNS_TERM || i =3D=3D 0) {
- /* Either termination state or empty machine */
- *magic++ =3D 0;
- return (0);
- }
+ if (i =3D=3D CNS_TERM)
+ goto finish;
}
+
+error:
return (EINVAL);
+
+finish:
+ /* Either termination state or empty machine */
+ ADD_CHAR('\0');
+ return (0);
}
=20
--Multipart=_Sat__19_Nov_2011_13_39_38_+0100_kbNCZFi0ZSMa+YW2--
Home |
Main Index |
Thread Index |
Old Index