=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/less/filename.c,v retrieving revision 1.1.1.3 retrieving revision 1.1.1.4 diff -c -r1.1.1.3 -r1.1.1.4 *** src/usr.bin/less/filename.c 2011/09/16 17:47:04 1.1.1.3 --- src/usr.bin/less/filename.c 2014/04/25 13:33:46 1.1.1.4 *************** *** 1,11 **** /* ! * Copyright (C) 1984-2011 Mark Nudelman * * You may distribute under the terms of either the GNU General Public * License or the Less License, as specified in the README file. * ! * For more information about less, or for information on how to ! * contact the author, see the README file. */ --- 1,10 ---- /* ! * Copyright (C) 1984-2012 Mark Nudelman * * You may distribute under the terms of either the GNU General Public * License or the Less License, as specified in the README file. * ! * For more information, see the README file. */ *************** *** 207,213 **** /* * Add the escape char. */ ! strcpy(p, esc); p += esclen; } *p++ = *s++; --- 206,212 ---- /* * Add the escape char. */ ! strlcpy(p, esc, newstr + len - p); p += esclen; } *p++ = *s++; *************** *** 228,234 **** { char *pathname; char *qpathname; ! int len; int f; if (dirname == NULL || *dirname == '\0') --- 227,233 ---- { char *pathname; char *qpathname; ! size_t len; int f; if (dirname == NULL || *dirname == '\0') *************** *** 258,263 **** --- 257,263 ---- return (pathname); } + #if USERFILE /* * Return the full pathname of the given file in the "home directory". */ *************** *** 292,298 **** if (res == 0) *pathname = '\0'; else ! strcpy(pathname, res); } #else _searchenv(filename, "PATH", pathname); --- 292,298 ---- if (res == 0) *pathname = '\0'; else ! strlcpy(pathname, res, _MAX_PATH); } #else _searchenv(filename, "PATH", pathname); *************** *** 303,308 **** --- 303,309 ---- #endif return (NULL); } + #endif /* USERFILE */ /* * Expand a string, substituting any "%" with the current filename, *************** *** 386,392 **** *to++ = *fr; else { ! strcpy(to, get_filename(ifile)); to += strlen(to); } } --- 387,394 ---- *to++ = *fr; else { ! strlcpy(to, get_filename(ifile), ! e + n + 1 - to); to += strlen(to); } } *************** *** 413,418 **** --- 415,421 ---- { char *fpat; char *qs; + size_t len; if (secure) return (NULL); *************** *** 429,435 **** */ { char *slash; - int len; for (slash = s+strlen(s)-1; slash > s; slash--) if (*slash == *PATHNAME_SEP || *slash == '/') break; --- 432,437 ---- *************** *** 442,448 **** } #else { ! int len = strlen(s) + 2; fpat = (char *) ecalloc(len, sizeof(char)); SNPRINTF1(fpat, len, "%s*", s); } --- 444,450 ---- } #else { ! len = strlen(s) + 2; fpat = (char *) ecalloc(len, sizeof(char)); SNPRINTF1(fpat, len, "%s*", s); } *************** *** 548,554 **** len *= 2; *p = '\0'; p = (char *) ecalloc(len, sizeof(char)); ! strcpy(p, buf); free(buf); buf = p; p = buf + strlen(buf); --- 550,556 ---- len *= 2; *p = '\0'; p = (char *) ecalloc(len, sizeof(char)); ! strlcpy(p, buf, len); free(buf); buf = p; p = buf + strlen(buf); *************** *** 594,600 **** fd = popen(cmd, "r"); } else { ! int len = strlen(shell) + strlen(esccmd) + 5; scmd = (char *) ecalloc(len, sizeof(char)); SNPRINTF3(scmd, len, "%s %s %s", shell, shell_coption(), esccmd); free(esccmd); --- 596,602 ---- fd = popen(cmd, "r"); } else { ! size_t len = strlen(shell) + strlen(esccmd) + 5; scmd = (char *) ecalloc(len, sizeof(char)); SNPRINTF3(scmd, len, "%s %s %s", shell, shell_coption(), esccmd); free(esccmd); *************** *** 617,622 **** --- 619,625 ---- #endif /* HAVE_POPEN */ + #if !SMALL /* * Expand a filename, doing any system-specific metacharacter substitutions. */ *************** *** 666,679 **** qfilename = shell_quote(p); if (qfilename != NULL) { ! sprintf(gfilename + strlen(gfilename), "%s ", qfilename); free(qfilename); } } /* * Overwrite the final trailing space with a null terminator. */ ! *--p = '\0'; GLOB_LIST_DONE(list); } #else --- 669,684 ---- qfilename = shell_quote(p); if (qfilename != NULL) { ! snprintf(gfilename + strlen(gfilename), ! length - strlen(gfilename), "%s ", qfilename); free(qfilename); } } /* * Overwrite the final trailing space with a null terminator. */ ! if (gfilename[0] != '\0' && gfilename[strlen(gfilename) - 1] == ' ') ! gfilename[strlen(gfilename) - 1] = '\0'; GLOB_LIST_DONE(list); } #else *************** *** 719,730 **** len *= 2; *p = '\0'; p = (char *) ecalloc(len, sizeof(char)); ! strcpy(p, gfilename); free(gfilename); gfilename = p; p = gfilename + strlen(gfilename); } ! strcpy(p, qpathname); free(qpathname); p += n; *p++ = ' '; --- 724,735 ---- len *= 2; *p = '\0'; p = (char *) ecalloc(len, sizeof(char)); ! strlcpy(p, gfilename, len); free(gfilename); gfilename = p; p = gfilename + strlen(gfilename); } ! strlcpy(p, qpathname, gfilename + len - p); free(qpathname); p += n; *p++ = ' '; *************** *** 749,755 **** char *lessecho; char *cmd; char *esc; ! int len; esc = get_meta_escape(); if (strlen(esc) == 0) --- 754,760 ---- char *lessecho; char *cmd; char *esc; ! size_t len; esc = get_meta_escape(); if (strlen(esc) == 0) *************** *** 771,778 **** SNPRINTF4(cmd, len, "%s -p0x%x -d0x%x -e%s ", lessecho, openquote, closequote, esc); free(esc); for (s = metachars(); *s != '\0'; s++) ! sprintf(cmd + strlen(cmd), "-n0x%x ", *s); ! sprintf(cmd + strlen(cmd), "-- %s", ofilename); fd = shellcmd(cmd); free(cmd); if (fd == NULL) --- 776,783 ---- SNPRINTF4(cmd, len, "%s -p0x%x -d0x%x -e%s ", lessecho, openquote, closequote, esc); free(esc); for (s = metachars(); *s != '\0'; s++) ! snprintf(cmd + strlen(cmd), len - strlen(cmd), "-n0x%x ", *s); ! snprintf(cmd + strlen(cmd), len - strlen(cmd), "-- %s", ofilename); fd = shellcmd(cmd); free(cmd); if (fd == NULL) *************** *** 805,812 **** --- 810,839 ---- free(ofilename); return (gfilename); } + #endif /* !SMALL */ /* + * Return number of %s escapes in a string. + * Return a large number if there are any other % escapes besides %s. + */ + static int + num_pct_s(lessopen) + char *lessopen; + { + int num; + + for (num = 0;; num++) + { + lessopen = strchr(lessopen, '%'); + if (lessopen == NULL) + break; + if (*++lessopen != 's') + return (999); + } + return (num); + } + + /* * See if we should open a "replacement file" * instead of the file we're about to open. */ *************** *** 821,827 **** #else char *lessopen; char *cmd; ! int len; FILE *fd; #if HAVE_FILENO int returnfd = 0; --- 848,854 ---- #else char *lessopen; char *cmd; ! size_t len; FILE *fd; #if HAVE_FILENO int returnfd = 0; *************** *** 832,838 **** ch_ungetchar(-1); if ((lessopen = lgetenv("LESSOPEN")) == NULL) return (NULL); ! if (*lessopen == '|') { /* * If LESSOPEN starts with a |, it indicates --- 859,865 ---- ch_ungetchar(-1); if ((lessopen = lgetenv("LESSOPEN")) == NULL) return (NULL); ! while (*lessopen == '|') { /* * If LESSOPEN starts with a |, it indicates *************** *** 843,849 **** return (NULL); #else lessopen++; ! returnfd = 1; #endif } if (*lessopen == '-') { --- 870,876 ---- return (NULL); #else lessopen++; ! returnfd++; #endif } if (*lessopen == '-') { *************** *** 855,860 **** --- 882,892 ---- if (strcmp(filename, "-") == 0) return (NULL); } + if (num_pct_s(lessopen) > 1) + { + error("Invalid LESSOPEN variable", NULL_PARG); + return (NULL); + } len = strlen(lessopen) + strlen(filename) + 2; cmd = (char *) ecalloc(len, sizeof(char)); *************** *** 883,891 **** if (read(f, &c, 1) != 1) { /* ! * Pipe is empty. This means there is no alt file. */ ! pclose(fd); return (NULL); } ch_ungetchar(c); --- 915,932 ---- if (read(f, &c, 1) != 1) { /* ! * Pipe is empty. ! * If more than 1 pipe char was specified, ! * the exit status tells whether the file itself ! * is empty, or if there is no alt file. ! * If only one pipe char, just assume no alt file. */ ! int status = pclose(fd); ! if (returnfd > 1 && status == 0) { ! *pfd = NULL; ! *pf = -1; ! return (save(FAKE_EMPTYFILE)); ! } return (NULL); } ch_ungetchar(c); *************** *** 918,924 **** char *lessclose; FILE *fd; char *cmd; ! int len; if (secure) return; --- 959,965 ---- char *lessclose; FILE *fd; char *cmd; ! size_t len; if (secure) return; *************** *** 935,940 **** --- 976,986 ---- } if ((lessclose = lgetenv("LESSCLOSE")) == NULL) return; + if (num_pct_s(lessclose) > 2) + { + error("Invalid LESSCLOSE variable"); + return; + } len = strlen(lessclose) + strlen(filename) + strlen(altfilename) + 2; cmd = (char *) ecalloc(len, sizeof(char)); SNPRINTF2(cmd, len, lessclose, filename, altfilename); *************** *** 989,1004 **** char *filename; { register char *m = NULL; filename = shell_unquote(filename); if (!force_open && is_dir(filename)) { static char is_a_dir[] = " is a directory"; ! m = (char *) ecalloc(strlen(filename) + sizeof(is_a_dir), ! sizeof(char)); ! strcpy(m, filename); ! strcat(m, is_a_dir); } else { #if HAVE_STAT --- 1035,1051 ---- char *filename; { register char *m = NULL; + size_t len; filename = shell_unquote(filename); if (!force_open && is_dir(filename)) { static char is_a_dir[] = " is a directory"; ! len = strlen(filename) + sizeof(is_a_dir); ! m = (char *) ecalloc(len, sizeof(char)); ! strlcpy(m, filename, len); ! strlcat(m, is_a_dir, len); } else { #if HAVE_STAT *************** *** 1015,1024 **** } else if (!S_ISREG(statbuf.st_mode)) { static char not_reg[] = " is not a regular file (use -f to see it)"; ! m = (char *) ecalloc(strlen(filename) + sizeof(not_reg), ! sizeof(char)); ! strcpy(m, filename); ! strcat(m, not_reg); } #endif } --- 1062,1071 ---- } else if (!S_ISREG(statbuf.st_mode)) { static char not_reg[] = " is not a regular file (use -f to see it)"; ! len = strlen(filename) + sizeof(not_reg); ! m = (char *) ecalloc(len, sizeof(char)); ! strlcpy(m, filename, len); ! strlcat(m, not_reg, len); } #endif }