projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #1776 from aTanW/master
[feed/packages.git] / utils / sane-backends / patches / 070-sane-backends-1.0.24-format-security.patch
1 http://pkgs.fedoraproject.org/cgit/sane-backends.git/plain/sane-backends-1.0.24-format-security.patch
2
3 From d1c0b7d119bb9dd2c51143b44cc86a369f453746 Mon Sep 17 00:00:00 2001
4 From: Nils Philippsen <nils@redhat.com>
5 Date: Wed, 4 Dec 2013 15:21:19 +0100
6 Subject: [PATCH] patch: format-security
7
8 Squashed commit of the following:
9
10 commit 19e071b9f6d477462a0f4afbbd17acd15268ddfa
11 Author: Nils Philippsen <nils@redhat.com>
12 Date: Wed Dec 4 15:04:12 2013 +0100
13
14 avoid using string formats insecurely with "-f"
15
16 In the process, simplify processing the device list format: don't copy
17 the format string for writing \0 into it, just iterate over chunks in
18 the original string.
19
20 (cherry picked from commit 8082a42ec4f3b3cf2cffc30a45dda5fc41d55576)
21 ---
22 frontend/scanimage.c | 52 ++++++++++++++++++++--------------------------------
23 1 file changed, 20 insertions(+), 32 deletions(-)
24
25 diff --git a/frontend/scanimage.c b/frontend/scanimage.c
26 index d41c849..9e1bcfb 100644
27 --- a/frontend/scanimage.c
28 +++ b/frontend/scanimage.c
29 @@ -1826,23 +1826,16 @@ main (int argc, char **argv)
30 else
31 {
32 int i = 0, int_arg = 0;
33 - char *percent, *start, *fmt;
34 + const char *percent, *start;
35 const char *text_arg = 0;
36 - char cc, ftype;
37 -
38 - fmt = malloc (strlen (optarg) + 1);
39 - if (fmt == 0)
40 - {
41 - fprintf (stderr, "%s: not enough memory\n", prog_name);
42 - exit (1);
43 - }
44 + char ftype;
45
46 for (i = 0; device_list[i]; ++i)
47 {
48 - strcpy (fmt, optarg);
49 - start = fmt;
50 + start = optarg;
51 while (*start && (percent = strchr (start, '%')))
52 {
53 + int start_len = percent - start;
54 percent++;
55 if (*percent)
56 {
57 @@ -1850,19 +1843,19 @@ main (int argc, char **argv)
58 {
59 case 'd':
60 text_arg = device_list[i]->name;
61 - ftype = *percent = 's';
62 + ftype = 's';
63 break;
64 case 'v':
65 text_arg = device_list[i]->vendor;
66 - ftype = *percent = 's';
67 + ftype = 's';
68 break;
69 case 'm':
70 text_arg = device_list[i]->model;
71 - ftype = *percent = 's';
72 + ftype = 's';
73 break;
74 case 't':
75 text_arg = device_list[i]->type;
76 - ftype = *percent = 's';
77 + ftype = 's';
78 break;
79 case 'i':
80 int_arg = i;
81 @@ -1870,45 +1863,40 @@ main (int argc, char **argv)
82 break;
83 case 'n':
84 text_arg = "\n";
85 - ftype = *percent = 's';
86 + ftype = 's';
87 break;
88 case '%':
89 - ftype = 0;
90 + text_arg = "%";
91 + ftype = 's';
92 break;
93 default:
94 fprintf (stderr,
95 "%s: unknown format specifier %%%c\n",
96 prog_name, *percent);
97 - *percent = '%';
98 - ftype = 0;
99 + text_arg = "%";
100 + ftype = 's';
101 }
102 - percent++;
103 - cc = *percent;
104 - *percent = 0;
105 + printf ("%.*s", start_len, start);
106 switch (ftype)
107 {
108 case 's':
109 - printf (start, text_arg);
110 + printf ("%s", text_arg);
111 break;
112 case 'i':
113 - printf (start, int_arg);
114 - break;
115 - case 0:
116 - printf (start);
117 + printf ("%i", int_arg);
118 break;
119 }
120 - *percent = cc;
121 - start = percent;
122 + start = percent + 1;
123 }
124 else
125 {
126 - /* last char of the string is a '%', suppress it */
127 - *start = 0;
128 + /* last char of the string is a '%', ignore it */
129 + start++;
130 break;
131 }
132 }
133 if (*start)
134 - printf (start);
135 + printf ("%s", start);
136 }
137 }
138 if (i == 0 && ch != 'f')
139 --
140 1.8.4.2
141
Mirror of packages feed