[Mplayer-cvslog] CVS: main/libmpdemux cue_read.c,1.6,1.7

Diego Biurrun CVS syncmail at mplayerhq.hu
Fri Jun 25 18:49:54 CEST 2004


CVS change done by Diego Biurrun CVS

Update of /cvsroot/mplayer/main/libmpdemux
In directory mail:/var2/tmp/cvs-serv17907/libmpdemux

Modified Files:
	cue_read.c 
Log Message:
string handling security fixes
patch by Nicholas Kain, Alexander Strasser <eclipse7 at gmx.net>
reviewed by Pontscho, Alex, Rich


Index: cue_read.c
===================================================================
RCS file: /cvsroot/mplayer/main/libmpdemux/cue_read.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- cue_read.c	4 Oct 2003 17:29:00 -0000	1.6
+++ cue_read.c	25 Jun 2004 16:49:51 -0000	1.7
@@ -135,6 +135,10 @@
 
 
 
+/* FIXME: the string operations ( strcpy,strcat ) below depend
+ * on the arrays to have the same size, thus we need to make
+ * sure the sizes are in sync.
+ */
 int cue_find_bin (char *firstline) {
   int i,j;
   char s[256];
@@ -178,7 +182,7 @@
            bin_filename);
 
     /* now try to find it with the path of the cue file */
-    sprintf(s,"%s/%s",bincue_path, bin_filename);
+    snprintf(s,sizeof( s ),"%s/%s",bincue_path,bin_filename);
     fd_bin = open (s, O_RDONLY);
     if (fd_bin == -1)
     {
@@ -195,7 +199,7 @@
                "[bincue] bin filename tested: %s\n", s);
 
         /* ok try it with path */
-        sprintf(t,"%s/%s",bincue_path, s);
+        snprintf(t, sizeof( t ), "%s/%s", bincue_path, s);
         fd_bin = open (t, O_RDONLY);
         if (fd_bin == -1)
         {
@@ -211,7 +215,7 @@
             mp_msg(MSGT_OPEN,MSGL_STATUS,
                    "[bincue] bin filename tested: %s \n", s);
             /* ok try it with path */
-            sprintf(t,"%s/%s",bincue_path, s);
+            snprintf(t, sizeof( t ), "%s/%s", bincue_path, s);
             fd_bin = open (t, O_RDONLY);
             if (fd_bin == -1)
             {
@@ -299,15 +303,16 @@
        strcpy(t, "/");
   }
   printf ("dirname: %s\n", t);
-  strcpy(bincue_path,t);
+  strlcpy(bincue_path,t,sizeof( bincue_path ));
 
 
   /* no path at all? */
   if (strcmp(bincue_path, ".") == 0) {
     printf ("bincue_path: %s\n", bincue_path);
-    strcpy(cue_filename,in_cue_filename);
+    strlcpy(cue_filename,in_cue_filename,sizeof( cue_filename ));
   } else {
-    strcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1);
+    strlcpy(cue_filename,in_cue_filename + strlen(bincue_path) + 1,
+            sizeof( cue_filename ));
   }
 
 




More information about the MPlayer-cvslog mailing list