extern/boxes
1
0
Fork 0
mirror of https://github.com/ascii-boxes/boxes.git synced 2025-01-22 05:38:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Hopefully fixed a potential buffer overrun problem in regsub()

Browse Source
This commit is contained in:
Thomas Jensen 1999-04-05 19:39:27 +00:00
parent 9a0829d1e5
commit c4d3a2e821
1 changed files with 30 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/regexp/regsub.c
View File

@ -3,7 +3,7 @@
* Date created: Copyright (c) 1986 by University of Toronto. * Date created: Copyright (c) 1986 by University of Toronto.
* Author: Henry Spencer. * Author: Henry Spencer.
* Extensions and modifications by Thomas Jensen * Extensions and modifications by Thomas Jensen
* Version: $Id$ * Version: $Id: regsub.c,v 1.1 1999/04/04 16:14:46 tsjensen Exp tsjensen $
* Language: K&R C (traditional) * Language: K&R C (traditional)
* World Wide Web: http://home.pages.de/~jensen/boxes/ * World Wide Web: http://home.pages.de/~jensen/boxes/
* Purpose: Perform substitutions after a regexp match * Purpose: Perform substitutions after a regexp match
@ -23,7 +23,10 @@
* original software. * original software.
* Revision History: * Revision History:
* *
* $Log$ * $Log: regsub.c,v $
* Revision 1.1 1999/04/04 16:14:46 tsjensen
* Initial revision
*
* *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*/ */
@ -32,6 +35,10 @@
#include <regexp.h> #include <regexp.h>
#include "regmagic.h" #include "regmagic.h"
#ident "$Id"
#ifndef CHARBITS #ifndef CHARBITS
#define UCHARAT(p) ((int)*(unsigned char *)(p)) #define UCHARAT(p) ((int)*(unsigned char *)(p))
#else #else
@ -39,8 +46,6 @@
#endif #endif
/* FIXME I think regsub will crash if the generated text *
* does not fit into buf. No boundary checks performed. */
/* /*
- regsub - perform substitutions after a regexp match - regsub - perform substitutions after a regexp match
@ -57,6 +62,7 @@ regsub (prog, source, dest, dest_size)
register char c; register char c;
register int no; register int no;
register int len; register int len;
size_t fill; /* current number of chars in dest */
extern char *strncpy(); extern char *strncpy();
if (prog == NULL || source == NULL || dest == NULL) { if (prog == NULL || source == NULL || dest == NULL) {
@ -70,6 +76,7 @@ regsub (prog, source, dest, dest_size)
src = source; src = source;
dst = dest; dst = dest;
fill = 0;
while ((c = *src++) != '\0') { while ((c = *src++) != '\0') {
if (c == '&') if (c == '&')
@ -83,19 +90,32 @@ regsub (prog, source, dest, dest_size)
if (c == '\\' && (*src == '\\' || *src == '&')) if (c == '\\' && (*src == '\\' || *src == '&'))
c = *src++; c = *src++;
*dst++ = c; *dst++ = c;
++fill;
} else if (prog->startp[no] != NULL && prog->endp[no] != NULL) { } else if (prog->startp[no] != NULL && prog->endp[no] != NULL) {
len = prog->endp[no] - prog->startp[no]; len = prog->endp[no] - prog->startp[no];
(void) strncpy(dst, prog->startp[no], len); if (len < dest_size-fill) {
dst += len; (void) strncpy(dst, prog->startp[no], len);
if (len != 0 && *(dst-1) == '\0') { /* strncpy hit NUL. */ dst += len;
regerror("damaged match string"); fill += len;
return strlen (dest); if (len != 0 && *(dst-1) == '\0') { /* strncpy hit NUL. */
regerror("damaged match string");
return fill;
}
} }
else {
(void) strncpy (dst, prog->startp[no], dest_size-fill);
dest[dest_size-1] = '\0';
return dest_size-1;
}
}
if (fill >= dest_size) {
dest[dest_size-1] = '\0';
return dest_size-1;
} }
} }
*dst++ = '\0'; *dst++ = '\0';
return strlen (dest); return fill;
} }