aboutsummaryrefslogtreecommitdiff
path: root/libX11/modules/im/ximcp/imLcPrs.c
diff options
context:
space:
mode:
authormarha <marha@users.sourceforge.net>2013-06-04 09:07:26 +0200
committermarha <marha@users.sourceforge.net>2013-06-04 09:48:59 +0200
commitfd2b28971a2afbf54b6cb641aa6a2d5e940a1450 (patch)
tree1b103a8b2114125ffa8d79827d931aba3744a0d2 /libX11/modules/im/ximcp/imLcPrs.c
parent62a1ce0583cf41c173f4edb91511430b552e04da (diff)
downloadvcxsrv-fd2b28971a2afbf54b6cb641aa6a2d5e940a1450.tar.gz
vcxsrv-fd2b28971a2afbf54b6cb641aa6a2d5e940a1450.tar.bz2
vcxsrv-fd2b28971a2afbf54b6cb641aa6a2d5e940a1450.zip
xwininfo fontconfig libX11 libXau libXdmcp libXext mesa libXinerama libxcb libxcb/xcb-proto libfontenc pixman xkbcomp mkfontscale xkeyboard-config git update 4 Jun 2013
xserver commit c21344add2fc589df83b29be5831c36a372201bd libxcb commit 9ae84ad187e2ba440c40f44b8eb21c82c2fdbf12 libxcb/xcb-proto commit bdfedfa57a13ff805580cfacafc70f9cc55df363 xkeyboard-config commit dad9ade4e83d1ef5a517fcc4cc9ad3a79b47acce libX11 commit 8496122eb00ce6cd5d2308ee54f64b68c378e455 libXdmcp commit 0b443c1b769b9c9a3b45b4252afe07e18b709ff4 libXext commit d8366afbb0d2e4fbb1e419b1187f490522270bea libfontenc commit 3acba630d8b57084f7e92c15732408711ed5137a libXinerama commit 6e1d1dc328ba8162bba2f4694e7f3c706a1491ff libXau commit 899790011304c4029e15abf410e49ce7cec17e0a xkbcomp commit ed582f4fccd4e23abcfba8b3b03649fea6414f44 pixman commit 2acfac5f8e097ee2ae225d986f981b55d65dd152 mkfontscale commit 19e2cb7c6a3ec2c5b1bc0d24866fa685eef0ee13 xwininfo commit ba0d1b0da21d2dbdd81098ed5778f3792b472e13 fontconfig commit cd9b1033a68816a7acfbba1718ba0aa5888f6ec7 mesa commit 7bafd88c153e395274b632e7eae4bc9fc3aec1d2
Diffstat (limited to 'libX11/modules/im/ximcp/imLcPrs.c')
-rw-r--r--libX11/modules/im/ximcp/imLcPrs.c68
1 files changed, 54 insertions, 14 deletions
diff --git a/libX11/modules/im/ximcp/imLcPrs.c b/libX11/modules/im/ximcp/imLcPrs.c
index 4e54385b5..f3627a0d1 100644
--- a/libX11/modules/im/ximcp/imLcPrs.c
+++ b/libX11/modules/im/ximcp/imLcPrs.c
@@ -41,6 +41,8 @@ OR PERFORMANCE OF THIS SOFTWARE.
#include "Ximint.h"
#include <sys/stat.h>
#include <stdio.h>
+#include <limits.h>
+#include "pathmax.h"
#define XLC_BUFSIZE 256
@@ -56,6 +58,8 @@ extern int _Xmbstoutf8(
int len
);
+static void parsestringfile(FILE *fp, Xim im, int depth);
+
/*
* Parsing File Format:
*
@@ -304,9 +308,9 @@ static char*
TransFileName(Xim im, char *name)
{
char *home = NULL, *lcCompose = NULL;
- char dir[XLC_BUFSIZE];
- char *i = name, *ret, *j;
- int l = 0;
+ char dir[XLC_BUFSIZE] = "";
+ char *i = name, *ret = NULL, *j;
+ size_t l = 0;
while (*i) {
if (*i == '%') {
@@ -316,30 +320,51 @@ TransFileName(Xim im, char *name)
l++;
break;
case 'H':
- home = getenv("HOME");
- if (home)
- l += strlen(home);
+ if (home == NULL)
+ home = getenv("HOME");
+ if (home) {
+ size_t Hsize = strlen(home);
+ if (Hsize > PATH_MAX)
+ /* your home directory length is ridiculous */
+ goto end;
+ l += Hsize;
+ }
break;
case 'L':
if (lcCompose == NULL)
lcCompose = _XlcFileName(im->core.lcd, COMPOSE_FILE);
- if (lcCompose)
- l += strlen(lcCompose);
+ if (lcCompose) {
+ size_t Lsize = strlen(lcCompose);
+ if (Lsize > PATH_MAX)
+ /* your compose pathname length is ridiculous */
+ goto end;
+ l += Lsize;
+ }
break;
case 'S':
- xlocaledir(dir, XLC_BUFSIZE);
- l += strlen(dir);
+ if (dir[0] == '\0')
+ xlocaledir(dir, XLC_BUFSIZE);
+ if (dir[0]) {
+ size_t Ssize = strlen(dir);
+ if (Ssize > PATH_MAX)
+ /* your locale directory path length is ridiculous */
+ goto end;
+ l += Ssize;
+ }
break;
}
} else {
l++;
}
i++;
+ if (l > PATH_MAX)
+ /* your expanded path length is ridiculous */
+ goto end;
}
j = ret = Xmalloc(l+1);
if (ret == NULL)
- return ret;
+ goto end;
i = name;
while (*i) {
if (*i == '%') {
@@ -371,6 +396,7 @@ TransFileName(Xim im, char *name)
}
}
*j = '\0';
+end:
Xfree(lcCompose);
return ret;
}
@@ -423,7 +449,8 @@ static int
parseline(
FILE *fp,
Xim im,
- char* tokenbuf)
+ char* tokenbuf,
+ int depth)
{
int token;
DTModifier modifier_mask;
@@ -470,11 +497,13 @@ parseline(
goto error;
if ((filename = TransFileName(im, tokenbuf)) == NULL)
goto error;
+ if (++depth > 100)
+ goto error;
infp = _XFopenFile(filename, "r");
Xfree(filename);
if (infp == NULL)
goto error;
- _XimParseStringFile(infp, im);
+ parsestringfile(infp, im, depth);
fclose(infp);
return (0);
} else if ((token == KEY) && (strcmp("None", tokenbuf) == 0)) {
@@ -668,17 +697,28 @@ _XimParseStringFile(
FILE *fp,
Xim im)
{
+ parsestringfile(fp, im, 0);
+}
+
+static void
+parsestringfile(
+ FILE *fp,
+ Xim im,
+ int depth)
+{
char tb[8192];
char* tbp;
struct stat st;
if (fstat (fileno (fp), &st) != -1) {
unsigned long size = (unsigned long) st.st_size;
+ if (st.st_size >= INT_MAX)
+ return;
if (size <= sizeof tb) tbp = tb;
else tbp = malloc (size);
if (tbp != NULL) {
- while (parseline(fp, im, tbp) >= 0) {}
+ while (parseline(fp, im, tbp, depth) >= 0) {}
if (tbp != tb) free (tbp);
}
}