XFree86 3.9Ag - xterm patch #71 - T.Dickey <dickey@clark.net>
This patch is a slightly modified version of one by Richard Braakman, which
prevents buffer overflow in the input-method and preedit-type parsing in xterm.
I changed a couple of details to make the code more maintainable, and looked
for similar things - copying into a fixed-size buffer (found none, though I did
spot an unused variable).
# ------------------------------------------------------------------------------
# charproc.c | 22 ++++++++++------------
# main.c | 2 +-
# version.h | 2 +-
# xterm.log.html | 9 +++++++++
# 4 files changed, 21 insertions, 14 deletions
# ------------------------------------------------------------------------------
Index: charproc.c
--- xterm-70+/charproc.c Sun Apr 5 23:48:23 1998
+++ xterm-71/charproc.c Sun Apr 12 19:46:23 1998
@@ -4012,7 +4012,6 @@
*s,
*ns,
*end,
- tmp[1024],
buf[32];
XIM xim = (XIM) NULL;
XIMStyles *xim_styles;
@@ -4027,17 +4026,18 @@
if ((p = XSetLocaleModifiers("@im=none")) != NULL && *p)
xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL);
} else {
- strcpy(tmp, term->misc.input_method);
- for(ns=s=tmp; ns && *s;) {
+ for(ns=s=term->misc.input_method; ns && *s;) {
while (*s && isspace(*s)) s++;
if (!*s) break;
if ((ns = end = strchr(s, ',')) == 0)
end = s + strlen(s);
while (isspace(*end)) end--;
- *end = '\0';
strcpy(buf, "@im=");
- strcat(buf, s);
+ if (end - (s + (sizeof(buf) - 5)) > 0)
+ end = s + (sizeof(buf) - 5);
+ strncat(buf, s, end - s);
+
if ((p = XSetLocaleModifiers(buf)) != NULL && *p
&& (xim = XOpenIM(XtDisplay(term), NULL, NULL, NULL)) != NULL)
break;
@@ -4062,8 +4062,7 @@
}
found = False;
- strcpy(tmp, term->misc.preedit_type);
- for(s = tmp; s && !found;) {
+ for(s = term->misc.preedit_type; s && !found;) {
while (*s && isspace(*s)) s++;
if (!*s) break;
if ((ns = end = strchr(s, ',')) != 0)
@@ -4071,13 +4070,12 @@
else
end = s + strlen(s);
while (isspace(*end)) end--;
- *end = '\0';
- if (!strcmp(s, "OverTheSpot")) {
+ if (!strncmp(s, "OverTheSpot", end - s)) {
input_style = (XIMPreeditPosition | XIMStatusArea);
- } else if (!strcmp(s, "OffTheSpot")) {
+ } else if (!strncmp(s, "OffTheSpot", end - s)) {
input_style = (XIMPreeditArea | XIMStatusArea);
- } else if (!strcmp(s, "Root")) {
+ } else if (!strncmp(s, "Root", end - s)) {
input_style = (XIMPreeditNothing | XIMStatusNothing);
}
for (i = 0; (unsigned short)i < xim_styles->count_styles; i++)
@@ -4628,7 +4626,7 @@
XtOverrideTranslations(w, original);
return;
}
- (void) sprintf( mapName, "%sKeymap", params[0] );
+ (void) sprintf( mapName, "%.*sKeymap", (int)sizeof(mapName) - 10, params[0] );
(void) strcpy( mapClass, mapName );
if (islower(mapClass[0])) mapClass[0] = toupper(mapClass[0]);
XtGetSubresources( w, (XtPointer)&keymap, mapName, mapClass,
Index: main.c
--- xterm-70+/main.c Sun Apr 5 23:48:23 1998
+++ xterm-71/main.c Sun Apr 12 19:51:38 1998
@@ -3546,7 +3546,7 @@
int i, n, ncap;
errstat err;
struct caplist *cl;
- char buf[64], numbuf[12];
+ char buf[64];
struct caplist *capvnew;
int ttythread();
int xwatchdogthread();
Index: version.h
--- xterm-70+/version.h Sun Apr 5 23:48:23 1998
+++ xterm-71/version.h Sun Apr 12 20:42:38 1998
@@ -6,4 +6,4 @@
* version of xterm has been built. The number in parentheses is my patch
* number (T.Dickey).
*/
-#define XTERM_VERSION "XFree86 3.9Af(70)"
+#define XTERM_VERSION "XFree86 3.9Ag(71)"
Index: xterm.log.html
--- xterm-70+/xterm.log.html Sun Apr 5 23:48:23 1998
+++ xterm-71/xterm.log.html Sun Apr 12 20:50:49 1998
@@ -41,6 +41,7 @@
xc/programs/Xserver/hw/xfree86).
<UL>
+<LI><A HREF="#xterm_71">Patch #71 - 1998/4/12 - XFree86 3.9Ag and 3.3.2</A>
<LI><A HREF="#xterm_70">Patch #70 - 1998/3/29 - XFree86 3.9Af and 3.3.2</A>
<LI><A HREF="#xterm_69">Patch #69 - 1998/3/16 - XFree86 3.9Ad and 3.3.2</A>
<LI><A HREF="#xterm_68">Patch #68 - 1998/3/4 - XFree86 3.9Ad and 3.3.1z</A>
@@ -112,6 +113,14 @@
<LI><A HREF="#xterm_02">Patch #2 - 1996/1/7</A>
<LI><A HREF="#xterm_01">Patch #1 - 1996/1/6</A>
</UL>
+
+<H1><A NAME="xterm_71">Patch #71 - 1998/4/12 - XFree86 3.9Ag and 3.3.2</A></H1>
+
+This patch is a slightly modified version of one by Richard Braakman, which
+prevents buffer overflow in the input-method and preedit-type parsing in xterm.
+I changed a couple of details to make the code more maintainable, and looked
+for similar things - copying into a fixed-size buffer (found none, though I did
+spot an unused variable).
<H1><A NAME="xterm_70">Patch #70 - 1998/3/29 - XFree86 3.9Af and 3.3.2</A></H1>