From ad22bd901c79698f413a1cf312e58bcd164863ce Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sun, 27 Nov 2022 09:38:30 -0800 Subject: [PATCH] Avoid undefined sscanf behavor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * src/uudecode.c (decode): Don’t sscanf from and to the same string, as that has undefined behavior. --- src/uudecode.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/uudecode.c b/src/uudecode.c index d6f742d..b3a68af 100644 --- a/src/uudecode.c +++ b/src/uudecode.c @@ -1,4 +1,3 @@ - static char const cright_years_z[] = /* uudecode utility. @@ -370,6 +369,7 @@ decode (char const * inname) char *pz; int mode; char buf[2 * BUFSIZ] = { NUL }; + char *fname; char *outname; bool allocated_outname = false; bool encoded_fname = false; @@ -380,6 +380,8 @@ decode (char const * inname) while (1) { + char *nl; + if (fgets (buf, sizeof (buf), stdin) == NULL) { bad_beginning: @@ -387,12 +389,15 @@ decode (char const * inname) _("%s: Invalid or missing 'begin' line\n"), inname); } - if (strchr (buf, NL) == NULL) + nl = strchr (buf, NL); + if (nl == NULL) goto bad_beginning; + *nl = '\0'; if (strncmp (buf, "begin", 5) == 0) { char * scan = buf+5; + int fname_offset; check_begin_option: @@ -429,9 +434,12 @@ decode (char const * inname) } } - if (sscanf (scan, " %o %[^\n]", &mode, buf) == 2) - break; - goto bad_beginning; + if (sscanf (scan, " %o %n", &mode, &fname_offset) != 1) + goto bad_beginning; + fname = scan + fname_offset; + if (fname == nl) + goto bad_beginning; + break; } } @@ -441,15 +449,15 @@ decode (char const * inname) else { if (encoded_fname) - decode_fname (buf); + decode_fname (fname); - if (buf[0] != '~') - outname = buf; + if (fname[0] != '~') + outname = fname; else { /* Handle ~user/file format. */ - outname = expand_tilde (buf); + outname = expand_tilde (fname); if (outname == NULL) return UUDECODE_EXIT_NO_OUTPUT; allocated_outname = true; -- 2.38.1