commit 316207e46c77af30aab77b260656abad8b34d506
parent 5ab8b2c66ca6181db6b7b9af602355bc917cca37
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Fri, 25 Nov 2016 16:54:24 +0100
check truncations
Diffstat:
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/saait.c b/saait.c
@@ -531,6 +531,7 @@ writepage(FILE *fp, const char *filename, struct config *c, char *s)
}
value = v->value;
+ /* TODO: optimize output directly (buffered) */
if (op == '%')
value = readfile(value);
@@ -619,8 +620,11 @@ main(int argc, char *argv[])
t = calloc(1, sizeof(*t));
t->name = strdup(dp->d_name);
- /* TODO: truncate check */
- snprintf(dir, sizeof(dir), "%s/%s", templatedir, dp->d_name);
+ r = snprintf(dir, sizeof(dir), "%s/%s", templatedir, dp->d_name);
+ if (r < 0 || (size_t)r >= sizeof(dir)) {
+ fprintf(stderr, "truncated: %s/%s\n", templatedir, dp->d_name);
+ exit(1);
+ }
if (!(dirt = opendir(dir))) {
fprintf(stderr, "opendir: %s: %s\n", dir, strerror(errno));
exit(1);
@@ -631,11 +635,19 @@ main(int argc, char *argv[])
continue;
/* page is a special case for now */
if (strcmp(dt->d_name, "page")) {
- snprintf(file, sizeof(file), "%s/%s", outputdir, dp->d_name);
+ r = snprintf(file, sizeof(file), "%s/%s", outputdir, dp->d_name);
+ if (r < 0 || (size_t) r >= sizeof(file)) {
+ fprintf(stderr, "truncated: %s/%s\n", outputdir, dp->d_name);
+ exit(1);
+ }
t->fp = efopen(file, "wb");
}
- snprintf(file, sizeof(file), "%s/%s/%s", templatedir, dp->d_name, dt->d_name);
+ r = snprintf(file, sizeof(file), "%s/%s/%s", templatedir, dp->d_name, dt->d_name);
+ if (r < 0 || (size_t) r >= sizeof(file)) {
+ fprintf(stderr, "truncated: %s/%s/%s\n", templatedir, dp->d_name, dt->d_name);
+ exit(1);
+ }
if (!strcmp(dt->d_name, "item") || strstr(dt->d_name, "item.") == dt->d_name)
t->item = readfile(file);
