From 2bd15473d35a00d107923dabc82b5a6ae12afd92 Mon Sep 17 00:00:00 2001 From: Yann Dirson Date: Tue, 15 Oct 2013 23:58:43 +0200 Subject: [PATCH] Add safeguard against buffer overflow when calling scanf. --- gnushogi/commondsp.c | 10 +++++----- gnushogi/cursesdsp.c | 5 +++-- gnushogi/cursesdsp.h | 2 +- gnushogi/dspwrappers.c | 16 +++++++++++++++- gnushogi/dspwrappers.h | 2 +- gnushogi/rawdsp.c | 4 ++-- gnushogi/rawdsp.h | 2 +- 7 files changed, 28 insertions(+), 13 deletions(-) diff --git a/gnushogi/commondsp.c b/gnushogi/commondsp.c index 36cc789..ea38293 100644 --- a/gnushogi/commondsp.c +++ b/gnushogi/commondsp.c @@ -449,7 +449,7 @@ GetGame(void) } else { /* Enter file name */ ShowMessage(CP[63]); - RequestInputString(fname); + RequestInputString(fname, sizeof(fname)-1); } /* shogi.000 */ @@ -674,7 +674,7 @@ SaveGame(void) } else { /* Enter file name */ ShowMessage(CP[63]); - RequestInputString(fname); + RequestInputString(fname, sizeof(fname)-1); } if (fname[0] == '\0') /* shogi.000 */ @@ -818,7 +818,7 @@ GetXGame(void) /* Enter file name */ ShowMessage(CP[63]); - RequestInputString(fname); + RequestInputString(fname, sizeof(fname)-1); if (fname[0] == '\0') /* XSHOGI.position.read */ strcpy(fname, CP[205]); @@ -946,7 +946,7 @@ SaveXGame(void) /* Enter file name */ ShowMessage(CP[63]); - RequestInputString(fname); + RequestInputString(fname, sizeof(fname)-1); if (fname[0] == '\0') /* XSHOGI.position.read */ strcpy(fname, CP[205]); @@ -1024,7 +1024,7 @@ BookSave(void) } else { /* Enter file name */ ShowMessage(CP[63]); - RequestInputString(fname); + RequestInputString(fname, sizeof(fname)-1); } if (fname[0] == '\0') diff --git a/gnushogi/cursesdsp.c b/gnushogi/cursesdsp.c index dd6b10f..27a2f72 100644 --- a/gnushogi/cursesdsp.c +++ b/gnushogi/cursesdsp.c @@ -33,6 +33,7 @@ #include #include +#include #include #include @@ -162,9 +163,9 @@ Curses_Printf(const char *format, ...) void -Curses_RequestInputString(char* buffer) +Curses_doRequestInputString(const char* fmt, char* buffer) { - FLUSH_SCANW("%s", buffer); + FLUSH_SCANW(fmt, buffer); } diff --git a/gnushogi/cursesdsp.h b/gnushogi/cursesdsp.h index a83338f..8ad5554 100644 --- a/gnushogi/cursesdsp.h +++ b/gnushogi/cursesdsp.h @@ -59,7 +59,7 @@ void Curses_ShowGameType(void); void Curses_ShowLine(unsigned short *bstline); void Curses_ShowMessage(char *s); void Curses_Printf(const char *format, ...); -void Curses_RequestInputString(char* buffer); +void Curses_doRequestInputString(const char* fmt, char* buffer); void Curses_ShowPatternCount(short side, short n); void Curses_ShowPostnValue(short sq); void Curses_ShowPostnValues(void); diff --git a/gnushogi/dspwrappers.c b/gnushogi/dspwrappers.c index 10b06b4..8a7a0cf 100644 --- a/gnushogi/dspwrappers.c +++ b/gnushogi/dspwrappers.c @@ -38,6 +38,7 @@ #include "cursesdsp.h" #include +#include #define CASE_DSP_RAW(func,args) \ case DISPLAY_RAW: \ @@ -99,7 +100,6 @@ DISPLAY_VOIDFUNC(ShowGameType) DISPLAY_FUNC(ShowLine, (unsigned short *bstline), (bstline)) DISPLAY_FUNC(ShowMessage, (char *s), (s)) DISPLAY_STDARGFUNC(Printf, (const char *format, ...), format, (format, ap)) -DISPLAY_FUNC(RequestInputString, (char* buffer), (buffer)) DISPLAY_FUNC(ShowPatternCount, (short side, short n), (side, n)) DISPLAY_FUNC(ShowPostnValue, (short sq), (sq)) DISPLAY_VOIDFUNC(ShowPostnValues) @@ -110,3 +110,17 @@ DISPLAY_VOIDFUNC(ShowStage) DISPLAY_FUNC(TerminateSearch, (int sig), (sig)) DISPLAY_FUNC(UpdateDisplay, (short f, short t, short redraw, short isspec), (f, t, redraw, isspec)) DISPLAY_VOIDFUNC(help) + +DISPLAY_FUNC(doRequestInputString, (const char* fmt, char* buffer), (fmt, buffer)) +void RequestInputString(char* buffer, unsigned bufsize) +{ + static char fmt[10]; + int ret = snprintf(fmt, sizeof(fmt), "%%%us", bufsize); + if (ret >= sizeof(fmt)) { + fprintf(stderr, + "Insufficient format-buffer size in %s for bufsize=%u\n", + __FUNCTION__, bufsize); + exit(1); + } + doRequestInputString(fmt, buffer); +} diff --git a/gnushogi/dspwrappers.h b/gnushogi/dspwrappers.h index a1d4f17..52d21a7 100644 --- a/gnushogi/dspwrappers.h +++ b/gnushogi/dspwrappers.h @@ -57,7 +57,7 @@ extern void ShowGameType(void); extern void ShowLine(unsigned short *bstline); extern void ShowMessage(char *s); extern void Printf(const char *format, ...); -extern void RequestInputString(char* buffer); +extern void RequestInputString(char* buffer, unsigned bufsize); extern void ShowPatternCount(short side, short n); extern void ShowPostnValue(short sq); extern void ShowPostnValues(void); diff --git a/gnushogi/rawdsp.c b/gnushogi/rawdsp.c index e073bae..8512633 100644 --- a/gnushogi/rawdsp.c +++ b/gnushogi/rawdsp.c @@ -133,9 +133,9 @@ Raw_Printf(const char *format, ...) } void -Raw_RequestInputString(char* buffer) +Raw_doRequestInputString(const char* fmt, char* buffer) { - scanf("%s", buffer); + scanf(fmt, buffer); } diff --git a/gnushogi/rawdsp.h b/gnushogi/rawdsp.h index 9f22a6b..0a9be68 100644 --- a/gnushogi/rawdsp.h +++ b/gnushogi/rawdsp.h @@ -59,7 +59,7 @@ void Raw_ShowGameType(void); void Raw_ShowLine(unsigned short *bstline); void Raw_ShowMessage(char *s); void Raw_Printf(const char *format, ...); -void Raw_RequestInputString(char* buffer); +void Raw_doRequestInputString(const char* fmt, char* buffer); void Raw_ShowPatternCount(short side, short n); void Raw_ShowPostnValue(short sq); void Raw_ShowPostnValues(void); -- 1.7.0.4