Little patch for graphics/gif2png, prodded by
http://article.gmane.org/gmane.comp.security.full-disclosure/70757
Best regards,
Jona
--
Worse is better
Richard P. Gabriel
$OpenBSD$
--- gif2png.c.orig Fri May 10 16:06:02 2002
+++ gif2png.c Sun Dec 13 20:33:25 2009
@@ -697,24 +697,24 @@ int processfile(char *fname, FILE *fp)
/* create output filename */
- strcpy(outname, fname);
+ strlcpy(outname, fname, sizeof(outname));
file_ext = outname+strlen(outname)-4;
if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
- strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
- /* try to derive basename */
- file_ext = outname+strlen(outname);
- while(file_ext >= outname) {
- if (*file_ext == '.' || *file_ext == '/' || *file_ext == '\\')
break;
- file_ext--;
- }
- if (file_ext<outname || *file_ext != '.') {
- /* as a last resort, just add .png to the filename */
- file_ext = outname+strlen(outname);
- }
+ strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
+ /* try to derive basename */
+ file_ext = outname+strlen(outname);
+ while(file_ext >= outname) {
+ if (*file_ext == '.' || *file_ext == '/' || *file_ext == '\\') break;
+ file_ext--;
}
+ if (file_ext<outname || *file_ext != '.') {
+ /* as a last resort, just add .png to the filename */
+ file_ext = outname+strlen(outname);
+ }
+ }
- strcpy(file_ext, ".png"); /* images are named .png, .p01, .p02, ... */
+ strlcpy(file_ext, ".png", outname - file_ext); /* images are named .png,
.p01, .p02, ... */
start = NULL;
@@ -732,7 +732,7 @@ int processfile(char *fname, FILE *fp)
fclose(fp);
++numpngs;
start = NULL;
- sprintf(file_ext, ".p%02d", i);
+ snprintf(file_ext, outname - file_ext,".p%02d", i);
}
}
}
@@ -898,10 +898,10 @@ int main(int argc, char *argv[])
}
} else {
for (i = ac;i<argc; i++) {
- strcpy(name, argv[i]);
+ strlcpy(name, argv[i], sizeof(name));
if ((fp = fopen(name, "rb")) == NULL) {
/* retry with .gif appended */
- strcat(name, ".gif");
+ strlcat(name, ".gif", sizeof(name));
fp = fopen(name,"rb");
}
if (fp == NULL) {
