sources/unarj/unarj-2.65-path.diff

   1 --- Makefile.orig       2006-08-26 13:32:42.000000000 +0200
   2 +++ Makefile    2006-08-26 13:34:10.000000000 +0200
   3 @@ -9,7 +9,9 @@
   4
   5  decode.o:   decode.c  unarj.h
   6
   7 -OBJS = unarj.o decode.o environ.o
   8 +sanitize.o:   sanitize.c unarj.h
   9 +
  10 +OBJS = unarj.o decode.o environ.o sanitize.o
  11
  12  unarj: $(OBJS)
  13         $(CC) $(LDFLAGS) $(OBJS) -o unarj
  14 --- sanitize.c
  15 +++ sanitize.c
  16 @@ -0,0 +1,81 @@
  17 +/*
  18 + * Path sanitation code by Ludwig Nussel <ludwig.nussel@suse.de>. Public Domain.
  19 + */
  20 +
  21 +#include "unarj.h"
  22 +
  23 +#include <string.h>
  24 +#include <limits.h>
  25 +#include <stdio.h>
  26 +
  27 +#ifndef PATH_CHAR
  28 +#define PATH_CHAR '/'
  29 +#endif
  30 +#ifndef MIN
  31 +#define MIN(x,y) ((x)<(y)?(x):(y))
  32 +#endif
  33 +
  34 +/* copy src into dest converting the path to a relative one inside the current
  35 + * directory. dest must hold at least len bytes */
  36 +void copy_path_relative(char *dest, char *src, size_t len)
  37 +{
  38 +    char* o = dest;
  39 +    char* p = src;
  40 +
  41 +    *o = '\0';
  42 +
  43 +    while(*p && *p == PATH_CHAR) ++p;
  44 +    for(; len && *p;)
  45 +    {
  46 +       src = p;
  47 +       p = strchr(src, PATH_CHAR);
  48 +       if(!p) p = src+strlen(src);
  49 +
  50 +       /* . => skip */
  51 +       if(p-src == 1 && *src == '.' )
  52 +       {
  53 +           if(*p) src = ++p;
  54 +       }
  55 +       /* .. => pop one */
  56 +       else if(p-src == 2 && *src == '.' && src[1] == '.')
  57 +       {
  58 +           if(o != dest)
  59 +           {
  60 +               char* tmp;
  61 +               *o = '\0';
  62 +               tmp = strrchr(dest, PATH_CHAR);
  63 +               if(!tmp)
  64 +               {
  65 +                   len += o-dest;
  66 +                   o = dest;
  67 +                   if(*p) ++p;
  68 +               }
  69 +               else
  70 +               {
  71 +                   len += o-tmp;
  72 +                   o = tmp;
  73 +                   if(*p) ++p;
  74 +               }
  75 +           }
  76 +           else /* nothing to pop */
  77 +               if(*p) ++p;
  78 +       }
  79 +       else
  80 +       {
  81 +           size_t copy;
  82 +           if(o != dest)
  83 +           {
  84 +               --len;
  85 +               *o++ = PATH_CHAR;
  86 +           }
  87 +           copy = MIN(p-src,len);
  88 +           memcpy(o, src, copy);
  89 +           len -= copy;
  90 +           src += copy;
  91 +           o += copy;
  92 +           if(*p) ++p;
  93 +       }
  94 +       while(*p && *p == PATH_CHAR) ++p;
  95 +    }
  96 +    o[len?0:-1] = '\0';
  97 +}
  98 --- unarj.c.orig        2006-08-26 13:41:54.000000000 +0200
  99 +++ unarj.c     2006-08-26 13:42:14.000000000 +0200
 100 @@ -231,6 +231,8 @@
 101
 102  /* Functions */
 103
 104 +void copy_path_relative(char *dest, char *src, size_t len);
 105 +
 106  static void
 107  make_crctable()
 108  {
 109 @@ -732,11 +734,11 @@
 110
 111      no_output = 0;
 112      if (command == 'E')
 113 -        strncopy(name, &filename[entry_pos], sizeof(name));
 114 +        copy_path_relative(name, &filename[entry_pos], sizeof(name));
 115      else
 116      {
 117          strcpy(name, DEFAULT_DIR);
 118 -        strncopy(name+strlen(name), filename, sizeof(name)-strlen(name));
 119 +        copy_path_relative(name+strlen(name), filename, sizeof(name)-strlen(name));
 120      }
 121
 122      if (host_os != OS)