mirrors/nnn
1
0
Fork 0
mirror of https://github.com/jarun/nnn.git synced 2024-11-24 11:51:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix #29

Browse source 
Limit all xstrlcpy() calls by dest length.
Escape filenames in system(3) calls.
This commit is contained in:
Arun Prakash Jana 2017-05-14 03:22:47 +05:30
parent 3f1df2b584
commit d1924756c7
No known key found for this signature in database
GPG key ID: A75979F35C080412
1 changed files with 18 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
nnn.c
View file

@ -1102,9 +1102,9 @@ show_stats(char* fpath, char* fname, struct stat *sb)
if (S_ISREG(sb->st_mode)) {
/* Show file(1) output */
strcpy(buf, "file -b \"");
xstrlcpy(buf + strlen(buf), fpath, strlen(fpath) + 1);
xstrlcpy(buf + strlen(buf), fpath, sizeof(buf) - strlen(buf));
strcat(buf, "\" 2>&1");
p = get_output(buf, PATH_MAX + 16);
p = get_output(buf, sizeof(buf));
if (p) {
dprintf(fd, "\n\n ");
while (*p) {
@ -1139,12 +1139,12 @@ show_mediainfo(const char* fpath, int full)
if (get_output(buf, MAX_CMD_LEN) == NULL)
return -1;
strcpy(buf, "mediainfo \"");
xstrlcpy(buf + strlen(buf), fpath, strlen(fpath) + 1);
strcpy(buf, "mediainfo \'");
xstrlcpy(buf + strlen(buf), fpath, sizeof(buf) - strlen(buf));
if (full)
strcat(buf, "\" -f ");
strcat(buf, "\' -f ");
else
strcat(buf, "\" ");
strcat(buf, "\' ");
sprintf(buf + strlen(buf), "2>&1 | %s", xgetenv("PAGER", "less"));
return system(buf);
@ -1569,9 +1569,9 @@ nochange:
/* If NNN_OPENER is set, use it */
if (opener) {
sprintf(cmd, "%s \"", opener);
xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
strcat(cmd, "\" > /dev/null 2>&1");
sprintf(cmd, "%s \'", opener);
xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
strcat(cmd, "\' > /dev/null 2>&1");
r = system(cmd);
continue;
}
@ -1579,9 +1579,9 @@ nochange:
/* Play with nlay if identified */
mime = getmime(dents[cur].name);
if (mime) {
strcpy(cmd, "nlay \"");
xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
sprintf(cmd + strlen(cmd), "\" %s", mime);
strcpy(cmd, "nlay \'");
xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
sprintf(cmd + strlen(cmd), "\' %s", mime);
exitcurses();
r = system(cmd);
initcurses();
@ -1590,9 +1590,9 @@ nochange:
/* If nlay doesn't handle it, open plain text
files with vi, then try NNN_FALLBACK_OPENER */
strcpy(cmd, "file -bi \"");
xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
strcat(cmd, "\"");
strcpy(cmd, "file -bi \'");
xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
strcat(cmd, "\'");
if (get_output(cmd, MAX_CMD_LEN) == NULL)
continue;
@ -1603,9 +1603,9 @@ nochange:
initcurses();
continue;
} else if (fb_opener) {
sprintf(cmd, "%s \"", fb_opener);
xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
strcat(cmd, "\" > /dev/null 2>&1");
sprintf(cmd, "%s \'", fb_opener);
xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
strcat(cmd, "\' > /dev/null 2>&1");
r = system(cmd);
continue;
}