[Cscope-cvs] CVS: cscope ChangeLog,1.158,1.159

[Hans-Bernhard B. <br...@us...>]

Update of /cvsroot/cscope/cscope
In directory sc8-pr-cvs4.sourceforge.net:/tmp/cvs-serv19657

Modified Files:
	ChangeLog 
Log Message:
Avoid some possible buffer overflows by limiting the size of scanf(%s).

Index: ChangeLog
===================================================================
RCS file: /cvsroot/cscope/cscope/ChangeLog,v
retrieving revision 1.158
retrieving revision 1.159
diff -C2 -r1.158 -r1.159
*** ChangeLog	23 Jul 2006 20:59:20 -0000	1.158
--- ChangeLog	20 Aug 2006 15:00:32 -0000	1.159
***************
*** 1,2 ****
--- 1,35 ----
+ 2006-08-20  Hans-Bernhard Broeker  <br...@ph...>
+ 
+ 	* src/main.c (tempstring): Parametrize length by new macro
+ 	TEMPSTRING_LEN.
+ 	(main): Check against too long -f file name.
+ 	(main): Put explicit %s field widths into fscanf() call.
+ 	(main): Replace some fscanf() calls by fgets().
+ 
+ 	* src/input.c (shellpath): Limit size of strings copied from
+ 	environment.
+ 
+ 	* src/edit.c (editref, editall): Put explicit %s field widths into
+ 	fscanf() calls.
+ 
+ 	* src/display.c (display): Put explicit %s field widths into
+ 	fscanf() call.
+ 
+ 	* src/dir.c (makefilelist): Put explicit %s field width into
+ 	sscanf() call.
+ 
+ 	* src/constants.h (TEMPSTRING_LEN): New macro, needed to
+ 	parametrize a fscanf() call.
+ 	(STRINGIZE): New macro used to build the following.
+ 	(PATLEN_STR, PATHLEN_STR, NUMLEN_STR, TEMPSTRING_LEN_STR): Buffer
+ 	lengths (minus 1) expressed as a string literal, to be used in as
+ 	field widths in {f,s}scanf() calls.
+ 
+ 	* src/command.c (changestring): Put explicit %s field widths into
+ 	fscanf() call.
+ 
+ 	* src/build.c (samelist, build): fgets() replaces fscanf().
+ 	(build): Put explicit %s field widths into fscanf() call.
+ 
  2006-07-23  Hans-Bernhard Broeker  <br...@ph...>