Menu
▾
▴
[Plplot-cvs] SF.net SVN: plplot:[9470] trunk/src/plctrl.c
|
From: <and...@us...> - 2009-02-07 17:26:37
|
Revision: 9470
http://plplot.svn.sourceforge.net/plplot/?rev=9470&view=rev
Author: andrewross
Date: 2009-02-07 17:26:32 +0000 (Sat, 07 Feb 2009)
Log Message:
-----------
Update plP_getmember so familying works even where filename includes %. Avoid using
user-supplied strings as format strings in sprintf. This removes potential security
issue.
Modified Paths:
--------------
trunk/src/plctrl.c
Modified: trunk/src/plctrl.c
===================================================================
--- trunk/src/plctrl.c 2009-02-07 13:54:45 UTC (rev 9469)
+++ trunk/src/plctrl.c 2009-02-07 17:26:32 UTC (rev 9470)
@@ -1838,6 +1838,7 @@
char tmp[256];
char prefix[256];
char* suffix;
+ char num[12];
if (pls->FileName == NULL)
{
@@ -1849,15 +1850,17 @@
suffix = strstr (pls->BaseName, "%n");
+ sprintf(tmp, "%%0%1ii", (int) pls->fflen);
+ sprintf(num, tmp, pls->member);
+
if (suffix == NULL)
- sprintf (tmp, "%s.%%0%1ii", pls->BaseName, (int) pls->fflen);
+ sprintf (pls->FileName, "%s.%s", pls->BaseName, num);
else {
strncpy (prefix, pls->BaseName, 256);
prefix [suffix - pls->BaseName] = 0;
- sprintf (tmp, "%s%%0%1ii%s", prefix, (int) pls->fflen, suffix + 2);
+ sprintf (pls->FileName, "%s%s%s", prefix, num, suffix + 2);
}
- sprintf(pls->FileName, tmp, pls->member);
}
/*--------------------------------------------------------------------------*\
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
