Enlightenment CVS committal
Author : raster
Project : e17
Module : libs/edje
Dir : e17/libs/edje/src/bin
Modified Files:
edje_cc_sources.c edje_decc.c
Log Message:
potential secuirty violations covered up.
===================================================================
RCS file: /cvsroot/enlightenment/e17/libs/edje/src/bin/edje_cc_sources.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -3 -r1.2 -r1.3
--- edje_cc_sources.c 29 Aug 2004 12:05:50 -0000 1.2
+++ edje_cc_sources.c 29 Aug 2004 12:28:53 -0000 1.3
@@ -52,17 +52,15 @@
EET_DATA_DESCRIPTOR_ADD_LIST(_font_list_edd, Font_List, "list", list, _font_edd);
}
-void
-source_fetch(void)
+static void
+source_fetch_file(char *fil, char *filname)
{
FILE *f;
char buf[256 * 1024];
- f = fopen(file_in, "r");
+ f = fopen(fil, "r");
if (!f)
- {
- return;
- }
+ return;
else
{
long sz;
@@ -72,7 +70,7 @@
sz = ftell(f);
fseek(f, 0, SEEK_SET);
sf = mem_alloc(SZ(SrcFile));
- sf->name = strdup("main_edje_source.edc");
+ sf->name = strdup(filname);
sf->file = mem_alloc(sz);
fread(sf->file, sz, 1, f);
fseek(f, 0, SEEK_SET);
@@ -161,33 +159,19 @@
}
if (file)
{
- FILE *ff;
-
- ff = fopen(file, "r");
- if (ff)
- {
- long sz;
- SrcFile *sf;
-
- fseek(ff, 0, SEEK_END);
- sz = ftell(ff);
- fseek(ff, 0, SEEK_SET);
- sf = mem_alloc(SZ(SrcFile));
- sf->name = file;
- sf->file = mem_alloc(sz);
- fread(sf->file, sz, 1, ff);
- fclose(ff);
- srcfiles.list = evas_list_append(srcfiles.list, sf);
- }
- else
- {
- free(file);
- }
+ source_fetch_file(file, file);
+ free(file);
}
}
fclose(f);
}
+void
+source_fetch(void)
+{
+ source_fetch_file(file_in, "main_edje_source.edc");
+}
+
int
source_append(Eet_File *ef)
{
===================================================================
RCS file: /cvsroot/enlightenment/e17/libs/edje/src/bin/edje_decc.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -3 -r1.1 -r1.2
--- edje_decc.c 29 Aug 2004 11:03:19 -0000 1.1
+++ edje_decc.c 29 Aug 2004 12:28:53 -0000 1.2
@@ -66,15 +66,26 @@
{
Eet_File *ef;
ef = eet_open(file_in, EET_FILE_MODE_READ);
- if (!ef) return 0;
+ if (!ef)
+ {
+ printf("ERROR: cannot open %s\n", file_in);
+ return 0;
+ }
srcfiles = source_load(ef);
if (!srcfiles)
{
+ printf("ERROR: %s has no decompile information\n", file_in);
eet_close(ef);
return 0;
}
edje_file = eet_data_read(ef, _edje_edd_edje_file, "edje_file");
+ if (!edje_file)
+ {
+ printf("ERROR: %s does not appear to be an edje file\n", file_in);
+ eet_close(ef);
+ return 0;
+ }
fontlist = source_fontmap_load(ef);
eet_close(ef);
return 1;
@@ -121,12 +132,17 @@
char *pp;
snprintf(out, sizeof(out), "%s/%s", outdir, ei->entry);
+ printf("Output Image: %s\n", out);
pp = strdup(out);
p = strrchr(pp, '/');
*p = 0;
+ if (strstr(pp, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to
write in parent dir.\n");
+ exit (-1);
+ }
e_file_mkpath(pp);
free(pp);
- printf("Output Image: %s\n", out);
im = imlib_create_image_using_data(w, h, pix);
imlib_context_set_image(im);
if (alpha)
@@ -140,6 +156,11 @@
{
imlib_image_set_format("png");
}
+ if (strstr(out, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to
write in parent dir.\n");
+ exit (-1);
+ }
imlib_save_image(out);
imlib_free_image();
free(pix);
@@ -160,8 +181,18 @@
pp = strdup(out);
p = strrchr(pp, '/');
*p = 0;
+ if (strstr(pp, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to write in parent
dir.\n");
+ exit (-1);
+ }
e_file_mkpath(pp);
free(pp);
+ if (strstr(out, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to write in parent
dir.\n");
+ exit (-1);
+ }
f = fopen(out, "w");
fputs(sf->file, f);
fclose(f);
@@ -181,9 +212,25 @@
if (font)
{
FILE *f;
+ char *pp;
snprintf(out, sizeof(out), "%s/%s", outdir, fn->file);
printf("Output Font: %s\n", out);
+ pp = strdup(out);
+ p = strrchr(pp, '/');
+ *p = 0;
+ if (strstr(pp, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to write
in parent dir.\n");
+ exit (-1);
+ }
+ e_file_mkpath(pp);
+ free(pp);
+ if (strstr(out, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to write
in parent dir.\n");
+ exit (-1);
+ }
f = fopen(out, "w");
fwrite(font, fontsize, 1, f);
fclose(f);
@@ -197,6 +244,11 @@
snprintf(out, sizeof(out), "%s/build.sh", outdir);
printf("Output Build Script: %s\n", out);
+ if (strstr(out, "../"))
+ {
+ printf("ERROR: potential security violation. attempt to write in parent
dir.\n");
+ exit (-1);
+ }
f = fopen(out, "w");
fprintf(f, "#!/bin/sh\n");
fprintf(f, "edje_cc -id . -fd . main_edje_source.edc %s.eet\n", outdir);
-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
enlightenment-cvs mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/enlightenment-cvs
