From owner-freebsd-ports Fri Apr 19 10:32:29 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C711737B416 for ; Fri, 19 Apr 2002 10:30:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3JHU1O93947; Fri, 19 Apr 2002 10:30:01 -0700 (PDT) (envelope-from gnats) Received: from softwareliberty.org (freebsd.sinica.edu.tw [140.109.13.51]) by hub.freebsd.org (Postfix) with ESMTP id 170B337B416 for ; Fri, 19 Apr 2002 10:20:57 -0700 (PDT) Received: by softwareliberty.org (Postfix, from userid 1014) id D8BC87586; Sat, 20 Apr 2002 01:20:59 +0800 (CST) Message-Id: <20020419172059.D8BC87586@softwareliberty.org> Date: Sat, 20 Apr 2002 01:20:59 +0800 (CST) From: Statue Reply-To: Statue To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/37255: New port: chinese/cce Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 37255 >Category: ports >Synopsis: New port: chinese/cce >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Apr 19 10:30:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Statue >Release: FreeBSD 4.4-STABLE i386 >Organization: >Environment: System: FreeBSD freebsd.sinica.edu.tw 4.4-STABLE FreeBSD 4.4-STABLE #0: Tue Oct 9 02:45:16 CST 2001 ycheng@freebsd.sinica.edu.tw:/usr/src/sys/compile/FREEBSD i386 >Description: Console Chinese Environment - display Chinese (GB) on console CCE is a Console Chinese Environment like WZCE, yact & chdrv that lets you display and input Chinese (GB) at the console. Input methods include PinYin, WuBi, ShuangPin and ZiranMa. WWW: http://programmer.lib.sjtu.edu.cn/cce/cce.html >How-To-Repeat: >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # cce/ # cce/Makefile # cce/distinfo # cce/files # cce/pkg-comment # cce/pkg-descr # cce/pkg-plist # cce/files/patch-config.FreeBSD # cce/files/patch-security # cce/files/patch-src::cce.cfg # echo c - cce/ mkdir -p cce/ > /dev/null 2>&1 echo x - cce/Makefile sed 's/^X//' >cce/Makefile << 'END-of-cce/Makefile' X# New ports collection makefile for: cce X# Date created: 10 Mar 2001 X# Whom: Shen Chuan-Hsing X# X# $FreeBSD$ X# X XPORTNAME= cce XPORTVERSION= 0.36 XCATEGORIES= chinese XMASTER_SITES= http://programmer.lib.sjtu.edu.cn/cce/ \ X ftp://freebsd.sinica.edu.tw/pub/statue/cce/ XDISTNAME= ${PORTNAME}-${PORTVERSION}-05052000 X XMAINTAINER= statue@freebsd.sinica.edu.tw X XMAN1= cce.1 XWRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} X Xpre-configure: X (cd ${WRKSRC} && ln -fs Makefile.FreeBSD Makefile ) X X.include END-of-cce/Makefile echo x - cce/distinfo sed 's/^X//' >cce/distinfo << 'END-of-cce/distinfo' XMD5 (cce-0.36-05052000.tar.gz) = 994f4bb42e6cdd833e235b52f28018dc END-of-cce/distinfo echo c - cce/files mkdir -p cce/files > /dev/null 2>&1 echo x - cce/pkg-comment sed 's/^X//' >cce/pkg-comment << 'END-of-cce/pkg-comment' XGB Chinese console END-of-cce/pkg-comment echo x - cce/pkg-descr sed 's/^X//' >cce/pkg-descr << 'END-of-cce/pkg-descr' XConsole Chinese Environment - display Chinese (GB) on console XCCE is a Console Chinese Environment like WZCE, yact & chdrv that Xlets you display and input Chinese (GB) at the console. Input Xmethods include PinYin, WuBi, ShuangPin and ZiranMa. X XWWW: http://programmer.lib.sjtu.edu.cn/cce/cce.html END-of-cce/pkg-descr echo x - cce/pkg-plist sed 's/^X//' >cce/pkg-plist << 'END-of-cce/pkg-plist' Xbin/cce Xlib/cce/8x16.bin Xlib/cce/bdf2bin Xlib/cce/cce.cfg Xlib/cce/cin2tab Xlib/cce/gb16fs.bin Xlib/cce/pinyin.map Xlib/cce/pinyin.tab Xlib/cce/pinyin.tab.lx Xlib/cce/pinyin.tab.phr Xlib/cce/sharefont Xlib/cce/shuangpin.tab Xlib/cce/shuangpin.tab.lx Xlib/cce/shuangpin.tab.phr Xlib/cce/sysphrase.tab Xlib/cce/tab2cin Xlib/cce/tab2txt Xlib/cce/txt2tab Xlib/cce/usrphrase.tab Xlib/cce/wubi.tab Xlib/cce/wubi.tab.lx Xlib/cce/wubi.tab.phr Xlib/cce/ziranma.tab Xlib/cce/ziranma.tab.lx Xlib/cce/ziranma.tab.phr X@dirrm lib/cce END-of-cce/pkg-plist echo x - cce/files/patch-config.FreeBSD sed 's/^X//' >cce/files/patch-config.FreeBSD << 'END-of-cce/files/patch-config.FreeBSD' X--- config.FreeBSD.orig Sun Sep 5 06:36:36 1999 X+++ config.FreeBSD Fri Apr 19 22:53:55 2002 X@@ -1,9 +1,9 @@ X INCDIR = ../include X TOPDIR = X-BINDIR = $(TOPDIR)/usr/bin X-LIBDIR = $(TOPDIR)/usr/lib/cce X-MANDIR = $(TOPDIR)/usr/share/man/man1 X-FONTDIR = $(TOPDIR)/usr/lib/cce X+BINDIR = $(TOPDIR)/usr/local/bin X+LIBDIR = $(TOPDIR)/usr/local/lib/cce X+MANDIR = $(TOPDIR)/usr/local/man/man1 X+FONTDIR = $(TOPDIR)/usr/local/lib/cce X CCECFG = cce.cfg X X OPTS = -DHAS_MOUSE -DCONFIG_NAME=\"$(LIBDIR)/$(CCECFG)\" -I$(INCDIR) \ END-of-cce/files/patch-config.FreeBSD echo x - cce/files/patch-security sed 's/^X//' >cce/files/patch-security << 'END-of-cce/files/patch-security' X--- fonts/bdf2bin.c.orig X+++ fonts/bdf2bin.c X@@ -36,6 +36,7 @@ X #include X X #include X+#include X X static u_char *FontLoadBdf(FILE *fp, FontInfo *fi); X int CodingByRegistry(char *reg); X@@ -115,24 +116,28 @@ X /* Find the CHARSET_REGISTRY tag */ X else if (!strncmp("CHARSET_REGISTRY", line, 16)) X { X- p = line + sizeof("CHARSET_REGISTRY"); X- while(*p != '"') p++; X- w = ++p; X- while(*p != '"') p++; X+ w = strchr(line+sizeof ("CHARSET_REGISTRY"), '"'); X+ if (w==NULL) buffer_error("bdf2bin_FontLoadBdf(1)"); X+ p = strchr(++w, '"'); X+ if (p==NULL) buffer_error("bdf2bin_FontLoadBdf(2)"); X *p = '\0'; X- strcpy(reg, w); /* CHARSET_REGISTRY "ISO8859" */ X+ /* CHARSET_REGISTRY "ISO8859" */ X+ safe_strncpy(reg, w, sizeof (reg)); X } X X /* Find the CHARSET_ENCODING tag */ X else if (!strncmp("CHARSET_ENCODING", line, 16)) X { X- p = line + sizeof("CHARSET_ENCODING"); X- while(*p != '"') p ++; X- w = ++p; X- while(*p != '"') p ++; X+ w = strchr(line+sizeof ("CHARSET_ENCODING"), '"'); X+ if (w==NULL) buffer_error("bdf2bin_FontLoadBdf(3)"); X+ p = strchr(++w, '"'); X+ if (p==NULL) buffer_error("bdf2bin_FontLoadBdf(4)"); X *p = '\0'; X- strcat(reg, "-"); X- strcat(reg, w); X+ if (strlen(reg) + 1 + strlen(w) + 1 < sizeof(reg)) { X+ strcat(reg, "-"); X+ strcat(reg, w); X+ } else X+ buffer_error("bdf2bin_FontLoadBdf(5)"); X fi->type = CodingByRegistry(reg); X } X X--- include/safestring.h.orig X+++ include/safestring.h X@@ -0,0 +1,54 @@ X+/* X+ * KON2 - Kanji ON Console - X+ * Copyright (C) 1992-1996 Takashi MANABE (manabe@papilio.tutics.tut.ac.jp) X+ * X+ * CCE - Console Chinese Environment - X+ * Copyright (C) 1998-1999 Rui He (herui@cs.duke.edu) X+ * X+ * Redistribution and use in source and binary forms, with or without X+ * modification, are permitted provided that the following conditions X+ * are met: X+ * 1. Redistributions of source code must retain the above copyright X+ * notice, this list of conditions and the following disclaimer. X+ * 2. Redistributions in binary form must reproduce the above copyright X+ * notice, this list of conditions and the following disclaimer in the X+ * documentation and/or other materials provided with the distribution. X+ * X+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY X+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X+ * ARE DISCLAIMED. IN NO EVENT SHALL THE TERRENCE R. LAMBERT BE LIABLE X+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X+ * SUCH DAMAGE. X+ * X+ */ X+ X+/* sefestring.h -- secure string manipulation */ X+ X+#ifndef SAFESTRING_H X+#define SAFESTRING_H X+ X+#include X+#include X+#include X+ X+char *safe_strncpy(char *dest, const char *src, size_t n) X+{ X+ char *ret_value; X+ ret_value = strncpy(dest, src, n); X+ ret_value[n-1] = '\0'; X+ return ret_value; X+} X+ X+void buffer_error(char *module) X+{ X+ fprintf(stderr, "CCE> %s: Buffer overrun.\r\n", module); X+ exit(EXIT_FAILURE); X+} X+ X+#endif X--- utils/big2gb.c.orig X+++ utils/big2gb.c X@@ -179,6 +179,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X@@ -264,6 +265,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X--- utils/dos2unix.c.orig X+++ utils/dos2unix.c X@@ -246,6 +246,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./d2utmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X@@ -332,6 +333,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X--- utils/gb2big.c.orig X+++ utils/gb2big.c X@@ -171,6 +171,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X@@ -256,6 +257,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X--- utils/unix2dos.c.orig X+++ utils/unix2dos.c X@@ -215,6 +215,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X@@ -300,6 +301,7 @@ X if ((ipFlag->KeepDate || ipFlag->KeepPerm) && stat(ipInFN, &StatBuf)) X RetVal = -1; X X+ /* ok - why not strcpy(TempPath, "./u2dtmpXXXXXX") ? */ X strcpy (TempPath, "./u2dtmp"); X strcat (TempPath, "XXXXXX"); X mktemp (TempPath); X--- utils/lib2sim.c.orig X+++ utils/lib2sim.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -32,13 +33,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strncpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X--- utils/sim2lib.c.orig X+++ utils/sim2lib.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -33,13 +34,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strcpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X@@ -61,12 +63,20 @@ X for (i=0;i= len) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X strncpy(strarr[count],strbuf+cursor,i-cursor); X strarr[count++][i-cursor]='\0'; X } X cursor=i+1; X } X if(i==buflen-1 && (*(strbuf+i)!=' ' || *(strbuf+i)!='\011')){ X+ if (i-cursor+1 >= len) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X strncpy(strarr[count],strbuf+cursor,i-cursor+1); X strarr[count++][i-cursor+1]='\0'; X } X--- utils/sim2lib1.c.orig X+++ utils/sim2lib1.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -32,13 +33,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strncpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X--- inputs/tab2cin.c.orig X+++ inputs/tab2cin.c X@@ -1,12 +1,13 @@ X #include X #include X #include "hzinput.h" X+#include "safestring.h" X X hz_input_table *cur_table; X char str[80]; X char key[20]; X X-static void load_phr( int j, char *tt ) X+static void load_phr( int j, char *tt, int n ) X { X FILE *fp = cur_table->PhraseFile; X int ofs[2], len; X@@ -16,6 +17,10 @@ X fread( ofs, 4, 2, fp ); X len = ofs[1] - ofs[0]; X X+ if (len > n) { X+ fprintf(stderr, "buffer overrun: %d > %d\n", len, n); X+ abort(); X+ } X if ( len > 128 || len <= 0 ) { X printf("phrase error %d\n" , len ); X strcpy( tt, "err" ); X@@ -34,14 +39,17 @@ X FILE *fd, *fw; X int i,j,nread; X hz_input_table *table; X- char fname[64], fname_cin[64], fname_tab[64], fname_phr[64]; X+ char fname[FILENAME_MAX+1], fname_cin[FILENAME_MAX+1], X+ fname_tab[FILENAME_MAX+1], fname_phr[FILENAME_MAX+1]; X X if (argc<=1) X { X printf("Enter table file name [.tab] : "); X- scanf("%s", fname); X+ fgets(fname, FILENAME_MAX+1-8+1, stdin); X+ strtok(fname, "\n"); /* Drop the possible final LF character */ X+ /* fname[] and fname_phr[] will be appended ".tab.phr" suffix */ X } X- else strcpy(fname,argv[1]); X+ else safe_strncpy(fname, argv[1], FILENAME_MAX+1-8); X X strcpy(fname_cin,fname); X strcpy(fname_tab,fname); X@@ -112,7 +120,7 @@ X i,table->item[i].key1,table->item[i].key2, index,index); X if (index < 0xA1A1) X { X- load_phr(i, str); X+ load_phr(i, str, sizeof(str)); X printf("Phrase=%s\n",str); X } X else printf("%c%c\n",table->item[i].ch/ 256,table->item[i].ch % 256); X@@ -151,7 +159,7 @@ X //printf("Index = %d, KeyName=%s\n",i,key); X X if (table->item[i].ch < 0xA1A1) X- load_phr( i, str); X+ load_phr( i, str, sizeof(str)); X else X { X memcpy(str, &table->item[i].ch,2 ); X--- inputs/cin2tab.c.orig X+++ inputs/cin2tab.c X@@ -4,6 +4,7 @@ X #include X #include X #include "hzinput.h" X+#include "safestring.h" X X FILE *fr, *fw; X int lineno; X@@ -135,8 +136,9 @@ X int main(int argc, char **argv) X { X int i,k; X-char fname[64], fname_cin[64], fname_tab[64]; X-char fname_phr[64],fname_lx[64]; X+char fname[FILENAME_MAX+1], fname_cin[FILENAME_MAX+1], X+ fname_tab[FILENAME_MAX+1], fname_phr[FILENAME_MAX+1], X+ fname_lx[FILENAME_MAX+1]; X char tt[128]; X u_char *cmd, *arg; X hz_input_table InpTable; X@@ -149,9 +151,11 @@ X if (argc<=1) X { X printf("Enter table file name [.cin] : "); X- scanf("%s", fname); X+ fgets(fname, FILENAME_MAX+1-4+1, stdin); X+ strtok(fname, "\n"); /* Drop the possible final LF character */ X+ /* fname[64] and fname_* will be appended {.cin,.idx,.dat} suffix */ X } X-else strcpy(fname,argv[1]); X+else safe_strncpy(fname, argv[1], FILENAME_MAX+1-4); X X strcpy(fname_cin,fname); X strcpy(fname_tab,fname); X@@ -177,19 +181,18 @@ X cmd_arg(tt, &cmd, &arg); X if (strcmp(cmd,"%ename") || !(*arg) ) X print_error("%d: %%ename english_name expected", lineno); X-arg[CIN_ENAME_LENGTH-1]=0; X-strcpy(InpTable.ename,arg); X+safe_strncpy(InpTable.ename, arg, sizeof (InpTable.ename)); X X cmd_arg(tt, &cmd, &arg); X if (strcmp(cmd,"%prompt") || !(*arg) ) X print_error("%d: %%prompt prompt_name expected", lineno); X arg[CIN_CNAME_LENGTH-1]=0; X-strcpy(InpTable.cname, arg); X+safe_strncpy(InpTable.cname, arg, sizeof (InpTable.cname)); X X cmd_arg(tt,&cmd, &arg); X if (strcmp(cmd,"%selkey") || !(*arg) ) X print_error("%d: %%selkey select_key_list expected", lineno); X-strcpy(InpTable.selkey,arg); X+safe_strncpy(InpTable.selkey, arg, sizeof (InpTable.selkey)); X X cmd_arg(tt,&cmd, &arg); X if (strcmp(cmd,"%last_full") || !(*arg)) X@@ -276,6 +279,13 @@ X ItemTable[index].ch=phrase_count; X /* ch < 0xA1A1, phrase index */ X PhraseIndex[phrase_count]=phrasebuf_pointer; X+ /* strncpy is too slow, so the following test is used instead */ X+ if ((unsigned)(phrasebuf_pointer + len) >= sizeof(PhraseBuffer)) { X+ fprintf(stderr, "buffer overrun: %d + %d > %d\n", X+ phrasebuf_pointer, len, sizeof(PhraseBuffer)); X+ abort(); X+ } X+ /* After the test above, this strcpy should be safe. */ X strcpy(&PhraseBuffer[phrasebuf_pointer],arg); X phrasebuf_pointer += len; X X--- inputs/tab2dat.c.orig X+++ inputs/tab2dat.c X@@ -9,7 +9,7 @@ X int offset; // buffer offset X int MaxKeyLen,HasOneChar; X X-static void load_phr( int j, char *tt ) X+static void load_phr( int j, char *tt, int n ) X { X FILE *fp = cur_table->PhraseFile; X int ofs[2], len; X@@ -19,9 +19,13 @@ X fread( ofs, 4, 2, fp ); X len = ofs[1] - ofs[0]; X X+ if (len > n) { X+ fprintf(stderr, "buffer overrun: %d > %d\n", len, n); X+ abort(); X+ } X if ( len > 128 || len <= 0 ) { X printf( "phrase error %d\n" , len ); X- strcpy( tt, "err" ); X+ strncpy( tt, "err", n ); X return 1; X } X X@@ -38,14 +42,18 @@ X int i,j,k,nread,index; X char magic_number[10]; X hz_input_table *table; X- char fname[64], fname_dat[64], fname_idx[64],fname_tab[64], fname_phr[64]; X+ char fname[FILENAME_MAX+1], fname_dat[FILENAME_MAX+1], X+ fname_idx[FILENAME_MAX+1],fname_tab[FILENAME_MAX+1], X+ fname_phr[FILENAME_MAX+1]; X X if (argc<=1) X { X printf("Enter table file name [.tab] : "); X- scanf("%s", fname); X+ fgets(fname, FILENAME_MAX+1-8+1, stdin); X+ strtok(fname, "\n"); /* Drop the possible final LF character */ X+ /* fname[] and fname_phr[] will be appended ".tab.phr" suffix */ X } X- else strcpy(fname,argv[1]); X+ else safe_strncpy(fname, argv[1], FILENAME_MAX+1-8); X X strcpy(fname_dat,fname); X strcpy(fname_idx,fname); X@@ -167,7 +175,7 @@ X if (table->item[j].ch < 0xA1A1) /* a phrase */ X { X buf[offset++] = '2'; X- load_phr( j, buf+offset); X+ load_phr( j, buf+offset, sizeof(buf) - offset); X offset += strlen(buf+offset); X } X buf[offset++]= 0x0A; X--- inputs/cin2dat.c.orig X+++ inputs/cin2dat.c X@@ -4,6 +4,7 @@ X #include X #include X #include "hzinput.h" X+#include "safestring.h" X X FILE *fr, *fw; X int lineno; X@@ -89,7 +90,8 @@ X ITEM ItemOut[MAXSIZE]; X int PhraseIndex[MAXSIZE]; X char PhraseBuffer[250000]; /* max 250K phrase buffer */ X-char fname[64], fname_cin[64],fname_dat[64],fname_idx[64]; X+char fname[FILENAME_MAX+1], fname_cin[FILENAME_MAX+1], /* ANSI C limits */ X+ fname_dat[FILENAME_MAX+1], fname_idx[FILENAME_MAX+1]; X X /* qcmp2 compare two ITEM2 structure, according to its key1/key2/ch */ X int qcmp2(ITEM2* a, ITEM2* b) X@@ -125,13 +127,17 @@ X return 0; X } X X-void load_phrase( int index, char *buf) X+void load_phrase( int index, char *buf, int n) X { X int len = PhraseIndex[index+1] - PhraseIndex[index]; X X- if ( len > 128 || len <= 0 ) { X+ if (len > n) { X+ print_error("buffer overrun %d > %d\n", len, n); X+ abort(); X+ } X+ if ( len > 128 || len <= 0) { X print_error("Phrase error at index %d\n" , index); X- strcpy( buf, "error" ); X+ strncpy( buf, "error", n); X return; X } X memcpy(buf,PhraseBuffer+PhraseIndex[index],len); X@@ -205,7 +211,7 @@ X if (ItemOut[j].ch < 0xA1A1) /* a phrase */ X { X buf[offset++] = '2'; X- load_phrase( ItemOut[j].ch, buf+offset); X+ load_phrase( ItemOut[j].ch, buf+offset, sizeof(buf)-offset); X offset += strlen(buf+offset); X } X buf[offset++]= 0x0A; X@@ -239,9 +245,11 @@ X if (argc<=1) X { X printf("Enter table file name [.cin] : "); X- scanf("%s", fname); X+ fgets(fname, FILENAME_MAX+1-4+1, stdin); X+ strtok(fname, "\n"); /* Drop the possible final LF character */ X+ /* fname[] and fname_* will be appended {.cin,.idx,.dat} suffix */ X } X-else strcpy(fname,argv[1]); X+else safe_strncpy(fname, argv[1], FILENAME_MAX+1-4); X X strcpy(fname_cin,fname); X strcpy(fname_idx,fname); X@@ -265,19 +273,17 @@ X cmd_arg(tt, &cmd, &arg); X if (strcmp(cmd,"%ename") || !(*arg) ) X print_error("%d: %%ename english_name expected", lineno); X-arg[CIN_ENAME_LENGTH-1]=0; X-strcpy(InpTable.ename,arg); X+safe_strncpy(InpTable.ename, arg, sizeof (InpTable.ename)); X X cmd_arg(tt, &cmd, &arg); X if (strcmp(cmd,"%prompt") || !(*arg) ) X print_error("%d: %%prompt prompt_name expected", lineno); X-arg[CIN_CNAME_LENGTH-1]=0; X-strcpy(InpTable.cname, arg); X+safe_strncpy(InpTable.cname, arg, sizeof (InpTable.cname)); X X cmd_arg(tt,&cmd, &arg); X if (strcmp(cmd,"%selkey") || !(*arg) ) X print_error("%d: %%selkey select_key_list expected", lineno); X-strcpy(InpTable.selkey,arg); X+safe_strncpy(InpTable.selkey, arg, sizeof (InpTable.selkey)); X X cmd_arg(tt,&cmd, &arg); X if (strcmp(cmd,"%last_full") || !(*arg)) X@@ -364,7 +370,7 @@ X ItemTable[index].ch=phrase_count; X /* ch < 0xA1A1, phrase index */ X PhraseIndex[phrase_count]=phrasebuf_pointer; X- strcpy(&PhraseBuffer[phrasebuf_pointer],arg); X+ strncpy(&PhraseBuffer[phrasebuf_pointer],arg,sizeof(PhraseBuffer) - phrasebuf_pointer - 1); X phrasebuf_pointer += len; X phrase_count++; X } X--- inputs/tab2txt1.c.orig X+++ inputs/tab2txt1.c X@@ -2,6 +2,7 @@ X #include X #include X #include "pinyin.h" X+#include "safestring.h" X X PinYin pytab[26][MAX_EACH_PY]; X char hztab[MAX_PY_NUM][MAX_EACH_HZ]; X@@ -9,7 +10,7 @@ X int LoadTable(char* pathname) X { X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=1, j=0, lastpy=0, curpy; X X if ( (stream = fopen( pathname, "r" )) == NULL ) X@@ -22,12 +23,13 @@ X { X if ( fgets(str,250,stream) != NULL) X { X- sscanf(str,"%s %s",strpy,strhz); X- strcpy( hztab[i],strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy = strpy[0]-'a'; X if (curpy != lastpy) j = 0; X- strcpy( pytab[curpy][j].py,strpy); X+ safe_strncpy(pytab[curpy][j].py, strpy, MAX_PY_LEN); X pytab[curpy][j].key = i; X lastpy = curpy; X X@@ -101,15 +103,24 @@ X for(m=0; keytmp=pytab[l][m].key; m++) X if (keyint == keytmp) X { X- sprintf(tmppy,"%s ",pytab[l][m].py); X+ snprintf(tmppy,sizeof(tmppy),"%s ",pytab[l][m].py); X break; X } X- strcat(pinyin,tmppy); X+ if (strlen(pinyin) + strlen(tmppy) + 1 < sizeof(pinyin)) X+ strcat(pinyin,tmppy); X+ else { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X } X X- for(k = 0; k < p0->count; k++) X+ for (k = 0; k < p0->count; k++) X { X- memcpy(str,p0->key+len+1+(2*len+1)*k,2*len); X+ if (sizeof(str) < (size_t)(2 * len + 1)) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } else X+ memcpy(str,p0->key+len+1+(2*len+1)*k,2*len); X str[2*len] = '\0'; X freq = p0->key[len+1+(2*len+1)*k+2*len]; X fprintf(out,"%s %s %d\n",str,pinyin,freq); X--- inputs/tab2txt.c.orig X+++ inputs/tab2txt.c X@@ -2,6 +2,7 @@ X #include X #include X #include "pinyin.h" X+#include "safestring.h" X X PinYin pytab[26][MAX_EACH_PY]; X char hztab[MAX_PY_NUM][MAX_EACH_HZ]; X@@ -9,7 +10,7 @@ X int LoadTable(char* pathname) X { X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=1, j=0, lastpy=0, curpy; X X if ( (stream = fopen( pathname, "r" )) == NULL ) X@@ -22,12 +23,14 @@ X { X if ( fgets(str,250,stream) != NULL) X { X- sscanf(str,"%s %s",strpy,strhz); X- strcpy( hztab[i],strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X+ X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy = strpy[0]-'a'; X if (curpy != lastpy) j = 0; X- strcpy( pytab[curpy][j].py,strpy); X+ safe_strncpy(pytab[curpy][j].py, strpy, MAX_PY_LEN); X pytab[curpy][j].key = i; X lastpy = curpy; X X@@ -101,15 +104,24 @@ X for(m=0; keytmp=pytab[l][m].key; m++) X if (keyint == keytmp) X { X- sprintf(tmppy,"%s ",pytab[l][m].py); X+ snprintf(tmppy,sizeof(tmppy),"%s ",pytab[l][m].py); X break; X } X- strcat(pinyin,tmppy); X+ if (strlen(pinyin) + strlen(tmppy) + 1 < sizeof(pinyin)) X+ strcat(pinyin,tmppy); X+ else { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X } X X for(k = 0; k < p0->count; k++) X { X- memcpy(str,p0->key+len+1+(2*len+1)*k,2*len); X+ if (sizeof(str) < (size_t)(2 * len + 1)) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } else X+ memcpy(str,p0->key+len+1+(2*len+1)*k,2*len); X str[2*len] = '\0'; X freq = p0->key[len+1+(2*len+1)*k+2*len]; X if (len > 1) // single char ignored X--- inputs/txt2tab.c.orig X+++ inputs/txt2tab.c X@@ -2,6 +2,7 @@ X #include X #include X #include "pinyin.h" X+#include "safestring.h" X X typedef struct _HzPhrase X { X@@ -28,7 +29,7 @@ X int LoadTable(char* pathname) X { X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=1, j=0, lastpy=0, curpy; X X if ( (stream = fopen( pathname, "r" )) == NULL ) X@@ -41,12 +42,13 @@ X { X if ( fgets(str,250,stream) != NULL) X { X- sscanf(str,"%s %s",strpy,strhz); X- strcpy( hztab[i],strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy = strpy[0]-'a'; X if (curpy != lastpy) j = 0; X- strcpy( pytab[curpy][j].py,strpy); X+ safe_strncpy(pytab[curpy][j].py, strpy, MAX_PY_LEN); X pytab[curpy][j].key = i; X lastpy = curpy; X i++,j++; X@@ -88,6 +90,10 @@ X X if (len<2) return 0; X /* single char phrase ignored */ X+ if (len > MAX_PHRASE_LEN) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X X ahead = (short)key[1]; X ahead |= (key[0] & 0x01) << 8; X@@ -125,7 +131,7 @@ X hzph = hzph->next; X hzph->freq = 0; X hzph->next = NULL; X- memcpy(hzph->hz,str,len*2); X+ memcpy(hzph->hz,str,len*2); /* len < MAX_PHRASE_LEN */ X hzph->hz[len*2] = '\0'; X return 1; // insert a new Hanzi Phrase at the end of the link list X } X@@ -144,7 +150,7 @@ X kph->next = tmpkph; X tmpkph->len = len; X tmpkph->count = 1; X- memcpy(tmpkph->key,key,len+1); X+ memcpy(tmpkph->key,key,len+1); /* len < MAX_PHRASE_LEN */ X tmpkph->next = NULL; X X if ((tmpkph->hzph = (HzPhrase *)malloc(sizeof(HzPhrase))) == NULL) X@@ -154,7 +160,7 @@ X } X tmpkph->hzph->freq = freq; X tmpkph->hzph->next = NULL; X- memcpy(tmpkph->hzph->hz,str,len*2); X+ memcpy(tmpkph->hzph->hz,str,len*2); /* len < MAX_PHRASE_LEN */ X tmpkph->hzph->hz[len*2] = '\0'; X phcount[ahead]++; X X@@ -213,6 +219,10 @@ X kph = kph->next; X X len = kphtmp->len; X+ if (len > MAX_PHRASE_LEN) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X memcpy(key,kphtmp->key,len+1); X fwrite(&len,sizeof(char),1, out); X X--- inputs/pyinput/lib2sim.c.orig X+++ inputs/pyinput/lib2sim.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -32,13 +33,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strncpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X--- inputs/pyinput/sim2lib.c.orig X+++ inputs/pyinput/sim2lib.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -33,13 +34,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strncpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X--- inputs/pyinput/sim2lib1.c.orig X+++ inputs/pyinput/sim2lib1.c X@@ -1,5 +1,6 @@ X #include X #include X+#include "safestring.h" X X #define MAX_PY_NUM 420 X #define MAX_EACH_PY 38 X@@ -20,7 +21,7 @@ X { X X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=0,j=0; X int tmp,curpy; X PinYin *pyt=(PinYin *)pytab; X@@ -32,13 +33,14 @@ X X while( !feof( stream )) { X if( fgets(str,250,stream)!=NULL){ X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X X- strcpy( hztab[i],strhz); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy=strpy[0]-97; X if(curpy!=tmp) {j=0;} X- strcpy( (pyt+curpy*MAX_EACH_PY+j)->py,strpy); X+ safe_strncpy((pyt+curpy*MAX_EACH_PY+j)->py, strpy, 7); X (pyt+curpy*MAX_EACH_PY+j)->key=i+1; X tmp=curpy; X X--- inputs/txt2tab1.c.orig X+++ inputs/txt2tab1.c X@@ -2,6 +2,7 @@ X #include X #include X #include "pinyin.h" X+#include "safestring.h" X X typedef struct _HzPhrase X { X@@ -28,7 +29,7 @@ X int LoadTable(char* pathname) X { X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy, *strhz; X int i=1, j=0, lastpy=0, curpy; X X if ( (stream = fopen( pathname, "r" )) == NULL ) X@@ -41,12 +42,13 @@ X { X if ( fgets(str,250,stream) != NULL) X { X- sscanf(str,"%s %s",strpy,strhz); X- strcpy( hztab[i],strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X+ strhz = strtok(NULL, " \f\n\r\t\v"); X+ safe_strncpy(hztab[i], strhz, MAX_EACH_HZ); X X curpy = strpy[0]-'a'; X if (curpy != lastpy) j = 0; X- strcpy( pytab[curpy][j].py,strpy); X+ safe_strncpy(pytab[curpy][j].py, strpy, MAX_PY_LEN); X pytab[curpy][j].key = i; X lastpy = curpy; X i++,j++; X@@ -87,6 +89,10 @@ X X if (len<2) return 0; X /* single char phrase ignored */ X+ if (len > MAX_PHRASE_LEN) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X X ahead = (short)key[1]; X ahead |= (key[0] & 0x01) << 8; X@@ -123,7 +129,7 @@ X hzph = hzph->next; X hzph->freq = 0; X hzph->next = NULL; X- memcpy(hzph->hz,str,len*2); X+ memcpy(hzph->hz,str,len*2); /* len < MAX_PHRASE_LEN */ X hzph->hz[len*2] = '\0'; X return 1; // insert a new Hanzi Phrase at the end of the link list X } X@@ -142,7 +148,7 @@ X kph->next = tmpkph; X tmpkph->len = len; X tmpkph->count = 1; X- memcpy(tmpkph->key,key,len+1); X+ memcpy(tmpkph->key,key,len+1); /* len < MAX_PHRASE_LEN */ X tmpkph->next = NULL; X X if ((tmpkph->hzph = (HzPhrase *)malloc(sizeof(HzPhrase))) == NULL) X@@ -152,7 +158,7 @@ X } X tmpkph->hzph->freq = freq; X tmpkph->hzph->next = NULL; X- memcpy(tmpkph->hzph->hz,str,len*2); X+ memcpy(tmpkph->hzph->hz,str,len*2); /* len < MAX_PHRASE_LEN */ X tmpkph->hzph->hz[len*2] = '\0'; X phcount[ahead]++; X return 1; X@@ -212,6 +218,10 @@ X kph = kph->next; X X len = kphtmp->len; X+ if (len > MAX_PHRASE_LEN) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X memcpy(key,kphtmp->key,len+1); X fwrite(&len,sizeof(char),1, out); X fwrite(&(kphtmp->count),sizeof(kphtmp->count),1,out); X--- src/child.c.orig X+++ src/child.c X@@ -57,6 +57,7 @@ X { X char *p; X X+ /* run as user, not effective user root, see ChildStart() */ X p = strtok(startupStr, "\n"); X while(p) { X system(p); X@@ -86,18 +87,20 @@ X void ChildStart(FILE *errfp) X { X char *tail, *tcap; X- char buff[80]; X+ char buff[256]; X X setgid(getgid()); X setuid(getuid()); X+ /* run as user, not effective user root */ X X RunStartupCmd(); X X #if defined(linux) X+ /* ok - buff[256] */ X sprintf(buff, "TERMCAP=:co#%d:li#%d:tc=console:", X- dispInfo.txmax, dispInfo.tymax); X+ dispInfo.txmax, dispInfo.tymax); X #elif defined(__FreeBSD__) X- sprintf(buff,"TERM=cons25"); X+ sprintf(buff,"TERM=cons25"); /* ok - buff[256] */ X #endif X X tcap = strdup(buff); X@@ -142,7 +145,7 @@ X execProg = "/bin/sh"; X if ((tail = rindex(execProg, '/')) == NULL) X tail = " sh"; X- sprintf(buff, "-%s", tail + 1); X+ snprintf(buff, sizeof(buff), "-%s", tail + 1); X execl(execProg, buff, 0); X } X fprintf(errfp, "CCE> couldn't exec shell\r\n"); X--- src/errors.c.orig X+++ src/errors.c X@@ -62,7 +62,7 @@ X { X VtWrite(curCon,head, strlen(head)); X /* VtEmu will output the buffer in graphical mode */ X- vsprintf(buf, format, args); X+ vsnprintf(buf, MAX_MSGLEN, format, args); X VtWrite(curCon,buf, strlen(buf)); X } X } X--- src/getcap.c.orig X+++ src/getcap.c X@@ -77,8 +77,10 @@ X fprintf(stderr, "cap %s redefined (default %s)\r\n", name, X def_value ? def_value : "None"); X #endif X+ if (cp->name) free(cp->name); X cp->name = strdup(name); X cp->func = func; X+ if (cp->def_value) free(cp->def_value); X if (def_value) X cp->def_value = strdup(def_value); X return; X@@ -262,7 +264,7 @@ X bool BoolConf(const char *confstr) X { X char name[MAX_COLS]; X- sscanf(confstr, "%s", name); X+ sscanf(confstr, "%255s", name); X if (strcasecmp(name, "On") == 0 || X strcasecmp(name, "True") == 0) { X return TRUE; X--- src/hzinput.c.orig X+++ src/hzinput.c X@@ -39,7 +39,7 @@ X #include X #include X X-static hz_input_table* LoadInputMethod(char *filename); X+static hz_input_table* LoadInputMethod(const char *filename); X static void DisplaySelection(void); X X /*************************************************************************** X@@ -94,7 +94,7 @@ X X static int ConfigInputMethod(const char *str) X { X- char *p, fn[128]; X+ char *p; X int i = 1; X X message("Load input method 0 & 9: PinYin & Internal Code\r\n"); X@@ -103,11 +103,10 @@ X { X while (*p == ' ' || *p == '\t') p++; X X- strcpy(fn,p); X- if (access(fn, R_OK) == 0) X+ if (access(p, R_OK) == 0) X { X message("Load input method %d: %s\r\n",i,p); X- input_table[i++] = LoadInputMethod(fn); X+ input_table[i++] = LoadInputMethod(p); X } X else X input_table[i++] = NULL; X@@ -120,11 +119,11 @@ X * public function * X ***************************************************************************/ X X-static hz_input_table* LoadInputMethod(char *filename) X+static hz_input_table* LoadInputMethod(const char *filename) X { X int nread; X FILE *fd; X- char phrase_filename[100],assoc_filename[100]; X+ char phrase_filename[FILENAME_MAX+1], assoc_filename[FILENAME_MAX+1]; X hz_input_table *table; X X table = malloc(sizeof(hz_input_table)); X@@ -166,6 +165,10 @@ X X if (table->PhraseNum > 0) X { X+ if (strlen(filename) > FILENAME_MAX-4) { X+ fprintf(stderr, "too long filename\n"); X+ abort(); X+ } X strcpy( phrase_filename, filename ); X strcat( phrase_filename, ".phr" ); X strcpy( assoc_filename, filename ); X@@ -273,7 +276,7 @@ X } X X /* phrno: Phrase Number, return in tt */ X- void LoadPhrase( int phrno, char *tt ) X+ void LoadPhrase( int phrno, char *tt, int n ) X { X FILE *fp = cur_table->PhraseFile; X int ofs[2], len; X@@ -282,9 +285,13 @@ X fread( ofs, 4, 2, fp ); X len = ofs[1] - ofs[0]; X X+ if (len > n) { X+ fprintf(stderr, "buffer overrun\n"); X+ abort(); X+ } X if ( len > 128 || len <= 0 ) { X error( "phrase error %d\n" , len ); X- strcpy( tt, "error" ); X+ strncpy( tt, "error", n ); X return; X } X X@@ -424,7 +431,7 @@ X { X fseek( cur_table->AssocFile, index << 2, SEEK_SET ); X fread( &PhraseNo, sizeof(int), 1, cur_table->AssocFile ); X- LoadPhrase( PhraseNo, str ); X+ LoadPhrase( PhraseNo, str, sizeof(str) ); X strcpy(seltab[CurSelNum],str+2); X CurLen += strlen(seltab[CurSelNum++]); X index++; X@@ -455,7 +462,7 @@ X CurLen < MAX_SEL_LENGTH) X { X if ( cur_table->item[j].ch < 0xA1A1 ) X- LoadPhrase( cur_table->item[j].ch, seltab[SelNum] ); X+ LoadPhrase( cur_table->item[j].ch, seltab[SelNum], MAX_PHRASE_LENGTH); X else X { X memcpy( &seltab[SelNum], &(cur_table->item[j].ch),2); X@@ -734,17 +741,17 @@ X /* before call this function, must lock the console */ X void RefreshInputArea(void) X { X- char buf[30]; X+ char buf[256]; X X pVideoInfo->clear_input(INPUT_BGCOLOR); // 1 blue X X if (!IsHanziInput) X { X- sprintf(buf, "¡¾Ó¢Êý¡¿%s", CurCoding[0]); X+ snprintf(buf, sizeof(buf), "¡¾Ó¢Êý¡¿%s", CurCoding[0]); X InputAreaOutput(0, buf, INPUT_FGCOLOR,INPUT_BGCOLOR); X InputAreaOutput((dispInfo.tx_avail-sizeof(VERSION_STRING))/2, X VERSION_STRING,INPUT_FGCOLOR,INPUT_BGCOLOR); X- sprintf(buf, "¡¾ÖÕ¶Ë%d¡¿¡¾´°¿Ú%d¡¿",VtNum, curCon->window); X+ snprintf(buf, sizeof(buf), "¡¾ÖÕ¶Ë%d¡¿¡¾´°¿Ú%d¡¿",VtNum, curCon->window); X InputAreaOutput(dispInfo.tx_avail-18, buf, INPUT_FGCOLOR, INPUT_BGCOLOR); X } X else if (current_method != 0) X--- src/main.c.orig X+++ src/main.c X@@ -236,9 +236,9 @@ X */ X X #if defined(linux) X- sprintf(vtty, "/dev/tty%d", vtNum); X+ snprintf(vtty, sizeof(vtty), "/dev/tty%d", vtNum); X #elif defined(__FreeBSD__) X- sprintf(vtty, "/dev/ttyv%d", vtNum); X+ snprintf(vtty, sizeof(vtty), "/dev/ttyv%d", vtNum); X #endif X if ((vfd = open(vtty, O_RDWR)) < 0) X fatal("can't open %s", vtty); X--- src/mouse.c.orig X+++ src/mouse.c X@@ -162,7 +162,7 @@ X static int ConfigMouseDev(const char *config) X { X char name[MAX_COLS]; X- sscanf(config, "%s", name); X+ sscanf(config, "%255s", name); X X if (mouseDev) free(mouseDev); X mouseDev = strdup(name); X@@ -185,7 +185,7 @@ X X mouseType = MOUSE_NONE; X mInfo.has_mouse = FALSE; X- sscanf(config, "%s", name); X+ sscanf(config, "%255s", name); X for (p = mice; p->name != NULL; p++) X { X if (strcasecmp(name, p->name) == 0) X--- src/pinyin.c.orig X+++ src/pinyin.c X@@ -32,12 +32,13 @@ X #include X #include X #include X-#include X-#include X+#include X+#include X X #include X #include X #include X+#include X X InputModule Pinyin_Module; X X@@ -69,6 +70,9 @@ X static char temp[2*MAX_PHRASE_LEN+1]; X int len = (int)(p->head->len); X X+ if (len > MAX_PHRASE_LEN) buffer_error("pinyin_GetPhrase"); X+ /* Do NOT use safe_strncpy to replace the following two lines! */ X+ /* It doesn't work! */ X strncpy(temp,p->head->key + len + 1 + p->index *(2*len+1),2*len); X temp[2*len] = '\0'; X return temp; X@@ -140,7 +144,7 @@ X static int LoadPinyinTable(InputModule *inmd, char* pathname) X { X FILE *stream; X- char str[250],strpy[15],strhz[241]; X+ char str[250], *strpy; X int i=0, j=0, lastpy=0, curpy; X X if ( (stream = fopen( pathname, "r" )) == NULL ) X@@ -150,10 +154,10 @@ X { X if ( fgets(str,250,stream) != NULL) X { X- sscanf(str,"%s %s",strpy,strhz); X+ strpy = strtok(str, " \f\n\r\t\v"); X curpy = strpy[0]-'a'; X if (curpy != lastpy) j = 0; X- strcpy( inmd->pytab[curpy][j].py,strpy); X+ safe_strncpy(inmd->pytab[curpy][j].py, strpy, MAX_PY_LEN); X inmd->pytab[curpy][j].key = i+1; X lastpy = curpy; X i++,j++; X@@ -510,6 +514,7 @@ X { X if (uph->len < len) continue; X X+ if (len > MAX_PHRASE_LEN) buffer_error("pinyin_QueryPhrase(1)"); X memcpy(phkey,uph->key,len+1); X phkey[0] &= mask; X if (!memcmp(phkey,key,len+1)) // match X@@ -531,6 +536,7 @@ X sph = (Phrase *)p; X if (sph->len >= len) X { X+ if (len > MAX_PHRASE_LEN) buffer_error("pinyin_QueryPhrase(2)"); X memcpy(phkey,sph->key,len+1); X phkey[0] &= mask; X if (!memcmp(phkey,key,len+1)) // match X@@ -584,7 +590,7 @@ X return count; X } X X-static int SelectKeyPressed(InputModule *inmd,char ch,char *strbuf) X+static int SelectKeyPressed(InputModule *inmd,char ch,char *strbuf, int strbuflen) X { X ChoiceItem *phr=inmd->sel; X X@@ -608,8 +614,11 @@ X X if (idx > inmd->endpos) return 0; // out of range selection! X X- strcpy(strhz,GetPhrase(phr+idx)); X- strcat(pybuftmp,strhz); X+ safe_strncpy(strhz, GetPhrase(phr+idx), MAX_PHRASE_LEN); X+ if (strlen(pybuftmp) + strlen(strhz) + 1 < MAX_INPUT_BUF) { X+ strcat(pybuftmp,strhz); X+ } else X+ buffer_error("pinyin_SelectKeyPressed(1)"); X inmd->key[0] |= phr[idx].head->key[0] << inmd->lenkey; X X for(i=1; i<=phr[idx].head->len; i++) X@@ -631,7 +640,10 @@ X pybuftmp,inmd->key,strlen(pybuftmp)/2,1); X // not equal and pybuftmp, save the new phrase, 0 is user phrase X } X- strcpy(strbuf,pybuftmp); X+ if (strlen(pybuftmp) < (size_t)strbuflen) { X+ strcpy(strbuf,pybuftmp); X+ } else X+ buffer_error("pinyin_SelectKeyPressed(2)"); X X ResetPinyinInput(inmd); X RefreshPYInputArea(inmd); X@@ -654,8 +666,12 @@ X FillForwardSelection(inmd,0); X X *inbuftmp = '\0'; // put the rest of the pinyin into inbuftmp X- for(j = inmd->pinyinpos; j < inmd->lenpy; j++) X- strcat(inbuftmp, inmd->pinyin[j]); X+ for(j = inmd->pinyinpos; j < inmd->lenpy; j++) { X+ if (strlen(inbuftmp) + strlen(inmd->pinyin[j]) + 1 < MAX_INPUT_BUF) { X+ strcat(inbuftmp, inmd->pinyin[j]); X+ } else X+ buffer_error("pinyin_SelectKeyPressed(3)"); X+ } X X CreatePyMsg(inmd); X X@@ -665,7 +681,7 @@ X } X X /* Always return 0, input pinyin, no key output available */ X-static int PinyinKeyPressed(InputModule *inmd,char ch,char *strbuf) X+static int PinyinKeyPressed(InputModule *inmd,char ch,char *strbuf, int strbuflen) X { X /* parameter strbuf is the newly inputed pinyin, inbuf the X is the whole inputed pinyin, inbuftmp is the unselected pinyin */ X@@ -702,8 +718,11 @@ X } X else //other than BackSpace, ch = a-z or ' X { X- strcat(inbuf,strbuf); X- strcat(inbuftmp,strbuf); X+ if (strlen(inbuf) + strlen(strbuf) + 1 < MAX_INPUT_BUF) { X+ strcat(inbuf,strbuf); X+ strcat(inbuftmp,strbuf); X+ } else X+ buffer_error("pinyin_PinyinKeyPressed"); X } X X if (!strlen(pybuftmp)) inmd->pinyinpos = 0; X@@ -745,11 +764,11 @@ X return 0; X } X X-static int PinyinParseInput(InputModule *inmd, char ch, char *strbuf) X+static int PinyinParseInput(InputModule *inmd, char ch, char *strbuf, int strbuflen) X { X X if ( (ch>='a' && ch<='z') || ch=='\''|| ch=='\010' || ch=='\177') X- return PinyinKeyPressed(inmd,ch,strbuf); X+ return PinyinKeyPressed(inmd,ch,strbuf,strbuflen); X X if (!strlen(inmd->inbuf)) X return 1; X@@ -774,7 +793,7 @@ X return 0; X default: // select some keys X if ( (ch>='1' && ch<='9') || ch=='0' || ch==' ') X- return SelectKeyPressed(inmd,ch,strbuf); X+ return SelectKeyPressed(inmd,ch,strbuf, strbuflen); X break; X } X return 1; X@@ -816,8 +835,7 @@ X if (valid) count++; X else X { X- strncpy(pinyin[total], pybuf+offset, count-1); X- pinyin[total++][count-1] = '\0'; X+ safe_strncpy(pinyin[total++], pybuf+offset, count); X offset += count-1; X count = 2; X } X@@ -826,8 +844,7 @@ X // copy the remaining pinyin X if (offset < len) X { X- strncpy(pinyin[total], pybuf+offset, count-1); X- pinyin[total++][count-1] = '\0'; X+ safe_strncpy(pinyin[total++], pybuf+offset, count); X } X return total; X } X@@ -878,13 +895,13 @@ X { X if (pinyin[i][1] != 'h') X { X- strcpy(py+1,pinyin[i]); X+ safe_strncpy(py+1, pinyin[i], MAX_PY_LEN); X py[0] = py[1]; X py[1] = 'h'; X } X else X { X- strcpy(py,pinyin[i]+1); X+ safe_strncpy(py, pinyin[i]+1, MAX_PY_LEN); X py[0] = ch; X } X if (!strncmp(py,inmd->pytab[ahead][j].py,strlen(py))) X@@ -911,6 +928,8 @@ X memcpy(keyarr[0][lenarr[0]++],key,2); X } X X+ if (count > MAX_PHRASE_LEN - 1) X+ buffer_error("pinyin_FindMatchPhrase"); X /* count is the real pinyin number, parse the remaining */ X for(i=1; istartpos = startpos; X inmd->endpos = startpos - 1; X if (inmd->startpos > 0) X- sprintf(inmd->iahzbuf,"< "); X- else sprintf(inmd->iahzbuf," "); X+ snprintf(inmd->iahzbuf,MAX_HZ_BUF,"< "); X+ else snprintf(inmd->iahzbuf,MAX_HZ_BUF," "); X X while(inmd->endpos < inmd->len-1 && count < 10) X { X- sprintf(strtmp,"%d%s ",(count+1)%10, X+ snprintf(strtmp,sizeof(strtmp),"%d%s ",(count+1)%10, X GetPhrase(inmd->sel+inmd->endpos+1)); X X if ( (strlen(iahzbuf)+strlen(strtmp)+2) <= (u_int)SelAreaWidth) X@@ -1031,7 +1050,8 @@ X inmd->startpos = lastpos+1; X while(inmd->startpos > 0 && count < 10) X { X- strcpy(strbuf,GetPhrase(inmd->sel+inmd->startpos-1)); X+ safe_strncpy(strbuf, GetPhrase(inmd->sel+inmd->startpos-1), X+ sizeof (strbuf)); X ialen += strlen(strbuf)+2; X if (ialen+2 > SelAreaWidth) break; X count++; X@@ -1047,14 +1067,16 @@ X { X int i; X X- strcpy(inmd->iapybuf,inmd->pybuftmp); X+ safe_strncpy(inmd->iapybuf, inmd->pybuftmp, MAX_INPUT_BUF); X for(i=inmd->pinyinpos; ilenpy; i++) X { X- strcat(inmd->iapybuf,inmd->pinyin[i]); // MAX_PY_LEN = 7 X- if (inmd->pinyin[i+1][0] == '\'' || inmd->pinyin[i][0] == '\'') X- continue; X- else X- strcat(inmd->iapybuf," "); X+ if (strlen(inmd->iapybuf)+strlen(inmd->pinyin[i])+2 >= MAX_INPUT_BUF-1) X+ buffer_error("pinyin_CreatePyMsg"); X+ strcat(inmd->iapybuf,inmd->pinyin[i]); // MAX_PY_LEN = 7 X+ if (inmd->pinyin[i+1][0] == '\'' || inmd->pinyin[i][0] == '\'') X+ continue; X+ else X+ strcat(inmd->iapybuf," "); X } X } X X@@ -1078,7 +1100,7 @@ X buf[0] = key; X buf[1] = '\0'; X X- count = PinyinParseInput(&Pinyin_Module, key, buf); X+ count = PinyinParseInput(&Pinyin_Module, key, buf, sizeof(buf)); X X if (count > 0) X write(tty_fd, buf, count); X--- src/term.c.orig X+++ src/term.c X@@ -374,7 +374,7 @@ X { X for (ln = 0; ln <= 0xF; ln ++) X { X- sprintf(con->ptyName, "/dev/pty%1c%1x", ls, ln); X+ snprintf(con->ptyName, sizeof(con->ptyName), "/dev/pty%1c%1x", ls, ln); X if ((con->masterPty = open(con->ptyName, O_RDWR)) >= 0) break; X } X if (con->masterPty >= 0) break; X--- src/vc.c.orig X+++ src/vc.c X@@ -1090,7 +1090,7 @@ X X if (strlen(confstr) < 10) X { X- sscanf(confstr, "%s", name); X+ sscanf(confstr, "%9s", name); X } X X #if defined(linux) X--- src/vt.c.orig X+++ src/vt.c X@@ -234,13 +234,13 @@ X { X int x = (con->x < con->xmax) ? con->x : con->xmax; X int y = (con->y < con->ymax) ? con->y : con->ymax; X- sprintf(report, "\x1B[%d;%dR", y + 1, x + 1); X+ snprintf(report, LEN_REPORT, "\x1B[%d;%dR", y + 1, x + 1); X } X else if (arg == 5) X- strcpy(report, "\x1B[0n\0"); X+ strcpy(report, "\x1B[0n\0"); /* ok */ X break; X case 'c': X- if (arg == 0) strcpy(report, "\x1B[?6c\0"); X+ if (arg == 0) strcpy(report, "\x1B[?6c\0"); /* ok */ X break; X } X write(con->masterPty, report, strlen(report)); X@@ -769,7 +769,7 @@ X int n, i; X X *reg[0] = *reg[1] = *reg[2] = '\0'; X- sscanf(confstr, "%s %s %s", reg[0], reg[1], reg[2]); X+ sscanf(confstr, "%255s %255s %255s", reg[0], reg[1], reg[2]); X for (i = 0; i < 3 && *reg[i]; i ++) X { X n = (int)CodingByRegistry(reg[i]); END-of-cce/files/patch-security echo x - cce/files/patch-src::cce.cfg sed 's/^X//' >cce/files/patch-src::cce.cfg << 'END-of-cce/files/patch-src::cce.cfg' X--- src/cce.cfg.orig Sun Feb 18 23:00:32 2001 X+++ src/cce.cfg Sun Feb 18 23:01:01 2001 X@@ -24,14 +24,14 @@ X # X # X gb: Font X- /usr/lib/cce/8x16.bin X- /usr/lib/cce/gb16fs.bin X+ /usr/local/lib/cce/8x16.bin X+ /usr/local/lib/cce/gb16fs.bin X big5: X- /usr/lib/cce/8x16.bin X- /usr/lib/cce/taipei16.bin X+ /usr/local/lib/cce/8x16.bin X+ /usr/local/lib/cce/taipei16.bin X jis: X- /usr/lib/cce/7x14rk.bin X- /usr/lib/cce/k14.bin X+ /usr/local/lib/cce/7x14rk.bin X+ /usr/local/lib/cce/k14.bin X X * Input Methods X # Ctrl+Alt+0 PinYin Input Method X@@ -39,8 +39,8 @@ X # Ctrl+Alt+1-8 you can define below X # X gb: InputMethod X- /usr/lib/cce/pinyin.tab X- /usr/lib/cce/wubi.tab X+ /usr/local/lib/cce/pinyin.tab X+ /usr/local/lib/cce/wubi.tab X X big5: X X@@ -134,7 +134,7 @@ X zh_TW.big5: X ISO8859-1 BIG5.HKU-0 X X-zh_CN.ugb: Coding X+zh_CN.EUC: Coding X ISO8859-1 GB2312.1980-0 GB X X ko_KR.euc: END-of-cce/files/patch-src::cce.cfg exit >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message