Репозитории ALT
S: | 3.2.8-alt1 |
5.1: | 3.2.1-alt3 |
4.1: | 3.2.1-alt3 |
4.0: | 3.2.1-alt1 |
3.0: | 3.1.6a-alt4 |
Группа :: Звук
Пакет: mikmod
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: mikmod-3.1.6-security.patch
Скачать
Скачать
diff -Ndur mikmod-3.1.6.orig/src/marchive.c mikmod-3.1.6/src/marchive.c
--- mikmod-3.1.6.orig/src/marchive.c 2003-06-02 18:35:38.000000000 +0200
+++ mikmod-3.1.6/src/marchive.c 2003-06-03 14:24:57.000000000 +0200
@@ -269,6 +269,10 @@
{
int t;
+ /* a filename may not start with '-' since this could be abused to
+ feed another option to the archiver */
+ if (filename[0]=='-')
+ return 0;
for (t=0;modulepatterns[t];t++)
if (!fnmatch(modulepatterns[t],filename,FNM_NOESCAPE))
return 1;
@@ -522,8 +526,8 @@
if (!pipe(fd)) {
pid_t pid;
- int status,cur,finished=0;
- char ch;
+ FILE *file;
+ int status,s;
switch (pid=fork()) {
case -1: /* fork failed */
@@ -553,40 +557,22 @@
}
break;
default: /* fork succeeded, main process code */
- /* have to wait for the child to ensure the command was
- successful and the pipe contains useful
- information */
- /* read from the pipe */
close(fd[1]);
- cur=0;
- for (;;) {
- /* check if child process has finished */
- if ((!finished)&&(waitpid(pid,&status,WNOHANG))) {
- finished=1;
- /* abnormal exit */
- if (!WIFEXITED(status)) {
- close(fd[0]);
- break;
- }
- }
-
- /* check for end of pipe, otherwise read char */
- if ((!read(fd[0],&ch,1))&&(finished)) break;
-
- if (ch=='\n') ch=0;
- string[cur++]=ch;
- if (!ch) {
- cur=0;
- if (!MA_archiver[archive].nameoffset) {
- for (t=0;string[t]!=' ';t++);
- string[t]=0;
- }
- if (MA_isModuleFilename2(string+MA_archiver[archive].nameoffset))
- PL_Add(pl,(string+MA_archiver[archive].nameoffset),filename,0,0);
- }
+ if (!(file=fdopen(fd[0],"r"))) {
+ close(fd[1]);
+ waitpid(pid,&status,0);
+ break;
}
- close(fd[0]);
+ /* read from the pipe */
+ while (fgets(string,PATH_MAX+MAXCOLUMN+1,file)) {
+ s=strlen(string)-1;
+ if (string[s]=='\n') string[s]='\0';
+ if (MA_isModuleFilename2(string+MA_archiver[archive].nameoffset))
+ PL_Add(pl,(string+MA_archiver[archive].nameoffset),filename,0,0);
+ }
+ fclose(file);
+ waitpid(pid,&status,0);
break;
}
}