From 6fb16b8f3cdcb55f2f9207d4e2872c7959c6e262 Mon Sep 17 00:00:00 2001 From: Michael R Sweet Date: Thu, 21 Nov 2024 13:07:38 -0500 Subject: [PATCH] Update file_basename implementation to handle really long filenames (Issue #532) --- CHANGES.md | 1 + htmldoc/file.c | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index aa16f531..8d54c690 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,6 @@ # Changes in HTMLDOC v1.9.19 +- Security: Fixed an issue with the `file_basename` implementation (Issue #532) - Updated HTML and header/footer code to use a string pool to simplify memory management and fix potential double-free bugs. - Updated configure script to look for zlib with pkg-config (Issue #519) diff --git a/htmldoc/file.c b/htmldoc/file.c index 3a49d926..58b3abdf 100644 --- a/htmldoc/file.c +++ b/htmldoc/file.c @@ -1,7 +1,7 @@ /* * Filename routines for HTMLDOC, a HTML document processing program. * - * Copyright © 2011-2023 by Michael R Sweet. + * Copyright © 2011-2024 by Michael R Sweet. * Copyright © 1997-2010 by Easy Software Products. All rights reserved. * * This program is free software. Distribution and use rights are outlined in @@ -89,23 +89,23 @@ file_basename(const char *s) /* I - Filename or URL */ if (s == NULL) return (NULL); - if ((basename = strrchr(s, '/')) != NULL) - basename ++; - else if ((basename = strrchr(s, '\\')) != NULL) - basename ++; - else - basename = (char *)s; - - if (basename[0] == '#') - return (NULL); + if (strchr(s, '#') != NULL) + { + char *bufptr; // Pointer into buffer - if (strchr(basename, '#') == NULL) - return (basename); + strlcpy(buf, s, sizeof(buf)); + s = buf; - strlcpy(buf, basename, sizeof(buf)); - *(char *)strchr(buf, '#') = '\0'; + if ((bufptr = strchr(buf, '#')) != NULL) + *bufptr = '\0'; + } - return (buf); + if ((basename = strrchr(s, '/')) != NULL) + return (basename + 1); + else if ((basename = strrchr(s, '\\')) != NULL) + return (basename + 1); + else + return (s); }