1Description: Fix format security errors. 2Author: Guillem Jover <guillem@debian.org> 3Origin: vendor 4Forwarded: no 5Last-Update: 2013-05-09 6 7--- 8 arj_arcv.c | 12 ++++++------ 9 arj_user.c | 8 ++++---- 10 arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------ 11 arjsfx.c | 2 +- 12 fardata.c | 10 +++++----- 13 rearj.c | 2 +- 14 register.c | 2 +- 15 7 files changed, 46 insertions(+), 48 deletions(-) 16 17--- a/fardata.c 18+++ b/fardata.c 19@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...) 20 /* Check if the message could have a standard error code */ 21 if(errno!=0&&is_std_error(errmsg)) 22 { 23- msg_cprintf(0, lf); 24+ msg_cprintf(0, "\n"); 25 error_report(); 26 } 27 #endif 28@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char * 29 { 30 #if SFX_LEVEL>=ARJSFXV 31 fprintf(new_stdout, strform, n_text); 32- fprintf(new_stdout, lf); 33+ fprintf(new_stdout, "\n"); 34 #else 35 printf(strform, n_text); 36- printf(lf); 37+ printf("\n"); 38 #endif 39 } 40 else 41@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char * 42 #ifdef NEED_CRLF 43 scr_out("\r"); 44 #endif 45- scr_out(lf); 46+ scr_out("\n"); 47 } 48 if(!no_colors) 49 textcolor(color_table[ccode&H_COLORMASK].color); 50 #else 51 printf(strform, n_text); 52- printf(lf); 53+ printf("\n"); 54 #endif 55 n_text=t_text+1; 56 #if SFX_LEVEL>=ARJ 57--- a/arj_user.c 58+++ b/arj_user.c 59@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd) 60 if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos)) 61 { 62 msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name); 63- printf(lf); 64+ printf("\n"); 65 } 66 else 67 { 68@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd) 69 if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos)) 70 { 71 msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name); 72- printf(lf); 73+ printf("\n"); 74 } 75 else 76 { 77@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd) 78 msg_cprintf(0, M_CHAPTERS_ON); 79 else if(chapter_mode==CHAP_REMOVE) 80 msg_cprintf(0, M_CHAPTERS_OFF); 81- msg_cprintf(0, strform, lf); 82+ msg_cprintf(0, strform, "\n"); 83 } 84 if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail) 85 msg_cprintf(0, M_ARJPROT_DISABLED); 86@@ -2303,7 +2303,7 @@ void process_archive() 87 timestamp_to_str(timetext, &ftime_stamp); 88 msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext); 89 if(show_ansi_comments) 90- printf(cmt_ptr); 91+ fputs(cmt_ptr, stdout); 92 else 93 display_comment(cmt_ptr); 94 /* The sfx_setup() occurs here */ 95--- a/arj_arcv.c 96+++ b/arj_arcv.c 97@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char * 98 else 99 { 100 strcat(tmp_comment, tmp_cmtline); 101- strcat(tmp_comment, lf); 102+ strcat(tmp_comment, "\n"); 103 } 104 } 105 else 106 { 107 strcat(tmp_comment, tmp_cmtline); 108- strcat(tmp_comment, lf); 109+ strcat(tmp_comment, "\n"); 110 } 111 } 112 } 113@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl 114 raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw; 115 uxspecial_stats(raw_eh, UXSTATS_SHORT); 116 } 117- msg_cprintf(0, lf); 118+ msg_cprintf(0, "\n"); 119 } 120 if(err_id==0&&user_wants_fail) 121 { 122@@ -2523,9 +2523,9 @@ int unpack_validation() 123 { 124 msg_cprintf(0, (FMSG *)strform, misc_buf); 125 if(search_mode==SEARCH_DEFAULT) 126- msg_cprintf(0, (FMSG *)lf); 127+ msg_cprintf(0, "\n"); 128 if(search_mode==SEARCH_BRIEF) 129- msg_cprintf(0, (FMSG *)cr); 130+ msg_cprintf(0, "\r"); 131 } 132 for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0); 133 reserve_size=0; 134@@ -3652,7 +3652,7 @@ void archive_cleanup() 135 { 136 if(msg_fprintf(idxstream, M_TESTING, archive_name)<0) 137 error(M_DISK_FULL); 138- if(fprintf(idxstream, lf)<0) 139+ if(fprintf(idxstream, "\n")<0) 140 error(M_DISK_FULL); 141 } 142 cmd_verb=ARJ_CMD_TEST; 143--- a/arjsfx.c 144+++ b/arjsfx.c 145@@ -214,7 +214,7 @@ static void final_cleanup(void) 146 freopen(dev_con, m_w, stdout); 147 #if SFX_LEVEL>=ARJSFXV 148 if(ferror(stdout)) 149- msg_fprintf(stderr, M_DISK_FULL); 150+ msg_fprintf(stderr, "Can't write file. Disk full?"); 151 if(debug_enabled&&strchr(debug_opt, 't')!=NULL) 152 { 153 ticks=get_ticks()-ticks; 154--- a/rearj.c 155+++ b/rearj.c 156@@ -935,7 +935,7 @@ static int convert_archive(char *name) 157 msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize); 158 msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize); 159 msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain); 160- printf(lf); 161+ printf("\n"); 162 total_old_fsize+=old_fsize; 163 total_new_fsize+=new_fsize; 164 total_files++; 165--- a/register.c 166+++ b/register.c 167@@ -205,7 +205,7 @@ int main(int argc, char **argv) 168 char reg_source[200]; 169 int i; 170 171- printf(M_REGISTER_BANNER); 172+ fputs(M_REGISTER_BANNER, stdout); 173 integrity_pattern[0]--; 174 build_crc32_table(); 175 if(argc!=2) 176--- a/arjdisp.c 177+++ b/arjdisp.c 178@@ -20,8 +20,6 @@ static long bytes; 179 static long compsize; 180 static char cmd_verb; 181 static char msg_lf[]="\n"; 182-char strform[]="%s"; /* Export it for scrnio.c, too 183- (a byte saved is a byte gained) */ 184 185 /* Pseudographical controls */ 186 187@@ -54,19 +52,19 @@ static void show_init_scrn() 188 textcolor(7); 189 clrscr(); 190 gotoxy(2, 2); 191- scrprintf(win_top); 192+ fputs(win_top, stdout); 193 for(i=3; i<24; i++) 194 { 195- gotoxy(2, i); scrprintf(win_border); 196- gotoxy(79, i); scrprintf(win_border); 197+ gotoxy(2, i); fputs(win_border, stdout); 198+ gotoxy(79, i); fputs(win_border, stdout); 199 } 200- gotoxy(2, 24); scrprintf(win_bottom); 201+ gotoxy(2, 24); fputs(win_bottom, stdout); 202 gotoxy(10, 5); 203- scrprintf(M_ARJDISP_COPYRIGHT); 204+ fputs(M_ARJDISP_COPYRIGHT, stdout); 205 gotoxy(10, 6); 206- scrprintf(M_ARJDISP_DISTRIBUTION); 207+ fputs(M_ARJDISP_DISTRIBUTION, stdout); 208 gotoxy(10, 7); 209- scrprintf(M_ARJDISP_LICENSE); 210+ fputs(M_ARJDISP_LICENSE, stdout); 211 gotoxy(16, 10); 212 scrprintf(M_PROCESSING_ARCHIVE, archive_name); 213 t=strtok(M_ARJDISP_INFO, msg_lf); 214@@ -74,11 +72,11 @@ static void show_init_scrn() 215 while(t!=NULL&&i<=23) 216 { 217 gotoxy(10, i++); 218- scrprintf(strform, t); 219+ scrprintf("%s", t); 220 t=strtok(NULL, msg_lf); 221 } 222 gotoxy(16, 20); 223- scrprintf(M_PRESS_ANY_KEY); 224+ fputs(M_PRESS_ANY_KEY, stdout); 225 uni_getch(); 226 gotoxy(1, 24); 227 } 228@@ -96,19 +94,19 @@ static void show_proc_scrn() 229 { 230 clrscr(); 231 gotoxy(2, 2); 232- scrprintf(win_top); 233+ fputs(win_top, stdout); 234 for(i=3; i<24; i++) 235 { 236- gotoxy(2, i); scrprintf(win_border); 237- gotoxy(79, i); scrprintf(win_border); 238+ gotoxy(2, i); fputs(win_border, stdout); 239+ gotoxy(79, i); fputs(win_border, stdout); 240 } 241- gotoxy(2, 24); scrprintf(win_bottom); 242+ gotoxy(2, 24); fputs(win_bottom, stdout); 243 gotoxy(10, 5); 244- scrprintf(M_ARJDISP_COPYRIGHT); 245+ fputs(M_ARJDISP_COPYRIGHT, stdout); 246 gotoxy(10, 6); 247- scrprintf(M_ARJDISP_DISTRIBUTION); 248+ fputs(M_ARJDISP_DISTRIBUTION, stdout); 249 gotoxy(10, 7); 250- scrprintf(M_ARJDISP_LICENSE); 251+ fputs(M_ARJDISP_LICENSE, stdout); 252 gotoxy(16, 10); 253 scrprintf(M_PROCESSING_ARCHIVE, archive_name); 254 gotoxy(16, 12); 255@@ -132,13 +130,13 @@ static void show_proc_scrn() 256 break; 257 } 258 gotoxy(15, 14); 259- scrprintf(ind_top); 260+ fputs(ind_top, stdout); 261 gotoxy(15, 15); 262- scrprintf(ind_middle); 263+ fputs(ind_middle, stdout); 264 gotoxy(15, 16); 265- scrprintf(ind_bottom); 266+ fputs(ind_bottom, stdout); 267 gotoxy(16, 18); 268- scrprintf(M_ARJDISP_CTR_START); 269+ fputs(M_ARJDISP_CTR_START, stdout); 270 } 271 else 272 { 273@@ -146,7 +144,7 @@ static void show_proc_scrn() 274 gotoxy(16, 15); 275 memset(progress, indo, i); 276 progress[i]='\0'; 277- scrprintf(progress); 278+ fputs(progress, stdout); 279 gotoxy(16, 18); 280 scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10); 281 } 282@@ -165,19 +163,19 @@ static void show_ending_scrn() 283 textcolor(7); 284 clrscr(); 285 gotoxy(2, 2); 286- scrprintf(win_top); 287+ fputs(win_top, stdout); 288 for(i=3; i<24; i++) 289 { 290- gotoxy(2, i); scrprintf(win_border); 291- gotoxy(79, i); scrprintf(win_border); 292+ gotoxy(2, i); fputs(win_border, stdout); 293+ gotoxy(79, i); fputs(win_border, stdout); 294 } 295- gotoxy(2, 24); scrprintf(win_bottom); 296+ gotoxy(2, 24); fputs(win_bottom, stdout); 297 gotoxy(10, 5); 298- scrprintf(M_ARJDISP_COPYRIGHT); 299+ fputs(M_ARJDISP_COPYRIGHT, stdout); 300 gotoxy(10, 6); 301- scrprintf(M_ARJDISP_DISTRIBUTION); 302+ fputs(M_ARJDISP_DISTRIBUTION, stdout); 303 gotoxy(10, 7); 304- scrprintf(M_ARJDISP_LICENSE); 305+ fputs(M_ARJDISP_LICENSE, stdout); 306 gotoxy(16, 10); 307 scrprintf(M_FINISHED_PROCESSING, archive_name); 308 gotoxy(1, 24); 309