]> Sergey Matveev's repositories - nnn.git/commitdiff
projects / nnn.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3f1df2b)
Fix #29
authorArun Prakash Jana <engineerarun@gmail.com>
Sat, 13 May 2017 21:52:47 +0000 (03:22 +0530)
committerArun Prakash Jana <engineerarun@gmail.com>
Sun, 14 May 2017 06:01:30 +0000 (11:31 +0530)
Limit all xstrlcpy() calls by dest length.
Escape filenames in system(3) calls.

nnn.c patch | blob | history

diff --git a/nnn.c b/nnn.c
index 7d93893bf5117e819a406e83fa566e01311a82d9..512f20fe8156ac6989ff6981e9a3e017521b5f32 100644 (file)
--- a/nnn.c
+++ b/nnn.c
@@ -1102,9 +1102,9 @@ show_stats(char* fpath, char* fname, struct stat *sb)
        if (S_ISREG(sb->st_mode)) {
                /* Show file(1) output */
                strcpy(buf, "file -b \"");
-               xstrlcpy(buf + strlen(buf), fpath, strlen(fpath) + 1);
+               xstrlcpy(buf + strlen(buf), fpath, sizeof(buf) - strlen(buf));
                strcat(buf, "\" 2>&1");
-               p = get_output(buf, PATH_MAX + 16);
+               p = get_output(buf, sizeof(buf));
                if (p) {
                        dprintf(fd, "\n\n ");
                        while (*p) {
@@ -1139,12 +1139,12 @@ show_mediainfo(const char* fpath, int full)
        if (get_output(buf, MAX_CMD_LEN) == NULL)
                return -1;
 
-       strcpy(buf, "mediainfo \"");
-       xstrlcpy(buf + strlen(buf), fpath, strlen(fpath) + 1);
+       strcpy(buf, "mediainfo \'");
+       xstrlcpy(buf + strlen(buf), fpath, sizeof(buf) - strlen(buf));
        if (full)
-               strcat(buf, "\" -f ");
+               strcat(buf, "\' -f ");
        else
-               strcat(buf, "\" ");
+               strcat(buf, "\' ");
        sprintf(buf + strlen(buf), "2>&1 | %s", xgetenv("PAGER", "less"));
 
        return system(buf);
@@ -1569,9 +1569,9 @@ nochange:
 
                                /* If NNN_OPENER is set, use it */
                                if (opener) {
-                                       sprintf(cmd, "%s \"", opener);
-                                       xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
-                                       strcat(cmd, "\" > /dev/null 2>&1");
+                                       sprintf(cmd, "%s \'", opener);
+                                       xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
+                                       strcat(cmd, "\' > /dev/null 2>&1");
                                        r = system(cmd);
                                        continue;
                                }
@@ -1579,9 +1579,9 @@ nochange:
                                /* Play with nlay if identified */
                                mime = getmime(dents[cur].name);
                                if (mime) {
-                                       strcpy(cmd, "nlay \"");
-                                       xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
-                                       sprintf(cmd + strlen(cmd), "\" %s", mime);
+                                       strcpy(cmd, "nlay \'");
+                                       xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
+                                       sprintf(cmd + strlen(cmd), "\' %s", mime);
                                        exitcurses();
                                        r = system(cmd);
                                        initcurses();
@@ -1590,9 +1590,9 @@ nochange:
 
                                /* If nlay doesn't handle it, open plain text
                                   files with vi, then try NNN_FALLBACK_OPENER */
-                               strcpy(cmd, "file -bi \"");
-                               xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
-                               strcat(cmd, "\"");
+                               strcpy(cmd, "file -bi \'");
+                               xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
+                               strcat(cmd, "\'");
                                if (get_output(cmd, MAX_CMD_LEN) == NULL)
                                        continue;
 
@@ -1603,9 +1603,9 @@ nochange:
                                        initcurses();
                                        continue;
                                } else if (fb_opener) {
-                                       sprintf(cmd, "%s \"", fb_opener);
-                                       xstrlcpy(cmd + strlen(cmd), newpath, strlen(newpath) + 1);
-                                       strcat(cmd, "\" > /dev/null 2>&1");
+                                       sprintf(cmd, "%s \'", fb_opener);
+                                       xstrlcpy(cmd + strlen(cmd), newpath, sizeof(cmd) - strlen(cmd));
+                                       strcat(cmd, "\' > /dev/null 2>&1");
                                        r = system(cmd);
                                        continue;
                                }
My patches to nnn