[mapserver-commits] r10318 - trunk/mapserver
svn at osgeo.org
svn at osgeo.org
Thu Jul 8 17:26:54 EDT 2010
Author: dmorissette
Date: 2010-07-08 21:26:54 +0000 (Thu, 08 Jul 2010)
New Revision: 10318
Modified:
trunk/mapserver/HISTORY.TXT
trunk/mapserver/maputil.c
Log:
Fixed possible buffer overflow in msTmpFile() (#3484)
Modified: trunk/mapserver/HISTORY.TXT
===================================================================
--- trunk/mapserver/HISTORY.TXT 2010-07-08 21:14:44 UTC (rev 10317)
+++ trunk/mapserver/HISTORY.TXT 2010-07-08 21:26:54 UTC (rev 10318)
@@ -14,6 +14,8 @@
Current Version (SVN trunk):
----------------------------
+- Fixed possible buffer overflow in msTmpFile() (#3484)
+
- Fixed Using STYLEITEM AUTO, loadExpression fails when the label text contains a double quote (#3481)
- PHP/MapScript: Expose getGeomTransform/setGeomTransform instead of exposing the private vars for rfc48 (#2825)
Modified: trunk/mapserver/maputil.c
===================================================================
--- trunk/mapserver/maputil.c 2010-07-08 21:14:44 UTC (rev 10317)
+++ trunk/mapserver/maputil.c 2010-07-08 21:26:54 UTC (rev 10318)
@@ -1350,22 +1350,24 @@
char szPath[MS_MAXPATHLEN];
const char *fullFname;
char tmpId[128]; /* big enough for time + pid + ext */
+ const char *tmpBase = NULL;
if( ForcedTmpBase != NULL )
{
- strncpy( tmpId, ForcedTmpBase, sizeof(tmpId) );
+ tmpBase = ForcedTmpBase;
}
else
{
/* We'll use tmpId and tmpCount to generate unique filenames */
sprintf(tmpId, "%lx_%x",(long)time(NULL),(int)getpid());
+ tmpBase = tmpId;
}
if (ext == NULL) ext = "";
- tmpFname = (char*)malloc(strlen(tmpId) + 10 + strlen(ext) + 1);
+ tmpFname = (char*)malloc(strlen(tmpBase) + 10 + strlen(ext) + 1);
msAcquireLock( TLOCK_TMPFILE );
- sprintf(tmpFname, "%s_%x.%s", tmpId, tmpCount++, ext);
+ sprintf(tmpFname, "%s_%x.%s", tmpBase, tmpCount++, ext);
msReleaseLock( TLOCK_TMPFILE );
fullFname = msBuildPath3(szPath, mappath, tmppath, tmpFname);
More information about the mapserver-commits
mailing list