[mapserver-commits] r8856 - branches/branch-5-4/mapserver
svn at osgeo.org
svn at osgeo.org
Tue Mar 31 23:24:31 EDT 2009
Author: sdlime
Date: 2009-03-31 23:24:31 -0400 (Tue, 31 Mar 2009)
New Revision: 8856
Modified:
branches/branch-5-4/mapserver/mapserv.c
branches/branch-5-4/mapserver/maptemplate.c
Log:
Fixed potential buffer overflow with filenames used by the CGI to create temporary files. (#2944)
Modified: branches/branch-5-4/mapserver/mapserv.c
===================================================================
--- branches/branch-5-4/mapserver/mapserv.c 2009-04-01 03:18:19 UTC (rev 8855)
+++ branches/branch-5-4/mapserver/mapserv.c 2009-04-01 03:24:31 UTC (rev 8856)
@@ -1310,7 +1310,7 @@
loadForm();
if(mapserv->savemap) {
- sprintf(buffer, "%s%s%s.map", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id);
+ snprintf(buffer, sizeof(buffer), "%s%s%s.map", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id);
if(msSaveMap(mapserv->map, buffer) == -1) writeError();
}
@@ -1778,7 +1778,7 @@
if(msReturnTemplateQuery(mapserv, mapserv->map->web.queryformat, NULL) != MS_SUCCESS) writeError();
if(mapserv->savequery) {
- sprintf(buffer, "%s%s%s%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_QUERY_EXTENSION);
+ snprintf(buffer, sizeof(buffer), "%s%s%s%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_QUERY_EXTENSION);
if((status = msSaveQuery(mapserv->map, buffer)) != MS_SUCCESS) return status;
}
}
Modified: branches/branch-5-4/mapserver/maptemplate.c
===================================================================
--- branches/branch-5-4/mapserver/maptemplate.c 2009-04-01 03:18:19 UTC (rev 8855)
+++ branches/branch-5-4/mapserver/maptemplate.c 2009-04-01 03:24:31 UTC (rev 8856)
@@ -3858,7 +3858,7 @@
image = msDrawMap(mapserv->map, bQueryMap);
if(image) {
- sprintf(buffer, "%s%s%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
+ snprintf(buffer, sizeof(buffer), "%s%s%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
msFreeImage(image);
@@ -3874,7 +3874,7 @@
imageObj *image = NULL;
image = msDrawLegend(mapserv->map, MS_FALSE);
if(image) {
- sprintf(buffer, "%s%sleg%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
+ snprintf(buffer, sizeof(buffer), "%s%sleg%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
msFreeImage(image);
@@ -3890,7 +3890,7 @@
imageObj *image = NULL;
image = msDrawScalebar(mapserv->map);
if(image) {
- sprintf(buffer, "%s%ssb%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
+ snprintf(buffer, sizeof(buffer), "%s%ssb%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
msFreeImage(image);
return MS_FALSE;
@@ -3905,7 +3905,7 @@
imageObj *image;
image = msDrawReferenceMap(mapserv->map);
if(image) {
- sprintf(buffer, "%s%sref%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
+ snprintf(buffer, sizeof(buffer), "%s%sref%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
msFreeImage(image);
return MS_FALSE;
More information about the mapserver-commits
mailing list