Changeset 8854


Ignore:
Timestamp:
Mar 31, 2009 8:13:28 PM (7 years ago)
Author:
sdlime
Message:

Make sure map and symbol files are well-formed to minimize chance of leaking sensitive data. (#2941)

Location:
branches/branch-5-4/mapserver
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-5-4/mapserver/mapfile.c

    r8571 r8854  
    47094709{
    47104710  int i,j,k;
     4711  int foundMapToken=MS_FALSE;
     4712  int token;
    47114713
    47124714  for(;;) {
    47134715
    4714     switch(msyylex()) {   
     4716    token = msyylex();
     4717
     4718    if(!foundMapToken && token != MAP) {
     4719      msSetError(MS_IDENTERR, "First token must be MAP, this doesn't look like a mapfile.", "msLoadMap()");
     4720      return(MS_FAILURE);
     4721    }
     4722
     4723    switch(token) {
    47154724
    47164725    case(CONFIG):
     
    48394848      break;
    48404849    case(MAP):
     4850      foundMapToken = MS_TRUE;
    48414851      break;   
    48424852    case(MAXSIZE):
     
    48964906      break;
    48974907    default:
    4898       msSetError(MS_IDENTERR, "Parsing error near (%s):(line %d)", "msLoadMap()",
    4899                  msyytext, msyylineno);
     4908      msSetError(MS_IDENTERR, "Parsing error near (%s):(line %d)", "msLoadMap()", msyytext, msyylineno);
    49004909      return MS_FAILURE;
    49014910    }
  • branches/branch-5-4/mapserver/mapsymbol.c

    r8574 r8854  
    632632int loadSymbolSet(symbolSetObj *symbolset, mapObj *map)
    633633{
    634 /* char old_path[MS_PATH_LENGTH]; */
    635 /* char *symbol_path; */
    636634  int status=1;
    637635  char szPath[MS_MAXPATHLEN], *pszSymbolPath=NULL;
     636
     637  int foundSymbolSetToken=MS_FALSE;
     638  int token;
    638639
    639640  if(!symbolset) {
     
    663664  */
    664665  for(;;) {
    665     switch(msyylex()) {
     666    token = msyylex();
     667
     668    if(!foundSymbolSetToken && token != SYMBOLSET) {
     669      msSetError(MS_IDENTERR, "First token must be SYMBOLSET, this doesn't look like a symbol file.", "msLoadSymbolSet()");
     670      return(-1);
     671    }
     672
     673    switch(token) {
    666674    case(END):
    667675    case(EOF):     
     
    679687      break;
    680688    case(SYMBOLSET):
     689      foundSymbolSetToken = MS_TRUE;
    681690      break;
    682691    default:
Note: See TracChangeset for help on using the changeset viewer.