Changeset 8856


Ignore:
Timestamp:
Mar 31, 2009 8:24:31 PM (8 years ago)
Author:
sdlime
Message:

Fixed potential buffer overflow with filenames used by the CGI to create temporary files. (#2944)

Location:
branches/branch-5-4/mapserver
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-5-4/mapserver/mapserv.c

    r8855 r8856  
    13111311 
    13121312    if(mapserv->savemap) {
    1313       sprintf(buffer, "%s%s%s.map", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id);
     1313      snprintf(buffer, sizeof(buffer), "%s%s%s.map", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id);
    13141314      if(msSaveMap(mapserv->map, buffer) == -1) writeError();
    13151315    }
     
    17791779         
    17801780        if(mapserv->savequery) {
    1781           sprintf(buffer, "%s%s%s%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_QUERY_EXTENSION);
     1781          snprintf(buffer, sizeof(buffer), "%s%s%s%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_QUERY_EXTENSION);
    17821782          if((status = msSaveQuery(mapserv->map, buffer)) != MS_SUCCESS) return status;
    17831783        }
  • branches/branch-5-4/mapserver/maptemplate.c

    r8532 r8856  
    38593859
    38603860      if(image) {
    3861         sprintf(buffer, "%s%s%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
     3861        snprintf(buffer, sizeof(buffer), "%s%s%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
    38623862
    38633863        if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
     
    38753875      image = msDrawLegend(mapserv->map, MS_FALSE);
    38763876      if(image) {
    3877         sprintf(buffer, "%s%sleg%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
     3877        snprintf(buffer, sizeof(buffer), "%s%sleg%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
    38783878               
    38793879        if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
     
    38913891      image = msDrawScalebar(mapserv->map);
    38923892      if(image) {
    3893         sprintf(buffer, "%s%ssb%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
     3893        snprintf(buffer, sizeof(buffer), "%s%ssb%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
    38943894        if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
    38953895          msFreeImage(image);
     
    39063906      image = msDrawReferenceMap(mapserv->map);
    39073907      if(image) {
    3908         sprintf(buffer, "%s%sref%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
     3908        snprintf(buffer, sizeof(buffer), "%s%sref%s.%s", mapserv->map->web.imagepath, mapserv->map->name, mapserv->Id, MS_IMAGE_EXTENSION(mapserv->map->outputformat));
    39093909        if(msSaveImage(mapserv->map, image, buffer) != MS_SUCCESS && bReturnOnError) {
    39103910          msFreeImage(image);
Note: See TracChangeset for help on using the changeset viewer.