[hackers] [sbase] Audit basename(1) || FRIGN

From: <git_AT_suckless.org>
Date: Sat, 28 Feb 2015 15:42:54 +0100 (CET)

commit dc66b5314a9e42655ca9dc320a312d4af3d01a40
Author: FRIGN <dev_AT_frign.de>
Date: Sat Feb 28 14:48:44 2015 +0100

    Audit basename(1)
    
    1) be stricter which number of arguments is accepted (1 or 2)
    2) basename already returns a pointer to "." is argv[0] is ""
    3) No need to check for *p != '/', because basename() only returns
       a string beginning with '/' which has length 1, so if strlen(p)
       == 1, the only way for suffix to be "evaluated" is for off to
       be > 0, being equal to suffix being "", but "" != "/".
    4) don't calculate strlen twice for each string. Store it in a
       ssize_t and check if it's > 0.

diff --git a/README b/README
index dd3d727..6a1594d 100644
--- a/README
+++ b/README
_AT_@ -7,9 +7,9 @@ across UNIX and UNIX-like systems.
 The following tools are implemented ('*' == finished, '#' == UTF-8 support,
 '=' == implicit UTF-8 support, '|' == audited):
 
- UTILITY POSIX 2008 COMPLIANT MISSING OPTIONS
- ------- -------------------- ---------------
-=* basename yes none
+ UTILITY POSIX 2008 COMPLIANT MISSING OPTIONS
+ ------- -------------------- ---------------
+=*| basename yes none
 =* cal yes none
 =* cat yes none
 =* chgrp yes none
diff --git a/basename.c b/basename.c
index fb30d0b..181fc8e 100644
--- a/basename.c
+++ b/basename.c
_AT_@ -5,8 +5,6 @@
 
 #include "util.h"
 
-static void usage(void);
-
 void
 usage(void)
 {
_AT_@ -16,25 +14,24 @@ usage(void)
 int
 main(int argc, char *argv[])
 {
+ ssize_t off;
         char *p;
- size_t off;
 
         ARGBEGIN {
         default:
                 usage();
         } ARGEND;
 
- if (argc < 1)
+ if (argc != 1 && argc != 2)
                 usage();
 
- p = strlen(argv[0]) ? basename(argv[0]) : ".";
- if (argc == 2 && *p != '/') {
- if (strlen(argv[1]) < strlen(p)) {
- off = strlen(p) - strlen(argv[1]);
- if (strcmp(&p[off], argv[1]) == 0)
- p[off] = '\0';
- }
+ p = basename(argv[0]);
+ if (argc == 2) {
+ off = strlen(p) - strlen(argv[1]);
+ if (off > 0 && !strcmp(p + off, argv[1]))
+ p[off] = '\0';
         }
         puts(p);
+
         return 0;
 }
Received on Sat Feb 28 2015 - 15:42:54 CET

This archive was generated by hypermail 2.3.0 : Sat Feb 28 2015 - 15:48:17 CET