[hackers] [sbase] Audit basename(1) || FRIGN
commit dc66b5314a9e42655ca9dc320a312d4af3d01a40
Author: FRIGN <dev_AT_frign.de>
Date: Sat Feb 28 14:48:44 2015 +0100
Audit basename(1)
1) be stricter which number of arguments is accepted (1 or 2)
2) basename already returns a pointer to "." is argv[0] is ""
3) No need to check for *p != '/', because basename() only returns
a string beginning with '/' which has length 1, so if strlen(p)
== 1, the only way for suffix to be "evaluated" is for off to
be > 0, being equal to suffix being "", but "" != "/".
4) don't calculate strlen twice for each string. Store it in a
ssize_t and check if it's > 0.
diff --git a/README b/README
index dd3d727..6a1594d 100644
--- a/README
+++ b/README
_AT_@ -7,9 +7,9 @@ across UNIX and UNIX-like systems.
The following tools are implemented ('*' == finished, '#' == UTF-8 support,
'=' == implicit UTF-8 support, '|' == audited):
- UTILITY POSIX 2008 COMPLIANT MISSING OPTIONS
- ------- -------------------- ---------------
-=* basename yes none
+ UTILITY POSIX 2008 COMPLIANT MISSING OPTIONS
+ ------- -------------------- ---------------
+=*| basename yes none
=* cal yes none
=* cat yes none
=* chgrp yes none
diff --git a/basename.c b/basename.c
index fb30d0b..181fc8e 100644
--- a/basename.c
+++ b/basename.c
_AT_@ -5,8 +5,6 @@
#include "util.h"
-static void usage(void);
-
void
usage(void)
{
_AT_@ -16,25 +14,24 @@ usage(void)
int
main(int argc, char *argv[])
{
+ ssize_t off;
char *p;
- size_t off;
ARGBEGIN {
default:
usage();
} ARGEND;
- if (argc < 1)
+ if (argc != 1 && argc != 2)
usage();
- p = strlen(argv[0]) ? basename(argv[0]) : ".";
- if (argc == 2 && *p != '/') {
- if (strlen(argv[1]) < strlen(p)) {
- off = strlen(p) - strlen(argv[1]);
- if (strcmp(&p[off], argv[1]) == 0)
- p[off] = '\0';
- }
+ p = basename(argv[0]);
+ if (argc == 2) {
+ off = strlen(p) - strlen(argv[1]);
+ if (off > 0 && !strcmp(p + off, argv[1]))
+ p[off] = '\0';
}
puts(p);
+
return 0;
}
Received on Sat Feb 28 2015 - 15:42:54 CET
This archive was generated by hypermail 2.3.0
: Sat Feb 28 2015 - 15:48:17 CET