ncurses 6.2 - patch 20211002

[ncurses.git] / progs / toe.c

diff --git a/progs/toe.c b/progs/toe.c
index 643038f646680efb47558f05e711c2e6a14050a4..32f2ae4c48042690aeac79d3a40031c27585cc6a 100644 (file)
--- a/progs/toe.c
+++ b/progs/toe.c
@@ -45,7 +45,7 @@
 #include <hashed_db.h>
 #endif
 
-MODULE_ID("$Id: toe.c,v 1.82 2021/06/26 19:44:08 tom Exp $")
+MODULE_ID("$Id: toe.c,v 1.84 2021/09/28 08:27:29 tom Exp $")
 
 #define isDotname(name) (!strcmp(name, ".") || !strcmp(name, ".."))
 
@@ -245,7 +245,9 @@ make_db_name(char *dst, const char *src, unsigned limit)
            && !strcmp(src + size - lens, suffix)) {
            _nc_STRCPY(dst, src, PATH_MAX);
        } else {
-           _nc_SPRINTF(dst, _nc_SLIMIT(PATH_MAX) "%s%s", src, suffix);
+           _nc_SPRINTF(dst, _nc_SLIMIT(PATH_MAX) "%.*s%s",
+                       (int) (PATH_MAX - sizeof(suffix)),
+                       src, suffix);
        }
        result = TRUE;
     }
@@ -328,6 +330,26 @@ sorthook(int db_index, int db_limit, const char *term_name, TERMTYPE2 *tp)
 }
 
 #if NCURSES_USE_TERMCAP
+/*
+ * Check if the buffer contents are printable ASCII, ensuring that we do not
+ * accidentally pick up incompatible binary content from a hashed database.
+ */
+static bool
+is_termcap(char *buffer)
+{
+    bool result = TRUE;
+    while (*buffer != '\0') {
+       int ch = UChar(*buffer++);
+       if (ch == '\t')
+           continue;
+       if (ch < ' ' || ch > '~') {
+           result = FALSE;
+           break;
+       }
+    }
+    return result;
+}
+
 static void
 show_termcap(int db_index, int db_limit, char *buffer, DescHook hook)
 {
@@ -516,11 +538,13 @@ typelist(int eargc, char *eargv[],
            db_array[1] = 0;
 
            if (cgetfirst(&buffer, db_array) > 0) {
-               show_termcap(i, eargc, buffer, hook);
-               free(buffer);
-               while (cgetnext(&buffer, db_array) > 0) {
+               if (is_termcap(buffer)) {
                    show_termcap(i, eargc, buffer, hook);
                    free(buffer);
+                   while (cgetnext(&buffer, db_array) > 0) {
+                       show_termcap(i, eargc, buffer, hook);
+                       free(buffer);
+                   }
                }
                cgetclose();
                continue;
@@ -537,6 +561,8 @@ typelist(int eargc, char *eargv[],
 
            if ((fp = safe_fopen(eargv[i], "r")) != 0) {
                while (fgets(buffer, sizeof(buffer), fp) != 0) {
+                   if (!is_termcap(buffer))
+                       break;
                    if (*buffer == '#')
                        continue;
                    if (isspace(*buffer))