Fossil SCM
Merge from trunk
Commit
073e0b6bdbf18e6c468a7cf79bdbd4776d63284d4354fca1cc4ef03d52a51a38
Parent
6809736e3399b37…
5 files changed
+28
-9
+1
-1
+2
-2
+5
-3
+12
-8
+28
-9
| --- src/configure.c | ||
| +++ src/configure.c | ||
| @@ -118,24 +118,15 @@ | ||
| 118 | 118 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 119 | 119 | { "default-csp", CONFIGSET_SKIN }, |
| 120 | 120 | { "sitemap-extra", CONFIGSET_SKIN }, |
| 121 | 121 | { "safe-html", CONFIGSET_SKIN }, |
| 122 | 122 | |
| 123 | -#ifdef FOSSIL_ENABLE_TH1_DOCS | |
| 124 | - { "th1-docs", CONFIGSET_TH1 }, | |
| 125 | -#endif | |
| 126 | 123 | #ifdef FOSSIL_ENABLE_TH1_HOOKS |
| 127 | 124 | { "th1-hooks", CONFIGSET_TH1 }, |
| 128 | 125 | #endif |
| 129 | - { "th1-setup", CONFIGSET_TH1 }, | |
| 130 | 126 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 131 | 127 | |
| 132 | -#ifdef FOSSIL_ENABLE_TCL | |
| 133 | - { "tcl", CONFIGSET_TH1 }, | |
| 134 | - { "tcl-setup", CONFIGSET_TH1 }, | |
| 135 | -#endif | |
| 136 | - | |
| 137 | 128 | { "project-name", CONFIGSET_PROJ }, |
| 138 | 129 | { "short-project-name", CONFIGSET_PROJ }, |
| 139 | 130 | { "project-description", CONFIGSET_PROJ }, |
| 140 | 131 | { "index-page", CONFIGSET_PROJ }, |
| 141 | 132 | { "manifest", CONFIGSET_PROJ }, |
| @@ -239,17 +230,35 @@ | ||
| 239 | 230 | ** |
| 240 | 231 | ** "Safe" in the previous paragraph means the permission is granted to |
| 241 | 232 | ** export the property. In other words, the requesting side has presented |
| 242 | 233 | ** login credentials and has sufficient capabilities to access the requested |
| 243 | 234 | ** information. |
| 235 | +** | |
| 236 | +** Settings which are specifically flagged as sensitive will (as of | |
| 237 | +** 2024-10-15) cause this function to return 0, regardless of user | |
| 238 | +** permissions. As an example, if the th1-setup setting were not | |
| 239 | +** sensitive then a malicious repo admin could set that to include | |
| 240 | +** arbitrary TCL code and affect users who configure fossil with the | |
| 241 | +** --with-tcl flag. | |
| 244 | 242 | */ |
| 245 | 243 | int configure_is_exportable(const char *zName){ |
| 246 | 244 | int i; |
| 247 | 245 | int n = strlen(zName); |
| 246 | + Setting *pSet; | |
| 248 | 247 | if( n>2 && zName[0]=='\'' && zName[n-1]=='\'' ){ |
| 248 | + char * zCpy; | |
| 249 | 249 | zName++; |
| 250 | 250 | n -= 2; |
| 251 | + zCpy = fossil_strndup(zName, (ssize_t)n); | |
| 252 | + pSet = db_find_setting(zCpy, 0); | |
| 253 | + fossil_free(zCpy); | |
| 254 | + }else{ | |
| 255 | + pSet = db_find_setting(zName, 0); | |
| 256 | + } | |
| 257 | + if( pSet && pSet->sensitive ){ | |
| 258 | + /* https://fossil-scm.org/forum/forumpost/6179500deadf6ec7 */ | |
| 259 | + return 0; | |
| 251 | 260 | } |
| 252 | 261 | for(i=0; i<count(aConfig); i++){ |
| 253 | 262 | if( strncmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){ |
| 254 | 263 | int m = aConfig[i].groupMask; |
| 255 | 264 | if( !g.perm.Admin ){ |
| @@ -414,10 +423,15 @@ | ||
| 414 | 423 | if( nToken>=count(azToken)-1 ) break; |
| 415 | 424 | } |
| 416 | 425 | if( nToken<2 ) return; |
| 417 | 426 | if( aType[ii].zName[0]=='/' ){ |
| 418 | 427 | thisMask = configure_is_exportable(azToken[1]); |
| 428 | + if( 0==thisMask ){ | |
| 429 | + fossil_warning("Skipping non-exportable setting: %s = %s", | |
| 430 | + azToken[1], nToken>3 ? azToken[3] : "?"); | |
| 431 | + /* Will be skipped below */ | |
| 432 | + } | |
| 419 | 433 | }else{ |
| 420 | 434 | thisMask = configure_is_exportable(aType[ii].zName); |
| 421 | 435 | } |
| 422 | 436 | if( (thisMask & groupMask)==0 ) return; |
| 423 | 437 | if( (thisMask & checkMask)!=0 ){ |
| @@ -681,10 +695,15 @@ | ||
| 681 | 695 | } |
| 682 | 696 | db_prepare(&q, "SELECT mtime, quote(name), quote(value) FROM config" |
| 683 | 697 | " WHERE name=:name AND mtime>=%lld", iStart); |
| 684 | 698 | for(ii=0; ii<count(aConfig); ii++){ |
| 685 | 699 | if( (aConfig[ii].groupMask & groupMask)!=0 && aConfig[ii].zName[0]!='@' ){ |
| 700 | + const Setting * pSet = db_find_setting(aConfig[ii].zName, 0); | |
| 701 | + if( pSet && pSet->sensitive ){ | |
| 702 | + /* https://fossil-scm.org/forum/forumpost/6179500deadf6ec7 */ | |
| 703 | + continue; | |
| 704 | + } | |
| 686 | 705 | db_bind_text(&q, ":name", aConfig[ii].zName); |
| 687 | 706 | while( db_step(&q)==SQLITE_ROW ){ |
| 688 | 707 | blob_appendf(&rec,"%s %s value %s", |
| 689 | 708 | db_column_text(&q, 0), |
| 690 | 709 | db_column_text(&q, 1), |
| 691 | 710 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -118,24 +118,15 @@ | |
| 118 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 119 | { "default-csp", CONFIGSET_SKIN }, |
| 120 | { "sitemap-extra", CONFIGSET_SKIN }, |
| 121 | { "safe-html", CONFIGSET_SKIN }, |
| 122 | |
| 123 | #ifdef FOSSIL_ENABLE_TH1_DOCS |
| 124 | { "th1-docs", CONFIGSET_TH1 }, |
| 125 | #endif |
| 126 | #ifdef FOSSIL_ENABLE_TH1_HOOKS |
| 127 | { "th1-hooks", CONFIGSET_TH1 }, |
| 128 | #endif |
| 129 | { "th1-setup", CONFIGSET_TH1 }, |
| 130 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 131 | |
| 132 | #ifdef FOSSIL_ENABLE_TCL |
| 133 | { "tcl", CONFIGSET_TH1 }, |
| 134 | { "tcl-setup", CONFIGSET_TH1 }, |
| 135 | #endif |
| 136 | |
| 137 | { "project-name", CONFIGSET_PROJ }, |
| 138 | { "short-project-name", CONFIGSET_PROJ }, |
| 139 | { "project-description", CONFIGSET_PROJ }, |
| 140 | { "index-page", CONFIGSET_PROJ }, |
| 141 | { "manifest", CONFIGSET_PROJ }, |
| @@ -239,17 +230,35 @@ | |
| 239 | ** |
| 240 | ** "Safe" in the previous paragraph means the permission is granted to |
| 241 | ** export the property. In other words, the requesting side has presented |
| 242 | ** login credentials and has sufficient capabilities to access the requested |
| 243 | ** information. |
| 244 | */ |
| 245 | int configure_is_exportable(const char *zName){ |
| 246 | int i; |
| 247 | int n = strlen(zName); |
| 248 | if( n>2 && zName[0]=='\'' && zName[n-1]=='\'' ){ |
| 249 | zName++; |
| 250 | n -= 2; |
| 251 | } |
| 252 | for(i=0; i<count(aConfig); i++){ |
| 253 | if( strncmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){ |
| 254 | int m = aConfig[i].groupMask; |
| 255 | if( !g.perm.Admin ){ |
| @@ -414,10 +423,15 @@ | |
| 414 | if( nToken>=count(azToken)-1 ) break; |
| 415 | } |
| 416 | if( nToken<2 ) return; |
| 417 | if( aType[ii].zName[0]=='/' ){ |
| 418 | thisMask = configure_is_exportable(azToken[1]); |
| 419 | }else{ |
| 420 | thisMask = configure_is_exportable(aType[ii].zName); |
| 421 | } |
| 422 | if( (thisMask & groupMask)==0 ) return; |
| 423 | if( (thisMask & checkMask)!=0 ){ |
| @@ -681,10 +695,15 @@ | |
| 681 | } |
| 682 | db_prepare(&q, "SELECT mtime, quote(name), quote(value) FROM config" |
| 683 | " WHERE name=:name AND mtime>=%lld", iStart); |
| 684 | for(ii=0; ii<count(aConfig); ii++){ |
| 685 | if( (aConfig[ii].groupMask & groupMask)!=0 && aConfig[ii].zName[0]!='@' ){ |
| 686 | db_bind_text(&q, ":name", aConfig[ii].zName); |
| 687 | while( db_step(&q)==SQLITE_ROW ){ |
| 688 | blob_appendf(&rec,"%s %s value %s", |
| 689 | db_column_text(&q, 0), |
| 690 | db_column_text(&q, 1), |
| 691 |
| --- src/configure.c | |
| +++ src/configure.c | |
| @@ -118,24 +118,15 @@ | |
| 118 | { "adunit-omit-if-user", CONFIGSET_SKIN }, |
| 119 | { "default-csp", CONFIGSET_SKIN }, |
| 120 | { "sitemap-extra", CONFIGSET_SKIN }, |
| 121 | { "safe-html", CONFIGSET_SKIN }, |
| 122 | |
| 123 | #ifdef FOSSIL_ENABLE_TH1_HOOKS |
| 124 | { "th1-hooks", CONFIGSET_TH1 }, |
| 125 | #endif |
| 126 | { "th1-uri-regexp", CONFIGSET_TH1 }, |
| 127 | |
| 128 | { "project-name", CONFIGSET_PROJ }, |
| 129 | { "short-project-name", CONFIGSET_PROJ }, |
| 130 | { "project-description", CONFIGSET_PROJ }, |
| 131 | { "index-page", CONFIGSET_PROJ }, |
| 132 | { "manifest", CONFIGSET_PROJ }, |
| @@ -239,17 +230,35 @@ | |
| 230 | ** |
| 231 | ** "Safe" in the previous paragraph means the permission is granted to |
| 232 | ** export the property. In other words, the requesting side has presented |
| 233 | ** login credentials and has sufficient capabilities to access the requested |
| 234 | ** information. |
| 235 | ** |
| 236 | ** Settings which are specifically flagged as sensitive will (as of |
| 237 | ** 2024-10-15) cause this function to return 0, regardless of user |
| 238 | ** permissions. As an example, if the th1-setup setting were not |
| 239 | ** sensitive then a malicious repo admin could set that to include |
| 240 | ** arbitrary TCL code and affect users who configure fossil with the |
| 241 | ** --with-tcl flag. |
| 242 | */ |
| 243 | int configure_is_exportable(const char *zName){ |
| 244 | int i; |
| 245 | int n = strlen(zName); |
| 246 | Setting *pSet; |
| 247 | if( n>2 && zName[0]=='\'' && zName[n-1]=='\'' ){ |
| 248 | char * zCpy; |
| 249 | zName++; |
| 250 | n -= 2; |
| 251 | zCpy = fossil_strndup(zName, (ssize_t)n); |
| 252 | pSet = db_find_setting(zCpy, 0); |
| 253 | fossil_free(zCpy); |
| 254 | }else{ |
| 255 | pSet = db_find_setting(zName, 0); |
| 256 | } |
| 257 | if( pSet && pSet->sensitive ){ |
| 258 | /* https://fossil-scm.org/forum/forumpost/6179500deadf6ec7 */ |
| 259 | return 0; |
| 260 | } |
| 261 | for(i=0; i<count(aConfig); i++){ |
| 262 | if( strncmp(zName, aConfig[i].zName, n)==0 && aConfig[i].zName[n]==0 ){ |
| 263 | int m = aConfig[i].groupMask; |
| 264 | if( !g.perm.Admin ){ |
| @@ -414,10 +423,15 @@ | |
| 423 | if( nToken>=count(azToken)-1 ) break; |
| 424 | } |
| 425 | if( nToken<2 ) return; |
| 426 | if( aType[ii].zName[0]=='/' ){ |
| 427 | thisMask = configure_is_exportable(azToken[1]); |
| 428 | if( 0==thisMask ){ |
| 429 | fossil_warning("Skipping non-exportable setting: %s = %s", |
| 430 | azToken[1], nToken>3 ? azToken[3] : "?"); |
| 431 | /* Will be skipped below */ |
| 432 | } |
| 433 | }else{ |
| 434 | thisMask = configure_is_exportable(aType[ii].zName); |
| 435 | } |
| 436 | if( (thisMask & groupMask)==0 ) return; |
| 437 | if( (thisMask & checkMask)!=0 ){ |
| @@ -681,10 +695,15 @@ | |
| 695 | } |
| 696 | db_prepare(&q, "SELECT mtime, quote(name), quote(value) FROM config" |
| 697 | " WHERE name=:name AND mtime>=%lld", iStart); |
| 698 | for(ii=0; ii<count(aConfig); ii++){ |
| 699 | if( (aConfig[ii].groupMask & groupMask)!=0 && aConfig[ii].zName[0]!='@' ){ |
| 700 | const Setting * pSet = db_find_setting(aConfig[ii].zName, 0); |
| 701 | if( pSet && pSet->sensitive ){ |
| 702 | /* https://fossil-scm.org/forum/forumpost/6179500deadf6ec7 */ |
| 703 | continue; |
| 704 | } |
| 705 | db_bind_text(&q, ":name", aConfig[ii].zName); |
| 706 | while( db_step(&q)==SQLITE_ROW ){ |
| 707 | blob_appendf(&rec,"%s %s value %s", |
| 708 | db_column_text(&q, 0), |
| 709 | db_column_text(&q, 1), |
| 710 |
M
src/db.c
+1
-1
| --- src/db.c | ||
| +++ src/db.c | ||
| @@ -4967,11 +4967,11 @@ | ||
| 4967 | 4967 | ** If enabled, special TH1 commands will be called before and |
| 4968 | 4968 | ** after any Fossil command or web page. |
| 4969 | 4969 | */ |
| 4970 | 4970 | #endif |
| 4971 | 4971 | /* |
| 4972 | -** SETTING: th1-setup width=40 block-text | |
| 4972 | +** SETTING: th1-setup width=40 block-text sensitive | |
| 4973 | 4973 | ** This is the setup script to be evaluated after creating |
| 4974 | 4974 | ** and initializing the TH1 interpreter. By default, this |
| 4975 | 4975 | ** is empty and no extra setup is performed. |
| 4976 | 4976 | */ |
| 4977 | 4977 | /* |
| 4978 | 4978 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -4967,11 +4967,11 @@ | |
| 4967 | ** If enabled, special TH1 commands will be called before and |
| 4968 | ** after any Fossil command or web page. |
| 4969 | */ |
| 4970 | #endif |
| 4971 | /* |
| 4972 | ** SETTING: th1-setup width=40 block-text |
| 4973 | ** This is the setup script to be evaluated after creating |
| 4974 | ** and initializing the TH1 interpreter. By default, this |
| 4975 | ** is empty and no extra setup is performed. |
| 4976 | */ |
| 4977 | /* |
| 4978 |
| --- src/db.c | |
| +++ src/db.c | |
| @@ -4967,11 +4967,11 @@ | |
| 4967 | ** If enabled, special TH1 commands will be called before and |
| 4968 | ** after any Fossil command or web page. |
| 4969 | */ |
| 4970 | #endif |
| 4971 | /* |
| 4972 | ** SETTING: th1-setup width=40 block-text sensitive |
| 4973 | ** This is the setup script to be evaluated after creating |
| 4974 | ** and initializing the TH1 interpreter. By default, this |
| 4975 | ** is empty and no extra setup is performed. |
| 4976 | */ |
| 4977 | /* |
| 4978 |
+2
-2
| --- src/glob.c | ||
| +++ src/glob.c | ||
| @@ -34,12 +34,12 @@ | ||
| 34 | 34 | ** Commas and whitespace are considered to be element delimters. Each |
| 35 | 35 | ** element of the GLOB list may optionally be enclosed in either '...' or |
| 36 | 36 | ** "...". This allows commas and/or whitespace to be used in the elements |
| 37 | 37 | ** themselves. |
| 38 | 38 | ** |
| 39 | -** This routine makes no effort to free the memory space it uses, which | |
| 40 | -** currently consists of a blob object and its contents. | |
| 39 | +** The returned string is owned by the caller, who must fossil_free() | |
| 40 | +** it. | |
| 41 | 41 | */ |
| 42 | 42 | char *glob_expr(const char *zVal, const char *zGlobList){ |
| 43 | 43 | Blob expr; |
| 44 | 44 | const char *zSep = "("; |
| 45 | 45 | int nTerm = 0; |
| 46 | 46 |
| --- src/glob.c | |
| +++ src/glob.c | |
| @@ -34,12 +34,12 @@ | |
| 34 | ** Commas and whitespace are considered to be element delimters. Each |
| 35 | ** element of the GLOB list may optionally be enclosed in either '...' or |
| 36 | ** "...". This allows commas and/or whitespace to be used in the elements |
| 37 | ** themselves. |
| 38 | ** |
| 39 | ** This routine makes no effort to free the memory space it uses, which |
| 40 | ** currently consists of a blob object and its contents. |
| 41 | */ |
| 42 | char *glob_expr(const char *zVal, const char *zGlobList){ |
| 43 | Blob expr; |
| 44 | const char *zSep = "("; |
| 45 | int nTerm = 0; |
| 46 |
| --- src/glob.c | |
| +++ src/glob.c | |
| @@ -34,12 +34,12 @@ | |
| 34 | ** Commas and whitespace are considered to be element delimters. Each |
| 35 | ** element of the GLOB list may optionally be enclosed in either '...' or |
| 36 | ** "...". This allows commas and/or whitespace to be used in the elements |
| 37 | ** themselves. |
| 38 | ** |
| 39 | ** The returned string is owned by the caller, who must fossil_free() |
| 40 | ** it. |
| 41 | */ |
| 42 | char *glob_expr(const char *zVal, const char *zGlobList){ |
| 43 | Blob expr; |
| 44 | const char *zSep = "("; |
| 45 | int nTerm = 0; |
| 46 |
+5
-3
| --- src/search.c | ||
| +++ src/search.c | ||
| @@ -804,21 +804,23 @@ | ||
| 804 | 804 | " SELECT printf('Document: %%s',title('d',blob.rid,foci.filename))," |
| 805 | 805 | " printf('/doc/%T/%%s',foci.filename)," |
| 806 | 806 | " search_score()," |
| 807 | 807 | " 'd'||blob.rid," |
| 808 | 808 | " (SELECT datetime(event.mtime) FROM event" |
| 809 | - " WHERE objid=symbolic_name_to_rid('trunk'))," | |
| 809 | + " WHERE objid=symbolic_name_to_rid(%Q))," | |
| 810 | 810 | " search_snippet()" |
| 811 | 811 | " FROM foci CROSS JOIN blob" |
| 812 | - " WHERE checkinID=symbolic_name_to_rid('trunk')" | |
| 812 | + " WHERE checkinID=symbolic_name_to_rid(%Q)" | |
| 813 | 813 | " AND blob.uuid=foci.uuid" |
| 814 | 814 | " AND search_match(title('d',blob.rid,foci.filename)," |
| 815 | 815 | " body('d',blob.rid,foci.filename))" |
| 816 | 816 | " AND %z", |
| 817 | - zDocBr, glob_expr("foci.filename", zDocGlob) | |
| 817 | + zDocBr, zDocBr, zDocBr, glob_expr("foci.filename", zDocGlob) | |
| 818 | 818 | ); |
| 819 | 819 | } |
| 820 | + fossil_free(zDocGlob); | |
| 821 | + fossil_free(zDocBr); | |
| 820 | 822 | } |
| 821 | 823 | if( (srchFlags & SRCH_WIKI)!=0 ){ |
| 822 | 824 | db_multi_exec( |
| 823 | 825 | "WITH wiki(name,rid,mtime) AS (" |
| 824 | 826 | " SELECT substr(tagname,6), tagxref.rid, max(tagxref.mtime)" |
| 825 | 827 |
| --- src/search.c | |
| +++ src/search.c | |
| @@ -804,21 +804,23 @@ | |
| 804 | " SELECT printf('Document: %%s',title('d',blob.rid,foci.filename))," |
| 805 | " printf('/doc/%T/%%s',foci.filename)," |
| 806 | " search_score()," |
| 807 | " 'd'||blob.rid," |
| 808 | " (SELECT datetime(event.mtime) FROM event" |
| 809 | " WHERE objid=symbolic_name_to_rid('trunk'))," |
| 810 | " search_snippet()" |
| 811 | " FROM foci CROSS JOIN blob" |
| 812 | " WHERE checkinID=symbolic_name_to_rid('trunk')" |
| 813 | " AND blob.uuid=foci.uuid" |
| 814 | " AND search_match(title('d',blob.rid,foci.filename)," |
| 815 | " body('d',blob.rid,foci.filename))" |
| 816 | " AND %z", |
| 817 | zDocBr, glob_expr("foci.filename", zDocGlob) |
| 818 | ); |
| 819 | } |
| 820 | } |
| 821 | if( (srchFlags & SRCH_WIKI)!=0 ){ |
| 822 | db_multi_exec( |
| 823 | "WITH wiki(name,rid,mtime) AS (" |
| 824 | " SELECT substr(tagname,6), tagxref.rid, max(tagxref.mtime)" |
| 825 |
| --- src/search.c | |
| +++ src/search.c | |
| @@ -804,21 +804,23 @@ | |
| 804 | " SELECT printf('Document: %%s',title('d',blob.rid,foci.filename))," |
| 805 | " printf('/doc/%T/%%s',foci.filename)," |
| 806 | " search_score()," |
| 807 | " 'd'||blob.rid," |
| 808 | " (SELECT datetime(event.mtime) FROM event" |
| 809 | " WHERE objid=symbolic_name_to_rid(%Q))," |
| 810 | " search_snippet()" |
| 811 | " FROM foci CROSS JOIN blob" |
| 812 | " WHERE checkinID=symbolic_name_to_rid(%Q)" |
| 813 | " AND blob.uuid=foci.uuid" |
| 814 | " AND search_match(title('d',blob.rid,foci.filename)," |
| 815 | " body('d',blob.rid,foci.filename))" |
| 816 | " AND %z", |
| 817 | zDocBr, zDocBr, zDocBr, glob_expr("foci.filename", zDocGlob) |
| 818 | ); |
| 819 | } |
| 820 | fossil_free(zDocGlob); |
| 821 | fossil_free(zDocBr); |
| 822 | } |
| 823 | if( (srchFlags & SRCH_WIKI)!=0 ){ |
| 824 | db_multi_exec( |
| 825 | "WITH wiki(name,rid,mtime) AS (" |
| 826 | " SELECT substr(tagname,6), tagxref.rid, max(tagxref.mtime)" |
| 827 |
+12
-8
| --- src/winfile.c | ||
| +++ src/winfile.c | ||
| @@ -349,17 +349,17 @@ | ||
| 349 | 349 | const char *zBase, |
| 350 | 350 | const char *zPath |
| 351 | 351 | ){ |
| 352 | 352 | int cchBase = strlen(zBase); |
| 353 | 353 | int cchPath = strlen(zPath); |
| 354 | - int cchBuf = cchBase + cchPath + 1; | |
| 355 | - int cchRes = cchPath + 1; | |
| 354 | + int cchBuf = cchBase + cchPath + 2; /* + NULL + optional directory slash */ | |
| 355 | + int cchRes = cchPath + 1; /* + NULL */ | |
| 356 | 356 | char *zBuf = fossil_malloc(cchBuf); |
| 357 | 357 | char *zRes = fossil_malloc(cchRes); |
| 358 | + int ncUsed = 0; | |
| 358 | 359 | int i, j; |
| 359 | 360 | memcpy(zBuf,zBase,cchBase); |
| 360 | - cchRes = 0; | |
| 361 | 361 | if( !IS_DIRSEP(zBuf,cchBase-1) ){ |
| 362 | 362 | zBuf[cchBase++]=L'/'; |
| 363 | 363 | } |
| 364 | 364 | memcpy(zBuf+cchBase,zPath,cchPath+1); |
| 365 | 365 | i = j = cchBase; |
| @@ -371,21 +371,21 @@ | ||
| 371 | 371 | char *zComp = &zBuf[i]; |
| 372 | 372 | int cchComp; |
| 373 | 373 | char chSep; |
| 374 | 374 | int fDone; |
| 375 | 375 | if( IS_DIRSEP(zBuf,i) ){ |
| 376 | - zRes[cchRes++] = zBuf[i]; | |
| 376 | + zRes[ncUsed++] = zBuf[i]; | |
| 377 | 377 | i = j = i+1; |
| 378 | 378 | continue; |
| 379 | 379 | } |
| 380 | 380 | NEXT_DIRSEP(zBuf,j); |
| 381 | 381 | fDone = zBuf[j]==0; |
| 382 | 382 | chSep = zBuf[j]; |
| 383 | 383 | zBuf[j] = 0; /* Truncate working buffer. */ |
| 384 | 384 | wzBuf = fossil_utf8_to_path(zBuf,0); |
| 385 | 385 | hFind = FindFirstFileW(wzBuf,&fd); |
| 386 | - if( hFind!= INVALID_HANDLE_VALUE ){ | |
| 386 | + if( hFind!=INVALID_HANDLE_VALUE ){ | |
| 387 | 387 | wchar_t *wzComp = fossil_utf8_to_path(zComp,0); |
| 388 | 388 | FindClose(hFind); |
| 389 | 389 | /* Test fd.cFileName, not fd.cAlternateFileName (classic 8.3 format). */ |
| 390 | 390 | if( win32_compare_filenames_nocase(wzComp,fd.cFileName)==0 ){ |
| 391 | 391 | zCompBuf = fossil_path_to_utf8(fd.cFileName); |
| @@ -393,21 +393,25 @@ | ||
| 393 | 393 | } |
| 394 | 394 | fossil_path_free(wzComp); |
| 395 | 395 | } |
| 396 | 396 | fossil_path_free(wzBuf); |
| 397 | 397 | cchComp = strlen(zComp); |
| 398 | - memcpy(zRes+cchRes,zComp,cchComp); | |
| 399 | - cchRes += cchComp; | |
| 398 | + if( ncUsed+cchComp+1>cchRes ){ | |
| 399 | + cchRes = ncUsed + cchComp + 32; /* While at it, add some extra space. */ | |
| 400 | + zRes = fossil_realloc(zRes,cchRes); | |
| 401 | + } | |
| 402 | + memcpy(zRes+ncUsed,zComp,cchComp); | |
| 403 | + ncUsed += cchComp; | |
| 400 | 404 | if( zCompBuf ){ |
| 401 | 405 | fossil_path_free(zCompBuf); |
| 402 | 406 | } |
| 403 | 407 | if( fDone ){ |
| 404 | - zRes[cchRes] = 0; | |
| 408 | + zRes[ncUsed] = 0; | |
| 405 | 409 | break; |
| 406 | 410 | } |
| 407 | 411 | zBuf[j] = chSep; /* Undo working buffer truncation. */ |
| 408 | 412 | i = j; |
| 409 | 413 | } |
| 410 | 414 | fossil_free(zBuf); |
| 411 | 415 | return zRes; |
| 412 | 416 | } |
| 413 | 417 | #endif /* _WIN32 -- This code is for win32 only */ |
| 414 | 418 |
| --- src/winfile.c | |
| +++ src/winfile.c | |
| @@ -349,17 +349,17 @@ | |
| 349 | const char *zBase, |
| 350 | const char *zPath |
| 351 | ){ |
| 352 | int cchBase = strlen(zBase); |
| 353 | int cchPath = strlen(zPath); |
| 354 | int cchBuf = cchBase + cchPath + 1; |
| 355 | int cchRes = cchPath + 1; |
| 356 | char *zBuf = fossil_malloc(cchBuf); |
| 357 | char *zRes = fossil_malloc(cchRes); |
| 358 | int i, j; |
| 359 | memcpy(zBuf,zBase,cchBase); |
| 360 | cchRes = 0; |
| 361 | if( !IS_DIRSEP(zBuf,cchBase-1) ){ |
| 362 | zBuf[cchBase++]=L'/'; |
| 363 | } |
| 364 | memcpy(zBuf+cchBase,zPath,cchPath+1); |
| 365 | i = j = cchBase; |
| @@ -371,21 +371,21 @@ | |
| 371 | char *zComp = &zBuf[i]; |
| 372 | int cchComp; |
| 373 | char chSep; |
| 374 | int fDone; |
| 375 | if( IS_DIRSEP(zBuf,i) ){ |
| 376 | zRes[cchRes++] = zBuf[i]; |
| 377 | i = j = i+1; |
| 378 | continue; |
| 379 | } |
| 380 | NEXT_DIRSEP(zBuf,j); |
| 381 | fDone = zBuf[j]==0; |
| 382 | chSep = zBuf[j]; |
| 383 | zBuf[j] = 0; /* Truncate working buffer. */ |
| 384 | wzBuf = fossil_utf8_to_path(zBuf,0); |
| 385 | hFind = FindFirstFileW(wzBuf,&fd); |
| 386 | if( hFind!= INVALID_HANDLE_VALUE ){ |
| 387 | wchar_t *wzComp = fossil_utf8_to_path(zComp,0); |
| 388 | FindClose(hFind); |
| 389 | /* Test fd.cFileName, not fd.cAlternateFileName (classic 8.3 format). */ |
| 390 | if( win32_compare_filenames_nocase(wzComp,fd.cFileName)==0 ){ |
| 391 | zCompBuf = fossil_path_to_utf8(fd.cFileName); |
| @@ -393,21 +393,25 @@ | |
| 393 | } |
| 394 | fossil_path_free(wzComp); |
| 395 | } |
| 396 | fossil_path_free(wzBuf); |
| 397 | cchComp = strlen(zComp); |
| 398 | memcpy(zRes+cchRes,zComp,cchComp); |
| 399 | cchRes += cchComp; |
| 400 | if( zCompBuf ){ |
| 401 | fossil_path_free(zCompBuf); |
| 402 | } |
| 403 | if( fDone ){ |
| 404 | zRes[cchRes] = 0; |
| 405 | break; |
| 406 | } |
| 407 | zBuf[j] = chSep; /* Undo working buffer truncation. */ |
| 408 | i = j; |
| 409 | } |
| 410 | fossil_free(zBuf); |
| 411 | return zRes; |
| 412 | } |
| 413 | #endif /* _WIN32 -- This code is for win32 only */ |
| 414 |
| --- src/winfile.c | |
| +++ src/winfile.c | |
| @@ -349,17 +349,17 @@ | |
| 349 | const char *zBase, |
| 350 | const char *zPath |
| 351 | ){ |
| 352 | int cchBase = strlen(zBase); |
| 353 | int cchPath = strlen(zPath); |
| 354 | int cchBuf = cchBase + cchPath + 2; /* + NULL + optional directory slash */ |
| 355 | int cchRes = cchPath + 1; /* + NULL */ |
| 356 | char *zBuf = fossil_malloc(cchBuf); |
| 357 | char *zRes = fossil_malloc(cchRes); |
| 358 | int ncUsed = 0; |
| 359 | int i, j; |
| 360 | memcpy(zBuf,zBase,cchBase); |
| 361 | if( !IS_DIRSEP(zBuf,cchBase-1) ){ |
| 362 | zBuf[cchBase++]=L'/'; |
| 363 | } |
| 364 | memcpy(zBuf+cchBase,zPath,cchPath+1); |
| 365 | i = j = cchBase; |
| @@ -371,21 +371,21 @@ | |
| 371 | char *zComp = &zBuf[i]; |
| 372 | int cchComp; |
| 373 | char chSep; |
| 374 | int fDone; |
| 375 | if( IS_DIRSEP(zBuf,i) ){ |
| 376 | zRes[ncUsed++] = zBuf[i]; |
| 377 | i = j = i+1; |
| 378 | continue; |
| 379 | } |
| 380 | NEXT_DIRSEP(zBuf,j); |
| 381 | fDone = zBuf[j]==0; |
| 382 | chSep = zBuf[j]; |
| 383 | zBuf[j] = 0; /* Truncate working buffer. */ |
| 384 | wzBuf = fossil_utf8_to_path(zBuf,0); |
| 385 | hFind = FindFirstFileW(wzBuf,&fd); |
| 386 | if( hFind!=INVALID_HANDLE_VALUE ){ |
| 387 | wchar_t *wzComp = fossil_utf8_to_path(zComp,0); |
| 388 | FindClose(hFind); |
| 389 | /* Test fd.cFileName, not fd.cAlternateFileName (classic 8.3 format). */ |
| 390 | if( win32_compare_filenames_nocase(wzComp,fd.cFileName)==0 ){ |
| 391 | zCompBuf = fossil_path_to_utf8(fd.cFileName); |
| @@ -393,21 +393,25 @@ | |
| 393 | } |
| 394 | fossil_path_free(wzComp); |
| 395 | } |
| 396 | fossil_path_free(wzBuf); |
| 397 | cchComp = strlen(zComp); |
| 398 | if( ncUsed+cchComp+1>cchRes ){ |
| 399 | cchRes = ncUsed + cchComp + 32; /* While at it, add some extra space. */ |
| 400 | zRes = fossil_realloc(zRes,cchRes); |
| 401 | } |
| 402 | memcpy(zRes+ncUsed,zComp,cchComp); |
| 403 | ncUsed += cchComp; |
| 404 | if( zCompBuf ){ |
| 405 | fossil_path_free(zCompBuf); |
| 406 | } |
| 407 | if( fDone ){ |
| 408 | zRes[ncUsed] = 0; |
| 409 | break; |
| 410 | } |
| 411 | zBuf[j] = chSep; /* Undo working buffer truncation. */ |
| 412 | i = j; |
| 413 | } |
| 414 | fossil_free(zBuf); |
| 415 | return zRes; |
| 416 | } |
| 417 | #endif /* _WIN32 -- This code is for win32 only */ |
| 418 |