summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjan.nijtmans <nijtmans@users.sourceforge.net>2012-05-13 14:46:56 (GMT)
committerjan.nijtmans <nijtmans@users.sourceforge.net>2012-05-13 14:46:56 (GMT)
commit515c4f1a4cc29e7f4dd2fb0ca65aaec0e0172cab (patch)
tree5f86a14fef5506d2aab042f36d183030f712d53e
parent5abed9b95ce3f5e789bc35d2dbbacecfad1dbd57 (diff)
downloadtcl-515c4f1a4cc29e7f4dd2fb0ca65aaec0e0172cab.zip
tcl-515c4f1a4cc29e7f4dd2fb0ca65aaec0e0172cab.tar.gz
tcl-515c4f1a4cc29e7f4dd2fb0ca65aaec0e0172cab.tar.bz2
Protect against receiving strings without ending \0, as external applications (or Tcl with TIP #106) could generate that.
-rw-r--r--ChangeLog5
-rw-r--r--win/tclWinDde.c15
2 files changed, 16 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 6add097..1615237 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-05-13 Jan Nijtmans <nijtmans@users.sf.net>
+
+ * win/tclWinDde.c: Protect against receiving strings without ending \0,
+ as external applications (or Tcl with TIP #106) could generate that.
+
2012-05-10 Jan Nijtmans <nijtmans@users.sf.net>
* win/tclWinDde.c: [Bug 473946]: special characters not correctly sent
diff --git a/win/tclWinDde.c b/win/tclWinDde.c
index ebba2f3..3b8ca23 100644
--- a/win/tclWinDde.c
+++ b/win/tclWinDde.c
@@ -591,7 +591,10 @@ DdeServerProc(
utilString = (char *) DdeAccessData(hData, &dlen);
len = dlen;
- ddeObjectPtr = Tcl_NewStringObj(utilString, -1);
+ if (len && !utilString[len-1]) {
+ len--;
+ }
+ ddeObjectPtr = Tcl_NewStringObj(utilString, len);
Tcl_IncrRefCount(ddeObjectPtr);
DdeUnaccessData(hData);
if (convPtr->returnPackagePtr != NULL) {
@@ -1200,13 +1203,17 @@ DdeObjCmd(
result = TCL_ERROR;
} else {
DWORD tmp;
- const BYTE *dataString = DdeAccessData(ddeData, &tmp);
+ const char *dataString = (const char *) DdeAccessData(ddeData, &tmp);
if (binary) {
- returnObjPtr = Tcl_NewByteArrayObj(dataString,
+ returnObjPtr = Tcl_NewByteArrayObj((BYTE *) dataString,
(int) tmp);
} else {
- returnObjPtr = Tcl_NewStringObj((char *)dataString, -1);
+ if (tmp && !dataString[tmp-1]) {
+ --tmp;
+ }
+ returnObjPtr = Tcl_NewStringObj(dataString,
+ (int) tmp);
}
DdeUnaccessData(ddeData);
DdeFreeDataHandle(ddeData);