diff options
author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2012-05-13 14:46:56 (GMT) |
---|---|---|
committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2012-05-13 14:46:56 (GMT) |
commit | 8957363cf361d3c474292d063135bac9f694e9fe (patch) | |
tree | 5f86a14fef5506d2aab042f36d183030f712d53e /win/tclWinDde.c | |
parent | d5e5d7b16d3ec4b3e346f162d1334b6187385031 (diff) | |
download | tcl-8957363cf361d3c474292d063135bac9f694e9fe.zip tcl-8957363cf361d3c474292d063135bac9f694e9fe.tar.gz tcl-8957363cf361d3c474292d063135bac9f694e9fe.tar.bz2 |
Protect against receiving strings without ending \0, as external applications (or Tcl with TIP #106) could generate that.
Diffstat (limited to 'win/tclWinDde.c')
-rw-r--r-- | win/tclWinDde.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/win/tclWinDde.c b/win/tclWinDde.c index ebba2f3..3b8ca23 100644 --- a/win/tclWinDde.c +++ b/win/tclWinDde.c @@ -591,7 +591,10 @@ DdeServerProc( utilString = (char *) DdeAccessData(hData, &dlen); len = dlen; - ddeObjectPtr = Tcl_NewStringObj(utilString, -1); + if (len && !utilString[len-1]) { + len--; + } + ddeObjectPtr = Tcl_NewStringObj(utilString, len); Tcl_IncrRefCount(ddeObjectPtr); DdeUnaccessData(hData); if (convPtr->returnPackagePtr != NULL) { @@ -1200,13 +1203,17 @@ DdeObjCmd( result = TCL_ERROR; } else { DWORD tmp; - const BYTE *dataString = DdeAccessData(ddeData, &tmp); + const char *dataString = (const char *) DdeAccessData(ddeData, &tmp); if (binary) { - returnObjPtr = Tcl_NewByteArrayObj(dataString, + returnObjPtr = Tcl_NewByteArrayObj((BYTE *) dataString, (int) tmp); } else { - returnObjPtr = Tcl_NewStringObj((char *)dataString, -1); + if (tmp && !dataString[tmp-1]) { + --tmp; + } + returnObjPtr = Tcl_NewStringObj(dataString, + (int) tmp); } DdeUnaccessData(ddeData); DdeFreeDataHandle(ddeData); |