summaryrefslogtreecommitdiffstats
path: root/win/tclWinDde.c
diff options
context:
space:
mode:
authorjan.nijtmans <nijtmans@users.sourceforge.net>2012-05-13 14:46:56 (GMT)
committerjan.nijtmans <nijtmans@users.sourceforge.net>2012-05-13 14:46:56 (GMT)
commit8957363cf361d3c474292d063135bac9f694e9fe (patch)
tree5f86a14fef5506d2aab042f36d183030f712d53e /win/tclWinDde.c
parentd5e5d7b16d3ec4b3e346f162d1334b6187385031 (diff)
downloadtcl-8957363cf361d3c474292d063135bac9f694e9fe.zip
tcl-8957363cf361d3c474292d063135bac9f694e9fe.tar.gz
tcl-8957363cf361d3c474292d063135bac9f694e9fe.tar.bz2
Protect against receiving strings without ending \0, as external applications (or Tcl with TIP #106) could generate that.
Diffstat (limited to 'win/tclWinDde.c')
-rw-r--r--win/tclWinDde.c15
1 files changed, 11 insertions, 4 deletions
diff --git a/win/tclWinDde.c b/win/tclWinDde.c
index ebba2f3..3b8ca23 100644
--- a/win/tclWinDde.c
+++ b/win/tclWinDde.c
@@ -591,7 +591,10 @@ DdeServerProc(
utilString = (char *) DdeAccessData(hData, &dlen);
len = dlen;
- ddeObjectPtr = Tcl_NewStringObj(utilString, -1);
+ if (len && !utilString[len-1]) {
+ len--;
+ }
+ ddeObjectPtr = Tcl_NewStringObj(utilString, len);
Tcl_IncrRefCount(ddeObjectPtr);
DdeUnaccessData(hData);
if (convPtr->returnPackagePtr != NULL) {
@@ -1200,13 +1203,17 @@ DdeObjCmd(
result = TCL_ERROR;
} else {
DWORD tmp;
- const BYTE *dataString = DdeAccessData(ddeData, &tmp);
+ const char *dataString = (const char *) DdeAccessData(ddeData, &tmp);
if (binary) {
- returnObjPtr = Tcl_NewByteArrayObj(dataString,
+ returnObjPtr = Tcl_NewByteArrayObj((BYTE *) dataString,
(int) tmp);
} else {
- returnObjPtr = Tcl_NewStringObj((char *)dataString, -1);
+ if (tmp && !dataString[tmp-1]) {
+ --tmp;
+ }
+ returnObjPtr = Tcl_NewStringObj(dataString,
+ (int) tmp);
}
DdeUnaccessData(ddeData);
DdeFreeDataHandle(ddeData);