1
0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-12-28 10:56:36 +00:00
emacs/lib-src/update-game-score.c

509 lines
12 KiB
C
Raw Normal View History

2002-03-27 20:57:06 +00:00
/* update-game-score.c --- Update a score file
Copyright (C) 2002-2016 Free Software Foundation, Inc.
Author: Colin Walters <walters@debian.org>
2002-03-27 20:57:06 +00:00
This file is part of GNU Emacs.
GNU Emacs is free software: you can redistribute it and/or modify
2002-03-27 20:57:06 +00:00
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.
2002-03-27 20:57:06 +00:00
GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
2002-03-27 20:57:06 +00:00
2009-09-24 01:44:35 +00:00
/* This program allows a game to securely and atomically update a
score file. It should be installed either setuid or setgid, owned
by an appropriate user or group like `games'.
Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
defined, and in that case it will store scores in the user's home
directory (it should NOT be setuid).
2002-03-27 20:57:06 +00:00
Created 2002/03/22.
2002-03-27 20:57:06 +00:00
*/
#include <config.h>
2002-03-27 20:57:06 +00:00
#include <unistd.h>
#include <errno.h>
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
#include <inttypes.h>
#include <limits.h>
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
#include <stdbool.h>
2002-03-27 20:57:06 +00:00
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <pwd.h>
2002-03-27 20:57:06 +00:00
#include <ctype.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <getopt.h>
#ifdef WINDOWSNT
#include "ntlib.h"
#endif
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
#ifndef min
# define min(a,b) ((a) < (b) ? (a) : (b))
#endif
2002-03-27 20:57:06 +00:00
#define MAX_ATTEMPTS 5
#define MAX_DATA_LEN 1024
static _Noreturn void
usage (int err)
2002-03-27 20:57:06 +00:00
{
fprintf (stdout, "Usage: update-game-score [-m MAX] [-r] [-d DIR] game/scorefile SCORE DATA\n");
2003-02-04 12:00:09 +00:00
fprintf (stdout, " update-game-score -h\n");
fprintf (stdout, " -h\t\tDisplay this help.\n");
fprintf (stdout, " -m MAX\t\tLimit the maximum number of scores to MAX.\n");
fprintf (stdout, " -r\t\tSort the scores in increasing order.\n");
fprintf (stdout, " -d DIR\t\tStore scores in DIR (only if not setuid).\n");
exit (err);
2002-03-27 20:57:06 +00:00
}
static int lock_file (const char *filename, void **state);
static int unlock_file (const char *filename, void *state);
2002-03-27 20:57:06 +00:00
struct score_entry
{
char *score;
char *user_data;
2002-03-27 20:57:06 +00:00
};
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
#define MAX_SCORES min (PTRDIFF_MAX, SIZE_MAX / sizeof (struct score_entry))
static int read_scores (const char *filename, struct score_entry **scores,
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
ptrdiff_t *count, ptrdiff_t *alloc);
static int push_score (struct score_entry **scores, ptrdiff_t *count,
ptrdiff_t *size, struct score_entry const *newscore);
static void sort_scores (struct score_entry *scores, ptrdiff_t count,
bool reverse);
static int write_scores (const char *filename, mode_t mode,
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
const struct score_entry *scores, ptrdiff_t count);
static _Noreturn void
lose (const char *msg)
{
2003-02-04 12:00:09 +00:00
fprintf (stderr, "%s\n", msg);
exit (EXIT_FAILURE);
}
2002-03-27 20:57:06 +00:00
static _Noreturn void
lose_syserr (const char *msg)
{
fprintf (stderr, "%s: %s\n", msg,
errno ? strerror (errno) : "Invalid data in score file");
exit (EXIT_FAILURE);
}
static char *
get_user_id (void)
{
2003-02-04 12:00:09 +00:00
struct passwd *buf = getpwuid (getuid ());
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (!buf || strchr (buf->pw_name, ' ') || strchr (buf->pw_name, '\n'))
{
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
intmax_t uid = getuid ();
char *name = malloc (sizeof uid * CHAR_BIT / 3 + 4);
if (name)
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
sprintf (name, "%"PRIdMAX, uid);
return name;
}
return buf->pw_name;
}
static const char *
get_prefix (bool privileged, const char *user_prefix)
{
if (privileged)
{
#ifdef HAVE_SHARED_GAME_DIR
return HAVE_SHARED_GAME_DIR;
#else
lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
"and should not run with elevated privileges.");
#endif
}
if (user_prefix == NULL)
lose ("Not using a shared game directory, and no prefix given.");
return user_prefix;
}
static char *
normalize_integer (char *num)
{
bool neg;
char *p;
while (*num != '\n' && isspace (*num))
num++;
neg = *num == '-';
num += neg || *num == '-';
if (*num == '0')
{
while (*++num == '0')
continue;
neg &= !!*num;
num -= !*num;
}
for (p = num; '0' <= *p && *p <= '9'; p++)
continue;
if (*p || p == num)
{
errno = 0;
return 0;
}
if (neg)
*--num = '-';
return num;
}
2002-03-27 20:57:06 +00:00
int
main (int argc, char **argv)
2002-03-27 20:57:06 +00:00
{
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
int c;
bool running_suid, running_sgid;
2002-03-27 20:57:06 +00:00
void *lockstate;
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
char *scorefile;
char *end, *nl, *user, *data;
Fix warnings produced by compiling with -Wwrite_strings (i.e. use const char *). * b2m.c (concat, fatal): Use const char*. (main): Don't assign labels a string literal. * ebrowse.c (struct member): filename, def_filename is const. (struct sym): filename, sfilename is const. (struct kw): name is const. (add_sym, yyerror, token_string, insert_keyword, main): Use const char*. * emacsclient.c (message, sock_err_message, send_to_emacs) (quote_argument, set_local_socket) (start_daemon_and_retry_set_socket): Use const char*. * etags.c (compressor, language, Ada_suffix, Ada_help, Asm_suffixes) (Asm_help, default_C_suffixes, default_C_help, Cplusplus_suffixes) (Cplusplus_help, Cjava_suffixes, Cobol_suffixes, Cstar_suffixes) (Erlang_suffixes, Erlang_help, Forth_suffixes, Forth_help) (Fortran_suffixes, Fortran_help, HTML_suffixes, HTML_help) (Lisp_suffixes, Lisp_help, Lua_suffixes, Lua_help) (Makefile_filenames, Makefile_help, Objc_suffixes, Objc_help) (Pascal_suffixes, Pascal_help, Perl_suffixes, Perl_interpreters) (Perl_help, PHP_suffixes, PHP_help, plain_C_suffixses, PS_suffixes) (PS_help, Prolog_suffixes, Prolog_help, Python_suffixes, Python_help) (Scheme_suffixes, Scheme_help, TeX_suffixes, TeX_help, Texinfo_suffixes) (Texinfo_help, Yacc_suffixes, Yacc_help, auto_help, none_help) (no_lang_help, print_language_names) (get_language_from_interpreter, get_language_from_filename) (init, make_tag, struct C_stab_entry, write_classname, TEX_defenv) (TEX_decode_env, nocase_tail, savestr, savenstr, fatal, pfatal) (concat): Use const char*. * make-docfile.c (error, fatal, scan_c_file, scan_lisp_file): Use const char *. * movemail.c (fatal, error, concat): Use const char *. * pop.c (pop_multi_first, socket_connection, sendline): Use conat char*. * pop.h (pop_multi_first): Use const char *. (_ARGS): Remove. * sorted-doc.c (error, fatal, states): Use const char *. * update-game-score.c (get_prefix, write_scores, main): Use const char*.
2010-08-11 08:20:34 +00:00
const char *prefix, *user_prefix = NULL;
2002-03-27 20:57:06 +00:00
struct score_entry *scores;
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
struct score_entry newscore;
bool reverse = false;
ptrdiff_t scorecount, scorealloc;
ptrdiff_t max_scores = MAX_SCORES;
2002-03-27 20:57:06 +00:00
2003-02-04 12:00:09 +00:00
srand (time (0));
2002-03-27 20:57:06 +00:00
2003-02-04 12:00:09 +00:00
while ((c = getopt (argc, argv, "hrm:d:")) != -1)
2002-03-27 20:57:06 +00:00
switch (c)
{
case 'h':
usage (EXIT_SUCCESS);
2002-03-27 20:57:06 +00:00
break;
case 'd':
user_prefix = optarg;
break;
2002-03-27 20:57:06 +00:00
case 'r':
reverse = 1;
break;
case 'm':
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
{
intmax_t m = strtoimax (optarg, &end, 10);
if (optarg == end || *end || m < 0)
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
usage (EXIT_FAILURE);
max_scores = min (m, MAX_SCORES);
}
2002-03-27 20:57:06 +00:00
break;
default:
usage (EXIT_FAILURE);
2002-03-27 20:57:06 +00:00
}
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (argc - optind != 3)
usage (EXIT_FAILURE);
2003-02-04 12:00:09 +00:00
running_suid = (getuid () != geteuid ());
running_sgid = (getgid () != getegid ());
if (running_suid && running_sgid)
lose ("This program can run either suid or sgid, but not both.");
prefix = get_prefix (running_suid || running_sgid, user_prefix);
2003-02-04 12:00:09 +00:00
scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
2002-03-27 20:57:06 +00:00
if (!scorefile)
2003-02-04 12:00:09 +00:00
lose_syserr ("Couldn't allocate score file");
char *z = stpcpy (scorefile, prefix);
*z++ = '/';
strcpy (z, argv[optind]);
newscore.score = normalize_integer (argv[optind + 1]);
if (! newscore.score)
{
fprintf (stderr, "%s: Invalid score\n", argv[optind + 1]);
return EXIT_FAILURE;
}
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
user = get_user_id ();
if (! user)
lose_syserr ("Couldn't determine user id");
data = argv[optind + 2];
if (strlen (data) > MAX_DATA_LEN)
data[MAX_DATA_LEN] = '\0';
nl = strchr (data, '\n');
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (nl)
*nl = '\0';
newscore.user_data = malloc (strlen (user) + 1 + strlen (data) + 1);
if (! newscore.user_data
|| sprintf (newscore.user_data, "%s %s", user, data) < 0)
lose_syserr ("Memory exhausted");
2003-02-04 14:56:31 +00:00
2003-02-04 12:00:09 +00:00
if (lock_file (scorefile, &lockstate) < 0)
lose_syserr ("Failed to lock scores file");
2003-02-04 14:56:31 +00:00
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (read_scores (scorefile, &scores, &scorecount, &scorealloc) < 0)
2002-03-27 20:57:06 +00:00
{
2003-02-04 12:00:09 +00:00
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to read scores file");
2002-03-27 20:57:06 +00:00
}
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (push_score (&scores, &scorecount, &scorealloc, &newscore) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to add score");
}
sort_scores (scores, scorecount, reverse);
/* Limit the number of scores. If we're using reverse sorting, then
also increment the beginning of the array, to skip over the
*smallest* scores. Otherwise, just decrementing the number of
scores suffices, since the smallest is at the end. */
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (scorecount > max_scores)
{
if (reverse)
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
scores += scorecount - max_scores;
scorecount = max_scores;
}
if (write_scores (scorefile, running_sgid ? 0664 : 0644,
scores, scorecount) < 0)
2002-03-27 20:57:06 +00:00
{
2003-02-04 12:00:09 +00:00
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to write scores file");
2002-03-27 20:57:06 +00:00
}
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
if (unlock_file (scorefile, lockstate) < 0)
lose_syserr ("Failed to unlock scores file");
exit (EXIT_SUCCESS);
2002-03-27 20:57:06 +00:00
}
static char *
read_score (char *p, struct score_entry *score)
2002-03-27 20:57:06 +00:00
{
score->score = p;
p = strchr (p, ' ');
if (!p)
return p;
*p++ = 0;
score->user_data = p;
p = strchr (p, '\n');
if (!p)
return p;
*p++ = 0;
return p;
2002-03-27 20:57:06 +00:00
}
static int
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
read_scores (const char *filename, struct score_entry **scores,
ptrdiff_t *count, ptrdiff_t *alloc)
2002-03-27 20:57:06 +00:00
{
char *p, *filedata;
ptrdiff_t filesize, nread;
struct stat st;
2003-02-04 12:00:09 +00:00
FILE *f = fopen (filename, "r");
2003-02-04 14:56:31 +00:00
if (!f)
2002-03-27 20:57:06 +00:00
return -1;
if (fstat (fileno (f), &st) != 0)
return -1;
if (! (0 <= st.st_size && st.st_size < min (PTRDIFF_MAX, SIZE_MAX)))
{
errno = EOVERFLOW;
return -1;
}
filesize = st.st_size;
filedata = malloc (filesize + 1);
if (! filedata)
return -1;
nread = fread (filedata, 1, filesize + 1, f);
if (filesize < nread)
{
errno = 0;
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
return -1;
}
if (nread < filesize)
filesize = nread;
if (ferror (f) || fclose (f) != 0)
return -1;
filedata[filesize] = 0;
if (strlen (filedata) != filesize)
{
errno = 0;
return -1;
}
*scores = 0;
*count = *alloc = 0;
for (p = filedata; p < filedata + filesize; )
{
struct score_entry entry;
p = read_score (p, &entry);
if (!p)
{
errno = 0;
return -1;
}
if (push_score (scores, count, alloc, &entry) < 0)
return -1;
}
return 0;
2002-03-27 20:57:06 +00:00
}
static int
score_compare (const void *a, const void *b)
2002-03-27 20:57:06 +00:00
{
const struct score_entry *sa = (const struct score_entry *) a;
const struct score_entry *sb = (const struct score_entry *) b;
char *sca = sa->score;
char *scb = sb->score;
size_t lena, lenb;
bool nega = *sca == '-';
bool negb = *scb == '-';
int diff = nega - negb;
if (diff)
return diff;
if (nega)
{
char *tmp = sca;
sca = scb + 1;
scb = tmp + 1;
}
lena = strlen (sca);
lenb = strlen (scb);
if (lena != lenb)
return lenb < lena ? -1 : 1;
return strcmp (scb, sca);
2002-03-27 20:57:06 +00:00
}
static int
score_compare_reverse (const void *a, const void *b)
2002-03-27 20:57:06 +00:00
{
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
return score_compare (b, a);
2002-03-27 20:57:06 +00:00
}
int
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
push_score (struct score_entry **scores, ptrdiff_t *count, ptrdiff_t *size,
struct score_entry const *newscore)
2002-03-27 20:57:06 +00:00
{
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
struct score_entry *newscores = *scores;
if (*count == *size)
{
ptrdiff_t newsize = *size;
if (newsize <= 0)
newsize = 1;
else if (newsize <= MAX_SCORES / 2)
newsize *= 2;
else if (newsize < MAX_SCORES)
newsize = MAX_SCORES;
else
{
errno = ENOMEM;
return -1;
}
newscores = realloc (newscores, sizeof *newscores * newsize);
if (!newscores)
return -1;
*scores = newscores;
*size = newsize;
}
newscores[*count] = *newscore;
2002-03-27 20:57:06 +00:00
(*count) += 1;
return 0;
}
2003-02-04 14:56:31 +00:00
static void
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
sort_scores (struct score_entry *scores, ptrdiff_t count, bool reverse)
2002-03-27 20:57:06 +00:00
{
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
qsort (scores, count, sizeof *scores,
reverse ? score_compare_reverse : score_compare);
2002-03-27 20:57:06 +00:00
}
static int
write_scores (const char *filename, mode_t mode,
const struct score_entry *scores, ptrdiff_t count)
2002-03-27 20:57:06 +00:00
{
int fd;
2003-02-04 14:56:31 +00:00
FILE *f;
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
ptrdiff_t i;
2003-02-04 12:00:09 +00:00
char *tempfile = malloc (strlen (filename) + strlen (".tempXXXXXX") + 1);
2002-03-27 20:57:06 +00:00
if (!tempfile)
return -1;
strcpy (stpcpy (tempfile, filename), ".tempXXXXXX");
fd = mkostemp (tempfile, 0);
if (fd < 0)
return -1;
Fix the MSDOS build. src/unexcoff.c [MSDOS]: Include libc/atexit.h. (copy_text_and_data): Zero out the atexit chain pointer before dumping Emacs. src/termhooks.h (encode_terminal_code): Update prototype. src/term.c (encode_terminal_code) [DOS_NT]: Make it externally visible for all DOS_NT ports, not just WINDOWSNT. (syms_of_term) [!MSDOS]: Don't define 'tty-menu-*' symbols on MSDOS. src/sysdep.c (emacs_sigaction_init, init_signals): Don't use SIGCHLD unless it is defined. (emacs_pipe) [MSDOS]: Redirect to 'pipe'. src/process.c (close_on_exec, accept4, process_socket): Move into the "ifdef subprocesses" part. (catch_child_signal): Condition by "ifdef subprocesses". (syms_of_process) <Qinternal_default_process_sentinel> <Qinternal_default_process_filter>: Condition by "ifdef subprocesses". src/msdos.h: Add prototypes for new functions. (EINPROGRESS): Define. (O_CLOEXEC): Define to zero. src/msdos.c (check_window_system): Remove unnecessary an incompatible duplicate function. (sys_opendir, readlinkat, faccessat, fstatat, unsetenv): New functions in support of new functionality. src/menu.c (single_menu_item): Add visual indication of submenu also for menus on MSDOS frames. (Fx_popup_menu) [!MSDOS]: Do not call tty_menu_show on MSDOS. src/lisp.h (CHECK_PROCESS) [!subprocesses]: Do not define when async subprocesses aren't supported. src/font.h (FONT_WIDTH) [MSDOS]: MSDOS-specific definition. src/emacs.c (close_output_streams): Zero out errno before calling close_stream. src/dired.c [MSDOS]: Include msdos.h. src/conf_post.h (opendir) [MSDOS]: Redirect to sys_opendir. (DATA_START) [MSDOS]: Define. (SYSTEM_PURESIZE_EXTRA) [MSDOS]: Enlarge by 25K. src/callproc.c (block_child_signal, unblock_child_signal) [MSDOS]: Ifdef away for MSDOS. (record_kill_process) [MSDOS]: Ifdef away the entire body for MSDOS. (call_process_cleanup) [MSDOS]: Ifdef away portions not relevant for MSDOS. (call_process) [MSDOS]: Fix call sequence of dostounix_filename. Use temporary file template that is compatible with mkostemp. Move vfork-related portions under #ifndef MSDOS. (syms_of_callproc): Unify templates of MSDOS and WINDOWSNT. lisp/term/pc-win.el (x-list-fonts, x-get-selection-value): Provide doc strings, as required by snarf-documentation. msdos/sedlisp.inp: msdos/sedlibmk.inp: msdos/sedleim.inp: msdos/sed3v2.inp: msdos/sed2v2.inp: msdos/sed1v2.inp: Update Sed scripts for Emacs 24.4. msdos/inttypes.h: Add PRIdMAX. msdos/INSTALL: Update for Emacs 24.4. msdos/sedadmin.inp: New file.
2014-04-16 13:27:28 +00:00
#ifndef DOS_NT
if (fchmod (fd, mode) != 0)
return -1;
#endif
f = fdopen (fd, "w");
if (! f)
2002-03-27 20:57:06 +00:00
return -1;
for (i = 0; i < count; i++)
if (fprintf (f, "%s %s\n", scores[i].score, scores[i].user_data) < 0)
2002-03-27 20:57:06 +00:00
return -1;
if (fclose (f) != 0)
2002-03-27 20:57:06 +00:00
return -1;
if (rename (tempfile, filename) != 0)
2002-03-27 20:57:06 +00:00
return -1;
return 0;
2002-03-27 20:57:06 +00:00
}
2003-02-04 14:56:31 +00:00
static int
lock_file (const char *filename, void **state)
2002-03-27 20:57:06 +00:00
{
int fd;
struct stat buf;
2002-03-27 20:57:06 +00:00
int attempts = 0;
Fix warnings produced by compiling with -Wwrite_strings (i.e. use const char *). * b2m.c (concat, fatal): Use const char*. (main): Don't assign labels a string literal. * ebrowse.c (struct member): filename, def_filename is const. (struct sym): filename, sfilename is const. (struct kw): name is const. (add_sym, yyerror, token_string, insert_keyword, main): Use const char*. * emacsclient.c (message, sock_err_message, send_to_emacs) (quote_argument, set_local_socket) (start_daemon_and_retry_set_socket): Use const char*. * etags.c (compressor, language, Ada_suffix, Ada_help, Asm_suffixes) (Asm_help, default_C_suffixes, default_C_help, Cplusplus_suffixes) (Cplusplus_help, Cjava_suffixes, Cobol_suffixes, Cstar_suffixes) (Erlang_suffixes, Erlang_help, Forth_suffixes, Forth_help) (Fortran_suffixes, Fortran_help, HTML_suffixes, HTML_help) (Lisp_suffixes, Lisp_help, Lua_suffixes, Lua_help) (Makefile_filenames, Makefile_help, Objc_suffixes, Objc_help) (Pascal_suffixes, Pascal_help, Perl_suffixes, Perl_interpreters) (Perl_help, PHP_suffixes, PHP_help, plain_C_suffixses, PS_suffixes) (PS_help, Prolog_suffixes, Prolog_help, Python_suffixes, Python_help) (Scheme_suffixes, Scheme_help, TeX_suffixes, TeX_help, Texinfo_suffixes) (Texinfo_help, Yacc_suffixes, Yacc_help, auto_help, none_help) (no_lang_help, print_language_names) (get_language_from_interpreter, get_language_from_filename) (init, make_tag, struct C_stab_entry, write_classname, TEX_defenv) (TEX_decode_env, nocase_tail, savestr, savenstr, fatal, pfatal) (concat): Use const char*. * make-docfile.c (error, fatal, scan_c_file, scan_lisp_file): Use const char *. * movemail.c (fatal, error, concat): Use const char *. * pop.c (pop_multi_first, socket_connection, sendline): Use conat char*. * pop.h (pop_multi_first): Use const char *. (_ARGS): Remove. * sorted-doc.c (error, fatal, states): Use const char *. * update-game-score.c (get_prefix, write_scores, main): Use const char*.
2010-08-11 08:20:34 +00:00
const char *lockext = ".lockfile";
2003-02-04 12:00:09 +00:00
char *lockpath = malloc (strlen (filename) + strlen (lockext) + 60);
2002-03-27 20:57:06 +00:00
if (!lockpath)
return -1;
strcpy (stpcpy (lockpath, filename), lockext);
2002-03-27 20:57:06 +00:00
*state = lockpath;
while ((fd = open (lockpath, O_CREAT | O_EXCL, 0600)) < 0)
2002-03-27 20:57:06 +00:00
{
if (errno != EEXIST)
return -1;
attempts++;
/* Break the lock if it is over an hour old, or if we've tried
more than MAX_ATTEMPTS times. We won't corrupt the file, but
we might lose some scores. */
if (MAX_ATTEMPTS < attempts
|| (stat (lockpath, &buf) == 0 && 60 * 60 < time (0) - buf.st_ctime))
2002-03-27 20:57:06 +00:00
{
if (unlink (lockpath) != 0 && errno != ENOENT)
return -1;
attempts = 0;
2002-03-27 20:57:06 +00:00
}
sleep ((rand () & 1) + 1);
2002-03-27 20:57:06 +00:00
}
2003-02-04 12:00:09 +00:00
close (fd);
2002-03-27 20:57:06 +00:00
return 0;
}
2003-02-04 14:56:31 +00:00
static int
unlock_file (const char *filename, void *state)
2002-03-27 20:57:06 +00:00
{
char *lockpath = (char *) state;
int saved_errno = errno;
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
int ret = unlink (lockpath);
int unlink_errno = errno;
2003-02-04 12:00:09 +00:00
free (lockpath);
update-game-score fixes for -m and integer overflow * update-game-score.c: Include inttypes.h, stdbool.h. (min): New macro, if not already defined. (MAX_SCORES, main): Limit the maximum number of scores only from limits imposed by the underyling platform, instead of the arbitrary value 200. (struct score_entry, main, read_score, write_score): Scores are now intmax_t, not long. (get_user_id): Reject user names containing spaces or newlines, as they would mess up the score file. Allow uids that don't fit in 'long'. Increase the size of the buffer, to avoid overrun in weird cases. (get_prefix, main): Use bool for boolean. (main): Rewrite expr to avoid possibility of signed integer overflow. Don't allow newlines in data, as this would mess up the score file. Check for memory allocation failure when adding the new score, or when unlockint the file. Implement -m. (read_score): Check for integer overflow when reading a score. (read_score) [!HAVE_GETDELIM]: Check for integer overflow when data gets very long. Check only for space to delimit names, since that's what's done in the HAVE_GETDELIM case. (read_scores): New parameter ALLOC. Change counts to ptrdiff_t. All uses changed. Use push_score to add individual scores; that's simpler than repeating its contents. (score_compare_reverse): Simplify. (push_score): New parameter SIZE. Change counts to ptrdiff_t. All uses changed. Check for integer overflow of size calculation. (sort_scores, write_scores): Change counts to ptrdiff_t. (unlock_file): Preserve errno on success, so that storage exhaustion is diagnosed correctly. Fixes: debbugs:16428
2014-01-19 08:50:53 +00:00
errno = ret < 0 ? unlink_errno : saved_errno;
2002-03-27 20:57:06 +00:00
return ret;
}
2003-09-01 15:45:59 +00:00
/* update-game-score.c ends here */