From: Kevin Day <thekevinday@gmail.com>
Date: Fri, 30 Aug 2019 01:53:34 +0000 (-0500)
Subject: Security: safely print f_dynamic_string
X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=37b91e7224e2635275dea4dafe25a4c7a9b89493;p=fll

Security: safely print f_dynamic_string

The f_dynamic_string is not NULL terminated and should never be directly passed to a function that assumes strings are NULL terminated.
---

diff --git a/level_1/fl_colors/c/colors.c b/level_1/fl_colors/c/colors.c
index 64e7524d5..1fef707c8 100644
--- a/level_1/fl_colors/c/colors.c
+++ b/level_1/fl_colors/c/colors.c
@@ -123,7 +123,9 @@ extern "C"{
     #endif // _di_level_1_parameter_checking_
 
     if (start_color.used != 0) {
-      fprintf(file, "%s", start_color.string);
+      f_status status = f_print_dynamic_string(file, start_color);
+
+      if (f_error_is_error(status)) return status;
     }
 
     va_list ap;
@@ -135,7 +137,9 @@ extern "C"{
     va_end(ap);
 
     if (end_color.used != 0) {
-      fprintf(file, "%s", end_color.string);
+      f_status status = f_print_dynamic_string(file, end_color);
+
+      if (f_error_is_error(status)) return status;
     }
 
     return f_none;
@@ -150,7 +154,9 @@ extern "C"{
     #endif // _di_level_1_parameter_checking_
 
     if (start_color.used != 0) {
-      fprintf(file, "%s", start_color.string);
+      f_status status = f_print_dynamic_string(file, start_color);
+
+      if (f_error_is_error(status)) return status;
     }
 
     va_list ap;
@@ -162,7 +168,9 @@ extern "C"{
     va_end(ap);
 
     if (end_color.used != 0) {
-      fprintf(file, "%s", end_color.string);
+      f_status status = f_print_dynamic_string(file, end_color);
+
+      if (f_error_is_error(status)) return status;
     }
 
     // now print the trailing newline, this is done _after_ ending the colors to avoid color wrapping issues that can happen when a color code follows a newline
@@ -175,7 +183,9 @@ extern "C"{
 #ifndef _di_fl_print_color_code_
   f_return_status fl_print_color_code(f_file_type file, const f_dynamic_string color) {
     if (color.used != 0) {
-      fprintf(file, "%s", color.string);
+      f_status status = f_print_dynamic_string(file, color);
+
+      if (f_error_is_error(status)) return status;
     }
 
     return f_none;
diff --git a/level_1/fl_colors/c/colors.h b/level_1/fl_colors/c/colors.h
index bcd36358c..bdf0754da 100644
--- a/level_1/fl_colors/c/colors.h
+++ b/level_1/fl_colors/c/colors.h
@@ -21,6 +21,7 @@
 #include <level_0/strings.h>
 #include <level_0/file.h>
 #include <level_0/colors.h>
+#include <level_0/print.h>
 
 #ifdef __cplusplus
 extern "C"{
diff --git a/level_1/fl_colors/data/build/dependencies b/level_1/fl_colors/data/build/dependencies
index 13e33761f..b24ed89bb 100644
--- a/level_1/fl_colors/data/build/dependencies
+++ b/level_1/fl_colors/data/build/dependencies
@@ -4,3 +4,4 @@ f_strings
 f_colors
 f_file
 f_memory
+f_print
diff --git a/level_1/fl_colors/data/build/settings b/level_1/fl_colors/data/build/settings
index e236478be..93cf48122 100644
--- a/level_1/fl_colors/data/build/settings
+++ b/level_1/fl_colors/data/build/settings
@@ -10,7 +10,7 @@ version_micro 3
 build_compiler gcc
 build_linker ar
 build_libraries -lc
-build_libraries_fll -lf_memory -lf_file
+build_libraries_fll -lf_memory -lf_file -lf_print
 build_sources_library colors.c
 build_sources_program
 build_sources_headers colors.h