diff --git a/source/blender/blenlib/intern/storage.c b/source/blender/blenlib/intern/storage.c index a6b91bf489d..1d46679cbf2 100644 --- a/source/blender/blenlib/intern/storage.c +++ b/source/blender/blenlib/intern/storage.c @@ -180,12 +180,15 @@ double BLI_diskfree(char *dir) return (double) (freec*bytesps*sectorspc); #else struct statfs disk; - char name[100],*slash; - - + char name[FILE_MAXDIR],*slash; + int len = strlen(dir); + + if (len >= FILE_MAXDIR) /* path too long */ + return -1; + strcpy(name,dir); - if(strlen(name)){ + if(len){ slash = strrchr(name,'/'); if (slash) slash[1] = 0; } else strcpy(name,"/"); diff --git a/source/blender/src/filesel.c b/source/blender/src/filesel.c index 1bdca25a88d..d304125ca9a 100644 --- a/source/blender/src/filesel.c +++ b/source/blender/src/filesel.c @@ -1039,7 +1039,7 @@ void drawfilespace(ScrArea *sa, void *spacedata) else loadbutton= 0; uiBlockBeginAlign(block); - uiDefBut(block, TEX, B_FS_DIRNAME,"", textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */ + uiDefBut(block, TEX, B_FS_DIRNAME,"", textrct.xmin + (strp?20:0), filebuty2, textrct.xmax-textrct.xmin-loadbutton - (strp?20:0), 21, sfile->dir, 0.0, (float)FILE_MAXDIR-1, 0, 0, "Directory, enter a directory and press enter to create it"); /* Directory input */ if(loadbutton) { uiSetCurFont(block, UI_HELV); uiDefBut(block, BUT, B_FS_LOAD, sfile->title, textrct.xmax-loadbutton, filebuty2, loadbutton, 21, sfile->dir, 0.0, (float)FILE_MAXFILE-1, 0, 0, ""); @@ -1833,12 +1833,20 @@ void winqreadfilespace(ScrArea *sa, void *spacedata, BWinEvent *evt) if(act>=0 && acttotfile) { if(S_ISDIR(sfile->filelist[act].type)) { - strcat(sfile->dir, sfile->filelist[act].relname); - strcat(sfile->dir,"/"); - BLI_cleanup_dir(G.sce, sfile->dir); - freefilelist(sfile); - sfile->ofs= 0; - do_draw= 1; + /* the path is too long and we are not going up! */ + if (strcmp(sfile->filelist[act].relname, ".") && + strcmp(sfile->filelist[act].relname, "..") && + strlen(sfile->dir) + strlen(sfile->filelist[act].relname) >= FILE_MAXDIR ) + { + error("Path too long, cannot enter this directory"); + } else { + strcat(sfile->dir, sfile->filelist[act].relname); + strcat(sfile->dir,"/"); + BLI_cleanup_dir(G.sce, sfile->dir); + freefilelist(sfile); + sfile->ofs= 0; + do_draw= 1; + } } else { if( strcmp(sfile->file, sfile->filelist[act].relname)) { diff --git a/source/blender/src/header_filesel.c b/source/blender/src/header_filesel.c index 8ef4ed9dc24..999fa2733af 100644 --- a/source/blender/src/header_filesel.c +++ b/source/blender/src/header_filesel.c @@ -188,7 +188,7 @@ void file_buttons(void) BIF_DrawString(G.font, naam, 0); } - + /* always do as last */ curarea->headbutlen= xco+2*XIC; } diff --git a/source/blender/src/usiblender.c b/source/blender/src/usiblender.c index 8f43742fe28..8b6cd987cf8 100644 --- a/source/blender/src/usiblender.c +++ b/source/blender/src/usiblender.c @@ -745,11 +745,17 @@ static void do_history(char *name) void BIF_write_file(char *target) { Library *li; - int writeflags; - char di[FILE_MAXDIR]; + int writeflags, len; + char di[FILE_MAX]; char *err; - if (BLI_streq(target, "")) return; + len = strlen(target); + + if (len == 0) return; + if (len >= FILE_MAX) { + error("Path too long, cannot save"); + return; + } /* send the OnSave event */ if (G.f & G_DOSCRIPTLINKS) BPY_do_pyscript(&G.scene->id, SCRIPT_ONSAVE); @@ -761,7 +767,7 @@ void BIF_write_file(char *target) } } - if (!BLO_has_bfile_extension(target)) { + if (!BLO_has_bfile_extension(target) && (len+6 < FILE_MAX)) { sprintf(di, "%s.blend", target); } else { strcpy(di, target);