Merge remote-tracking branch 'whot/for-keith'

author: Keith Packard <keithp@keithp.com> 2014-01-22 11:33:53 -0800
committer: Keith Packard <keithp@keithp.com> 2014-01-22 11:33:53 -0800
commit: 25ebb9dbc9df659dec2bf6c27654a5bad2d11f94 (patch)
tree: 196d71c9136106382bc74302e4d3f88523812205 /os
parent: 409e8e29fbe16122ba5a4249256fc56e2e68ea93 (diff)
parent: 71baa466b1f6b02fe503f9a3089b7b9d61aa0f80 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/os/utils.c b/os/utils.c
index 6f83a089b..dc18a67b1 100644
--- a/os/utils.c
+++ b/os/utils.c
@@ -600,6 +600,10 @@ UseMsg(void)
 static int
 VerifyDisplayName(const char *d)
 {
+    int i;
+    int period_found = FALSE;
+    int after_period = 0;
+
     if (d == (char *) 0)
         return 0;               /*  null  */
     if (*d == '\0')
@@ -610,6 +614,29 @@ VerifyDisplayName(const char *d)
         return 0;               /*  must not equal "." or ".."  */
     if (strchr(d, '/') != (char *) 0)
         return 0;               /*  very important!!!  */
+
+    /* Since we run atoi() on the display later, only allow
+       for digits, or exception of :0.0 and similar (two decimal points max)
+       */
+    for (i = 0; i < strlen(d); i++) {
+        if (!isdigit(d[i])) {
+            if (d[i] != '.' || period_found)
+                return 0;
+            period_found = TRUE;
+        } else if (period_found)
+            after_period++;
+
+        if (after_period > 2)
+            return 0;
+    }
+
+    /* don't allow for :0. */
+    if (period_found && after_period == 0)
+        return 0;
+
+    if (atol(d) > INT_MAX)
+        return 0;
+
     return 1;
 }
author	Keith Packard <keithp@keithp.com>	2014-01-22 11:33:53 -0800
committer	Keith Packard <keithp@keithp.com>	2014-01-22 11:33:53 -0800
commit	25ebb9dbc9df659dec2bf6c27654a5bad2d11f94 (patch)
tree	196d71c9136106382bc74302e4d3f88523812205 /os
parent	409e8e29fbe16122ba5a4249256fc56e2e68ea93 (diff)
parent	71baa466b1f6b02fe503f9a3089b7b9d61aa0f80 (diff)