Update file_basename implementation to handle really long filenames (Issue #532)

michaelrsweet · michaelrsweet · commit 6fb16b8f3cdc · 2024-11-21T13:07:38.000-05:00
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,5 +1,6 @@
 # Changes in HTMLDOC v1.9.19
 
+- Security: Fixed an issue with the `file_basename` implementation (Issue #532)
 - Updated HTML and header/footer code to use a string pool to simplify memory
   management and fix potential double-free bugs.
 - Updated configure script to look for zlib with pkg-config (Issue #519)
diff --git a/htmldoc/file.c b/htmldoc/file.c
@@ -1,7 +1,7 @@
 /*
  * Filename routines for HTMLDOC, a HTML document processing program.
  *
- * Copyright © 2011-2023 by Michael R Sweet.
+ * Copyright © 2011-2024 by Michael R Sweet.
  * Copyright © 1997-2010 by Easy Software Products.  All rights reserved.
  *
  * This program is free software.  Distribution and use rights are outlined in
@@ -89,23 +89,23 @@ file_basename(const char *s)	/* I - Filename or URL */
   if (s == NULL)
     return (NULL);
 
-  if ((basename = strrchr(s, '/')) != NULL)
-    basename ++;
-  else if ((basename = strrchr(s, '\\')) != NULL)
-    basename ++;
-  else
-    basename = (char *)s;
-
-  if (basename[0] == '#')
-    return (NULL);
+  if (strchr(s, '#') != NULL)
+  {
+    char	*bufptr;	// Pointer into buffer
 
-  if (strchr(basename, '#') == NULL)
-    return (basename);
+    strlcpy(buf, s, sizeof(buf));
+    s = buf;
 
-  strlcpy(buf, basename, sizeof(buf));
-  *(char *)strchr(buf, '#') = '\0';
+    if ((bufptr = strchr(buf, '#')) != NULL)
+      *bufptr = '\0';
+  }
 
-  return (buf);
+  if ((basename = strrchr(s, '/')) != NULL)
+    return (basename + 1);
+  else if ((basename = strrchr(s, '\\')) != NULL)
+    return (basename + 1);
+  else
+    return (s);
 }
 
 
