From f52740e7eaead1170e20f25c7da79a98da97d6ff Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Wed, 25 Apr 2012 15:43:56 +0000 Subject: [PATCH] Make sure we're paranoid about accidentally feeding a format string. Basic patch by Joachim Falk. Slightly improved before commit. git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4900 3789f03b-4d11-0410-bbf8-ca57d06f2519 --- vncviewer/CConn.cxx | 2 +- vncviewer/UserDialog.cxx | 10 ++++------ vncviewer/Viewport.cxx | 2 +- vncviewer/vncviewer.cxx | 28 +++++++++++----------------- 4 files changed, 17 insertions(+), 25 deletions(-) diff --git a/vncviewer/CConn.cxx b/vncviewer/CConn.cxx index fbd9a8ed..12ebbe49 100644 --- a/vncviewer/CConn.cxx +++ b/vncviewer/CConn.cxx @@ -100,7 +100,7 @@ CConn::CConn(const char* vncServerName) vlog.info(_("connected to host %s port %d"), serverHost, serverPort); } catch (rdr::Exception& e) { vlog.error(e.str()); - fl_alert(e.str()); + fl_alert("%s", e.str()); exit_vncviewer(); return; } diff --git a/vncviewer/UserDialog.cxx b/vncviewer/UserDialog.cxx index f36d8437..b57588de 100644 --- a/vncviewer/UserDialog.cxx +++ b/vncviewer/UserDialog.cxx @@ -150,22 +150,20 @@ bool UserDialog::showMsgBox(int flags, const char* title, const char* text) // FLTK doesn't give us a flexible choice of the icon, so we ignore those // bits for now. - // FIXME: Filter out % from input text - fl_message_title(title); switch (flags & 0xf) { case M_OKCANCEL: - return fl_choice(buffer, NULL, fl_ok, fl_cancel) == 1; + return fl_choice("%s", NULL, fl_ok, fl_cancel, buffer) == 1; case M_YESNO: - return fl_choice(buffer, NULL, fl_yes, fl_no) == 1; + return fl_choice("%s", NULL, fl_yes, fl_no, buffer) == 1; case M_OK: default: if (((flags & 0xf0) == M_ICONERROR) || ((flags & 0xf0) == M_ICONWARNING)) - fl_alert(buffer); + fl_alert("%s", buffer); else - fl_message(buffer); + fl_message("%s", buffer); return true; } diff --git a/vncviewer/Viewport.cxx b/vncviewer/Viewport.cxx index 768bc34e..1588f274 100644 --- a/vncviewer/Viewport.cxx +++ b/vncviewer/Viewport.cxx @@ -950,7 +950,7 @@ void Viewport::popupContextMenu() case ID_INFO: if (fltk_escape(cc->connectionInfo(), buffer, sizeof(buffer)) < sizeof(buffer)) { fl_message_title(_("VNC connection info")); - fl_message(buffer); + fl_message("%s", buffer); } break; case ID_ABOUT: diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx index ff325d13..47fd5516 100644 --- a/vncviewer/vncviewer.cxx +++ b/vncviewer/vncviewer.cxx @@ -69,7 +69,10 @@ using namespace network; using namespace rfb; using namespace std; -static char aboutText[1024]; +static const char aboutText[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n" + "%s\n" + "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n" + "See http://www.tigervnc.org for information on TigerVNC."); extern const char* buildTime; static bool exitMainloop = false; @@ -88,7 +91,8 @@ void exit_vncviewer(const char *error) void about_vncviewer() { fl_message_title(_("About TigerVNC Viewer")); - fl_message(aboutText); + fl_message(gettext(aboutText), (int)sizeof(size_t)*8, + PACKAGE_VERSION, __BUILD__, buildTime); } static void about_callback(Fl_Widget *widget, void *data) @@ -267,11 +271,6 @@ int main(int argc, char** argv) const char* vncServerName = NULL; UserDialog dlg; - const char englishAbout[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n" - "%s\n" - "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n" - "See http://www.tigervnc.org for information on TigerVNC."); - setlocale(LC_ALL, ""); bindtextdomain(PACKAGE_NAME, LOCALE_DIR); textdomain(PACKAGE_NAME); @@ -279,10 +278,10 @@ int main(int argc, char** argv) rfb::SecurityClient::setDefaults(); // Write about text to console, still using normal locale codeset - snprintf(aboutText, sizeof(aboutText), - gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION, - __BUILD__, buildTime); - fprintf(stderr,"\n%s\n", aboutText); + fprintf(stderr,"\n"); + fprintf(stderr, gettext(aboutText), (int)sizeof(size_t)*8, + PACKAGE_VERSION, __BUILD__, buildTime); + fprintf(stderr,"\n"); // Set gettext codeset to what our GUI toolkit uses. Since we are // passing strings from strerror/gai_strerror to the GUI, these must @@ -290,11 +289,6 @@ int main(int argc, char** argv) bind_textdomain_codeset(PACKAGE_NAME, "UTF-8"); bind_textdomain_codeset("libc", "UTF-8"); - // Re-create the aboutText for the GUI, now using GUI codeset - snprintf(aboutText, sizeof(aboutText), - gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION, - __BUILD__, buildTime); - rfb::initStdIOLoggers(); rfb::LogWriter::setLogParams("*:stderr:30"); @@ -376,7 +370,7 @@ int main(int argc, char** argv) delete cc; if (exitError != NULL) - fl_alert(exitError); + fl_alert("%s", exitError); return 0; } -- 2.39.5