summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Åstrand <astrand@cendio.se>2005-01-23 20:00:34 +0000
committerPeter Åstrand <astrand@cendio.se>2005-01-23 20:00:34 +0000
commit2dbbd38f8f63594dce29ee4836fadff91392ee59 (patch)
tree8822e7508ffb8ec5650b389aca564bd0d1dcd81f
parenteed0650df73d505377198602f644ff490ab86c4e (diff)
downloadtigervnc-2dbbd38f8f63594dce29ee4836fadff91392ee59.tar.gz
tigervnc-2dbbd38f8f63594dce29ee4836fadff91392ee59.zip
Corrected buffer overrun problem with aboutText. Also, replaced all sprintf()s in the UNIX version with snprintf(). This follows the recommendation on http://www.gotw.ca/publications/mill19.htm. Also, snprintf() is, in practice, required when using gettext. Note: since VC6 doesn't have snprintf, only require snprintf in UNIX-only code.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@107 3789f03b-4d11-0410-bbf8-ca57d06f2519
-rw-r--r--doc/requirements.txt2
-rw-r--r--vncviewer_unix/CConn.cxx14
-rw-r--r--vncviewer_unix/vncviewer.cxx15
3 files changed, 18 insertions, 13 deletions
diff --git a/doc/requirements.txt b/doc/requirements.txt
new file mode 100644
index 00000000..4957be3a
--- /dev/null
+++ b/doc/requirements.txt
@@ -0,0 +1,2 @@
+
+- The UNIX version requires snprintf().
diff --git a/vncviewer_unix/CConn.cxx b/vncviewer_unix/CConn.cxx
index 1c104601..cb084d1d 100644
--- a/vncviewer_unix/CConn.cxx
+++ b/vncviewer_unix/CConn.cxx
@@ -198,8 +198,9 @@ bool CConn::getUserPasswd(char** user, char** password)
const char* secType = secTypeName(getCurrentCSecurity()->getType());
const char* titlePrefix = "VNC Authentication";
- CharArray title(strlen(titlePrefix) + strlen(secType) + 4);
- sprintf(title.buf, "%s [%s]", titlePrefix, secType);
+ unsigned int titleLen = strlen(titlePrefix) + strlen(secType) + 4;
+ CharArray title(titleLen);
+ snprintf(title.buf, titleLen, "%s [%s]", titlePrefix, secType);
PasswdDialog dlg(dpy, title.buf, !user);
if (!dlg.show()) return false;
if (user)
@@ -345,8 +346,9 @@ void CConn::initMenu() {
menu.addEntry("Ctrl", ID_CTRL);
menu.addEntry("Alt", ID_ALT);
CharArray menuKeyStr(menuKey.getData());
- CharArray sendMenuKey(6+strlen(menuKeyStr.buf));
- sprintf(sendMenuKey.buf, "Send %s", menuKeyStr.buf);
+ unsigned int sendMenuKeyLen = 6+strlen(menuKeyStr.buf);
+ CharArray sendMenuKey(sendMenuKeyLen);
+ snprintf(sendMenuKey.buf, sendMenuKeyLen, "Send %s", menuKeyStr.buf);
menu.addEntry(sendMenuKey.buf, ID_F8);
menu.addEntry("Send Ctrl-Alt-Del", ID_CTRLALTDEL);
menu.addEntry(0, 0);
@@ -405,7 +407,7 @@ void CConn::menuSelect(long id, TXMenu* m) {
serverPF.print(spfStr, 100);
int secType = getCurrentCSecurity()->getType();
char infoText[1024];
- sprintf(infoText,
+ snprintf(infoText, sizeof(infoText),
"Desktop name: %.80s\n"
"Host: %.80s port: %d\n"
"Size: %d x %d\n"
@@ -592,7 +594,7 @@ void CConn::recreateViewport()
CharArray windowNameStr(windowName.getData());
if (!windowNameStr.buf[0]) {
windowNameStr.replaceBuf(new char[256]);
- sprintf(windowNameStr.buf,"VNC: %.240s",cp.name());
+ snprintf(windowNameStr.buf, 256, "VNC: %.240s", cp.name());
}
viewport->toplevel(windowNameStr.buf, this, argc, argv);
viewport->setBumpScroll(fullScreen);
diff --git a/vncviewer_unix/vncviewer.cxx b/vncviewer_unix/vncviewer.cxx
index 433ef83c..ca04bafe 100644
--- a/vncviewer_unix/vncviewer.cxx
+++ b/vncviewer_unix/vncviewer.cxx
@@ -112,7 +112,7 @@ IntParameter qualityLevel("QualityLevel",
"0 = Low, 9 = High",
6);
-char aboutText[256];
+char aboutText[1024];
char* programName;
extern char buildtime[];
@@ -176,12 +176,13 @@ static void usage()
int main(int argc, char** argv)
{
- sprintf(aboutText, "TightVNC viewer for X version 4.0 - built %s\n"
- "Copyright (C) 2002-2004 RealVNC Ltd.\n"
- "Copyright (C) 2000-2004 Constantin Kaplinsky.\n"
- "Copyright (C) 2004 Peter Astrand, Cendio AB\n"
- "See http://www.tightvnc.com for information on TightVNC.",
- buildtime);
+ snprintf(aboutText, sizeof(aboutText),
+ "TightVNC viewer for X version 4.0 - built %s\n"
+ "Copyright (C) 2002-2004 RealVNC Ltd.\n"
+ "Copyright (C) 2000-2004 Constantin Kaplinsky.\n"
+ "Copyright (C) 2004 Peter Astrand, Cendio AB\n"
+ "See http://www.tightvnc.com for information on TightVNC.",
+ buildtime);
fprintf(stderr,"\n%s\n", aboutText);
rfb::initStdIOLoggers();