diff options
author | Peter Åstrand <astrand@cendio.se> | 2005-01-23 20:00:34 +0000 |
---|---|---|
committer | Peter Åstrand <astrand@cendio.se> | 2005-01-23 20:00:34 +0000 |
commit | 2dbbd38f8f63594dce29ee4836fadff91392ee59 (patch) | |
tree | 8822e7508ffb8ec5650b389aca564bd0d1dcd81f | |
parent | eed0650df73d505377198602f644ff490ab86c4e (diff) | |
download | tigervnc-2dbbd38f8f63594dce29ee4836fadff91392ee59.tar.gz tigervnc-2dbbd38f8f63594dce29ee4836fadff91392ee59.zip |
Corrected buffer overrun problem with aboutText. Also, replaced all sprintf()s in the UNIX version with snprintf(). This follows the recommendation on http://www.gotw.ca/publications/mill19.htm. Also, snprintf() is, in practice, required when using gettext. Note: since VC6 doesn't have snprintf, only require snprintf in UNIX-only code.
git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@107 3789f03b-4d11-0410-bbf8-ca57d06f2519
-rw-r--r-- | doc/requirements.txt | 2 | ||||
-rw-r--r-- | vncviewer_unix/CConn.cxx | 14 | ||||
-rw-r--r-- | vncviewer_unix/vncviewer.cxx | 15 |
3 files changed, 18 insertions, 13 deletions
diff --git a/doc/requirements.txt b/doc/requirements.txt new file mode 100644 index 00000000..4957be3a --- /dev/null +++ b/doc/requirements.txt @@ -0,0 +1,2 @@ + +- The UNIX version requires snprintf(). diff --git a/vncviewer_unix/CConn.cxx b/vncviewer_unix/CConn.cxx index 1c104601..cb084d1d 100644 --- a/vncviewer_unix/CConn.cxx +++ b/vncviewer_unix/CConn.cxx @@ -198,8 +198,9 @@ bool CConn::getUserPasswd(char** user, char** password) const char* secType = secTypeName(getCurrentCSecurity()->getType()); const char* titlePrefix = "VNC Authentication"; - CharArray title(strlen(titlePrefix) + strlen(secType) + 4); - sprintf(title.buf, "%s [%s]", titlePrefix, secType); + unsigned int titleLen = strlen(titlePrefix) + strlen(secType) + 4; + CharArray title(titleLen); + snprintf(title.buf, titleLen, "%s [%s]", titlePrefix, secType); PasswdDialog dlg(dpy, title.buf, !user); if (!dlg.show()) return false; if (user) @@ -345,8 +346,9 @@ void CConn::initMenu() { menu.addEntry("Ctrl", ID_CTRL); menu.addEntry("Alt", ID_ALT); CharArray menuKeyStr(menuKey.getData()); - CharArray sendMenuKey(6+strlen(menuKeyStr.buf)); - sprintf(sendMenuKey.buf, "Send %s", menuKeyStr.buf); + unsigned int sendMenuKeyLen = 6+strlen(menuKeyStr.buf); + CharArray sendMenuKey(sendMenuKeyLen); + snprintf(sendMenuKey.buf, sendMenuKeyLen, "Send %s", menuKeyStr.buf); menu.addEntry(sendMenuKey.buf, ID_F8); menu.addEntry("Send Ctrl-Alt-Del", ID_CTRLALTDEL); menu.addEntry(0, 0); @@ -405,7 +407,7 @@ void CConn::menuSelect(long id, TXMenu* m) { serverPF.print(spfStr, 100); int secType = getCurrentCSecurity()->getType(); char infoText[1024]; - sprintf(infoText, + snprintf(infoText, sizeof(infoText), "Desktop name: %.80s\n" "Host: %.80s port: %d\n" "Size: %d x %d\n" @@ -592,7 +594,7 @@ void CConn::recreateViewport() CharArray windowNameStr(windowName.getData()); if (!windowNameStr.buf[0]) { windowNameStr.replaceBuf(new char[256]); - sprintf(windowNameStr.buf,"VNC: %.240s",cp.name()); + snprintf(windowNameStr.buf, 256, "VNC: %.240s", cp.name()); } viewport->toplevel(windowNameStr.buf, this, argc, argv); viewport->setBumpScroll(fullScreen); diff --git a/vncviewer_unix/vncviewer.cxx b/vncviewer_unix/vncviewer.cxx index 433ef83c..ca04bafe 100644 --- a/vncviewer_unix/vncviewer.cxx +++ b/vncviewer_unix/vncviewer.cxx @@ -112,7 +112,7 @@ IntParameter qualityLevel("QualityLevel", "0 = Low, 9 = High", 6); -char aboutText[256]; +char aboutText[1024]; char* programName; extern char buildtime[]; @@ -176,12 +176,13 @@ static void usage() int main(int argc, char** argv) { - sprintf(aboutText, "TightVNC viewer for X version 4.0 - built %s\n" - "Copyright (C) 2002-2004 RealVNC Ltd.\n" - "Copyright (C) 2000-2004 Constantin Kaplinsky.\n" - "Copyright (C) 2004 Peter Astrand, Cendio AB\n" - "See http://www.tightvnc.com for information on TightVNC.", - buildtime); + snprintf(aboutText, sizeof(aboutText), + "TightVNC viewer for X version 4.0 - built %s\n" + "Copyright (C) 2002-2004 RealVNC Ltd.\n" + "Copyright (C) 2000-2004 Constantin Kaplinsky.\n" + "Copyright (C) 2004 Peter Astrand, Cendio AB\n" + "See http://www.tightvnc.com for information on TightVNC.", + buildtime); fprintf(stderr,"\n%s\n", aboutText); rfb::initStdIOLoggers(); |