diff options
author | Pierre Ossman <ossman@cendio.se> | 2023-01-15 14:41:47 +0100 |
---|---|---|
committer | Pierre Ossman <ossman@cendio.se> | 2023-02-04 14:03:13 +0100 |
commit | d608a30d576ed74f7dc7374c1f00d2303fee27f6 (patch) | |
tree | a6637dee5800ee1f9af6331d3df02d84afe45d9a /common/rfb | |
parent | ef8c84eb752e1b59ef824cedeb156b2d64fefe37 (diff) | |
download | tigervnc-d608a30d576ed74f7dc7374c1f00d2303fee27f6.tar.gz tigervnc-d608a30d576ed74f7dc7374c1f00d2303fee27f6.zip |
Use fixed size character buffer
We know the needed space here, so let's keep it simple with a constant
size string buffer.
Diffstat (limited to 'common/rfb')
-rw-r--r-- | common/rfb/Logger_file.cxx | 35 | ||||
-rw-r--r-- | common/rfb/Logger_file.h | 4 | ||||
-rw-r--r-- | common/rfb/SSecurityPlain.cxx | 22 | ||||
-rw-r--r-- | common/rfb/SSecurityPlain.h | 8 | ||||
-rw-r--r-- | common/rfb/SSecurityRSAAES.cxx | 22 | ||||
-rw-r--r-- | common/rfb/SSecurityRSAAES.h | 4 |
6 files changed, 43 insertions, 52 deletions
diff --git a/common/rfb/Logger_file.cxx b/common/rfb/Logger_file.cxx index 684614cc..9859eb04 100644 --- a/common/rfb/Logger_file.cxx +++ b/common/rfb/Logger_file.cxx @@ -22,20 +22,21 @@ #include <config.h> #endif +#include <limits.h> #include <stdlib.h> #include <string.h> #include <os/Mutex.h> -#include <rfb/util.h> #include <rfb/Logger_file.h> using namespace rfb; Logger_File::Logger_File(const char* loggerName) - : Logger(loggerName), indent(13), width(79), m_filename(0), m_file(0), + : Logger(loggerName), indent(13), width(79), m_file(0), m_lastLogTime(0) { + m_filename[0] = '\0'; mutex = new os::Mutex(); } @@ -50,11 +51,16 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message) os::AutoMutex a(mutex); if (!m_file) { - if (!m_filename) return; - CharArray bakFilename(strlen(m_filename) + 1 + 4); - sprintf(bakFilename.buf, "%s.bak", m_filename); - remove(bakFilename.buf); - rename(m_filename, bakFilename.buf); + if (m_filename[0] == '\0') + return; + char bakFilename[PATH_MAX]; + if (snprintf(bakFilename, sizeof(bakFilename), + "%s.bak", m_filename) >= (int)sizeof(bakFilename)) { + remove(m_filename); + } else { + remove(bakFilename); + rename(m_filename, bakFilename); + } m_file = fopen(m_filename, "w+"); if (!m_file) return; } @@ -93,7 +99,10 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message) void Logger_File::setFilename(const char* filename) { closeFile(); - m_filename = strDup(filename); + m_filename[0] = '\0'; + if (strlen(filename) >= sizeof(filename)) + return; + strcpy(m_filename, filename); } void Logger_File::setFile(FILE* file) @@ -104,13 +113,9 @@ void Logger_File::setFile(FILE* file) void Logger_File::closeFile() { - if (m_filename) { - if (m_file) { - fclose(m_file); - m_file = 0; - } - strFree(m_filename); - m_filename = 0; + if (m_file) { + fclose(m_file); + m_file = 0; } } diff --git a/common/rfb/Logger_file.h b/common/rfb/Logger_file.h index 5b5c34e1..4542d23c 100644 --- a/common/rfb/Logger_file.h +++ b/common/rfb/Logger_file.h @@ -22,6 +22,8 @@ #define __RFB_LOGGER_FILE_H__ #include <time.h> +#include <limits.h> + #include <rfb/Logger.h> namespace os { class Mutex; } @@ -42,7 +44,7 @@ namespace rfb { protected: void closeFile(); - char* m_filename; + char m_filename[PATH_MAX]; FILE* m_file; time_t m_lastLogTime; os::Mutex* mutex; diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx index 6f65e87a..ab3a2391 100644 --- a/common/rfb/SSecurityPlain.cxx +++ b/common/rfb/SSecurityPlain.cxx @@ -80,9 +80,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc) : SSecurity(sc) bool SSecurityPlain::processMsg() { rdr::InStream* is = sc->getInStream(); - char* pw; - char *uname; - CharArray password; + char password[1024]; if (!valid) throw AuthFailureException("No password validator configured"); @@ -92,11 +90,11 @@ bool SSecurityPlain::processMsg() return false; ulen = is->readU32(); - if (ulen > MaxSaneUsernameLength) + if (ulen >= sizeof(username)) throw AuthFailureException("Too long username"); plen = is->readU32(); - if (plen > MaxSanePasswordLength) + if (plen >= sizeof(password)) throw AuthFailureException("Too long password"); state = 1; @@ -106,16 +104,12 @@ bool SSecurityPlain::processMsg() if (!is->hasData(ulen + plen)) return false; state = 2; - pw = new char[plen + 1]; - uname = new char[ulen + 1]; - username.replaceBuf(uname); - password.replaceBuf(pw); - is->readBytes(uname, ulen); - is->readBytes(pw, plen); - pw[plen] = 0; - uname[ulen] = 0; + is->readBytes(username, ulen); + is->readBytes(password, plen); + password[plen] = 0; + username[ulen] = 0; plen = 0; - if (!valid->validate(sc, uname, pw)) + if (!valid->validate(sc, username, password)) throw AuthFailureException("invalid password or username"); } diff --git a/common/rfb/SSecurityPlain.h b/common/rfb/SSecurityPlain.h index 1a81adda..4ca72781 100644 --- a/common/rfb/SSecurityPlain.h +++ b/common/rfb/SSecurityPlain.h @@ -23,7 +23,6 @@ #include <rfb/SConnection.h> #include <rfb/SSecurity.h> #include <rfb/SSecurityVeNCrypt.h> -#include <rfb/util.h> #include <rfb/Configuration.h> namespace rfb { @@ -46,17 +45,14 @@ namespace rfb { SSecurityPlain(SConnection* sc); virtual bool processMsg(); virtual int getType() const { return secTypePlain; }; - virtual const char* getUserName() const { return username.buf; } + virtual const char* getUserName() const { return username; } virtual ~SSecurityPlain() { } private: PasswordValidator* valid; unsigned int ulen, plen, state; - CharArray username; - - static const unsigned int MaxSaneUsernameLength = 1024; - static const unsigned int MaxSanePasswordLength = 1024; + char username[1024]; }; } diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx index d013717c..4cca7d6d 100644 --- a/common/rfb/SSecurityRSAAES.cxx +++ b/common/rfb/SSecurityRSAAES.cxx @@ -539,19 +539,13 @@ bool SSecurityRSAAES::readCredentials() uint8_t lenUsername = rais->readU8(); if (!rais->hasDataOrRestore(lenUsername + 1)) return false; - if (!username.buf) { - username.replaceBuf(new char[lenUsername + 1]); - rais->readBytes(username.buf, lenUsername); - username.buf[lenUsername] = 0; - } else { - rais->skip(lenUsername); - } + rais->readBytes(username, lenUsername); + username[lenUsername] = 0; uint8_t lenPassword = rais->readU8(); if (!rais->hasDataOrRestore(lenPassword)) return false; - password.replaceBuf(new char[lenPassword + 1]); - rais->readBytes(password.buf, lenPassword); - password.buf[lenPassword] = 0; + rais->readBytes(password, lenPassword); + password[lenPassword] = 0; rais->clearRestorePoint(); return true; } @@ -564,7 +558,7 @@ void SSecurityRSAAES::verifyUserPass() #elif !defined(__APPLE__) UnixPasswordValidator *valid = new UnixPasswordValidator(); #endif - if (!valid->validate(sc, username.buf, password.buf)) { + if (!valid->validate(sc, username, password)) { delete valid; throw AuthFailureException("invalid password or username"); } @@ -583,12 +577,12 @@ void SSecurityRSAAES::verifyPass() if (!passwd.buf) throw AuthFailureException("No password configured for VNC Auth"); - if (strcmp(password.buf, passwd.buf) == 0) { + if (strcmp(password, passwd.buf) == 0) { accessRights = SConnection::AccessDefault; return; } - if (passwdReadOnly.buf && strcmp(password.buf, passwdReadOnly.buf) == 0) { + if (passwdReadOnly.buf && strcmp(password, passwdReadOnly.buf) == 0) { accessRights = SConnection::AccessView; return; } @@ -598,5 +592,5 @@ void SSecurityRSAAES::verifyPass() const char* SSecurityRSAAES::getUserName() const { - return username.buf; + return username; } diff --git a/common/rfb/SSecurityRSAAES.h b/common/rfb/SSecurityRSAAES.h index 9ff76296..eaeb13a1 100644 --- a/common/rfb/SSecurityRSAAES.h +++ b/common/rfb/SSecurityRSAAES.h @@ -80,8 +80,8 @@ namespace rfb { uint8_t serverRandom[32]; uint8_t clientRandom[32]; - CharArray username; - CharArray password; + char username[256]; + char password[256]; SConnection::AccessRights accessRights; rdr::InStream* rais; |