aboutsummaryrefslogtreecommitdiffstats
path: root/common/rfb
diff options
context:
space:
mode:
authorPierre Ossman <ossman@cendio.se>2023-01-15 14:41:47 +0100
committerPierre Ossman <ossman@cendio.se>2023-02-04 14:03:13 +0100
commitd608a30d576ed74f7dc7374c1f00d2303fee27f6 (patch)
treea6637dee5800ee1f9af6331d3df02d84afe45d9a /common/rfb
parentef8c84eb752e1b59ef824cedeb156b2d64fefe37 (diff)
downloadtigervnc-d608a30d576ed74f7dc7374c1f00d2303fee27f6.tar.gz
tigervnc-d608a30d576ed74f7dc7374c1f00d2303fee27f6.zip
Use fixed size character buffer
We know the needed space here, so let's keep it simple with a constant size string buffer.
Diffstat (limited to 'common/rfb')
-rw-r--r--common/rfb/Logger_file.cxx35
-rw-r--r--common/rfb/Logger_file.h4
-rw-r--r--common/rfb/SSecurityPlain.cxx22
-rw-r--r--common/rfb/SSecurityPlain.h8
-rw-r--r--common/rfb/SSecurityRSAAES.cxx22
-rw-r--r--common/rfb/SSecurityRSAAES.h4
6 files changed, 43 insertions, 52 deletions
diff --git a/common/rfb/Logger_file.cxx b/common/rfb/Logger_file.cxx
index 684614cc..9859eb04 100644
--- a/common/rfb/Logger_file.cxx
+++ b/common/rfb/Logger_file.cxx
@@ -22,20 +22,21 @@
#include <config.h>
#endif
+#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <os/Mutex.h>
-#include <rfb/util.h>
#include <rfb/Logger_file.h>
using namespace rfb;
Logger_File::Logger_File(const char* loggerName)
- : Logger(loggerName), indent(13), width(79), m_filename(0), m_file(0),
+ : Logger(loggerName), indent(13), width(79), m_file(0),
m_lastLogTime(0)
{
+ m_filename[0] = '\0';
mutex = new os::Mutex();
}
@@ -50,11 +51,16 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message)
os::AutoMutex a(mutex);
if (!m_file) {
- if (!m_filename) return;
- CharArray bakFilename(strlen(m_filename) + 1 + 4);
- sprintf(bakFilename.buf, "%s.bak", m_filename);
- remove(bakFilename.buf);
- rename(m_filename, bakFilename.buf);
+ if (m_filename[0] == '\0')
+ return;
+ char bakFilename[PATH_MAX];
+ if (snprintf(bakFilename, sizeof(bakFilename),
+ "%s.bak", m_filename) >= (int)sizeof(bakFilename)) {
+ remove(m_filename);
+ } else {
+ remove(bakFilename);
+ rename(m_filename, bakFilename);
+ }
m_file = fopen(m_filename, "w+");
if (!m_file) return;
}
@@ -93,7 +99,10 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message)
void Logger_File::setFilename(const char* filename)
{
closeFile();
- m_filename = strDup(filename);
+ m_filename[0] = '\0';
+ if (strlen(filename) >= sizeof(filename))
+ return;
+ strcpy(m_filename, filename);
}
void Logger_File::setFile(FILE* file)
@@ -104,13 +113,9 @@ void Logger_File::setFile(FILE* file)
void Logger_File::closeFile()
{
- if (m_filename) {
- if (m_file) {
- fclose(m_file);
- m_file = 0;
- }
- strFree(m_filename);
- m_filename = 0;
+ if (m_file) {
+ fclose(m_file);
+ m_file = 0;
}
}
diff --git a/common/rfb/Logger_file.h b/common/rfb/Logger_file.h
index 5b5c34e1..4542d23c 100644
--- a/common/rfb/Logger_file.h
+++ b/common/rfb/Logger_file.h
@@ -22,6 +22,8 @@
#define __RFB_LOGGER_FILE_H__
#include <time.h>
+#include <limits.h>
+
#include <rfb/Logger.h>
namespace os { class Mutex; }
@@ -42,7 +44,7 @@ namespace rfb {
protected:
void closeFile();
- char* m_filename;
+ char m_filename[PATH_MAX];
FILE* m_file;
time_t m_lastLogTime;
os::Mutex* mutex;
diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx
index 6f65e87a..ab3a2391 100644
--- a/common/rfb/SSecurityPlain.cxx
+++ b/common/rfb/SSecurityPlain.cxx
@@ -80,9 +80,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc) : SSecurity(sc)
bool SSecurityPlain::processMsg()
{
rdr::InStream* is = sc->getInStream();
- char* pw;
- char *uname;
- CharArray password;
+ char password[1024];
if (!valid)
throw AuthFailureException("No password validator configured");
@@ -92,11 +90,11 @@ bool SSecurityPlain::processMsg()
return false;
ulen = is->readU32();
- if (ulen > MaxSaneUsernameLength)
+ if (ulen >= sizeof(username))
throw AuthFailureException("Too long username");
plen = is->readU32();
- if (plen > MaxSanePasswordLength)
+ if (plen >= sizeof(password))
throw AuthFailureException("Too long password");
state = 1;
@@ -106,16 +104,12 @@ bool SSecurityPlain::processMsg()
if (!is->hasData(ulen + plen))
return false;
state = 2;
- pw = new char[plen + 1];
- uname = new char[ulen + 1];
- username.replaceBuf(uname);
- password.replaceBuf(pw);
- is->readBytes(uname, ulen);
- is->readBytes(pw, plen);
- pw[plen] = 0;
- uname[ulen] = 0;
+ is->readBytes(username, ulen);
+ is->readBytes(password, plen);
+ password[plen] = 0;
+ username[ulen] = 0;
plen = 0;
- if (!valid->validate(sc, uname, pw))
+ if (!valid->validate(sc, username, password))
throw AuthFailureException("invalid password or username");
}
diff --git a/common/rfb/SSecurityPlain.h b/common/rfb/SSecurityPlain.h
index 1a81adda..4ca72781 100644
--- a/common/rfb/SSecurityPlain.h
+++ b/common/rfb/SSecurityPlain.h
@@ -23,7 +23,6 @@
#include <rfb/SConnection.h>
#include <rfb/SSecurity.h>
#include <rfb/SSecurityVeNCrypt.h>
-#include <rfb/util.h>
#include <rfb/Configuration.h>
namespace rfb {
@@ -46,17 +45,14 @@ namespace rfb {
SSecurityPlain(SConnection* sc);
virtual bool processMsg();
virtual int getType() const { return secTypePlain; };
- virtual const char* getUserName() const { return username.buf; }
+ virtual const char* getUserName() const { return username; }
virtual ~SSecurityPlain() { }
private:
PasswordValidator* valid;
unsigned int ulen, plen, state;
- CharArray username;
-
- static const unsigned int MaxSaneUsernameLength = 1024;
- static const unsigned int MaxSanePasswordLength = 1024;
+ char username[1024];
};
}
diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx
index d013717c..4cca7d6d 100644
--- a/common/rfb/SSecurityRSAAES.cxx
+++ b/common/rfb/SSecurityRSAAES.cxx
@@ -539,19 +539,13 @@ bool SSecurityRSAAES::readCredentials()
uint8_t lenUsername = rais->readU8();
if (!rais->hasDataOrRestore(lenUsername + 1))
return false;
- if (!username.buf) {
- username.replaceBuf(new char[lenUsername + 1]);
- rais->readBytes(username.buf, lenUsername);
- username.buf[lenUsername] = 0;
- } else {
- rais->skip(lenUsername);
- }
+ rais->readBytes(username, lenUsername);
+ username[lenUsername] = 0;
uint8_t lenPassword = rais->readU8();
if (!rais->hasDataOrRestore(lenPassword))
return false;
- password.replaceBuf(new char[lenPassword + 1]);
- rais->readBytes(password.buf, lenPassword);
- password.buf[lenPassword] = 0;
+ rais->readBytes(password, lenPassword);
+ password[lenPassword] = 0;
rais->clearRestorePoint();
return true;
}
@@ -564,7 +558,7 @@ void SSecurityRSAAES::verifyUserPass()
#elif !defined(__APPLE__)
UnixPasswordValidator *valid = new UnixPasswordValidator();
#endif
- if (!valid->validate(sc, username.buf, password.buf)) {
+ if (!valid->validate(sc, username, password)) {
delete valid;
throw AuthFailureException("invalid password or username");
}
@@ -583,12 +577,12 @@ void SSecurityRSAAES::verifyPass()
if (!passwd.buf)
throw AuthFailureException("No password configured for VNC Auth");
- if (strcmp(password.buf, passwd.buf) == 0) {
+ if (strcmp(password, passwd.buf) == 0) {
accessRights = SConnection::AccessDefault;
return;
}
- if (passwdReadOnly.buf && strcmp(password.buf, passwdReadOnly.buf) == 0) {
+ if (passwdReadOnly.buf && strcmp(password, passwdReadOnly.buf) == 0) {
accessRights = SConnection::AccessView;
return;
}
@@ -598,5 +592,5 @@ void SSecurityRSAAES::verifyPass()
const char* SSecurityRSAAES::getUserName() const
{
- return username.buf;
+ return username;
}
diff --git a/common/rfb/SSecurityRSAAES.h b/common/rfb/SSecurityRSAAES.h
index 9ff76296..eaeb13a1 100644
--- a/common/rfb/SSecurityRSAAES.h
+++ b/common/rfb/SSecurityRSAAES.h
@@ -80,8 +80,8 @@ namespace rfb {
uint8_t serverRandom[32];
uint8_t clientRandom[32];
- CharArray username;
- CharArray password;
+ char username[256];
+ char password[256];
SConnection::AccessRights accessRights;
rdr::InStream* rais;