Make sure we're paranoid about accidentally feeding a format string.

Basic patch by Joachim Falk. Slightly improved before commit.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@4900 3789f03b-4d11-0410-bbf8-ca57d06f2519

4 files changed, 17 insertions, 25 deletions

diff --git a/vncviewer/CConn.cxx b/vncviewer/CConn.cxx
index fbd9a8ed..12ebbe49 100644
--- a/vncviewer/CConn.cxx
+++ b/vncviewer/CConn.cxx
@@ -100,7 +100,7 @@ CConn::CConn(const char* vncServerName)
     vlog.info(_("connected to host %s port %d"), serverHost, serverPort);
   } catch (rdr::Exception& e) {
     vlog.error(e.str());
-    fl_alert(e.str());
+    fl_alert("%s", e.str());
     exit_vncviewer();
     return;
   }
diff --git a/vncviewer/UserDialog.cxx b/vncviewer/UserDialog.cxx
index f36d8437..b57588de 100644
--- a/vncviewer/UserDialog.cxx
+++ b/vncviewer/UserDialog.cxx
@@ -150,22 +150,20 @@ bool UserDialog::showMsgBox(int flags, const char* title, const char* text)
   // FLTK doesn't give us a flexible choice of the icon, so we ignore those
   // bits for now.
 
-  // FIXME: Filter out % from input text
-
   fl_message_title(title);
 
   switch (flags & 0xf) {
   case M_OKCANCEL:
-    return fl_choice(buffer, NULL, fl_ok, fl_cancel) == 1;
+    return fl_choice("%s", NULL, fl_ok, fl_cancel, buffer) == 1;
   case M_YESNO:
-    return fl_choice(buffer, NULL, fl_yes, fl_no) == 1;
+    return fl_choice("%s", NULL, fl_yes, fl_no, buffer) == 1;
   case M_OK:
   default:
     if (((flags & 0xf0) == M_ICONERROR) ||
         ((flags & 0xf0) == M_ICONWARNING))
-      fl_alert(buffer);
+      fl_alert("%s", buffer);
     else
-      fl_message(buffer);
+      fl_message("%s", buffer);
     return true;
   }
 
diff --git a/vncviewer/Viewport.cxx b/vncviewer/Viewport.cxx
index 768bc34e..1588f274 100644
--- a/vncviewer/Viewport.cxx
+++ b/vncviewer/Viewport.cxx
@@ -950,7 +950,7 @@ void Viewport::popupContextMenu()
   case ID_INFO:
     if (fltk_escape(cc->connectionInfo(), buffer, sizeof(buffer)) < sizeof(buffer)) {
       fl_message_title(_("VNC connection info"));
-      fl_message(buffer);
+      fl_message("%s", buffer);
     }
     break;
   case ID_ABOUT:
diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx
index ff325d13..47fd5516 100644
--- a/vncviewer/vncviewer.cxx
+++ b/vncviewer/vncviewer.cxx
@@ -69,7 +69,10 @@ using namespace network;
 using namespace rfb;
 using namespace std;
 
-static char aboutText[1024];
+static const char aboutText[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
+                                   "%s\n"
+                                   "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n"
+                                   "See http://www.tigervnc.org for information on TigerVNC.");
 extern const char* buildTime;
 
 static bool exitMainloop = false;
@@ -88,7 +91,8 @@ void exit_vncviewer(const char *error)
 void about_vncviewer()
 {
   fl_message_title(_("About TigerVNC Viewer"));
-  fl_message(aboutText);
+  fl_message(gettext(aboutText), (int)sizeof(size_t)*8,
+             PACKAGE_VERSION, __BUILD__, buildTime);
 }
 
 static void about_callback(Fl_Widget *widget, void *data)
@@ -267,11 +271,6 @@ int main(int argc, char** argv)
   const char* vncServerName = NULL;
   UserDialog dlg;
 
-  const char englishAbout[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
-                                 "%s\n"
-                                 "Copyright (C) 1999-2011 TigerVNC Team and many others (see README.txt)\n"
-                                 "See http://www.tigervnc.org for information on TigerVNC.");
-
   setlocale(LC_ALL, "");
   bindtextdomain(PACKAGE_NAME, LOCALE_DIR);
   textdomain(PACKAGE_NAME);
@@ -279,10 +278,10 @@ int main(int argc, char** argv)
   rfb::SecurityClient::setDefaults();
 
   // Write about text to console, still using normal locale codeset
-  snprintf(aboutText, sizeof(aboutText),
-           gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
-           __BUILD__, buildTime);
-  fprintf(stderr,"\n%s\n", aboutText);
+  fprintf(stderr,"\n");
+  fprintf(stderr, gettext(aboutText), (int)sizeof(size_t)*8,
+          PACKAGE_VERSION, __BUILD__, buildTime);
+  fprintf(stderr,"\n");
 
   // Set gettext codeset to what our GUI toolkit uses. Since we are
   // passing strings from strerror/gai_strerror to the GUI, these must
@@ -290,11 +289,6 @@ int main(int argc, char** argv)
   bind_textdomain_codeset(PACKAGE_NAME, "UTF-8");
   bind_textdomain_codeset("libc", "UTF-8");
 
-  // Re-create the aboutText for the GUI, now using GUI codeset
-  snprintf(aboutText, sizeof(aboutText),
-           gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
-           __BUILD__, buildTime);
-
   rfb::initStdIOLoggers();
   rfb::LogWriter::setLogParams("*:stderr:30");
 
@@ -376,7 +370,7 @@ int main(int argc, char** argv)
   delete cc;
 
   if (exitError != NULL)
-    fl_alert(exitError);
+    fl_alert("%s", exitError);
 
   return 0;
 }