diff options
| -rw-r--r-- | common/rfb/Logger_file.cxx | 35 | ||||
| -rw-r--r-- | common/rfb/Logger_file.h | 4 | ||||
| -rw-r--r-- | common/rfb/SSecurityPlain.cxx | 22 | ||||
| -rw-r--r-- | common/rfb/SSecurityPlain.h | 8 | ||||
| -rw-r--r-- | common/rfb/SSecurityRSAAES.cxx | 22 | ||||
| -rw-r--r-- | common/rfb/SSecurityRSAAES.h | 4 | ||||
| -rw-r--r-- | unix/vncpasswd/vncpasswd.cxx | 23 | ||||
| -rw-r--r-- | vncviewer/DesktopWindow.cxx | 7 | ||||
| -rw-r--r-- | win/rfb_win32/ComputerName.h | 6 | ||||
| -rw-r--r-- | win/rfb_win32/ModuleFileName.h | 7 | ||||
| -rw-r--r-- | win/vncconfig/Legacy.cxx | 20 |
11 files changed, 74 insertions, 84 deletions
diff --git a/common/rfb/Logger_file.cxx b/common/rfb/Logger_file.cxx index 684614cc..9859eb04 100644 --- a/common/rfb/Logger_file.cxx +++ b/common/rfb/Logger_file.cxx @@ -22,20 +22,21 @@ #include <config.h> #endif +#include <limits.h> #include <stdlib.h> #include <string.h> #include <os/Mutex.h> -#include <rfb/util.h> #include <rfb/Logger_file.h> using namespace rfb; Logger_File::Logger_File(const char* loggerName) - : Logger(loggerName), indent(13), width(79), m_filename(0), m_file(0), + : Logger(loggerName), indent(13), width(79), m_file(0), m_lastLogTime(0) { + m_filename[0] = '\0'; mutex = new os::Mutex(); } @@ -50,11 +51,16 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message) os::AutoMutex a(mutex); if (!m_file) { - if (!m_filename) return; - CharArray bakFilename(strlen(m_filename) + 1 + 4); - sprintf(bakFilename.buf, "%s.bak", m_filename); - remove(bakFilename.buf); - rename(m_filename, bakFilename.buf); + if (m_filename[0] == '\0') + return; + char bakFilename[PATH_MAX]; + if (snprintf(bakFilename, sizeof(bakFilename), + "%s.bak", m_filename) >= (int)sizeof(bakFilename)) { + remove(m_filename); + } else { + remove(bakFilename); + rename(m_filename, bakFilename); + } m_file = fopen(m_filename, "w+"); if (!m_file) return; } @@ -93,7 +99,10 @@ void Logger_File::write(int /*level*/, const char *logname, const char *message) void Logger_File::setFilename(const char* filename) { closeFile(); - m_filename = strDup(filename); + m_filename[0] = '\0'; + if (strlen(filename) >= sizeof(filename)) + return; + strcpy(m_filename, filename); } void Logger_File::setFile(FILE* file) @@ -104,13 +113,9 @@ void Logger_File::setFile(FILE* file) void Logger_File::closeFile() { - if (m_filename) { - if (m_file) { - fclose(m_file); - m_file = 0; - } - strFree(m_filename); - m_filename = 0; + if (m_file) { + fclose(m_file); + m_file = 0; } } diff --git a/common/rfb/Logger_file.h b/common/rfb/Logger_file.h index 5b5c34e1..4542d23c 100644 --- a/common/rfb/Logger_file.h +++ b/common/rfb/Logger_file.h @@ -22,6 +22,8 @@ #define __RFB_LOGGER_FILE_H__ #include <time.h> +#include <limits.h> + #include <rfb/Logger.h> namespace os { class Mutex; } @@ -42,7 +44,7 @@ namespace rfb { protected: void closeFile(); - char* m_filename; + char m_filename[PATH_MAX]; FILE* m_file; time_t m_lastLogTime; os::Mutex* mutex; diff --git a/common/rfb/SSecurityPlain.cxx b/common/rfb/SSecurityPlain.cxx index 6f65e87a..ab3a2391 100644 --- a/common/rfb/SSecurityPlain.cxx +++ b/common/rfb/SSecurityPlain.cxx @@ -80,9 +80,7 @@ SSecurityPlain::SSecurityPlain(SConnection* sc) : SSecurity(sc) bool SSecurityPlain::processMsg() { rdr::InStream* is = sc->getInStream(); - char* pw; - char *uname; - CharArray password; + char password[1024]; if (!valid) throw AuthFailureException("No password validator configured"); @@ -92,11 +90,11 @@ bool SSecurityPlain::processMsg() return false; ulen = is->readU32(); - if (ulen > MaxSaneUsernameLength) + if (ulen >= sizeof(username)) throw AuthFailureException("Too long username"); plen = is->readU32(); - if (plen > MaxSanePasswordLength) + if (plen >= sizeof(password)) throw AuthFailureException("Too long password"); state = 1; @@ -106,16 +104,12 @@ bool SSecurityPlain::processMsg() if (!is->hasData(ulen + plen)) return false; state = 2; - pw = new char[plen + 1]; - uname = new char[ulen + 1]; - username.replaceBuf(uname); - password.replaceBuf(pw); - is->readBytes(uname, ulen); - is->readBytes(pw, plen); - pw[plen] = 0; - uname[ulen] = 0; + is->readBytes(username, ulen); + is->readBytes(password, plen); + password[plen] = 0; + username[ulen] = 0; plen = 0; - if (!valid->validate(sc, uname, pw)) + if (!valid->validate(sc, username, password)) throw AuthFailureException("invalid password or username"); } diff --git a/common/rfb/SSecurityPlain.h b/common/rfb/SSecurityPlain.h index 1a81adda..4ca72781 100644 --- a/common/rfb/SSecurityPlain.h +++ b/common/rfb/SSecurityPlain.h @@ -23,7 +23,6 @@ #include <rfb/SConnection.h> #include <rfb/SSecurity.h> #include <rfb/SSecurityVeNCrypt.h> -#include <rfb/util.h> #include <rfb/Configuration.h> namespace rfb { @@ -46,17 +45,14 @@ namespace rfb { SSecurityPlain(SConnection* sc); virtual bool processMsg(); virtual int getType() const { return secTypePlain; }; - virtual const char* getUserName() const { return username.buf; } + virtual const char* getUserName() const { return username; } virtual ~SSecurityPlain() { } private: PasswordValidator* valid; unsigned int ulen, plen, state; - CharArray username; - - static const unsigned int MaxSaneUsernameLength = 1024; - static const unsigned int MaxSanePasswordLength = 1024; + char username[1024]; }; } diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx index d013717c..4cca7d6d 100644 --- a/common/rfb/SSecurityRSAAES.cxx +++ b/common/rfb/SSecurityRSAAES.cxx @@ -539,19 +539,13 @@ bool SSecurityRSAAES::readCredentials() uint8_t lenUsername = rais->readU8(); if (!rais->hasDataOrRestore(lenUsername + 1)) return false; - if (!username.buf) { - username.replaceBuf(new char[lenUsername + 1]); - rais->readBytes(username.buf, lenUsername); - username.buf[lenUsername] = 0; - } else { - rais->skip(lenUsername); - } + rais->readBytes(username, lenUsername); + username[lenUsername] = 0; uint8_t lenPassword = rais->readU8(); if (!rais->hasDataOrRestore(lenPassword)) return false; - password.replaceBuf(new char[lenPassword + 1]); - rais->readBytes(password.buf, lenPassword); - password.buf[lenPassword] = 0; + rais->readBytes(password, lenPassword); + password[lenPassword] = 0; rais->clearRestorePoint(); return true; } @@ -564,7 +558,7 @@ void SSecurityRSAAES::verifyUserPass() #elif !defined(__APPLE__) UnixPasswordValidator *valid = new UnixPasswordValidator(); #endif - if (!valid->validate(sc, username.buf, password.buf)) { + if (!valid->validate(sc, username, password)) { delete valid; throw AuthFailureException("invalid password or username"); } @@ -583,12 +577,12 @@ void SSecurityRSAAES::verifyPass() if (!passwd.buf) throw AuthFailureException("No password configured for VNC Auth"); - if (strcmp(password.buf, passwd.buf) == 0) { + if (strcmp(password, passwd.buf) == 0) { accessRights = SConnection::AccessDefault; return; } - if (passwdReadOnly.buf && strcmp(password.buf, passwdReadOnly.buf) == 0) { + if (passwdReadOnly.buf && strcmp(password, passwdReadOnly.buf) == 0) { accessRights = SConnection::AccessView; return; } @@ -598,5 +592,5 @@ void SSecurityRSAAES::verifyPass() const char* SSecurityRSAAES::getUserName() const { - return username.buf; + return username; } diff --git a/common/rfb/SSecurityRSAAES.h b/common/rfb/SSecurityRSAAES.h index 9ff76296..eaeb13a1 100644 --- a/common/rfb/SSecurityRSAAES.h +++ b/common/rfb/SSecurityRSAAES.h @@ -80,8 +80,8 @@ namespace rfb { uint8_t serverRandom[32]; uint8_t clientRandom[32]; - CharArray username; - CharArray password; + char username[256]; + char password[256]; SConnection::AccessRights accessRights; rdr::InStream* rais; diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx index 4d91fda7..0ad3a52b 100644 --- a/unix/vncpasswd/vncpasswd.cxx +++ b/unix/vncpasswd/vncpasswd.cxx @@ -22,6 +22,7 @@ #include <config.h> #endif +#include <limits.h> #include <stdio.h> #include <string.h> #include <stdlib.h> @@ -30,7 +31,6 @@ #include <unistd.h> #include <os/os.h> #include <rfb/Password.h> -#include <rfb/util.h> #include <termios.h> @@ -130,7 +130,9 @@ int main(int argc, char** argv) { prog = argv[0]; - char* fname = 0; + char fname[PATH_MAX]; + + fname[0] = '\0'; for (int i = 1; i < argc; i++) { if (strcmp(argv[i], "-q") == 0) { // allowed for backwards compatibility @@ -138,22 +140,25 @@ int main(int argc, char** argv) return encrypt_pipe(); } else if (argv[i][0] == '-') { usage(); - } else if (!fname) { - fname = strDup(argv[i]); + } else if (fname[0] == '\0') { + if (strlen(argv[i]) >= sizeof(fname)) { + fprintf(stderr, "Too long filename specified\n"); + return -1; + } + strcpy(fname, argv[i]); } else { usage(); } } - if (!fname) { + if (fname[0] == '\0') { const char *homeDir = os::getvnchomedir(); if (homeDir == NULL) { fprintf(stderr, "Can't obtain VNC home directory\n"); exit(1); } mkdir(homeDir, 0777); - fname = new char[strlen(homeDir) + strlen("/passwd") + 1]; - sprintf(fname, "%s/passwd", homeDir); + snprintf(fname, sizeof(fname), "%s/passwd", homeDir); } while (true) { @@ -171,7 +176,6 @@ int main(int argc, char** argv) FILE* fp = fopen(fname,"w"); if (!fp) { fprintf(stderr,"Couldn't open %s for writing\n",fname); - delete [] fname; delete obfuscated; delete obfuscatedReadOnly; exit(1); @@ -180,7 +184,6 @@ int main(int argc, char** argv) if (fwrite(obfuscated->buf, obfuscated->length, 1, fp) != 1) { fprintf(stderr,"Writing to %s failed\n",fname); - delete [] fname; delete obfuscated; delete obfuscatedReadOnly; exit(1); @@ -191,7 +194,6 @@ int main(int argc, char** argv) if (obfuscatedReadOnly) { if (fwrite(obfuscatedReadOnly->buf, obfuscatedReadOnly->length, 1, fp) != 1) { fprintf(stderr,"Writing to %s failed\n",fname); - delete [] fname; delete obfuscatedReadOnly; exit(1); } @@ -199,7 +201,6 @@ int main(int argc, char** argv) fclose(fp); - delete [] fname; delete obfuscatedReadOnly; return 0; diff --git a/vncviewer/DesktopWindow.cxx b/vncviewer/DesktopWindow.cxx index 4eccbf52..3584845e 100644 --- a/vncviewer/DesktopWindow.cxx +++ b/vncviewer/DesktopWindow.cxx @@ -281,12 +281,11 @@ const rfb::PixelFormat &DesktopWindow::getPreferredPF() void DesktopWindow::setName(const char *name) { - CharArray windowNameStr; - windowNameStr.replaceBuf(new char[256]); + char windowNameStr[256]; - snprintf(windowNameStr.buf, 256, "%.240s - TigerVNC", name); + snprintf(windowNameStr, 256, "%.240s - TigerVNC", name); - copy_label(windowNameStr.buf); + copy_label(windowNameStr); } diff --git a/win/rfb_win32/ComputerName.h b/win/rfb_win32/ComputerName.h index 345ff0d7..e7064d5b 100644 --- a/win/rfb_win32/ComputerName.h +++ b/win/rfb_win32/ComputerName.h @@ -20,18 +20,18 @@ #define __RFB_WIN32_COMPUTERNAME_H__ #include <windows.h> -#include <rfb/util.h> namespace rfb { namespace win32 { // Get the computer name - struct ComputerName : CharArray { - ComputerName() : CharArray(MAX_COMPUTERNAME_LENGTH+1) { + struct ComputerName { + ComputerName() { ULONG namelength = MAX_COMPUTERNAME_LENGTH+1; if (!GetComputerName(buf, &namelength)) strcpy(buf, ""); } + char buf[MAX_COMPUTERNAME_LENGTH+1]; }; }; diff --git a/win/rfb_win32/ModuleFileName.h b/win/rfb_win32/ModuleFileName.h index 02a34f1a..9a06f50d 100644 --- a/win/rfb_win32/ModuleFileName.h +++ b/win/rfb_win32/ModuleFileName.h @@ -21,18 +21,17 @@ #include <windows.h> -#include <rfb/util.h> - namespace rfb { namespace win32 { - struct ModuleFileName : public CharArray { - ModuleFileName(HMODULE module=0) : CharArray(MAX_PATH) { + struct ModuleFileName { + ModuleFileName(HMODULE module=0) { if (!module) module = GetModuleHandle(0); if (!GetModuleFileName(module, buf, MAX_PATH)) buf[0] = 0; } + char buf[MAX_PATH]; }; }; diff --git a/win/vncconfig/Legacy.cxx b/win/vncconfig/Legacy.cxx index b428fd2a..e5433691 100644 --- a/win/vncconfig/Legacy.cxx +++ b/win/vncconfig/Legacy.cxx @@ -78,9 +78,9 @@ void LegacyPage::LoadPrefs() rfb::strSplit(tmp.buf, ':', &first.buf, &tmp.buf); if (strlen(first.buf)) { int bits = 0; - CharArray pattern(1+4*4+4); - pattern.buf[0] = first.buf[0]; - pattern.buf[1] = 0; + char pattern[1+4*4+4]; + pattern[0] = first.buf[0]; + pattern[1] = 0; // Split the pattern into IP address parts and process rfb::CharArray address; @@ -89,11 +89,11 @@ void LegacyPage::LoadPrefs() rfb::CharArray part; rfb::strSplit(address.buf, '.', &part.buf, &address.buf); if (bits) - strcat(pattern.buf, "."); + strcat(pattern, "."); if (strlen(part.buf) > 3) throw rdr::Exception("Invalid IP address part"); if (strlen(part.buf) > 0) { - strcat(pattern.buf, part.buf); + strcat(pattern, part.buf); bits += 8; } } @@ -101,20 +101,20 @@ void LegacyPage::LoadPrefs() // Pad out the address specification if required int addrBits = bits; while (addrBits < 32) { - if (addrBits) strcat(pattern.buf, "."); - strcat(pattern.buf, "0"); + if (addrBits) strcat(pattern, "."); + strcat(pattern, "0"); addrBits += 8; } // Append the number of bits to match char buf[4]; sprintf(buf, "/%d", bits); - strcat(pattern.buf, buf); + strcat(pattern, buf); // Append this pattern to the Hosts value - int length = strlen(newHosts.buf) + strlen(pattern.buf) + 2; + int length = strlen(newHosts.buf) + strlen(pattern) + 2; CharArray tmpHosts(length); - strcpy(tmpHosts.buf, pattern.buf); + strcpy(tmpHosts.buf, pattern); if (strlen(newHosts.buf)) { strcat(tmpHosts.buf, ","); strcat(tmpHosts.buf, newHosts.buf); |