diff options
| author | Kees Cook <kees@outflux.net> | 2007-03-20 17:16:36 +0000 |
|---|---|---|
| committer | keescook <keescook@users.sourceforge.net> | 2007-03-20 17:16:36 +0000 |
| commit | 4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c (patch) | |
| tree | 734a4d35a4e7b90593ae86a6c9006e58ce23d7d1 /src/pedro | |
| parent | patch by cilix42 for bug 1671665 (diff) | |
| download | inkscape-4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c.tar.gz inkscape-4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c.zip | |
format string protection/clean up (CVE-2007-1463, CVE-2007-1464)
(bzr r2720)
Diffstat (limited to 'src/pedro')
| -rw-r--r-- | src/pedro/pedrodom.cpp | 2 | ||||
| -rw-r--r-- | src/pedro/pedrodom.h | 4 | ||||
| -rw-r--r-- | src/pedro/pedrogui.cpp | 14 | ||||
| -rw-r--r-- | src/pedro/pedrogui.h | 8 | ||||
| -rw-r--r-- | src/pedro/pedroxmpp.cpp | 44 | ||||
| -rw-r--r-- | src/pedro/pedroxmpp.h | 15 |
6 files changed, 42 insertions, 45 deletions
diff --git a/src/pedro/pedrodom.cpp b/src/pedro/pedrodom.cpp index a15d74251..4cb176a52 100644 --- a/src/pedro/pedrodom.cpp +++ b/src/pedro/pedrodom.cpp @@ -652,7 +652,7 @@ int Parser::parseElement(int p0, Element *par,int depth) p = getWord(p, closeTagName); if (openTagName != closeTagName) { - error("Mismatched closing tag. Expected </%S>. Got '%S'.", + error("Mismatched closing tag. Expected </%s>. Got '%s'.", openTagName.c_str(), closeTagName.c_str()); return p0; } diff --git a/src/pedro/pedrodom.h b/src/pedro/pedrodom.h index 0d418ac20..b8078dce1 100644 --- a/src/pedro/pedrodom.h +++ b/src/pedro/pedrodom.h @@ -23,6 +23,8 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#include <glib.h> + #include <string> #include <vector> @@ -312,7 +314,7 @@ private: void getLineAndColumn(long pos, long *lineNr, long *colNr); - void error(char *fmt, ...); + void error(char *fmt, ...) G_GNUC_PRINTF(2,3); int peek(long pos); diff --git a/src/pedro/pedrogui.cpp b/src/pedro/pedrogui.cpp index 6bdbe3422..38c66b407 100644 --- a/src/pedro/pedrogui.cpp +++ b/src/pedro/pedrogui.cpp @@ -1992,24 +1992,26 @@ void PedroGui::error(const char *fmt, ...) { va_list args; va_start(args, fmt); - vsnprintf(writeBuf, writeBufLen, fmt, args); + gchar * buffer = g_strdup_vprintf(fmt, args); va_end(args) ; - Gtk::MessageDialog dlg(writeBuf, + Gtk::MessageDialog dlg(buffer, false, Gtk::MESSAGE_ERROR, Gtk::BUTTONS_OK, true); dlg.run(); + g_free(buffer); } void PedroGui::status(const char *fmt, ...) { va_list args; va_start(args, fmt); - vsnprintf(writeBuf, writeBufLen, fmt, args); + gchar * buffer = g_strdup_vprintf(fmt, args); va_end(args) ; - messageList.postMessage("STATUS", writeBuf); + messageList.postMessage("STATUS", buffer); + g_free(buffer); } //################################ @@ -2227,13 +2229,13 @@ void PedroGui::doEvent(const XmppEvent &event) case XmppEvent::EVENT_STATUS: { //printf("##### STATUS: %s\n", event.getData().c_str()); - status(event.getData().c_str()); + status("%s", event.getData().c_str()); break; } case XmppEvent::EVENT_ERROR: { //printf("##### ERROR: %s\n", event.getData().c_str()); - error(event.getData().c_str()); + error("%s", event.getData().c_str()); padlockDisable(); break; } diff --git a/src/pedro/pedrogui.h b/src/pedro/pedrogui.h index dfafc0edf..4af4f1aac 100644 --- a/src/pedro/pedrogui.h +++ b/src/pedro/pedrogui.h @@ -790,9 +790,9 @@ public: XmppConfig config; - virtual void error(const char *fmt, ...); + virtual void error(const char *fmt, ...) G_GNUC_PRINTF(2,3); - virtual void status(const char *fmt, ...); + virtual void status(const char *fmt, ...) G_GNUC_PRINTF(2,3); @@ -893,10 +893,6 @@ private: std::vector<ChatWindow *>chats; std::vector<GroupChatWindow *>groupChats; - - static const int writeBufLen = 2048; - - char writeBuf[writeBufLen]; }; diff --git a/src/pedro/pedroxmpp.cpp b/src/pedro/pedroxmpp.cpp index efe51d277..1dc1d7ced 100644 --- a/src/pedro/pedroxmpp.cpp +++ b/src/pedro/pedroxmpp.cpp @@ -295,12 +295,13 @@ void XmppEventTarget::error(char *fmt, ...) { va_list args; va_start(args,fmt); - vsnprintf(targetWriteBuf, targetWriteBufLen, fmt, args); + gchar * buffer = g_strdup_vprintf(fmt, args); va_end(args) ; - fprintf(stderr, "Error:%s\n", targetWriteBuf); + fprintf(stderr, "Error:%s\n", buffer); XmppEvent evt(XmppEvent::EVENT_ERROR); - evt.setData(targetWriteBuf); + evt.setData(buffer); dispatchXmppEvent(evt); + g_free(buffer); } @@ -312,12 +313,13 @@ void XmppEventTarget::status(char *fmt, ...) { va_list args; va_start(args,fmt); - vsnprintf(targetWriteBuf, targetWriteBufLen, fmt, args); + gchar * buffer = g_strdup_vprintf(fmt, args); va_end(args) ; - //printf("Status:%s\n", targetWriteBuf); + //printf("Status:%s\n", buffer); XmppEvent evt(XmppEvent::EVENT_STATUS); - evt.setData(targetWriteBuf); + evt.setData(buffer); dispatchXmppEvent(evt); + g_free(buffer); } @@ -1158,7 +1160,7 @@ bool XmppClient::processIq(Element *root) "IQ set does not contain a 'from' address because " "the entity is not registered with the server"); } - error((char *)errMsg.c_str()); + error("%s",(char *)errMsg.c_str()); } else if (id.find("regcancel") != id.npos) @@ -1197,7 +1199,7 @@ bool XmppClient::processIq(Element *root) "IQ set does not contain a 'from' address because " "the entity is not registered with the server"); } - error((char *)errMsg.c_str()); + error("%s",(char *)errMsg.c_str()); } return true; @@ -1287,17 +1289,19 @@ bool XmppClient::receiveAndProcessLoop() bool XmppClient::write(char *fmt, ...) { + bool rc = true; va_list args; va_start(args,fmt); - vsnprintf((char *)writeBuf, writeBufLen, fmt,args); + gchar * buffer = g_strdup_vprintf(fmt,args); va_end(args) ; - status("SEND: %s", writeBuf); - if (!sock->write((char *)writeBuf)) + status("SEND: %s", buffer); + if (!sock->write(buffer)) { error("Cannot write to socket"); - return false; + rc = false; } - return true; + g_free(buffer); + return rc; } @@ -1388,7 +1392,7 @@ bool XmppClient::inBandRegistrationNew() { errMsg.append("some registration information was not provided"); } - error((char *)errMsg.c_str()); + error("%s",(char *)errMsg.c_str()); delete elem; return false; } @@ -1612,7 +1616,7 @@ bool XmppClient::saslMd5Authenticate() char *fmt = "<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' " "mechanism='DIGEST-MD5'/>\n"; - if (!write(fmt)) + if (!write("%s",fmt)) return false; DOMString recbuf = readStanza(); @@ -1760,7 +1764,7 @@ bool XmppClient::saslMd5Authenticate() fmt = "<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>\n"; - if (!write(fmt)) + if (!write("%s",fmt)) return false; recbuf = readStanza(); @@ -1843,7 +1847,7 @@ bool XmppClient::saslAuthenticate() delete elem; char *fmt = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\n"; - if (!write(fmt)) + if (!write("%s",fmt)) return false; recbuf = readStanza(); status("RECV: '%s'\n", recbuf.c_str()); @@ -2087,7 +2091,7 @@ bool XmppClient::createSession() DOMString givenJid, givenResource; parseJid(givenFullJid, givenJid, givenResource); status("given user: %s realm: %s, rsrc: %s", - givenJid.c_str(), givenResource.c_str()); + givenJid.c_str(), realm.c_str(), givenResource.c_str()); setResource(givenResource); } @@ -2143,7 +2147,7 @@ bool XmppClient::createSession() fmt = "<presence/>\n"; - if (!write(fmt)) + if (!write("%s",fmt)) return false; /* @@ -2217,7 +2221,7 @@ bool XmppClient::disconnect() { char *fmt = "<presence type='unavailable'/>\n"; - write(fmt); + write("%s",fmt); } keepGoing = false; connected = false; diff --git a/src/pedro/pedroxmpp.h b/src/pedro/pedroxmpp.h index 1ad849b99..554cb76c6 100644 --- a/src/pedro/pedroxmpp.h +++ b/src/pedro/pedroxmpp.h @@ -24,6 +24,7 @@ */ #include <stdio.h> +#include <glib.h> #include <vector> #include <map> @@ -566,13 +567,13 @@ public: /** * Send an error message to all subscribers */ - void error(char *fmt, ...); + void error(char *fmt, ...) G_GNUC_PRINTF(2,3); /** * Send a status message to all subscribers */ - void status(char *fmt, ...); + void status(char *fmt, ...) G_GNUC_PRINTF(2,3); //########################### //# LISTENERS @@ -629,10 +630,6 @@ private: std::vector<XmppEvent> eventQueue; bool eventQueueEnabled; - - static const int targetWriteBufLen = 2048; - - char targetWriteBuf[targetWriteBufLen]; }; @@ -725,7 +722,7 @@ public: /** * */ - virtual bool write(char *fmt, ...); + virtual bool write(char *fmt, ...) G_GNUC_PRINTF(2,3); //####################### //# V A R I A B L E S @@ -1146,10 +1143,6 @@ private: bool doRegister; - static const int writeBufLen = 2048; - - unsigned char writeBuf[writeBufLen]; - std::vector<XmppGroupChat *>groupChats; //#### Roster |
