summaryrefslogtreecommitdiffstats
path: root/src/pedro
diff options
context:
space:
mode:
authorKees Cook <kees@outflux.net>2007-03-20 17:16:36 +0000
committerkeescook <keescook@users.sourceforge.net>2007-03-20 17:16:36 +0000
commit4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c (patch)
tree734a4d35a4e7b90593ae86a6c9006e58ce23d7d1 /src/pedro
parentpatch by cilix42 for bug 1671665 (diff)
downloadinkscape-4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c.tar.gz
inkscape-4687a1c9ffe0d1d3f6ea01f360faa542a5b6491c.zip
format string protection/clean up (CVE-2007-1463, CVE-2007-1464)
(bzr r2720)
Diffstat (limited to 'src/pedro')
-rw-r--r--src/pedro/pedrodom.cpp2
-rw-r--r--src/pedro/pedrodom.h4
-rw-r--r--src/pedro/pedrogui.cpp14
-rw-r--r--src/pedro/pedrogui.h8
-rw-r--r--src/pedro/pedroxmpp.cpp44
-rw-r--r--src/pedro/pedroxmpp.h15
6 files changed, 42 insertions, 45 deletions
diff --git a/src/pedro/pedrodom.cpp b/src/pedro/pedrodom.cpp
index a15d74251..4cb176a52 100644
--- a/src/pedro/pedrodom.cpp
+++ b/src/pedro/pedrodom.cpp
@@ -652,7 +652,7 @@ int Parser::parseElement(int p0, Element *par,int depth)
p = getWord(p, closeTagName);
if (openTagName != closeTagName)
{
- error("Mismatched closing tag. Expected </%S>. Got '%S'.",
+ error("Mismatched closing tag. Expected </%s>. Got '%s'.",
openTagName.c_str(), closeTagName.c_str());
return p0;
}
diff --git a/src/pedro/pedrodom.h b/src/pedro/pedrodom.h
index 0d418ac20..b8078dce1 100644
--- a/src/pedro/pedrodom.h
+++ b/src/pedro/pedrodom.h
@@ -23,6 +23,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include <glib.h>
+
#include <string>
#include <vector>
@@ -312,7 +314,7 @@ private:
void getLineAndColumn(long pos, long *lineNr, long *colNr);
- void error(char *fmt, ...);
+ void error(char *fmt, ...) G_GNUC_PRINTF(2,3);
int peek(long pos);
diff --git a/src/pedro/pedrogui.cpp b/src/pedro/pedrogui.cpp
index 6bdbe3422..38c66b407 100644
--- a/src/pedro/pedrogui.cpp
+++ b/src/pedro/pedrogui.cpp
@@ -1992,24 +1992,26 @@ void PedroGui::error(const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
- vsnprintf(writeBuf, writeBufLen, fmt, args);
+ gchar * buffer = g_strdup_vprintf(fmt, args);
va_end(args) ;
- Gtk::MessageDialog dlg(writeBuf,
+ Gtk::MessageDialog dlg(buffer,
false,
Gtk::MESSAGE_ERROR,
Gtk::BUTTONS_OK,
true);
dlg.run();
+ g_free(buffer);
}
void PedroGui::status(const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
- vsnprintf(writeBuf, writeBufLen, fmt, args);
+ gchar * buffer = g_strdup_vprintf(fmt, args);
va_end(args) ;
- messageList.postMessage("STATUS", writeBuf);
+ messageList.postMessage("STATUS", buffer);
+ g_free(buffer);
}
//################################
@@ -2227,13 +2229,13 @@ void PedroGui::doEvent(const XmppEvent &event)
case XmppEvent::EVENT_STATUS:
{
//printf("##### STATUS: %s\n", event.getData().c_str());
- status(event.getData().c_str());
+ status("%s", event.getData().c_str());
break;
}
case XmppEvent::EVENT_ERROR:
{
//printf("##### ERROR: %s\n", event.getData().c_str());
- error(event.getData().c_str());
+ error("%s", event.getData().c_str());
padlockDisable();
break;
}
diff --git a/src/pedro/pedrogui.h b/src/pedro/pedrogui.h
index dfafc0edf..4af4f1aac 100644
--- a/src/pedro/pedrogui.h
+++ b/src/pedro/pedrogui.h
@@ -790,9 +790,9 @@ public:
XmppConfig config;
- virtual void error(const char *fmt, ...);
+ virtual void error(const char *fmt, ...) G_GNUC_PRINTF(2,3);
- virtual void status(const char *fmt, ...);
+ virtual void status(const char *fmt, ...) G_GNUC_PRINTF(2,3);
@@ -893,10 +893,6 @@ private:
std::vector<ChatWindow *>chats;
std::vector<GroupChatWindow *>groupChats;
-
- static const int writeBufLen = 2048;
-
- char writeBuf[writeBufLen];
};
diff --git a/src/pedro/pedroxmpp.cpp b/src/pedro/pedroxmpp.cpp
index efe51d277..1dc1d7ced 100644
--- a/src/pedro/pedroxmpp.cpp
+++ b/src/pedro/pedroxmpp.cpp
@@ -295,12 +295,13 @@ void XmppEventTarget::error(char *fmt, ...)
{
va_list args;
va_start(args,fmt);
- vsnprintf(targetWriteBuf, targetWriteBufLen, fmt, args);
+ gchar * buffer = g_strdup_vprintf(fmt, args);
va_end(args) ;
- fprintf(stderr, "Error:%s\n", targetWriteBuf);
+ fprintf(stderr, "Error:%s\n", buffer);
XmppEvent evt(XmppEvent::EVENT_ERROR);
- evt.setData(targetWriteBuf);
+ evt.setData(buffer);
dispatchXmppEvent(evt);
+ g_free(buffer);
}
@@ -312,12 +313,13 @@ void XmppEventTarget::status(char *fmt, ...)
{
va_list args;
va_start(args,fmt);
- vsnprintf(targetWriteBuf, targetWriteBufLen, fmt, args);
+ gchar * buffer = g_strdup_vprintf(fmt, args);
va_end(args) ;
- //printf("Status:%s\n", targetWriteBuf);
+ //printf("Status:%s\n", buffer);
XmppEvent evt(XmppEvent::EVENT_STATUS);
- evt.setData(targetWriteBuf);
+ evt.setData(buffer);
dispatchXmppEvent(evt);
+ g_free(buffer);
}
@@ -1158,7 +1160,7 @@ bool XmppClient::processIq(Element *root)
"IQ set does not contain a 'from' address because "
"the entity is not registered with the server");
}
- error((char *)errMsg.c_str());
+ error("%s",(char *)errMsg.c_str());
}
else if (id.find("regcancel") != id.npos)
@@ -1197,7 +1199,7 @@ bool XmppClient::processIq(Element *root)
"IQ set does not contain a 'from' address because "
"the entity is not registered with the server");
}
- error((char *)errMsg.c_str());
+ error("%s",(char *)errMsg.c_str());
}
return true;
@@ -1287,17 +1289,19 @@ bool XmppClient::receiveAndProcessLoop()
bool XmppClient::write(char *fmt, ...)
{
+ bool rc = true;
va_list args;
va_start(args,fmt);
- vsnprintf((char *)writeBuf, writeBufLen, fmt,args);
+ gchar * buffer = g_strdup_vprintf(fmt,args);
va_end(args) ;
- status("SEND: %s", writeBuf);
- if (!sock->write((char *)writeBuf))
+ status("SEND: %s", buffer);
+ if (!sock->write(buffer))
{
error("Cannot write to socket");
- return false;
+ rc = false;
}
- return true;
+ g_free(buffer);
+ return rc;
}
@@ -1388,7 +1392,7 @@ bool XmppClient::inBandRegistrationNew()
{
errMsg.append("some registration information was not provided");
}
- error((char *)errMsg.c_str());
+ error("%s",(char *)errMsg.c_str());
delete elem;
return false;
}
@@ -1612,7 +1616,7 @@ bool XmppClient::saslMd5Authenticate()
char *fmt =
"<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' "
"mechanism='DIGEST-MD5'/>\n";
- if (!write(fmt))
+ if (!write("%s",fmt))
return false;
DOMString recbuf = readStanza();
@@ -1760,7 +1764,7 @@ bool XmppClient::saslMd5Authenticate()
fmt =
"<response xmlns='urn:ietf:params:xml:ns:xmpp-sasl'/>\n";
- if (!write(fmt))
+ if (!write("%s",fmt))
return false;
recbuf = readStanza();
@@ -1843,7 +1847,7 @@ bool XmppClient::saslAuthenticate()
delete elem;
char *fmt =
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>\n";
- if (!write(fmt))
+ if (!write("%s",fmt))
return false;
recbuf = readStanza();
status("RECV: '%s'\n", recbuf.c_str());
@@ -2087,7 +2091,7 @@ bool XmppClient::createSession()
DOMString givenJid, givenResource;
parseJid(givenFullJid, givenJid, givenResource);
status("given user: %s realm: %s, rsrc: %s",
- givenJid.c_str(), givenResource.c_str());
+ givenJid.c_str(), realm.c_str(), givenResource.c_str());
setResource(givenResource);
}
@@ -2143,7 +2147,7 @@ bool XmppClient::createSession()
fmt =
"<presence/>\n";
- if (!write(fmt))
+ if (!write("%s",fmt))
return false;
/*
@@ -2217,7 +2221,7 @@ bool XmppClient::disconnect()
{
char *fmt =
"<presence type='unavailable'/>\n";
- write(fmt);
+ write("%s",fmt);
}
keepGoing = false;
connected = false;
diff --git a/src/pedro/pedroxmpp.h b/src/pedro/pedroxmpp.h
index 1ad849b99..554cb76c6 100644
--- a/src/pedro/pedroxmpp.h
+++ b/src/pedro/pedroxmpp.h
@@ -24,6 +24,7 @@
*/
#include <stdio.h>
+#include <glib.h>
#include <vector>
#include <map>
@@ -566,13 +567,13 @@ public:
/**
* Send an error message to all subscribers
*/
- void error(char *fmt, ...);
+ void error(char *fmt, ...) G_GNUC_PRINTF(2,3);
/**
* Send a status message to all subscribers
*/
- void status(char *fmt, ...);
+ void status(char *fmt, ...) G_GNUC_PRINTF(2,3);
//###########################
//# LISTENERS
@@ -629,10 +630,6 @@ private:
std::vector<XmppEvent> eventQueue;
bool eventQueueEnabled;
-
- static const int targetWriteBufLen = 2048;
-
- char targetWriteBuf[targetWriteBufLen];
};
@@ -725,7 +722,7 @@ public:
/**
*
*/
- virtual bool write(char *fmt, ...);
+ virtual bool write(char *fmt, ...) G_GNUC_PRINTF(2,3);
//#######################
//# V A R I A B L E S
@@ -1146,10 +1143,6 @@ private:
bool doRegister;
- static const int writeBufLen = 2048;
-
- unsigned char writeBuf[writeBufLen];
-
std::vector<XmppGroupChat *>groupChats;
//#### Roster