Revision: 4900
http://tigervnc.svn.sourceforge.net/tigervnc/?rev=4900&view=rev
Author: ossman_
Date: 2012-04-25 15:43:56 +0000 (Wed, 25 Apr 2012)
Log Message:
-----------
Make sure we're paranoid about accidentally feeding a format string.
Basic patch by Joachim Falk. Slightly improved before commit.
Modified Paths:
--------------
trunk/vncviewer/CConn.cxx
trunk/vncviewer/UserDialog.cxx
trunk/vncviewer/Viewport.cxx
trunk/vncviewer/vncviewer.cxx
Modified: trunk/vncviewer/CConn.cxx
===================================================================
--- trunk/vncviewer/CConn.cxx 2012-04-25 15:10:38 UTC (rev 4899)
+++ trunk/vncviewer/CConn.cxx 2012-04-25 15:43:56 UTC (rev 4900)
@@ -100,7 +100,7 @@
vlog.info(_("connected to host %s port %d"), serverHost, serverPort);
} catch (rdr::Exception& e) {
vlog.error(e.str());
- fl_alert(e.str());
+ fl_alert("%s", e.str());
exit_vncviewer();
return;
}
Modified: trunk/vncviewer/UserDialog.cxx
===================================================================
--- trunk/vncviewer/UserDialog.cxx 2012-04-25 15:10:38 UTC (rev 4899)
+++ trunk/vncviewer/UserDialog.cxx 2012-04-25 15:43:56 UTC (rev 4900)
@@ -150,22 +150,20 @@
// FLTK doesn't give us a flexible choice of the icon, so we ignore those
// bits for now.
- // FIXME: Filter out % from input text
-
fl_message_title(title);
switch (flags & 0xf) {
case M_OKCANCEL:
- return fl_choice(buffer, NULL, fl_ok, fl_cancel) == 1;
+ return fl_choice("%s", NULL, fl_ok, fl_cancel, buffer) == 1;
case M_YESNO:
- return fl_choice(buffer, NULL, fl_yes, fl_no) == 1;
+ return fl_choice("%s", NULL, fl_yes, fl_no, buffer) == 1;
case M_OK:
default:
if (((flags & 0xf0) == M_ICONERROR) ||
((flags & 0xf0) == M_ICONWARNING))
- fl_alert(buffer);
+ fl_alert("%s", buffer);
else
- fl_message(buffer);
+ fl_message("%s", buffer);
return true;
}
Modified: trunk/vncviewer/Viewport.cxx
===================================================================
--- trunk/vncviewer/Viewport.cxx 2012-04-25 15:10:38 UTC (rev 4899)
+++ trunk/vncviewer/Viewport.cxx 2012-04-25 15:43:56 UTC (rev 4900)
@@ -950,7 +950,7 @@
case ID_INFO:
if (fltk_escape(cc->connectionInfo(), buffer, sizeof(buffer)) <
sizeof(buffer)) {
fl_message_title(_("VNC connection info"));
- fl_message(buffer);
+ fl_message("%s", buffer);
}
break;
case ID_ABOUT:
Modified: trunk/vncviewer/vncviewer.cxx
===================================================================
--- trunk/vncviewer/vncviewer.cxx 2012-04-25 15:10:38 UTC (rev 4899)
+++ trunk/vncviewer/vncviewer.cxx 2012-04-25 15:43:56 UTC (rev 4900)
@@ -69,7 +69,10 @@
using namespace rfb;
using namespace std;
-static char aboutText[1024];
+static const char aboutText[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
+ "%s\n"
+ "Copyright (C) 1999-2011 TigerVNC Team and
many others (see README.txt)\n"
+ "See http://www.tigervnc.org for
information on TigerVNC.");
extern const char* buildTime;
static bool exitMainloop = false;
@@ -88,7 +91,8 @@
void about_vncviewer()
{
fl_message_title(_("About TigerVNC Viewer"));
- fl_message(aboutText);
+ fl_message(gettext(aboutText), (int)sizeof(size_t)*8,
+ PACKAGE_VERSION, __BUILD__, buildTime);
}
static void about_callback(Fl_Widget *widget, void *data)
@@ -267,11 +271,6 @@
const char* vncServerName = NULL;
UserDialog dlg;
- const char englishAbout[] = N_("TigerVNC Viewer %d-bit v%s (%s)\n"
- "%s\n"
- "Copyright (C) 1999-2011 TigerVNC Team and
many others (see README.txt)\n"
- "See http://www.tigervnc.org for information
on TigerVNC.");
-
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE_NAME, LOCALE_DIR);
textdomain(PACKAGE_NAME);
@@ -279,10 +278,10 @@
rfb::SecurityClient::setDefaults();
// Write about text to console, still using normal locale codeset
- snprintf(aboutText, sizeof(aboutText),
- gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
- __BUILD__, buildTime);
- fprintf(stderr,"\n%s\n", aboutText);
+ fprintf(stderr,"\n");
+ fprintf(stderr, gettext(aboutText), (int)sizeof(size_t)*8,
+ PACKAGE_VERSION, __BUILD__, buildTime);
+ fprintf(stderr,"\n");
// Set gettext codeset to what our GUI toolkit uses. Since we are
// passing strings from strerror/gai_strerror to the GUI, these must
@@ -290,11 +289,6 @@
bind_textdomain_codeset(PACKAGE_NAME, "UTF-8");
bind_textdomain_codeset("libc", "UTF-8");
- // Re-create the aboutText for the GUI, now using GUI codeset
- snprintf(aboutText, sizeof(aboutText),
- gettext(englishAbout), (int)sizeof(size_t)*8, PACKAGE_VERSION,
- __BUILD__, buildTime);
-
rfb::initStdIOLoggers();
rfb::LogWriter::setLogParams("*:stderr:30");
@@ -376,7 +370,7 @@
delete cc;
if (exitError != NULL)
- fl_alert(exitError);
+ fl_alert("%s", exitError);
return 0;
}
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Tigervnc-commits mailing list
Tigervnc-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tigervnc-commits
