On 08/11/2012 04:25 AM, Pascal Stumpf wrote:
On Sat, 11 Aug 2012 04:16:49 -0400, William Schaub wrote:
On 08/11/2012 03:56 AM, William Schaub wrote:
On 08/11/2012 03:18 AM, Marc Balmer wrote:
A few comments:
Since sizeof(char) is 1, it is not needed to write
malloc(... + 5 * sizeof(char))
but just
malloc(... + 5)
And actually, only 4 extra characters are needed, so don't waste that
byte ;)
And never use a multiplication in a malloc, never, ever. It has been
the source of remote-root exploits (due to integer overflow). Simple
rule: If there is a multiplication needed, use calloc:
malloc(n * sizeof whatever) /* never, ever */
use
calloc(n, sizeof whatever) /* this is the way to go */
The original code contains a nice bug:
title = XtMalloc(strlen(pre) + strlen(suf) + 2);
sprintf(title, "%s - %s", pre, suf);
The format string alone adds 3 characters to the final string (' - '),
and then there is the NUL terminating characters, so the target buffer
needs to be at least strlen(pre) + strlen(suf) + 4 characters long, but
here a smaller buffer is allocated. This nicely demonstrates the
evilness of sprintf...
I'm waiting on CDE to rebuild at the moment but as soon as I verify
that my changes still result in a working dtcreate I will reply to
this message with a new patch with the changes you suggested.
Ok Here is the revised patch.
Always use a size_t for len, not an int.
text/x-patch content
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
>From 7f64a9c4e8f8108021f5f65e9210bdc994232e40 Mon Sep 17 00:00:00 2001
From: William Schaub <wsch...@genesi-tech.com>
Date: Sat, 11 Aug 2012 04:02:17 -0400
Subject: [PATCH] dtcreate: fix exit with TT_ERR_PTYPE and fix several sprintf related segfaults.
---
cde/programs/dtcreate/AddFiletype.c | 6 ++++--
cde/programs/dtcreate/CreateActionAppShell.c | 7 ++++---
cde/programs/dtcreate/ca_aux.c | 19 ++++++++++++-------
cde/programs/dtcreate/main.c | 3 +++
4 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/cde/programs/dtcreate/AddFiletype.c b/cde/programs/dtcreate/AddFiletype.c
index 8d70b2a..7df5bb2 100644
--- a/cde/programs/dtcreate/AddFiletype.c
+++ b/cde/programs/dtcreate/AddFiletype.c
@@ -261,6 +261,7 @@ static Widget _Uxbuild_AddFiletype(void)
char *pre, *suf, *title;
XmString emptyString;
+ size_t len;
#define TIGHTNESS 20
#define ICON_MIN_HEIGHT 83
@@ -276,8 +277,9 @@ static Widget _Uxbuild_AddFiletype(void)
pre = GETMESSAGE(3, 10, "Create Action");
suf = GETMESSAGE(7, 10, "Add Datatype");
- title = XtMalloc(strlen(pre) + strlen(suf) + 2);
- sprintf(title, "%s - %s", pre, suf);
+ len = strlen(pre) + strlen(suf) + 4;
+ title = XtMalloc(len);
+ snprintf(title,len - 1, "%s - %s", pre, suf);
_UxParent = XtVaCreatePopupShell( "AddFiletype_shell",
xmDialogShellWidgetClass, _UxParent,
diff --git a/cde/programs/dtcreate/CreateActionAppShell.c b/cde/programs/dtcreate/CreateActionAppShell.c
index 5396a8c..8558ba5 100644
--- a/cde/programs/dtcreate/CreateActionAppShell.c
+++ b/cde/programs/dtcreate/CreateActionAppShell.c
@@ -345,6 +345,7 @@ static void activateCB_CA_FiletypesDelete( Widget UxWidget,
int cnt;
Boolean bFound;
char *msgPtr1, *msgPtr2, *fmtPtr, *errPtr;
+ size_t len;
/**************************************************************************/
/* Determine the filetypes to delete and delete them. */
@@ -411,9 +412,9 @@ static void activateCB_CA_FiletypesDelete( Widget UxWidget,
msgPtr2 = XtNewString(GETMESSAGE(5, 125,
"Please select the Datatype you would like to Delete."));
fmtPtr = "%s\n%s";
- errPtr = XtMalloc((strlen(msgPtr1) + strlen(msgPtr2) +
- strlen(fmtPtr) + 1) * sizeof(char));
- sprintf(errPtr, fmtPtr, msgPtr1, msgPtr2);
+ len = (strlen(msgPtr1) + strlen(msgPtr2) + strlen(fmtPtr) + 2);
+ errPtr = XtMalloc(len);
+ snprintf(errPtr,len - 1, fmtPtr, msgPtr1, msgPtr2);
XtFree(msgPtr2);
XtFree(msgPtr1);
display_error_message(CreateActionAppShell, errPtr);
diff --git a/cde/programs/dtcreate/ca_aux.c b/cde/programs/dtcreate/ca_aux.c
index afd105a..74f08e1 100644
--- a/cde/programs/dtcreate/ca_aux.c
+++ b/cde/programs/dtcreate/ca_aux.c
@@ -849,6 +849,7 @@ void activateCB_add_filetype (Widget wid, XtPointer client_data,
char *ptr;
char tmpbuf[50];
char *pre, *suf, *title;
+ size_t len;
if (!CreateActionAppShellCheckFields()) {
@@ -893,8 +894,9 @@ void activateCB_add_filetype (Widget wid, XtPointer client_data,
pre = GETMESSAGE(3, 10, "Create Action");
suf = GETMESSAGE(7, 10, "Add Datatype");
- title = XtMalloc(strlen(pre) + strlen(suf) + 2);
- sprintf(title, "%s - %s", pre, suf);
+ len = strlen(pre) + strlen(suf) + 4;
+ title = XtMalloc(len);
+ snprintf(title,len - 1,"%s - %s", pre, suf);
XtVaSetValues (AddFiletype,
RES_CONVERT (XmNdialogTitle, title ),
@@ -924,11 +926,13 @@ void activateCB_edit_filetype (Widget wid, XtPointer client_data,
int selecteditem;
char *msgPtr1, *msgPtr2, *fmtPtr, *errPtr;
char *pre, *suf, *title;
+ size_t len;
pre = GETMESSAGE(3, 10, "Create Action");
suf = GETMESSAGE(7, 11, "Edit Datatype");
- title = XtMalloc(strlen(pre) + strlen(suf) + 2);
- sprintf(title, "%s - %s", pre, suf);
+ len = strlen(pre) + strlen(suf) + 4;
+ title = XtMalloc(len);
+ snprintf(title,len - 1, "%s - %s", pre, suf);
/**************************************************************************/
/* Determine the selected list item. */
@@ -959,9 +963,10 @@ void activateCB_edit_filetype (Widget wid, XtPointer client_data,
msgPtr2 = XtNewString(GETMESSAGE(5, 130,
"Please select the Datatype you would like to Edit."));
fmtPtr = "%s\n%s";
- errPtr = XtMalloc((strlen(msgPtr1) + strlen(msgPtr2) +
- strlen(fmtPtr) + 1) * sizeof(char));
- sprintf(errPtr, fmtPtr, msgPtr1, msgPtr2);
+ len = (strlen(msgPtr1) + strlen(msgPtr2) +
+ strlen(fmtPtr) + 3);
+ errPtr = XtMalloc(len);
+ snprintf(errPtr,len - 1, fmtPtr, msgPtr1, msgPtr2);
XtFree(msgPtr2);
XtFree(msgPtr1);
display_error_message(CreateActionAppShell, errPtr);
diff --git a/cde/programs/dtcreate/main.c b/cde/programs/dtcreate/main.c
index 168cd88..1b56e3f 100644
--- a/cde/programs/dtcreate/main.c
+++ b/cde/programs/dtcreate/main.c
@@ -548,6 +548,9 @@ DieFromToolTalkError(Widget parent, char *errfmt, Tt_status status)
if (! tt_is_err(status)) return;
statmsg = tt_status_message(status);
+ /* Solaris dtcreate ignores this so we should too */
+ if(!strncmp("TT_ERR_PTYPE",statmsg,12))
+ return;
errmsg = XtMalloc(strlen(errfmt) + strlen(statmsg) + 2);
sprintf(errmsg, errfmt, statmsg);
--
1.7.2.5
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel
