Fix two mingw32-only buffer overflows. Note that triggering

them requires control over the configuration file in which
case all bets are off anyway.

diff --git a/loadcfg.c b/loadcfg.c
index 56f2938..518df68 100644 (file)
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1,4 +1,4 @@
-const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.88 2009/02/28 10:57:10 fabiankeil Exp $";
+const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.89 2009/03/01 18:46:33 fabiankeil Exp $";

 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/loadcfg.c,v $
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/loadcfg.c,v $


@@ -35,6 +35,11 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.88 2009/02/28 10:57:10 fabiankeil
  *
  * Revisions   :
  *    $Log: loadcfg.c,v $
  *
  * Revisions   :
  *    $Log: loadcfg.c,v $

+ *    Revision 1.89  2009/03/01 18:46:33  fabiankeil
+ *    - Help clang understand that we aren't
+ *      dereferencing NULL pointers here.
+ *    - Some style fixes in the modified region.
+ *

  *    Revision 1.88  2009/02/28 10:57:10  fabiankeil
  *    Gimme a break or two. Don't let the show-status page
  *    link to the website documentation for the user-manual
  *    Revision 1.88  2009/02/28 10:57:10  fabiankeil
  *    Gimme a break or two. Don't let the show-status page
  *    link to the website documentation for the user-manual


@@ -1644,10 +1649,16 @@ struct configuration_spec * load_config(void)
             break;
 
 /* *************************************************************************
             break;
 
 /* *************************************************************************

- * log-font-name fontnane
+ * log-font-name fontname

  * *************************************************************************/
          case hash_log_font_name :
  * *************************************************************************/
          case hash_log_font_name :

-            strcpy( g_szFontFaceName, arg );
+            if (strlcpy(g_szFontFaceName, arg,
+                   sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName))
+            {
+               log_error(LOG_LEVEL_FATAL,
+                  "log-font-name argument '%s' is longer than %u characters.",
+                  arg, sizeof(g_szFontFaceName)-1);
+            }

             break;
 
 /* *************************************************************************
             break;
 
 /* *************************************************************************

diff --git a/w32log.c b/w32log.c
index 9c92131..dd02354 100644 (file)
--- a/w32log.c
+++ b/w32log.c
@@ -1,4 +1,4 @@
-const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $";
+const char w32log_rcs[] = "$Id: w32log.c,v 1.30 2009/01/01 15:09:23 ler762 Exp $";

 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/w32log.c,v $
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/w32log.c,v $


@@ -6,7 +6,7 @@ const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $
  * Purpose     :  Functions for creating and destroying the log window,
  *                ouputting strings, processing messages and so on.
  *
  * Purpose     :  Functions for creating and destroying the log window,
  *                ouputting strings, processing messages and so on.
  *

- * Copyright   :  Written by and Copyright (C) 2001-2002 members of
+ * Copyright   :  Written by and Copyright (C) 2001-2009 members of

  *                the Privoxy team.  http://www.privoxy.org/
  *
  *                Written by and Copyright (C) 1999 Adam Lock
  *                the Privoxy team.  http://www.privoxy.org/
  *
  *                Written by and Copyright (C) 1999 Adam Lock


@@ -32,6 +32,9 @@ const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $
  *
  * Revisions   :
  *    $Log: w32log.c,v $
  *
  * Revisions   :
  *    $Log: w32log.c,v $

+ *    Revision 1.30  2009/01/01 15:09:23  ler762
+ *    Change the Windows taskbar icon when privoxy is toggled off.
+ *

  *    Revision 1.29  2008/12/20 15:27:40  ler762
  *    The crunch log message format changed, so update the strings to highlight
  *    in the log window.
  *    Revision 1.29  2008/12/20 15:27:40  ler762
  *    The crunch log message format changed, so update the strings to highlight
  *    in the log window.


@@ -284,7 +287,7 @@ BOOL g_bLimitBufferSize = 1;
 int g_nMaxBufferLines = DEFAULT_MAX_BUFFER_LINES;
 
 /* Font to use */
 int g_nMaxBufferLines = DEFAULT_MAX_BUFFER_LINES;
 
 /* Font to use */

-char g_szFontFaceName[255] = DEFAULT_LOG_FONT_NAME;
+char g_szFontFaceName[32] = DEFAULT_LOG_FONT_NAME;

 
 /* Size of font to use */
 int g_nFontSize = DEFAULT_LOG_FONT_SIZE;
 
 /* Size of font to use */
 int g_nFontSize = DEFAULT_LOG_FONT_SIZE;


@@ -704,7 +707,7 @@ int LogPutStringNoMatch(const char *pszText, int style)
    format.cbSize = sizeof(format);
    format.dwMask = CFM_BOLD | CFM_UNDERLINE | CFM_STRIKEOUT | CFM_ITALIC | CFM_COLOR | CFM_FACE | CFM_SIZE;
    format.yHeight = (g_nFontSize * 1440) / 72;
    format.cbSize = sizeof(format);
    format.dwMask = CFM_BOLD | CFM_UNDERLINE | CFM_STRIKEOUT | CFM_ITALIC | CFM_COLOR | CFM_FACE | CFM_SIZE;
    format.yHeight = (g_nFontSize * 1440) / 72;

-   strcpy(format.szFaceName, g_szFontFaceName);
+   strlcpy(format.szFaceName, g_szFontFaceName, sizeof(format.szFaceName));

    if (style == STYLE_NONE)
    {
       /* DO NOTHING */
    if (style == STYLE_NONE)
    {
       /* DO NOTHING */

diff --git a/w32log.h b/w32log.h
index cb40997..9ad6a20 100644 (file)
--- a/w32log.h
+++ b/w32log.h
@@ -1,14 +1,14 @@
 #ifndef W32LOG_H_INCLUDED
 #define W32LOG_H_INCLUDED
 #ifndef W32LOG_H_INCLUDED
 #define W32LOG_H_INCLUDED

-#define W32LOG_H_VERSION "$Id: w32log.h,v 1.10.2.2 2002/11/20 14:39:05 oes Exp $"
+#define W32LOG_H_VERSION "$Id: w32log.h,v 1.12 2006/07/18 14:48:48 david__schmidt Exp $"

 /*********************************************************************
  *
 /*********************************************************************
  *

- * File        :  $Source: /cvsroot/ijbswa/current/Attic/w32log.h,v $
+ * File        :  $Source: /cvsroot/ijbswa/current/w32log.h,v $

  *
  * Purpose     :  Functions for creating and destroying the log window,
  *                ouputting strings, processing messages and so on.
  *
  *
  * Purpose     :  Functions for creating and destroying the log window,
  *                ouputting strings, processing messages and so on.
  *

- * Copyright   :  Written by and Copyright (C) 2001-2002 members of
+ * Copyright   :  Written by and Copyright (C) 2001-2009 members of

  *                the Privoxy team.  http://www.privoxy.org/
  *
  *                Written by and Copyright (C) 1999 Adam Lock
  *                the Privoxy team.  http://www.privoxy.org/
  *
  *                Written by and Copyright (C) 1999 Adam Lock


@@ -34,6 +34,10 @@
  *
  * Revisions   :
  *    $Log: w32log.h,v $
  *
  * Revisions   :
  *    $Log: w32log.h,v $

+ *    Revision 1.12  2006/07/18 14:48:48  david__schmidt
+ *    Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch)
+ *    with what was really the latest development (the v_3_0_branch branch)
+ *

  *    Revision 1.10.2.2  2002/11/20 14:39:05  oes
  *    Fixed compiler warning
  *
  *    Revision 1.10.2.2  2002/11/20 14:39:05  oes
  *    Fixed compiler warning
  *


@@ -130,7 +134,7 @@ extern BOOL g_bLimitBufferSize;
 extern int g_nMaxBufferLines;
 
 /* Font to use */
 extern int g_nMaxBufferLines;
 
 /* Font to use */

-extern char g_szFontFaceName[255];
+extern char g_szFontFaceName[32];

 
 /* Size of font to use */
 extern int g_nFontSize;
 
 /* Size of font to use */
 extern int g_nFontSize;