From 2c5153a335e636b66e13a22f8196e23844f0de49 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sat, 7 Mar 2009 17:58:02 +0000 Subject: [PATCH] Fix two mingw32-only buffer overflows. Note that triggering them requires control over the configuration file in which case all bets are off anyway. --- loadcfg.c | 17 ++++++++++++++--- w32log.c | 11 +++++++---- w32log.h | 12 ++++++++---- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/loadcfg.c b/loadcfg.c index 56f2938c..518df682 100644 --- a/loadcfg.c +++ b/loadcfg.c @@ -1,4 +1,4 @@ -const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.88 2009/02/28 10:57:10 fabiankeil Exp $"; +const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.89 2009/03/01 18:46:33 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/loadcfg.c,v $ @@ -35,6 +35,11 @@ const char loadcfg_rcs[] = "$Id: loadcfg.c,v 1.88 2009/02/28 10:57:10 fabiankeil * * Revisions : * $Log: loadcfg.c,v $ + * Revision 1.89 2009/03/01 18:46:33 fabiankeil + * - Help clang understand that we aren't + * dereferencing NULL pointers here. + * - Some style fixes in the modified region. + * * Revision 1.88 2009/02/28 10:57:10 fabiankeil * Gimme a break or two. Don't let the show-status page * link to the website documentation for the user-manual @@ -1644,10 +1649,16 @@ struct configuration_spec * load_config(void) break; /* ************************************************************************* - * log-font-name fontnane + * log-font-name fontname * *************************************************************************/ case hash_log_font_name : - strcpy( g_szFontFaceName, arg ); + if (strlcpy(g_szFontFaceName, arg, + sizeof(g_szFontFaceName)) >= sizeof(g_szFontFaceName)) + { + log_error(LOG_LEVEL_FATAL, + "log-font-name argument '%s' is longer than %u characters.", + arg, sizeof(g_szFontFaceName)-1); + } break; /* ************************************************************************* diff --git a/w32log.c b/w32log.c index 9c92131a..dd023547 100644 --- a/w32log.c +++ b/w32log.c @@ -1,4 +1,4 @@ -const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $"; +const char w32log_rcs[] = "$Id: w32log.c,v 1.30 2009/01/01 15:09:23 ler762 Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/w32log.c,v $ @@ -6,7 +6,7 @@ const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $ * Purpose : Functions for creating and destroying the log window, * ouputting strings, processing messages and so on. * - * Copyright : Written by and Copyright (C) 2001-2002 members of + * Copyright : Written by and Copyright (C) 2001-2009 members of * the Privoxy team. http://www.privoxy.org/ * * Written by and Copyright (C) 1999 Adam Lock @@ -32,6 +32,9 @@ const char w32log_rcs[] = "$Id: w32log.c,v 1.29 2008/12/20 15:27:40 ler762 Exp $ * * Revisions : * $Log: w32log.c,v $ + * Revision 1.30 2009/01/01 15:09:23 ler762 + * Change the Windows taskbar icon when privoxy is toggled off. + * * Revision 1.29 2008/12/20 15:27:40 ler762 * The crunch log message format changed, so update the strings to highlight * in the log window. @@ -284,7 +287,7 @@ BOOL g_bLimitBufferSize = 1; int g_nMaxBufferLines = DEFAULT_MAX_BUFFER_LINES; /* Font to use */ -char g_szFontFaceName[255] = DEFAULT_LOG_FONT_NAME; +char g_szFontFaceName[32] = DEFAULT_LOG_FONT_NAME; /* Size of font to use */ int g_nFontSize = DEFAULT_LOG_FONT_SIZE; @@ -704,7 +707,7 @@ int LogPutStringNoMatch(const char *pszText, int style) format.cbSize = sizeof(format); format.dwMask = CFM_BOLD | CFM_UNDERLINE | CFM_STRIKEOUT | CFM_ITALIC | CFM_COLOR | CFM_FACE | CFM_SIZE; format.yHeight = (g_nFontSize * 1440) / 72; - strcpy(format.szFaceName, g_szFontFaceName); + strlcpy(format.szFaceName, g_szFontFaceName, sizeof(format.szFaceName)); if (style == STYLE_NONE) { /* DO NOTHING */ diff --git a/w32log.h b/w32log.h index cb409977..9ad6a207 100644 --- a/w32log.h +++ b/w32log.h @@ -1,14 +1,14 @@ #ifndef W32LOG_H_INCLUDED #define W32LOG_H_INCLUDED -#define W32LOG_H_VERSION "$Id: w32log.h,v 1.10.2.2 2002/11/20 14:39:05 oes Exp $" +#define W32LOG_H_VERSION "$Id: w32log.h,v 1.12 2006/07/18 14:48:48 david__schmidt Exp $" /********************************************************************* * - * File : $Source: /cvsroot/ijbswa/current/Attic/w32log.h,v $ + * File : $Source: /cvsroot/ijbswa/current/w32log.h,v $ * * Purpose : Functions for creating and destroying the log window, * ouputting strings, processing messages and so on. * - * Copyright : Written by and Copyright (C) 2001-2002 members of + * Copyright : Written by and Copyright (C) 2001-2009 members of * the Privoxy team. http://www.privoxy.org/ * * Written by and Copyright (C) 1999 Adam Lock @@ -34,6 +34,10 @@ * * Revisions : * $Log: w32log.h,v $ + * Revision 1.12 2006/07/18 14:48:48 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * * Revision 1.10.2.2 2002/11/20 14:39:05 oes * Fixed compiler warning * @@ -130,7 +134,7 @@ extern BOOL g_bLimitBufferSize; extern int g_nMaxBufferLines; /* Font to use */ -extern char g_szFontFaceName[255]; +extern char g_szFontFaceName[32]; /* Size of font to use */ extern int g_nFontSize; -- 2.39.2