[evolution/gnome-3-28] Bug 796174 - strcat() considered unsafe for buffer overflow
- From: Milan Crha <mcrha src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evolution/gnome-3-28] Bug 796174 - strcat() considered unsafe for buffer overflow
- Date: Tue, 19 Jun 2018 08:36:54 +0000 (UTC)
commit a87ce36cdaaf59ca808e5836ba8d87fb8bef955c
Author: Milan Crha <mcrha redhat com>
Date: Thu Jun 14 14:28:37 2018 +0200
Bug 796174 - strcat() considered unsafe for buffer overflow
src/calendar/gui/e-calendar-view.c | 57 ++++----------
src/calendar/gui/e-meeting-time-sel.c | 91 ----------------------
src/calendar/gui/e-meeting-time-sel.h | 12 ---
src/calendar/gui/print.c | 13 +++-
src/e-util/e-spell-dictionary.c | 3 +-
.../e-mail-parser-tnef-attachment.c | 33 +++-----
6 files changed, 36 insertions(+), 173 deletions(-)
---
diff --git a/src/calendar/gui/e-calendar-view.c b/src/calendar/gui/e-calendar-view.c
index 00c90a22e5..ac3c24720d 100644
--- a/src/calendar/gui/e-calendar-view.c
+++ b/src/calendar/gui/e-calendar-view.c
@@ -2248,7 +2248,7 @@ e_calendar_view_get_description_text (ECalendarView *cal_view)
struct tm start_tm, end_tm;
struct icaltimetype start_tt, end_tt;
icaltimezone *zone;
- gchar buffer[1024] = { 0 };
+ gchar start_buffer[512] = { 0 };
gchar end_buffer[512] = { 0 };
g_return_val_if_fail (E_IS_CALENDAR_VIEW (cal_view), NULL);
@@ -2282,59 +2282,34 @@ e_calendar_view_get_description_text (ECalendarView *cal_view)
if (E_IS_MONTH_VIEW (cal_view) || E_IS_CAL_LIST_VIEW (cal_view)) {
if (start_tm.tm_year == end_tm.tm_year) {
if (start_tm.tm_mon == end_tm.tm_mon) {
- e_utf8_strftime (buffer, sizeof (buffer),
- "%d", &start_tm);
- e_utf8_strftime (end_buffer, sizeof (end_buffer),
- _("%d %b %Y"), &end_tm);
- strcat (buffer, " - ");
- strcat (buffer, end_buffer);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), "%d", &start_tm);
+ e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
} else {
- e_utf8_strftime (buffer, sizeof (buffer),
- _("%d %b"), &start_tm);
- e_utf8_strftime (end_buffer, sizeof (end_buffer),
- _("%d %b %Y"), &end_tm);
- strcat (buffer, " - ");
- strcat (buffer, end_buffer);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%d %b"), &start_tm);
+ e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
}
} else {
- e_utf8_strftime (
- buffer, sizeof (buffer),
- _("%d %b %Y"), &start_tm);
- e_utf8_strftime (
- end_buffer, sizeof (end_buffer),
- _("%d %b %Y"), &end_tm);
- strcat (buffer, " - ");
- strcat (buffer, end_buffer);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%d %b %Y"), &start_tm);
+ e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
}
} else {
if (start_tm.tm_year == end_tm.tm_year &&
start_tm.tm_mon == end_tm.tm_mon &&
start_tm.tm_mday == end_tm.tm_mday) {
- e_utf8_strftime (
- buffer, sizeof (buffer),
- _("%A %d %b %Y"), &start_tm);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%A %d %b %Y"), &start_tm);
} else if (start_tm.tm_year == end_tm.tm_year) {
- e_utf8_strftime (
- buffer, sizeof (buffer),
- _("%a %d %b"), &start_tm);
- e_utf8_strftime (
- end_buffer, sizeof (end_buffer),
- _("%a %d %b %Y"), &end_tm);
- strcat (buffer, " - ");
- strcat (buffer, end_buffer);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%a %d %b"), &start_tm);
+ e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%a %d %b %Y"), &end_tm);
} else {
- e_utf8_strftime (
- buffer, sizeof (buffer),
- _("%a %d %b %Y"), &start_tm);
- e_utf8_strftime (
- end_buffer, sizeof (end_buffer),
- _("%a %d %b %Y"), &end_tm);
- strcat (buffer, " - ");
- strcat (buffer, end_buffer);
+ e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%a %d %b %Y"), &start_tm);
+ e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%a %d %b %Y"), &end_tm);
}
}
- return g_strdup (buffer);
+ if (*start_buffer && *end_buffer)
+ return g_strdup_printf ("%s - %s", start_buffer, end_buffer);
+
+ return g_strdup_printf ("%s%s", start_buffer, end_buffer);
}
void
diff --git a/src/calendar/gui/e-meeting-time-sel.c b/src/calendar/gui/e-meeting-time-sel.c
index 24269bb24e..da6f0400ec 100644
--- a/src/calendar/gui/e-meeting-time-sel.c
+++ b/src/calendar/gui/e-meeting-time-sel.c
@@ -1566,97 +1566,6 @@ e_meeting_time_selector_set_read_only (EMeetingTimeSelector *mts,
gtk_widget_set_sensitive (mts->end_date_edit, !read_only);
}
-/*
- * DEBUGGING ROUTINES - functions to output various bits of data.
- */
-
-#ifdef E_MEETING_TIME_SELECTOR_DEBUG
-
-/* Debugging function to dump information on all attendees. */
-void
-e_meeting_time_selector_dump (EMeetingTimeSelector *mts)
-{
- EMeetingTimeSelectorAttendee *attendee;
- EMeetingTimeSelectorPeriod *period;
- gint row, period_num;
- gchar buffer[128];
-
- g_return_if_fail (E_IS_MEETING_TIME_SELECTOR (mts));
-
- g_print ("\n\nAttendee Information:\n");
-
- for (row = 0; row < mts->attendees->len; row++) {
- attendee = &g_array_index (mts->attendees,
- EMeetingTimeSelectorAttendee, row);
- g_print ("Attendee: %s\n", attendee->name);
- g_print (
- " Longest Busy Period: %i days\n",
- attendee->longest_period_in_days);
-
- e_meeting_time_selector_attendee_ensure_periods_sorted (mts, attendee);
-#if 1
- for (period_num = 0;
- period_num < attendee->busy_periods->len;
- period_num++) {
- period = &g_array_index (attendee->busy_periods,
- EMeetingTimeSelectorPeriod,
- period_num);
-
- /* These are just for debugging so don't need i18n. */
- g_date_strftime (
- buffer, sizeof (buffer),
- "%A, %B %d, %Y", &period->start.date);
- g_print (
- " Start: %s %i:%02i\n", buffer,
- period->start.hour, period->start.minute);
-
- g_date_strftime (
- buffer, sizeof (buffer),
- "%A, %B %d, %Y", &period->end.date);
- g_print (
- " End : %s %i:%02i\n", buffer,
- period->end.hour, period->end.minute);
- }
-#endif
- }
-
-}
-
-/* This formats a EMeetingTimein a string and returns it.
- * Note that it uses a static buffer. */
-gchar *
-e_meeting_time_selector_dump_time (EMeetingTime *mtstime)
-{
- static gchar buffer[128];
-
- gchar buffer2[128];
-
- /* This is just for debugging so doesn't need i18n. */
- g_date_strftime (
- buffer, sizeof (buffer), "%A, %B %d, %Y",
- &mtstime->date);
- sprintf (
- buffer2, " at %i:%02i", (gint) mtstime->hour,
- (gint) mtstime->minute);
- strcat (buffer, buffer2);
-
- return buffer;
-}
-
-/* This formats a GDate in a string and returns it.
- * Note that it uses a static buffer. */
-gchar *
-e_meeting_time_selector_dump_date (GDate *date)
-{
- static gchar buffer[128];
-
- /* This is just for debugging so doesn't need i18n. */
- g_date_strftime (buffer, sizeof (buffer), "%A, %B %d, %Y", date);
- return buffer;
-}
-
-#endif /* E_MEETING_TIME_SELECTOR_DEBUG */
-
static void
e_meeting_time_selector_on_invite_others_button_clicked (GtkWidget *button,
EMeetingTimeSelector *mts)
diff --git a/src/calendar/gui/e-meeting-time-sel.h b/src/calendar/gui/e-meeting-time-sel.h
index b3e0c9b471..9ba41d48a2 100644
--- a/src/calendar/gui/e-meeting-time-sel.h
+++ b/src/calendar/gui/e-meeting-time-sel.h
@@ -55,9 +55,6 @@
(G_TYPE_INSTANCE_GET_CLASS \
((obj), E_TYPE_MEETING_TIME_SELECTOR))
-/* Define this to include the debugging functions. */
-#undef E_MEETING_TIME_SELECTOR_DEBUG
-
/* This is the width of the icon column in the attendees list. */
#define E_MEETING_TIME_SELECTOR_ICON_COLUMN_WIDTH 24
@@ -418,15 +415,6 @@ void e_meeting_time_selector_refresh_free_busy
gint row,
gboolean all);
-/* Debugging function to dump information on all attendees. */
-#ifdef E_MEETING_TIME_SELECTOR_DEBUG
-void e_meeting_time_selector_dump (EMeetingTimeSelector *mts);
-gchar * e_meeting_time_selector_dump_time
- (EMeetingTime *mtstime);
-gchar * e_meeting_time_selector_dump_date
- (GDate *date);
-#endif /* E_MEETING_TIME_SELECTOR_DEBUG */
-
G_END_DECLS
#endif /* E_MEETING_TIME_SELECTOR_H */
diff --git a/src/calendar/gui/print.c b/src/calendar/gui/print.c
index 175adee9cb..db0538921f 100644
--- a/src/calendar/gui/print.c
+++ b/src/calendar/gui/print.c
@@ -3200,8 +3200,10 @@ write_label_piece (time_t t,
convert_timet_to_struct_tm (t, zone, &tmp_tm);
- if (stext != NULL)
- strcat (buffer, stext);
+ if (stext != NULL) {
+ len = strlen (buffer);
+ g_snprintf (buffer + len, size - len, "%s", stext);
+ }
len = strlen (buffer);
if (start_cmp && same_date (tmp_tm, *start_cmp, zone))
@@ -3212,8 +3214,11 @@ write_label_piece (time_t t,
e_time_format_date_and_time (
&tmp_tm, use_24_hour_format, FALSE,
FALSE, &buffer[len], size - len);
- if (etext != NULL)
- strcat (buffer, etext);
+
+ if (etext != NULL) {
+ len = strlen (buffer);
+ g_snprintf (buffer + len, size - len, "%s", etext);
+ }
}
static icaltimezone *
diff --git a/src/e-util/e-spell-dictionary.c b/src/e-util/e-spell-dictionary.c
index a9e51f7f6e..a8f4df8a3f 100644
--- a/src/e-util/e-spell-dictionary.c
+++ b/src/e-util/e-spell-dictionary.c
@@ -101,8 +101,7 @@ _get_isocodeslocaledir (void)
if (beenhere)
return retval;
- strcpy (retval, _get_iso_codes_prefix ());
- strcat (retval, "\\share\\locale" );
+ g_snprintf (retval, sizeof (retval), "%s\\share\\locale", _get_iso_codes_prefix ());
beenhere = 1;
return retval;
}
diff --git a/src/modules/tnef-attachment/e-mail-parser-tnef-attachment.c
b/src/modules/tnef-attachment/e-mail-parser-tnef-attachment.c
index e0242ae06a..8cdce57c66 100644
--- a/src/modules/tnef-attachment/e-mail-parser-tnef-attachment.c
+++ b/src/modules/tnef-attachment/e-mail-parser-tnef-attachment.c
@@ -824,29 +824,16 @@ static gchar * getRruleDayname (guchar a) {
*daystring = 0;
- if (a & 0x01) {
- strcat (daystring, "SU,");
- }
- if (a & 0x02) {
- strcat (daystring, "MO,");
- }
- if (a & 0x04) {
- strcat (daystring, "TU,");
- }
- if (a & 0x08) {
- strcat (daystring, "WE,");
- }
- if (a & 0x10) {
- strcat (daystring, "TH,");
- }
- if (a & 0x20) {
- strcat (daystring, "FR,");
- }
- if (a & 0x40) {
- strcat (daystring, "SA,");
- }
-
- if (strlen (daystring)) {
+ g_snprintf (daystring, sizeof (daystring), "%s%s%s%s%s%s%s",
+ (a & 0x01) ? "SU," : "",
+ (a & 0x02) ? "MO," : "",
+ (a & 0x04) ? "TU," : "",
+ (a & 0x08) ? "WE," : "",
+ (a & 0x10) ? "TH," : "",
+ (a & 0x20) ? "FR," : "",
+ (a & 0x40) ? "SA," : "");
+
+ if (*daystring) {
daystring[strlen (daystring) - 1] = 0;
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
