Commit 8f974afa authored by Milan Crha's avatar Milan Crha
Browse files

Bug 796174 - strcat() considered unsafe for buffer overflow

parent dd8c8259
......@@ -2271,7 +2271,7 @@ e_calendar_view_get_description_text (ECalendarView *cal_view)
struct tm start_tm, end_tm;
struct icaltimetype start_tt, end_tt;
icaltimezone *zone;
gchar buffer[1024] = { 0 };
gchar start_buffer[512] = { 0 };
gchar end_buffer[512] = { 0 };
g_return_val_if_fail (E_IS_CALENDAR_VIEW (cal_view), NULL);
......@@ -2305,59 +2305,34 @@ e_calendar_view_get_description_text (ECalendarView *cal_view)
if (E_IS_MONTH_VIEW (cal_view) || E_IS_CAL_LIST_VIEW (cal_view)) {
if (start_tm.tm_year == end_tm.tm_year) {
if (start_tm.tm_mon == end_tm.tm_mon) {
e_utf8_strftime (buffer, sizeof (buffer),
"%d", &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer),
_("%d %b %Y"), &end_tm);
strcat (buffer, " - ");
strcat (buffer, end_buffer);
e_utf8_strftime (start_buffer, sizeof (start_buffer), "%d", &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
} else {
e_utf8_strftime (buffer, sizeof (buffer),
_("%d %b"), &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer),
_("%d %b %Y"), &end_tm);
strcat (buffer, " - ");
strcat (buffer, end_buffer);
e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%d %b"), &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
}
} else {
e_utf8_strftime (
buffer, sizeof (buffer),
_("%d %b %Y"), &start_tm);
e_utf8_strftime (
end_buffer, sizeof (end_buffer),
_("%d %b %Y"), &end_tm);
strcat (buffer, " - ");
strcat (buffer, end_buffer);
e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%d %b %Y"), &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%d %b %Y"), &end_tm);
}
} else {
if (start_tm.tm_year == end_tm.tm_year &&
start_tm.tm_mon == end_tm.tm_mon &&
start_tm.tm_mday == end_tm.tm_mday) {
e_utf8_strftime (
buffer, sizeof (buffer),
_("%A %d %b %Y"), &start_tm);
e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%A %d %b %Y"), &start_tm);
} else if (start_tm.tm_year == end_tm.tm_year) {
e_utf8_strftime (
buffer, sizeof (buffer),
_("%a %d %b"), &start_tm);
e_utf8_strftime (
end_buffer, sizeof (end_buffer),
_("%a %d %b %Y"), &end_tm);
strcat (buffer, " - ");
strcat (buffer, end_buffer);
e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%a %d %b"), &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%a %d %b %Y"), &end_tm);
} else {
e_utf8_strftime (
buffer, sizeof (buffer),
_("%a %d %b %Y"), &start_tm);
e_utf8_strftime (
end_buffer, sizeof (end_buffer),
_("%a %d %b %Y"), &end_tm);
strcat (buffer, " - ");
strcat (buffer, end_buffer);
e_utf8_strftime (start_buffer, sizeof (start_buffer), _("%a %d %b %Y"), &start_tm);
e_utf8_strftime (end_buffer, sizeof (end_buffer), _("%a %d %b %Y"), &end_tm);
}
}
return g_strdup (buffer);
if (*start_buffer && *end_buffer)
return g_strdup_printf ("%s - %s", start_buffer, end_buffer);
return g_strdup_printf ("%s%s", start_buffer, end_buffer);
}
void
......
......@@ -1566,97 +1566,6 @@ e_meeting_time_selector_set_read_only (EMeetingTimeSelector *mts,
gtk_widget_set_sensitive (mts->end_date_edit, !read_only);
}
/*
* DEBUGGING ROUTINES - functions to output various bits of data.
*/
#ifdef E_MEETING_TIME_SELECTOR_DEBUG
/* Debugging function to dump information on all attendees. */
void
e_meeting_time_selector_dump (EMeetingTimeSelector *mts)
{
EMeetingTimeSelectorAttendee *attendee;
EMeetingTimeSelectorPeriod *period;
gint row, period_num;
gchar buffer[128];
g_return_if_fail (E_IS_MEETING_TIME_SELECTOR (mts));
g_print ("\n\nAttendee Information:\n");
for (row = 0; row < mts->attendees->len; row++) {
attendee = &g_array_index (mts->attendees,
EMeetingTimeSelectorAttendee, row);
g_print ("Attendee: %s\n", attendee->name);
g_print (
" Longest Busy Period: %i days\n",
attendee->longest_period_in_days);
e_meeting_time_selector_attendee_ensure_periods_sorted (mts, attendee);
#if 1
for (period_num = 0;
period_num < attendee->busy_periods->len;
period_num++) {
period = &g_array_index (attendee->busy_periods,
EMeetingTimeSelectorPeriod,
period_num);
/* These are just for debugging so don't need i18n. */
g_date_strftime (
buffer, sizeof (buffer),
"%A, %B %d, %Y", &period->start.date);
g_print (
" Start: %s %i:%02i\n", buffer,
period->start.hour, period->start.minute);
g_date_strftime (
buffer, sizeof (buffer),
"%A, %B %d, %Y", &period->end.date);
g_print (
" End : %s %i:%02i\n", buffer,
period->end.hour, period->end.minute);
}
#endif
}
}
/* This formats a EMeetingTimein a string and returns it.
* Note that it uses a static buffer. */
gchar *
e_meeting_time_selector_dump_time (EMeetingTime *mtstime)
{
static gchar buffer[128];
gchar buffer2[128];
/* This is just for debugging so doesn't need i18n. */
g_date_strftime (
buffer, sizeof (buffer), "%A, %B %d, %Y",
&mtstime->date);
sprintf (
buffer2, " at %i:%02i", (gint) mtstime->hour,
(gint) mtstime->minute);
strcat (buffer, buffer2);
return buffer;
}
/* This formats a GDate in a string and returns it.
* Note that it uses a static buffer. */
gchar *
e_meeting_time_selector_dump_date (GDate *date)
{
static gchar buffer[128];
/* This is just for debugging so doesn't need i18n. */
g_date_strftime (buffer, sizeof (buffer), "%A, %B %d, %Y", date);
return buffer;
}
#endif /* E_MEETING_TIME_SELECTOR_DEBUG */
static void
e_meeting_time_selector_on_invite_others_button_clicked (GtkWidget *button,
EMeetingTimeSelector *mts)
......
......@@ -55,9 +55,6 @@
(G_TYPE_INSTANCE_GET_CLASS \
((obj), E_TYPE_MEETING_TIME_SELECTOR))
/* Define this to include the debugging functions. */
#undef E_MEETING_TIME_SELECTOR_DEBUG
/* This is the width of the icon column in the attendees list. */
#define E_MEETING_TIME_SELECTOR_ICON_COLUMN_WIDTH 24
......@@ -418,15 +415,6 @@ void e_meeting_time_selector_refresh_free_busy
gint row,
gboolean all);
/* Debugging function to dump information on all attendees. */
#ifdef E_MEETING_TIME_SELECTOR_DEBUG
void e_meeting_time_selector_dump (EMeetingTimeSelector *mts);
gchar * e_meeting_time_selector_dump_time
(EMeetingTime *mtstime);
gchar * e_meeting_time_selector_dump_date
(GDate *date);
#endif /* E_MEETING_TIME_SELECTOR_DEBUG */
G_END_DECLS
#endif /* E_MEETING_TIME_SELECTOR_H */
......@@ -3200,8 +3200,10 @@ write_label_piece (time_t t,
convert_timet_to_struct_tm (t, zone, &tmp_tm);
if (stext != NULL)
strcat (buffer, stext);
if (stext != NULL) {
len = strlen (buffer);
g_snprintf (buffer + len, size - len, "%s", stext);
}
len = strlen (buffer);
if (start_cmp && same_date (tmp_tm, *start_cmp, zone))
......@@ -3212,8 +3214,11 @@ write_label_piece (time_t t,
e_time_format_date_and_time (
&tmp_tm, use_24_hour_format, FALSE,
FALSE, &buffer[len], size - len);
if (etext != NULL)
strcat (buffer, etext);
if (etext != NULL) {
len = strlen (buffer);
g_snprintf (buffer + len, size - len, "%s", etext);
}
}
static icaltimezone *
......
......@@ -101,8 +101,7 @@ _get_isocodeslocaledir (void)
if (beenhere)
return retval;
strcpy (retval, _get_iso_codes_prefix ());
strcat (retval, "\\share\\locale" );
g_snprintf (retval, sizeof (retval), "%s\\share\\locale", _get_iso_codes_prefix ());
beenhere = 1;
return retval;
}
......
......@@ -824,29 +824,16 @@ static gchar * getRruleDayname (guchar a) {
*daystring = 0;
if (a & 0x01) {
strcat (daystring, "SU,");
}
if (a & 0x02) {
strcat (daystring, "MO,");
}
if (a & 0x04) {
strcat (daystring, "TU,");
}
if (a & 0x08) {
strcat (daystring, "WE,");
}
if (a & 0x10) {
strcat (daystring, "TH,");
}
if (a & 0x20) {
strcat (daystring, "FR,");
}
if (a & 0x40) {
strcat (daystring, "SA,");
}
if (strlen (daystring)) {
g_snprintf (daystring, sizeof (daystring), "%s%s%s%s%s%s%s",
(a & 0x01) ? "SU," : "",
(a & 0x02) ? "MO," : "",
(a & 0x04) ? "TU," : "",
(a & 0x08) ? "WE," : "",
(a & 0x10) ? "TH," : "",
(a & 0x20) ? "FR," : "",
(a & 0x40) ? "SA," : "");
if (*daystring) {
daystring[strlen (daystring) - 1] = 0;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment