From 5987a7b1af09e97271be3da74d336a64435e759a Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Thu, 23 Nov 2017 21:25:26 +0100 Subject: Dialog.c,Display.c,Font.c,NXdixfonts.c: don't use hardcoded string buffer lengths --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 3b35a8bff..c7fcaf346 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -1406,15 +1406,16 @@ Bool nxagentDisconnectAllFonts() static Bool nxagentGetFontServerPath(char * fontServerPath) { - char path[256]; + /* ensure path is no longer than fontServerPath */ + char path[256] = {0}; - if (NXGetFontParameters(nxagentDisplay, 256, path) == True) + if (NXGetFontParameters(nxagentDisplay, sizeof(path), path) == True) { if (*path != '\0') { strncpy(fontServerPath, path + 1, *path); - *(fontServerPath + *path) = '\0'; + fontServerPath[*path] = '\0'; #ifdef TEST fprintf(stderr, "nxagentGetFontServerPath: Got path [%s].\n", -- cgit v1.2.3 From 9d5c83e2fd215e9e6a6345bc11ee195789e028cb Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Fri, 8 Dec 2017 00:17:24 +0100 Subject: Font.c: shorten string handling --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index c7fcaf346..0a9f6e3c3 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -1452,9 +1452,11 @@ void nxagentVerifyDefaultFontPath(void) fprintf(stderr, "nxagentVerifyDefaultFontPath: Going to search for one or more valid font paths.\n"); #endif - fontPath = malloc(strlen(defaultFontPath) + 1); + /* + * Set the default font path as the first choice. + */ - if (fontPath == NULL) + if ((fontPath = strdup(defaultFontPath)) == NULL) { #ifdef WARNING fprintf(stderr, "nxagentVerifyDefaultFontPath: WARNING! Unable to allocate memory for a new font path. " @@ -1464,12 +1466,6 @@ void nxagentVerifyDefaultFontPath(void) return; } - /* - * Set the default font path as the first choice. - */ - - strcpy(fontPath, defaultFontPath); - if (stat(NXAGENT_DEFAULT_FONT_DIR, &dirStat) == 0 && S_ISDIR(dirStat.st_mode) != 0) { @@ -1741,9 +1737,7 @@ int nxagentSplitString(char *string, char *fields[], int nfields, char *sep) if (i < nfields) { - fields[i] = (char *) malloc(fieldlen + 1); - strncpy(fields[i], current, fieldlen); - *(fields[i] + fieldlen) = 0; + fields[i] = strndup(current, fieldlen); } else { @@ -1767,14 +1761,9 @@ char *nxagentMakeScalableFontName(const char *fontName, int scalableResolution) { char *scalableFontName; const char *s; - int len; int field; - len = strlen(fontName) + 1; - - scalableFontName = malloc(len); - - if (scalableFontName == NULL) + if ((scalableFontName = malloc(strlen(fontName) + 1)) == NULL) { #ifdef PANIC fprintf(stderr, "nxagentMakeScalableFontName: PANIC! malloc() failed.\n"); @@ -1783,7 +1772,7 @@ char *nxagentMakeScalableFontName(const char *fontName, int scalableResolution) return NULL; } - scalableFontName[0] = 0; + scalableFontName[0] = '\0'; if (*fontName != '-') { -- cgit v1.2.3 From 9a6b90c316e6ad2a5180ee9be4b0c9c7139d86b7 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Fri, 8 Dec 2017 00:30:32 +0100 Subject: Font.c: make nxagentGetFontServerPath more readable --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 0a9f6e3c3..39c3b31e1 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -1411,11 +1411,12 @@ static Bool nxagentGetFontServerPath(char * fontServerPath) if (NXGetFontParameters(nxagentDisplay, sizeof(path), path) == True) { - if (*path != '\0') - { - strncpy(fontServerPath, path + 1, *path); + unsigned int len = *path; - fontServerPath[*path] = '\0'; + if (len) + { + strncpy(fontServerPath, path + 1, len); + fontServerPath[len] = '\0'; #ifdef TEST fprintf(stderr, "nxagentGetFontServerPath: Got path [%s].\n", -- cgit v1.2.3 From a8a693817ddb84143ffea22668c32f755336ce09 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Tue, 2 Jan 2018 21:02:41 +0100 Subject: Font.c: pass down size --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 39c3b31e1..5a9b729ed 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -109,7 +109,7 @@ static void nxagentFontReconnect(FontPtr, XID, void *); static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, char *fontName, FontPtr pFont); static XFontStruct *nxagentLoadQueryFont(register Display *dpy , char *fontName , FontPtr pFont); int nxagentFreeFont(XFontStruct *fs); -static Bool nxagentGetFontServerPath(char * fontServerPath); +static Bool nxagentGetFontServerPath(char * fontServerPath, int size); static char * nxagentMakeScalableFontName(const char *fontName, int scalableResolution); @@ -1283,7 +1283,7 @@ Bool nxagentReconnectFailedFonts(void *p0) fprintf(stderr, "nxagentReconnectFailedFonts: \n"); #endif - if (nxagentGetFontServerPath(fontServerPath) == False) + if (nxagentGetFontServerPath(fontServerPath, sizeof(fontServerPath)) == False) { #ifdef WARNING fprintf(stderr, "nxagentReconnectFailedFonts: WARNING! " @@ -1404,19 +1404,18 @@ Bool nxagentDisconnectAllFonts() return True; } -static Bool nxagentGetFontServerPath(char * fontServerPath) +static Bool nxagentGetFontServerPath(char * fontServerPath, int size) { - /* ensure path is no longer than fontServerPath */ char path[256] = {0}; if (NXGetFontParameters(nxagentDisplay, sizeof(path), path) == True) { + /* the length is stored in the first byte and is therefore limited to 255 */ unsigned int len = *path; if (len) { - strncpy(fontServerPath, path + 1, len); - fontServerPath[len] = '\0'; + snprintf(fontServerPath, MIN(size, len + 1), "%s", path + 1); #ifdef TEST fprintf(stderr, "nxagentGetFontServerPath: Got path [%s].\n", -- cgit v1.2.3 From 56fa234856428ca2de92c27904edb1fe28bc4fdc Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Wed, 3 Jan 2018 01:11:34 +0100 Subject: Font.c: replace memcpy by sprintf preventing possible buffer overflows I am not sure about the maximum font name length in X but just in case use snprintf instead of memcpy to be sure nothing dangerous can happen here. --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 5a9b729ed..540ad79e2 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -733,7 +733,7 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, char *fontName, FontP { XFontStruct *fontStruct; - char *substFontBuf; + char substFontBuf[512];; /* X Logical Font Description Conventions * require 14 fields in the font names. @@ -767,12 +767,9 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, char *fontName, FontP fprintf(stderr, "nxagentLoadBestQueryFont: Searching font '%s' .\n", fontName); #endif - substFontBuf = (char *) malloc(sizeof(char) * 512); - - numFontFields = nxagentSplitString(fontName, fontNameFields, FIELDS + 1, "-"); - memcpy(substFontBuf, "fixed\0", strlen("fixed") + 1); + snprintf(substFontBuf, sizeof(substFontBuf), "%s", "fixed"); if (numFontFields <= FIELDS) { @@ -831,8 +828,7 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, char *fontName, FontP /* Found more accurate font */ weight = tempWeight; - memcpy(substFontBuf, nxagentRemoteFontList.list[i]->name, strlen(nxagentRemoteFontList.list[i]->name)); - substFontBuf[strlen(nxagentRemoteFontList.list[i]->name)] = '\0'; + snprintf(substFontBuf, sizeof(substFontBuf), "%s", nxagentRemoteFontList.list[i]->name); #ifdef NXAGENT_RECONNECT_FONT_DEBUG fprintf(stderr, "nxagentLoadBestQueryFont: Weight '%d' of more accurate font '%s' .\n", weight, substFontBuf); @@ -856,8 +852,6 @@ static XFontStruct *nxagentLoadBestQueryFont(Display* dpy, char *fontName, FontP fontStruct = nxagentLoadQueryFont(dpy, substFontBuf, pFont); - free (substFontBuf); - for (j = 0; j < numFontFields; j++) { free(fontNameFields[j]); -- cgit v1.2.3 From 054ae844758a306df4aacd40c46780195853a8f8 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Wed, 3 Jan 2018 01:17:59 +0100 Subject: Font.c: free possibly allocated mem even if we issue a FatalError afterwards --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 540ad79e2..197f0c84a 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -916,6 +916,11 @@ static void nxagentCollectFailedFont(FontPtr fpt, XID id) if (nxagentFailedToReconnectFonts.font == NULL || nxagentFailedToReconnectFonts.id == NULL) { + free(nxagentFailedToReconnectFonts.font); + nxagentFailedToReconnectFonts.font = NULL; + free(nxagentFailedToReconnectFonts.id); + nxagentFailedToReconnectFonts.id = NULL; + FatalError("Font: font not reconnected memory allocation failed!.\n"); } -- cgit v1.2.3 From 1854700722db8067460e82a711521fdb27fb51d4 Mon Sep 17 00:00:00 2001 From: Ulrich Sibiller Date: Wed, 3 Jan 2018 01:31:52 +0100 Subject: Font.c: replace malloc + strcpy by strdup + fix memleak --- nx-X11/programs/Xserver/hw/nxagent/Font.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'nx-X11/programs/Xserver/hw/nxagent/Font.c') diff --git a/nx-X11/programs/Xserver/hw/nxagent/Font.c b/nx-X11/programs/Xserver/hw/nxagent/Font.c index 197f0c84a..5af88b137 100644 --- a/nx-X11/programs/Xserver/hw/nxagent/Font.c +++ b/nx-X11/programs/Xserver/hw/nxagent/Font.c @@ -334,10 +334,12 @@ void nxagentListRemoteAddName(const char *name, int status) if ((nxagentRemoteFontList.list[pos] = malloc(sizeof(nxagentFontRec)))) { - nxagentRemoteFontList.list[pos]->name = malloc(strlen(name) +1); + nxagentRemoteFontList.list[pos]->name = strdup(name); if (nxagentRemoteFontList.list[pos]->name == NULL) { fprintf(stderr, "Font: remote list name memory allocation failed!.\n"); + free(nxagentRemoteFontList.list[pos]); + nxagentRemoteFontList.list[pos] = NULL; return; } } @@ -346,7 +348,6 @@ void nxagentListRemoteAddName(const char *name, int status) fprintf(stderr, "Font: remote list record memory allocation failed!.\n"); return; } - strcpy(nxagentRemoteFontList.list[pos]->name,name); nxagentRemoteFontList.list[pos]->status = status; nxagentRemoteFontList.length++; -- cgit v1.2.3