[Goodies-commits] r2105 - in xfce4-genmon-plugin/trunk: . panel-plugin

Julien Devemy jujucece at xfce.org
Fri Oct 13 18:01:30 CEST 2006 

Author: jujucece
Date: 2006-10-13 16:01:28 +0000 (Fri, 13 Oct 2006)
New Revision: 2105

Modified:
   xfce4-genmon-plugin/trunk/ChangeLog
   xfce4-genmon-plugin/trunk/README
   xfce4-genmon-plugin/trunk/panel-plugin/main.c
Log:
Some buffer overflow protections and some docs


Modified: xfce4-genmon-plugin/trunk/ChangeLog
===================================================================
--- xfce4-genmon-plugin/trunk/ChangeLog	2006-10-13 11:41:40 UTC (rev 2104)
+++ xfce4-genmon-plugin/trunk/ChangeLog	2006-10-13 16:01:28 UTC (rev 2105)
@@ -1,3 +1,11 @@
+2006-10-13 3.0 Julien Devemy
+    * Add French translation
+    * Add some patches
+    * Add some test to avoid buffer overflow
+
+2006-07-14 2.0 Julien Devemy
+    * New version managing XML tags for image, bar, tooltip and click
+
 2004-11-01 1.1 Roger Seguin
 	* Fixed bug related to memory dynamic allocation
 	* Added contribution scripts

Modified: xfce4-genmon-plugin/trunk/README
===================================================================
--- xfce4-genmon-plugin/trunk/README	2006-10-13 11:41:40 UTC (rev 2104)
+++ xfce4-genmon-plugin/trunk/README	2006-10-13 16:01:28 UTC (rev 2105)
@@ -4,7 +4,7 @@
 
 1 -	Description
 	-----------
-The GenMon plugin cyclically spawns the indicated script/program, captures its output and displays it as a string into the panel.
+The GenMon plugin cyclically spawns the indicated script/program, captures its output and displays the result into the panel.
 
 
 2 -	Installation
@@ -12,7 +12,7 @@
 Do the usual stuff:
 	- gunzip
 	- tar xf
-	- configure --prefix=<XFce4InstallationDir>	(e.g. /usr/local)
+	- ./autogen.sh --prefix=<XFce4InstallationDir>	(e.g. /usr/local)
 	- make
 	- make install  (as root)
 	
@@ -23,6 +23,10 @@
         genmon.desktop
 installed in <XFce4InstallationDir>/share/xfce4/panel-plugins/
 
+        xfce4-genmon-plugin.mo
+installed in <XFce4InstallationDir>/share/locale/XX/LC_MESSAGES/
+where XX represents the languages supported by genmon plugin
+
 3 -	Testing
 	-------
 

Modified: xfce4-genmon-plugin/trunk/panel-plugin/main.c
===================================================================
--- xfce4-genmon-plugin/trunk/panel-plugin/main.c	2006-10-13 11:41:40 UTC (rev 2104)
+++ xfce4-genmon-plugin/trunk/panel-plugin/main.c	2006-10-13 16:01:28 UTC (rev 2105)
@@ -76,7 +76,7 @@
     Widget_t        wBar;
     Widget_t        wButton;
     Widget_t        wImgButton;
-    char            onClickCmd[128];
+    char            onClickCmd[256];
 } monitor_t;
 
 typedef struct genmon_t {
@@ -109,7 +109,7 @@
 
     struct param_t *poConf = &(p_poPlugin->oConf.oParam);
     struct monitor_t *poMonitor = &(p_poPlugin->oMonitor);
-    char            acToolTips[128];
+    char            acToolTips[256];
     int             status;
     char  *begin;
     char  *end;
@@ -122,10 +122,12 @@
     if (status == -1)
         return (-1);
 
+    /* Normally it's impossible to overflow the buffer because p_poPlugin->acValue is < 256 */ 
+
     /* Test if the result is an Image or a Text */
     begin=strstr(p_poPlugin->acValue, "<img>");
     end=strstr(p_poPlugin->acValue, "</img>");
-    if ((begin != NULL) && (end != NULL) && (begin < end))
+    if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
     {
         char  buf[256];
         /* Get the image path */
@@ -138,7 +140,7 @@
         /* Test if the result has a clickable Image (button) */
         begin=strstr(p_poPlugin->acValue, "<click>");
         end=strstr(p_poPlugin->acValue, "</click>");
-        if ((begin != NULL) && (end != NULL) && (begin < end))
+        if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
         {
             char  buf[256];
             /* Get the command path */
@@ -167,7 +169,7 @@
     /* Test if the result is a Text */
     begin=strstr(p_poPlugin->acValue, "<txt>");
     end=strstr(p_poPlugin->acValue, "</txt>");
-    if ((begin != NULL) && (end != NULL) && (begin < end))
+    if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
     {
         char  buf[256];
         /* Get the text */
@@ -185,7 +187,7 @@
     /* Test if the result is a Bar */
     begin=strstr(p_poPlugin->acValue, "<bar>");
     end=strstr(p_poPlugin->acValue, "</bar>");
-    if ((begin != NULL) && (end != NULL) && (begin < end))
+    if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
     {
         char  buf[256];
         int value;
@@ -193,6 +195,8 @@
         strncpy(buf, begin+5*sizeof(char), end-begin-5*sizeof(char));
         buf[end-begin-5*sizeof(char)]='\0';
         value=atoi(buf);
+        if (value>100)
+            value=100;
         gtk_progress_bar_set_fraction(GTK_PROGRESS_BAR(poMonitor->wBar), (float)value/100.0);
         gtk_widget_show (poMonitor->wBar);
 
@@ -212,7 +216,7 @@
     /* Test if a ToolTip is given */
     begin=strstr(p_poPlugin->acValue, "<tool>");
     end=strstr(p_poPlugin->acValue, "</tool>");
-    if ((begin != NULL) && (end != NULL) && (begin < end))
+    if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
     {
         strncpy(acToolTips, begin+6, end-begin-6);
         acToolTips[end-begin-6]='\0';

More information about the Goodies-commits mailing list