Commit 3c19325e authored by Julien Devemy's avatar Julien Devemy

Some buffer overflow protections and some docs


(Old svn revision: 2105)
parent 8c7b4789
2006-10-13 3.0 Julien Devemy
* Add French translation
* Add some patches
* Add some test to avoid buffer overflow
2006-07-14 2.0 Julien Devemy
* New version managing XML tags for image, bar, tooltip and click
2004-11-01 1.1 Roger Seguin 2004-11-01 1.1 Roger Seguin
* Fixed bug related to memory dynamic allocation * Fixed bug related to memory dynamic allocation
* Added contribution scripts * Added contribution scripts
......
...@@ -4,7 +4,7 @@ Generic Monitor XFce4 panel plugin (GenMon) ...@@ -4,7 +4,7 @@ Generic Monitor XFce4 panel plugin (GenMon)
1 - Description 1 - Description
----------- -----------
The GenMon plugin cyclically spawns the indicated script/program, captures its output and displays it as a string into the panel. The GenMon plugin cyclically spawns the indicated script/program, captures its output and displays the result into the panel.
2 - Installation 2 - Installation
...@@ -12,7 +12,7 @@ The GenMon plugin cyclically spawns the indicated script/program, captures its o ...@@ -12,7 +12,7 @@ The GenMon plugin cyclically spawns the indicated script/program, captures its o
Do the usual stuff: Do the usual stuff:
- gunzip - gunzip
- tar xf - tar xf
- configure --prefix=<XFce4InstallationDir> (e.g. /usr/local) - ./autogen.sh --prefix=<XFce4InstallationDir> (e.g. /usr/local)
- make - make
- make install (as root) - make install (as root)
...@@ -23,6 +23,10 @@ and ...@@ -23,6 +23,10 @@ and
genmon.desktop genmon.desktop
installed in <XFce4InstallationDir>/share/xfce4/panel-plugins/ installed in <XFce4InstallationDir>/share/xfce4/panel-plugins/
xfce4-genmon-plugin.mo
installed in <XFce4InstallationDir>/share/locale/XX/LC_MESSAGES/
where XX represents the languages supported by genmon plugin
3 - Testing 3 - Testing
------- -------
......
...@@ -76,7 +76,7 @@ typedef struct monitor_t { ...@@ -76,7 +76,7 @@ typedef struct monitor_t {
Widget_t wBar; Widget_t wBar;
Widget_t wButton; Widget_t wButton;
Widget_t wImgButton; Widget_t wImgButton;
char onClickCmd[128]; char onClickCmd[256];
} monitor_t; } monitor_t;
typedef struct genmon_t { typedef struct genmon_t {
...@@ -109,7 +109,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -109,7 +109,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
struct param_t *poConf = &(p_poPlugin->oConf.oParam); struct param_t *poConf = &(p_poPlugin->oConf.oParam);
struct monitor_t *poMonitor = &(p_poPlugin->oMonitor); struct monitor_t *poMonitor = &(p_poPlugin->oMonitor);
char acToolTips[128]; char acToolTips[256];
int status; int status;
char *begin; char *begin;
char *end; char *end;
...@@ -122,10 +122,12 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -122,10 +122,12 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
if (status == -1) if (status == -1)
return (-1); return (-1);
/* Normally it's impossible to overflow the buffer because p_poPlugin->acValue is < 256 */
/* Test if the result is an Image or a Text */ /* Test if the result is an Image or a Text */
begin=strstr(p_poPlugin->acValue, "<img>"); begin=strstr(p_poPlugin->acValue, "<img>");
end=strstr(p_poPlugin->acValue, "</img>"); end=strstr(p_poPlugin->acValue, "</img>");
if ((begin != NULL) && (end != NULL) && (begin < end)) if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
{ {
char buf[256]; char buf[256];
/* Get the image path */ /* Get the image path */
...@@ -138,7 +140,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -138,7 +140,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
/* Test if the result has a clickable Image (button) */ /* Test if the result has a clickable Image (button) */
begin=strstr(p_poPlugin->acValue, "<click>"); begin=strstr(p_poPlugin->acValue, "<click>");
end=strstr(p_poPlugin->acValue, "</click>"); end=strstr(p_poPlugin->acValue, "</click>");
if ((begin != NULL) && (end != NULL) && (begin < end)) if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
{ {
char buf[256]; char buf[256];
/* Get the command path */ /* Get the command path */
...@@ -167,7 +169,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -167,7 +169,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
/* Test if the result is a Text */ /* Test if the result is a Text */
begin=strstr(p_poPlugin->acValue, "<txt>"); begin=strstr(p_poPlugin->acValue, "<txt>");
end=strstr(p_poPlugin->acValue, "</txt>"); end=strstr(p_poPlugin->acValue, "</txt>");
if ((begin != NULL) && (end != NULL) && (begin < end)) if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
{ {
char buf[256]; char buf[256];
/* Get the text */ /* Get the text */
...@@ -185,7 +187,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -185,7 +187,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
/* Test if the result is a Bar */ /* Test if the result is a Bar */
begin=strstr(p_poPlugin->acValue, "<bar>"); begin=strstr(p_poPlugin->acValue, "<bar>");
end=strstr(p_poPlugin->acValue, "</bar>"); end=strstr(p_poPlugin->acValue, "</bar>");
if ((begin != NULL) && (end != NULL) && (begin < end)) if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
{ {
char buf[256]; char buf[256];
int value; int value;
...@@ -193,6 +195,8 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -193,6 +195,8 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
strncpy(buf, begin+5*sizeof(char), end-begin-5*sizeof(char)); strncpy(buf, begin+5*sizeof(char), end-begin-5*sizeof(char));
buf[end-begin-5*sizeof(char)]='\0'; buf[end-begin-5*sizeof(char)]='\0';
value=atoi(buf); value=atoi(buf);
if (value>100)
value=100;
gtk_progress_bar_set_fraction(GTK_PROGRESS_BAR(poMonitor->wBar), (float)value/100.0); gtk_progress_bar_set_fraction(GTK_PROGRESS_BAR(poMonitor->wBar), (float)value/100.0);
gtk_widget_show (poMonitor->wBar); gtk_widget_show (poMonitor->wBar);
...@@ -212,7 +216,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin) ...@@ -212,7 +216,7 @@ static int DisplayCmdOutput (struct genmon_t *p_poPlugin)
/* Test if a ToolTip is given */ /* Test if a ToolTip is given */
begin=strstr(p_poPlugin->acValue, "<tool>"); begin=strstr(p_poPlugin->acValue, "<tool>");
end=strstr(p_poPlugin->acValue, "</tool>"); end=strstr(p_poPlugin->acValue, "</tool>");
if ((begin != NULL) && (end != NULL) && (begin < end)) if ((begin != NULL) && (end != NULL) && (begin < end) && (end-begin < 256*sizeof(char)))
{ {
strncpy(acToolTips, begin+6, end-begin-6); strncpy(acToolTips, begin+6, end-begin-6);
acToolTips[end-begin-6]='\0'; acToolTips[end-begin-6]='\0';
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment