[grisbi-cvs] grisbi/src dialog.c, 1.71, 1.72 erreur.c, 1.93, 1.94 etats_affiche.c, 1.107, 1.108 export_csv.c, 1.22, 1.23 import.c, 1.287, 1.288 import_csv.c, 1.54, 1.55

Sun Aug 30 22:36:13 CEST 2009

Update of /cvsroot/grisbi/grisbi/src
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv14961/src

Modified Files:
	dialog.c erreur.c etats_affiche.c export_csv.c import.c 
	import_csv.c 
Log Message:
Corrections to protect themselves from attacks type "format string attacks"

Index: etats_affiche.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/etats_affiche.c,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -d -r1.107 -r1.108

--- etats_affiche.c	24 Aug 2009 08:57:45 -0000	1.107
+++ etats_affiche.c	30 Aug 2009 20:36:10 -0000	1.108
@@ -1209,7 +1209,7 @@
 		text = g_strdup_printf ( COLON(fmtstr), nb_ope_periode_etat );
 	    }
 	    else
-		text = g_strdup_printf ( COLON(_("Result without financial year")));
+		text = g_strdup_printf ( "%s", COLON( _("Result without financial year") ) );
 	}
 
 

Index: erreur.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/erreur.c,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -d -r1.93 -r1.94
--- erreur.c	24 Aug 2009 13:40:57 -0000	1.93
+++ erreur.c	30 Aug 2009 20:36:10 -0000	1.94
@@ -289,7 +289,7 @@
 	    fflush (debug_file);
 	}
 
-	g_print( tmpstr );
+	g_print( "%s", tmpstr );
 	g_free ( tmpstr );
     }
 }
@@ -326,7 +326,7 @@
 	    fwrite ( tmpstr, sizeof (gchar), strlen (tmpstr), debug_file);
 	    fflush (debug_file);
 	}
-	g_print( tmpstr );
+	g_print( "%s", tmpstr );
 	g_free ( tmpstr );
     }
 }

Index: dialog.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/dialog.c,v
retrieving revision 1.71
retrieving revision 1.72
diff -u -d -r1.71 -r1.72
--- dialog.c	27 Apr 2009 19:41:03 -0000	1.71
+++ dialog.c	30 Aug 2009 20:36:10 -0000	1.72
@@ -176,7 +176,7 @@
  */
 void dialogue_warning_hint ( gchar *text, gchar * hint )
 {
-    dialogue_special ( GTK_MESSAGE_WARNING, make_hint(hint, text) );
+    dialogue_special ( GTK_MESSAGE_WARNING, make_hint (hint, text) );
 }
 
 
@@ -192,8 +192,9 @@
     GtkWidget *dialog;
 
     dialog = gtk_message_dialog_new ( GTK_WINDOW (window), 
-				      GTK_DIALOG_DESTROY_WITH_PARENT,
-				      param, GTK_BUTTONS_CLOSE, text );
+                        GTK_DIALOG_DESTROY_WITH_PARENT,
+                        param, GTK_BUTTONS_CLOSE,
+                        "%s", text );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG(dialog)->label ), text );
 
     gtk_window_set_modal ( GTK_WINDOW ( dialog ), TRUE );
@@ -210,13 +211,14 @@
  * \param text Text to display in window
  */
 GtkWidget * dialogue_special_no_run ( GtkMessageType param, GtkButtonsType buttons,
-				      gchar * text )
+				      gchar *text )
 {
     GtkWidget *dialog;
 
     dialog = gtk_message_dialog_new ( GTK_WINDOW (window), 
-				      GTK_DIALOG_DESTROY_WITH_PARENT,
-				      param, buttons, text );
+                        GTK_DIALOG_DESTROY_WITH_PARENT,
+                        param, buttons,
+                        "%s", text );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG(dialog)->label ), text );
 
     gtk_window_set_modal ( GTK_WINDOW ( dialog ), TRUE );
@@ -276,8 +278,10 @@
 	}
     }
 
-    dialog = gtk_message_dialog_new ( GTK_WINDOW (window), GTK_DIALOG_DESTROY_WITH_PARENT,
-				      type, buttons, text );
+    dialog = gtk_message_dialog_new ( GTK_WINDOW (window),
+                        GTK_DIALOG_DESTROY_WITH_PARENT,
+                        type, buttons,
+                        "%s", text );
     gtk_dialog_set_default_response ( GTK_DIALOG( dialog ), GTK_RESPONSE_CLOSE );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG(dialog)->label ), text );
 
@@ -316,26 +320,6 @@
 
 
 /**
- * This function pop ups a dialog with a hint (first sentence, in
- * bold), an informal text and a checkbox that allow this message not
- * to be displayed again thanks to preferences.  It calls
- * dialogue_conditional to achieve display.
- *
- * \param text text to be displayed
- * \param hint hint to be displayed
- * \param var variable that both controls whether the dialog will
- * appear or not and that indicates which variable could be modified
- * so that this message won't appear again.
- */
-/*TODO dOm : function seems not to be used 
-void dialogue_conditional_info_hint ( gchar *hint, gchar * text, gchar * var )
-{
-    dialogue_conditional_special ( make_hint(hint, text), var, GTK_MESSAGE_INFO );
-}
-*/
-
-
-/**
  * This function pop ups a dialog with an informal text and a checkbox
  * that allow this message not to be displayed again thanks to
  * preferences.
@@ -429,7 +413,7 @@
 				      GTK_DIALOG_DESTROY_WITH_PARENT,
 				      GTK_MESSAGE_QUESTION,
 				      GTK_BUTTONS_YES_NO,
-				      texte );
+				      "%s", texte );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG(dialog)->label ), texte );
 
     gtk_dialog_set_default_response (GTK_DIALOG (dialog),
@@ -475,10 +459,10 @@
     }
 
     dialog = dialogue_conditional_new ( make_hint ( _(messages[i].hint),
-						    _(messages[i].message)),
-					var,
-					GTK_MESSAGE_WARNING,
-					GTK_BUTTONS_YES_NO );
+                        _(messages[i].message)),
+                        var,
+                        GTK_MESSAGE_WARNING,
+                        GTK_BUTTONS_YES_NO );
 
     response = gtk_dialog_run (GTK_DIALOG (dialog));
 					
@@ -629,8 +613,10 @@
     format_text = make_hint (hint, text);
 
     dialog = gtk_message_dialog_new ( GTK_WINDOW (window), 
-				      GTK_DIALOG_DESTROY_WITH_PARENT,
-				      GTK_MESSAGE_INFO, GTK_BUTTONS_CLOSE, format_text );
+                        GTK_DIALOG_DESTROY_WITH_PARENT,
+                        GTK_MESSAGE_INFO, 
+                        GTK_BUTTONS_CLOSE,
+                        "%s", format_text );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG(dialog)->label ), format_text );
 
     hbox = gtk_hbox_new (FALSE, 5);

Index: import.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/import.c,v
retrieving revision 1.287
retrieving revision 1.288
diff -u -d -r1.287 -r1.288
--- import.c	30 Aug 2009 17:59:48 -0000	1.287
+++ import.c	30 Aug 2009 20:36:11 -0000	1.288
@@ -1291,7 +1291,7 @@
                         GTK_DIALOG_DESTROY_WITH_PARENT,
                         GTK_MESSAGE_QUESTION,
                         GTK_BUTTONS_YES_NO,
-                        text );
+                        "%s", text );
     gtk_label_set_markup ( GTK_LABEL ( GTK_MESSAGE_DIALOG ( dialog ) ->label ), text );
 
     vbox = GTK_DIALOG(dialog) -> vbox;

Index: import_csv.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/import_csv.c,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -d -r1.54 -r1.55
--- import_csv.c	24 Aug 2009 13:56:59 -0000	1.54
+++ import_csv.c	30 Aug 2009 20:36:11 -0000	1.55
@@ -1151,15 +1151,15 @@
 		    {
 			if ( ! field -> parse ( ope, list -> data ) )
 			{
-			    g_print ("(failed)");
+			    g_print ("%s", "(failed)");
 			}
 		    }
 		    else
 		    {
-			g_print ("(invalid)");
+			g_print ("%s", "(invalid)");
 		    }
 		}
-		g_print ("\n");
+		g_print ("%s", "\n");
 	    }
 	    list = list -> next;
 	}

Index: export_csv.c
===================================================================
RCS file: /cvsroot/grisbi/grisbi/src/export_csv.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- export_csv.c	24 Aug 2009 08:57:45 -0000	1.22
+++ export_csv.c	30 Aug 2009 20:36:11 -0000	1.23
@@ -278,7 +278,7 @@
     if ( csv_field_tiers )
         g_free ( csv_field_tiers );
     /* TODO dOm : is it necessary to duplicate memory with g_strdup_printf since it was already newly allocated memory ? */
-    csv_field_tiers = g_strdup_printf ( tmpstr );
+    csv_field_tiers = g_strdup_printf ( "%s", tmpstr );
     g_free ( tmpstr );
 
     /* set the initial current_balance,

