Make sure Exceptions do not use unsafe format strings
diff --git a/common/rdr/Exception.h b/common/rdr/Exception.h
index f533dcc..62f452b 100644
--- a/common/rdr/Exception.h
+++ b/common/rdr/Exception.h
@@ -43,15 +43,15 @@
   }; 
 
   struct TimedOut : public Exception {
-    TimedOut(const char* s="Timed out") : Exception(s) {}
+    TimedOut(const char* s="Timed out") : Exception("%s", s) {}
   };
  
   struct EndOfStream : public Exception {
-    EndOfStream(const char* s="End of stream") : Exception(s) {}
+    EndOfStream(const char* s="End of stream") : Exception("%s", s) {}
   };
 
   struct FrameException : public Exception {
-    FrameException(const char* s="Frame exception") : Exception(s) {}
+    FrameException(const char* s="Frame exception") : Exception("%s", s) {}
   };
 
 }
diff --git a/common/rdr/FileInStream.cxx b/common/rdr/FileInStream.cxx
index 18a9169..6d23aa2 100644
--- a/common/rdr/FileInStream.cxx
+++ b/common/rdr/FileInStream.cxx
@@ -72,7 +72,7 @@
     size_t n = fread((U8 *)end, b + sizeof(b) - end, 1, file);
     if (n < 1) {
       if (n < 0 || ferror(file))
-        throw Exception(strerror(errno));
+        throw SystemException("fread", errno);
       if (feof(file))
         throw EndOfStream();
       if (n == 0) { return 0; }
diff --git a/common/rdr/TLSException.cxx b/common/rdr/TLSException.cxx
index 3d39d79..bf8e97a 100644
--- a/common/rdr/TLSException.cxx
+++ b/common/rdr/TLSException.cxx
@@ -34,15 +34,8 @@
 
 #ifdef HAVE_GNUTLS
 TLSException::TLSException(const char* s, int err_)
-  : Exception(s), err(err_)
+  : Exception("%s: %s (%d)", s, gnutls_strerror(err), err), err(err_)
 {
-  strncat(str_, ": ", len-1-strlen(str_));
-  strncat(str_, gnutls_strerror(err), len-1-strlen(str_));
-  strncat(str_, " (", len-1-strlen(str_));
-  char buf[20];
-  sprintf(buf,"%d",err);
-  strncat(str_, buf, len-1-strlen(str_));
-  strncat(str_, ")", len-1-strlen(str_));
 }
 #endif /* HAVE_GNUTLS */
 
diff --git a/common/rfb/CConnection.cxx b/common/rfb/CConnection.cxx
index e0a23b5..8ccd948 100644
--- a/common/rfb/CConnection.cxx
+++ b/common/rfb/CConnection.cxx
@@ -97,12 +97,11 @@
 
   // The only official RFB protocol versions are currently 3.3, 3.7 and 3.8
   if (cp.beforeVersion(3,3)) {
-    char msg[256];
-    sprintf(msg,"Server gave unsupported RFB protocol version %d.%d",
-            cp.majorVersion, cp.minorVersion);
-    vlog.error("%s", msg);
+    vlog.error("Server gave unsupported RFB protocol version %d.%d",
+               cp.majorVersion, cp.minorVersion);
     state_ = RFBSTATE_INVALID;
-    throw Exception(msg);
+    throw Exception("Server gave unsupported RFB protocol version %d.%d",
+                    cp.majorVersion, cp.minorVersion);
   } else if (useProtocol3_3 || cp.beforeVersion(3,7)) {
     cp.setVersion(3,3);
   } else if (cp.afterVersion(3,8)) {
diff --git a/common/rfb/Exception.h b/common/rfb/Exception.h
index 7c2cbca..5f47fcf 100644
--- a/common/rfb/Exception.h
+++ b/common/rfb/Exception.h
@@ -24,14 +24,15 @@
   typedef rdr::Exception Exception;
   struct AuthFailureException : public Exception {
     AuthFailureException(const char* s="Authentication failure")
-      : Exception(s) {}
+      : Exception("%s", s) {}
   };
   struct AuthCancelledException : public rfb::Exception {
     AuthCancelledException(const char* s="Authentication cancelled")
-      : Exception(s) {}
+      : Exception("%s", s) {}
   };
   struct ConnFailedException : public Exception {
-    ConnFailedException(const char* s="Connection failed") : Exception(s) {}
+    ConnFailedException(const char* s="Connection failed")
+      : Exception("%s", s) {}
   };
 }
 #endif
diff --git a/common/rfb/JpegCompressor.cxx b/common/rfb/JpegCompressor.cxx
index c19af34..5df0039 100644
--- a/common/rfb/JpegCompressor.cxx
+++ b/common/rfb/JpegCompressor.cxx
@@ -123,7 +123,7 @@
 
   if(setjmp(err->jmpBuffer)) {
     // this will execute if libjpeg has an error
-    throw rdr::Exception(err->lastError);
+    throw rdr::Exception("%s", err->lastError);
   }
 
   jpeg_create_compress(cinfo);
@@ -166,7 +166,7 @@
     jpeg_abort_compress(cinfo);
     if (srcBufIsTemp && srcBuf) delete[] srcBuf;
     if (rowPointer) delete[] rowPointer;
-    throw rdr::Exception(err->lastError);
+    throw rdr::Exception("%s", err->lastError);
   }
 
   cinfo->image_width = w;
diff --git a/common/rfb/JpegDecompressor.cxx b/common/rfb/JpegDecompressor.cxx
index ca1ad22..70a4276 100644
--- a/common/rfb/JpegDecompressor.cxx
+++ b/common/rfb/JpegDecompressor.cxx
@@ -116,7 +116,7 @@
 
   if(setjmp(err->jmpBuffer)) {
     // this will execute if libjpeg has an error
-    throw rdr::Exception(err->lastError);
+    throw rdr::Exception("%s", err->lastError);
   }
 
   jpeg_create_decompress(dinfo);
@@ -162,7 +162,7 @@
     jpeg_abort_decompress(dinfo);
     if (dstBufIsTemp && dstBuf) delete[] dstBuf;
     if (rowPointer) delete[] rowPointer;
-    throw rdr::Exception(err->lastError);
+    throw rdr::Exception("%s", err->lastError);
   }
 
   src->pub.next_input_byte = jpegBuf;
diff --git a/vncviewer/parameters.cxx b/vncviewer/parameters.cxx
index db9e92d..184af08 100644
--- a/vncviewer/parameters.cxx
+++ b/vncviewer/parameters.cxx
@@ -489,7 +489,6 @@
 
   const size_t buffersize = 256;
   char filepath[PATH_MAX];
-  char write_error[buffersize*2];
   char encodingBuffer[buffersize];
 
   // Write to the registry or a predefined file if no filename was specified.
@@ -514,12 +513,9 @@
 
   /* Write parameters to file */
   FILE* f = fopen(filepath, "w+");
-  if (!f) {
-    snprintf(write_error, sizeof(write_error),
-             _("Failed to write configuration file, can't open %s: %s"),
-             filepath, strerror(errno));
-    throw Exception(write_error);
-  }
+  if (!f)
+    throw Exception(_("Failed to write configuration file, can't open %s: %s"),
+                    filepath, strerror(errno));
   
   fprintf(f, "%s\r\n", IDENTIFIER_STRING);
   fprintf(f, "\r\n");
@@ -548,7 +544,6 @@
 
   const size_t buffersize = 256;
   char filepath[PATH_MAX];
-  char readError[buffersize*2];
   char line[buffersize];
   char decodingBuffer[buffersize];
   static char servername[sizeof(line)];
@@ -575,10 +570,8 @@
   if (!f) {
     if (!filename)
       return NULL; // Use defaults.
-    snprintf(readError, sizeof(readError),
-             _("Failed to read configuration file, can't open %s: %s"),
-             filepath, strerror(errno));
-    throw Exception(readError);
+    throw Exception(_("Failed to read configuration file, can't open %s: %s"),
+                    filepath, strerror(errno));
   }
   
   int lineNr = 0;
@@ -587,31 +580,23 @@
     // Read the next line
     lineNr++;
     if (!fgets(line, sizeof(line), f)) {
-      if (line[sizeof(line) -1] != '\0') {
-        snprintf(readError, sizeof(readError),
-                 _("Failed to read line %d in file %s: %s"),
-                 lineNr, filepath, _("Line too long"));
-        throw Exception(readError);
-      }
+      if (line[sizeof(line) -1] != '\0')
+        throw Exception(_("Failed to read line %d in file %s: %s"),
+                        lineNr, filepath, _("Line too long"));
       if (feof(f))
         break;
 
-      snprintf(readError, sizeof(readError),
-               _("Failed to read line %d in file %s: %s"),
-               lineNr, filepath, strerror(errno));
-      throw Exception(readError);
+      throw Exception(_("Failed to read line %d in file %s: %s"),
+                      lineNr, filepath, strerror(errno));
     }
     
     // Make sure that the first line of the file has the file identifier string
     if(lineNr == 1) {
-      if(strncmp(line, IDENTIFIER_STRING, strlen(IDENTIFIER_STRING)) == 0) {
+      if(strncmp(line, IDENTIFIER_STRING, strlen(IDENTIFIER_STRING)) == 0)
         continue;
-      } else {
-        snprintf(readError, sizeof(readError),
-                 _("Configuration file %s is in an invalid format"),
-                 filepath);
-        throw Exception(readError);
-      }
+      else
+        throw Exception(_("Configuration file %s is in an invalid format"),
+                        filepath);
     }
     
     // Skip empty lines and comments