pidgin.mxit: 4639b1b1: For safety, rather use g_strlcpy() and s...

andrew.victor at mxit.com andrew.victor at mxit.com
Mon Jul 19 05:55:41 EDT 2010


----------------------------------------------------------------------
Revision: 4639b1b177ea7bba7e37b11ac17cfbdf1cade56f
Parent:   da4a86838b05de19f69faa2e6e036850380a69bc
Author:   andrew.victor at mxit.com
Date:     07/19/10 05:52:08
Branch:   im.pidgin.pidgin.mxit
URL: http://d.pidgin.im/viewmtn/revision/info/4639b1b177ea7bba7e37b11ac17cfbdf1cade56f

Changelog: 

For safety, rather use g_strlcpy() and snprintf() where possible.


Changes against parent da4a86838b05de19f69faa2e6e036850380a69bc

  patched  libpurple/protocols/mxit/actions.c
  patched  libpurple/protocols/mxit/protocol.c
  patched  libpurple/protocols/mxit/roster.c

-------------- next part --------------
============================================================
--- libpurple/protocols/mxit/actions.c	e93df55e922389cbd5a9aebb820f3ed45410a6f8
+++ libpurple/protocols/mxit/actions.c	63a1e7c3e6831882a89f53e8fd5252aa194657ee
@@ -125,7 +125,7 @@ out:
 		acount++;
 
 		/* update birthday */
-		strcpy( profile->birthday, bday );
+		g_strlcpy( profile->birthday, bday, sizeof( profile->birthday ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_BIRTHDATE, CP_PROFILE_TYPE_UTF8, profile->birthday );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -141,7 +141,7 @@ out:
 		if ( !name )
 			profile->title[0] = '\0';
 		else
-			strcpy( profile->title, name );
+			g_strlcpy( profile->title, name, sizeof( profile->title ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_TITLE, CP_PROFILE_TYPE_UTF8, profile->title );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -151,7 +151,7 @@ out:
 		if ( !name )
 			profile->firstname[0] = '\0';
 		else
-			strcpy( profile->firstname, name );
+			g_strlcpy( profile->firstname, name, sizeof( profile->firstname ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_FIRSTNAME, CP_PROFILE_TYPE_UTF8, profile->firstname );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -161,7 +161,7 @@ out:
 		if ( !name )
 			profile->lastname[0] = '\0';
 		else
-			strcpy( profile->lastname, name );
+			g_strlcpy( profile->lastname, name, sizeof( profile->lastname ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_LASTNAME, CP_PROFILE_TYPE_UTF8, profile->lastname );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -171,7 +171,7 @@ out:
 		if ( !name )
 			profile->email[0] = '\0';
 		else
-			strcpy( profile->email, name );
+			g_strlcpy( profile->email, name, sizeof( profile->email ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_EMAIL, CP_PROFILE_TYPE_UTF8, profile->email );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -181,7 +181,7 @@ out:
 		if ( !name )
 			profile->mobilenr[0] = '\0';
 		else
-			strcpy( profile->mobilenr, name );
+			g_strlcpy( profile->mobilenr, name, sizeof( profile->mobilenr ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_MOBILENR, CP_PROFILE_TYPE_UTF8, profile->mobilenr );
 		g_string_append( attributes, attrib );
 		acount++;
============================================================
--- libpurple/protocols/mxit/protocol.c	900749d44b44a3478743bbd1d6b9dc441b437683
+++ libpurple/protocols/mxit/protocol.c	3500d49b2b40825f04228ed136aaebb3065df771
@@ -445,7 +445,7 @@ static void mxit_queue_packet( struct MX
 	packet->headerlen = 0;
 
 	/* create generic packet header */
-	hlen = sprintf( header,	"id=%s%c", session->acc->username, CP_REC_TERM );			/* client msisdn */
+	hlen = snprintf( header, sizeof( header ), "id=%s%c", session->acc->username, CP_REC_TERM );			/* client msisdn */
 
 	if ( session->http ) {
 		/* http connection only */
@@ -642,7 +642,8 @@ void mxit_send_register( struct MXitSess
 	locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c%s%c"		/* "ms"=password\1version\1maxreplyLen\1name\1 */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c%s%c"		/* "ms"=password\1version\1maxreplyLen\1name\1 */
 								"%s%c%i%c%s%c%s%c"			/* dateOfBirth\1gender\1location\1capabilities\1 */
 								"%s%c%i%c%s%c%s",			/* dc\1features\1dialingcode\1locale */
 								session->encpwd, CP_FLD_TERM, MXIT_CP_VERSION, CP_FLD_TERM, CP_MAX_FILESIZE, CP_FLD_TERM, profile->nickname, CP_FLD_TERM,
@@ -670,7 +671,8 @@ void mxit_send_login( struct MXitSession
 	locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c"			/* "ms"=password\1version\1getContacts\1 */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c"			/* "ms"=password\1version\1getContacts\1 */
 								"%s%c%s%c%i%c"				/* capabilities\1dc\1features\1 */
 								"%s%c%s%c"					/* dialingcode\1locale\1 */
 								"%i%c%i%c%i",				/* maxReplyLen\1protocolVer\1lastRosterUpdate */
@@ -711,7 +713,8 @@ void mxit_send_message( struct MXitSessi
 		markuped_msg = g_strdup( msg );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c%i",		/* "ms"=jid\1msg\1type\1flags */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c%i",		/* "ms"=jid\1msg\1type\1flags */
 								to, CP_FLD_TERM, markuped_msg, CP_FLD_TERM, msgtype, CP_FLD_TERM, CP_MSG_MARKUP | CP_MSG_EMOTICON
 	);
 
@@ -737,7 +740,8 @@ void mxit_send_extprofile_request( struc
 	int				datalen;
 	unsigned int	i;
 
-	datalen = sprintf( data,	"ms=%s%c%i",		/* "ms="mxitid\1nr_attributes */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",		/* "ms="mxitid\1nr_attributes */
 								(username ? username : ""), CP_FLD_TERM, nr_attrib);
 
 	/* add attributes */
@@ -767,7 +771,8 @@ void mxit_send_extprofile_update( struct
 	parts = g_strsplit( attributes, "\01", ( MXIT_MAX_ATTRIBS * 3 ) );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=password\1nr_attibutes  */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=password\1nr_attibutes  */
 								( password ) ? password : "", CP_FLD_TERM, nr_attrib
 	);
 
@@ -797,7 +802,8 @@ void mxit_send_presence( struct MXitSess
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%i%c",					/* "ms"=show\1status */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%i%c",					/* "ms"=show\1status */
 								presence, CP_FLD_TERM
 	);
 
@@ -822,7 +828,8 @@ void mxit_send_mood( struct MXitSession*
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%i",	/* "ms"=mood */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%i",	/* "ms"=mood */
 								mood
 	);
 
@@ -845,7 +852,8 @@ void mxit_send_invite( struct MXitSessio
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s%c%i%c%s",	/* "ms"=group\1username\1alias\1type\1msg */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s%c%i%c%s",	/* "ms"=group\1username\1alias\1type\1msg */
 								groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias,
 								CP_FLD_TERM, MXIT_TYPE_MXIT, CP_FLD_TERM, ""
 	);
@@ -867,7 +875,8 @@ void mxit_send_remove( struct MXitSessio
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=username */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=username */
 								username
 	);
 
@@ -889,7 +898,8 @@ void mxit_send_allow_sub( struct MXitSes
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s",	/* "ms"=username\1group\1alias */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s",	/* "ms"=username\1group\1alias */
 								username, CP_FLD_TERM, "", CP_FLD_TERM, alias
 	);
 
@@ -910,7 +920,8 @@ void mxit_send_deny_sub( struct MXitSess
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=username */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=username */
 								username
 	);
 
@@ -933,7 +944,8 @@ void mxit_send_update_contact( struct MX
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s",	/* "ms"=groupname\1username\1alias */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s",	/* "ms"=groupname\1username\1alias */
 								groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias
 	);
 
@@ -954,7 +966,8 @@ void mxit_send_splashclick( struct MXitS
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=splashId */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=splashId */
 								splashid
 	);
 
@@ -979,7 +992,8 @@ void mxit_send_msgevent( struct MXitSess
 	purple_debug_info( MXIT_PLUGIN_ID, "mxit_send_msgevent: to=%s id=%s event=%i\n", to, id, event );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i",		/* "ms"=contactAddress \1 id \1 event */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i",		/* "ms"=contactAddress \1 id \1 event */
 								to, CP_FLD_TERM, id, CP_FLD_TERM, event
 	);
 
@@ -1003,7 +1017,8 @@ void mxit_send_groupchat_create( struct 
 	int			i;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */
 								groupname, CP_FLD_TERM, nr_usernames
 	);
 
@@ -1032,7 +1047,8 @@ void mxit_send_groupchat_invite( struct 
 	int			i;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */
 								roomid, CP_FLD_TERM, nr_usernames
 	);
 
@@ -1456,9 +1472,9 @@ static void mxit_parse_cmd_new_sub( stru
 		/* build up a new contact info struct */
 		contact = g_new0( struct contact, 1 );
 
-		strcpy( contact->username, rec->fields[0]->data );
+		g_strlcpy( contact->username, rec->fields[0]->data, sizeof( contact->username ) );
 		mxit_strip_domain( contact->username );				/* remove dummy domain */
-		strcpy( contact->alias, rec->fields[1]->data );
+		g_strlcpy( contact->alias, rec->fields[1]->data, sizeof( contact->alias ) );
 		contact->type = atoi( rec->fields[2]->data );
 
 		if ( rec->fcount >= 5 ) {
@@ -1509,10 +1525,10 @@ static void mxit_parse_cmd_contact( stru
 		/* build up a new contact info struct */
 		contact = g_new0( struct contact, 1 );
 
-		strcpy( contact->groupname, rec->fields[0]->data );
-		strcpy( contact->username, rec->fields[1]->data );
+		g_strlcpy( contact->groupname, rec->fields[0]->data, sizeof( contact->groupname ) );
+		g_strlcpy( contact->username, rec->fields[1]->data, sizeof( contact->username ) );
 		mxit_strip_domain( contact->username );				/* remove dummy domain */
-		strcpy( contact->alias, rec->fields[2]->data );
+		g_strlcpy( contact->alias, rec->fields[2]->data, sizeof( contact->alias ) );
 
 		contact->presence = atoi( rec->fields[3]->data );
 		contact->type = atoi( rec->fields[4]->data );
@@ -2018,12 +2034,12 @@ static int process_error_response( struc
 					return 0;
 				}
 				else {
-					sprintf( errmsg, _( "Login error: %s (%i)" ), errdesc, packet->errcode );
+					snprintf( errmsg, sizeof( errmsg ), _( "Login error: %s (%i)" ), errdesc, packet->errcode );
 					purple_connection_error( session->con, errmsg );
 					return -1;
 				}
 		case CP_CMD_LOGOUT :
-				sprintf( errmsg, _( "Logout error: %s (%i)" ), errdesc, packet->errcode );
+				snprintf( errmsg, sizeof( errmsg ), _( "Logout error: %s (%i)" ), errdesc, packet->errcode );
 				purple_connection_error_reason( session->con, PURPLE_CONNECTION_ERROR_NAME_IN_USE, _( errmsg ) );
 				return -1;
 		case CP_CMD_CONTACT :
============================================================
--- libpurple/protocols/mxit/roster.c	71537e47b6d178726ee7ba65bddb8b17c6bcc5fe
+++ libpurple/protocols/mxit/roster.c	5bfca59d398c795fa2fcd74ad02302b1e54f3433
@@ -358,7 +358,7 @@ void mxit_update_contact( struct MXitSes
 	 * So if this MXit contact isn't in a group, pretend it is.
 	 */
 	if ( *contact->groupname == '\0' ) {
-		strcpy( contact->groupname, MXIT_DEFAULT_GROUP );
+		g_strlcpy( contact->groupname, MXIT_DEFAULT_GROUP, sizeof( contact->groupname ) );
 	}
 
 	/* find or create a group for this contact */


More information about the Commits mailing list