pidgin: 511ee00a: Changed a strcpy in the mxit prpl to a b...
elb at pidgin.im
elb at pidgin.im
Thu Aug 11 10:51:33 EDT 2011
----------------------------------------------------------------------
Revision: 511ee00a153ae001ee68bb7b4d81b912f370e1ef
Parent: 0780e4aa9eba10e9bbca7fee27b57a7a62648114
Author: elb at pidgin.im
Date: 07/17/11 16:36:15
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/511ee00a153ae001ee68bb7b4d81b912f370e1ef
Changelog:
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
Changes against parent 0780e4aa9eba10e9bbca7fee27b57a7a62648114
patched libpurple/protocols/mxit/cipher.c
-------------- next part --------------
============================================================
--- libpurple/protocols/mxit/cipher.c 8a25e2dc92f45444edd1d4e1696e5124ce97c878
+++ libpurple/protocols/mxit/cipher.c 39df0ec2f767e24da8b72fb10ed9d8aeec1a392b
@@ -84,12 +84,12 @@ char* mxit_encrypt_password( struct MXit
pass[sizeof( pass ) - 1] = '\0';
/* build the custom AES encryption key */
- strcpy( key, INITIAL_KEY );
+ g_strlcpy( key, INITIAL_KEY, sizeof( key ) );
memcpy( key, session->clientkey, strlen( session->clientkey ) );
ExpandKey( (unsigned char*) key, (unsigned char*) exkey );
/* build the custom data to be encrypted */
- strcpy( pass, SECRET_HEADER );
+ g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) );
strcat( pass, session->acc->password );
/* pad the secret data */
More information about the Commits
mailing list