pidgin: 030c5da3: Bounds check hostname lengths for DNS SR...
elb at pidgin.im
elb at pidgin.im
Thu Aug 11 12:42:09 EDT 2011
----------------------------------------------------------------------
Revision: 030c5da3eb3dfd477b70c509cbe0ec0337c9aaa0
Parent: f5b642dc7bad17d2bddc82bfe1f995f7ee981d30
Author: elb at pidgin.im
Date: 08/11/11 12:24:26
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/030c5da3eb3dfd477b70c509cbe0ec0337c9aaa0
Changelog:
Bounds check hostname lengths for DNS SRV lookups. (EFF)
Changes against parent f5b642dc7bad17d2bddc82bfe1f995f7ee981d30
patched libpurple/dnssrv.c
-------------- next part --------------
============================================================
--- libpurple/dnssrv.c 1740fbbd575a1683365de1a127ad2640498b4d7e
+++ libpurple/dnssrv.c 37665b78585bc794151ac68498d4fee94f49906e
@@ -428,7 +428,11 @@ resolve(int in, int out)
cp += size;
srvres = g_new0(PurpleSrvResponse, 1);
- strcpy(srvres->hostname, name);
+ if (strlen(name) > sizeof(srvres->hostname) - 1) {
+ purple_debug_error("dnssrv", "hostname is longer than available buffer ('%s', %zd bytes)!",
+ name, strlen(name));
+ }
+ g_strlcpy(srvres->hostname, name, sizeof(srvres->hostname));
srvres->pref = pref;
srvres->port = port;
srvres->weight = weight;
More information about the Commits
mailing list