diff -ruN gaim-0.81/src/gtkprefs.c gaim-0.81-patched/src/gtkprefs.c --- gaim-0.81/src/gtkprefs.c 2004-07-27 20:07:02.000000000 -0400 +++ gaim-0.81-patched/src/gtkprefs.c 2004-08-23 22:23:20.464472424 -0400 void theme_install_theme(char *path, char *extn) {
+ gchar *command, *escaped; * other platforms, if need be */
if (!g_ascii_strcasecmp(tail, ".gz") || !g_ascii_strcasecmp(tail, ".tgz")) {
- command = g_strdup_printf("tar > /dev/null xzf \"%s\" -C %s", path, destdir); + escaped = g_shell_quote(path); + command = g_strdup_printf("tar > /dev/null xzf %s -C %s", escaped, destdir); if(!wgaim_gz_untar(path, destdir)) {
diff -ruN gaim-0.81/src/protocols/msn/object.c gaim-0.81-patched/src/protocols/msn/object.c --- gaim-0.81/src/protocols/msn/object.c 2004-06-05 23:42:54.000000000 -0400 +++ gaim-0.81-patched/src/protocols/msn/object.c 2004-08-23 22:23:20.465472272 -0400 if ((tag = strstr(str, id "=\"")) != NULL) \
tag += strlen(id "=\""); \
- strncpy(buf, tag, c - tag); \ - obj->field = atoi(buf); \ + memset(buf, 0, sizeof(buf)); \ + if (offset >= sizeof(buf)) \ + offset = sizeof(buf) - 1; \ + strncpy(buf, tag, offset); \ + obj->field = atoi(buf); \ static GList *local_objs;
diff -ruN gaim-0.81/src/protocols/msn/slp.c gaim-0.81-patched/src/protocols/msn/slp.c --- gaim-0.81/src/protocols/msn/slp.c 2004-06-14 22:37:25.000000000 -0400 +++ gaim-0.81-patched/src/protocols/msn/slp.c 2004-08-23 22:23:20.465472272 -0400 if ((c = strchr(status, '\r')) || (c = strchr(status, '\n')) ||
(c = strchr(status, '\0')))
- strncpy(temp, status, c - status); - temp[c - status] = '\0'; + size_t offset = c - status; + if (offset >= sizeof(temp)) + offset = sizeof(temp) - 1; + strncpy(temp, status, offset); gaim_debug_error("msn", "Received non-OK result: %s\n", temp);
diff -ruN gaim-0.81/src/protocols/novell/nmevent.c gaim-0.81-patched/src/protocols/novell/nmevent.c --- gaim-0.81/src/protocols/novell/nmevent.c 2004-06-12 11:13:29.000000000 -0400 +++ gaim-0.81-patched/src/protocols/novell/nmevent.c 2004-08-23 22:32:49.957896264 -0400 #include "nmuserrecord.h"
+#define MAX_UINT32 0xFFFFFFFF /* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the message text */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; msg = g_new0(char, size + 1);
rc = nm_read_all(conn, msg, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the the message */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; msg = g_new0(char, size + 1);
rc = nm_read_all(conn, msg, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
/* Read the status text */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; - text = g_new0(char, size + 1); - rc = nm_read_all(conn, text, size); + text = g_new0(char, size + 1); + rc = nm_read_all(conn, text, size); /* Read the conference guid */
rc = nm_read_uint32(conn, &size);
+ if (size == MAX_UINT32) return NMERR_PROTOCOL; guid = g_new0(char, size + 1);
rc = nm_read_all(conn, guid, size);
diff -ruN gaim-0.81/src/protocols/novell/nmrtf.c gaim-0.81-patched/src/protocols/novell/nmrtf.c --- gaim-0.81/src/protocols/novell/nmrtf.c 2004-06-12 11:13:29.000000000 -0400 +++ gaim-0.81-patched/src/protocols/novell/nmrtf.c 2004-08-23 22:31:54.135382576 -0400 gboolean param_set = FALSE;
- for (pch = keyword; isalpha(ch); rtf_get_char(ctx, &ch)) { + for (i = 0; isalpha(ch) && (i < sizeof(keyword) - 1); rtf_get_char(ctx, &ch)) { + keyword[i] = (char) ch; /* check for '-' indicated a negative parameter value */
- for (pch = parameter; isdigit(ch); rtf_get_char(ctx, &ch)) { + for (i = 0; isdigit(ch) && (i < sizeof(parameter) - 1); rtf_get_char(ctx, &ch)) { + parameter[i] = (char) ch; ctx->param = param = atoi(parameter);
diff -ruN gaim-0.81/src/protocols/zephyr/zephyr.c gaim-0.81-patched/src/protocols/zephyr/zephyr.c --- gaim-0.81/src/protocols/zephyr/zephyr.c 2004-07-27 20:51:27.000000000 -0400 +++ gaim-0.81-patched/src/protocols/zephyr/zephyr.c 2004-08-23 22:30:38.018954032 -0400 - char ourhost[MAXHOSTNAMELEN]; - char ourhostcanon[MAXHOSTNAMELEN]; + char ourhost[HOST_NAME_MAX + 1]; + char ourhostcanon[HOST_NAME_MAX + 1]; /* struct I need for zephyr_to_html */
/* XXX This code may not be Win32 clean */
- if (gethostname(zephyr->ourhost, sizeof(zephyr->ourhost)-1) == -1) { + if (gethostname(zephyr->ourhost, sizeof(zephyr->ourhost)) == -1) { gaim_debug(GAIM_DEBUG_ERROR, "zephyr", "unable to retrieve hostname, %%host%% and %%canon%% will be wrong in subscriptions and have been set to unknown\n");
- g_stpcpy(zephyr->ourhost,"unknown"); - g_stpcpy(zephyr->ourhostcanon,"unknown"); + g_strlcpy(zephyr->ourhost, "unknown", sizeof(zephyr->ourhost)); + g_strlcpy(zephyr->ourhostcanon, "unknown", sizeof(zephyr->ourhostcanon)); if (!(hent = gethostbyname(zephyr->ourhost))) {
gaim_debug(GAIM_DEBUG_ERROR,"zephyr", "unable to resolve hostname, %%canon%% will be wrong in subscriptions.and has been set to the value of %%host%%, %s\n",zephyr->ourhost);
- g_stpcpy(zephyr->ourhostcanon,zephyr->ourhost); + g_strlcpy(zephyr->ourhostcanon, zephyr->ourhost, sizeof(zephyr->ourhostcanon)); - g_stpcpy(zephyr->ourhostcanon,hent->h_name); + g_strlcpy(zephyr->ourhostcanon, hent->h_name, sizeof(zephyr->ourhostcanon)); diff -ruN gaim-0.81/src/util.c gaim-0.81-patched/src/util.c --- gaim-0.81/src/util.c 2004-08-05 10:17:03.000000000 -0400 +++ gaim-0.81-patched/src/util.c 2004-08-23 22:51:18.928307136 -0400 * if we make sure that there is indeed a \n in our header.
if (p && g_strstr_len(p, data_len - (p - data), "\n")) {
- sscanf(p, "Content-Length: %d", (int *)&content_len); - gaim_debug_misc("parse_content_len", "parsed %d\n", content_len); + sscanf(p, "Content-Length: %u", (int *)&content_len); + gaim_debug_misc("parse_content_len", "parsed %u\n", content_len); gfud->data_len = content_len;
- gfud->webdata = g_malloc(gfud->data_len); + gfud->webdata = g_try_malloc(gfud->data_len); + if (gfud->webdata == NULL) { + gaim_debug_error("gaim_url_fetch", "Failed to allocate %u bytes: %s\n", gfud->data_len, strerror(errno)); + gaim_input_remove(gfud->inpa); + gfud->callback(gfud->user_data, NULL, 0); + destroy_fetch_url_data(gfud); static char buf[BUF_LEN];
g_return_val_if_fail(str != NULL, NULL);
+ * XXX - This check could be removed and buf could be made + * dynamically allocated, but this is easier. + if (strlen(str) >= BUF_LEN) for (i = 0; i < strlen(str); i++) {