pidgin/android/libpurple

Bounds check hostname lengths for DNS SRV lookups. (EFF)

2011-08-11, Ethan Blanton
4f4a9244be96
Parents c45bf1739fea
Children d1970946b185
Bounds check hostname lengths for DNS SRV lookups. (EFF)
1 files changed, 5 insertions(+), 1 deletions(-)
  • +5 -1
    libpurple/dnssrv.c
    • --- a/libpurple/dnssrv.c Thu Aug 11 16:17:29 2011 +0000
    +++ b/libpurple/dnssrv.c Thu Aug 11 16:24:26 2011 +0000
    @@ -428,7 +428,11 @@
    cp += size;
    srvres = g_new0(PurpleSrvResponse, 1);
    - strcpy(srvres->hostname, name);
    + if (strlen(name) > sizeof(srvres->hostname) - 1) {
    + purple_debug_error("dnssrv", "hostname is longer than available buffer ('%s', %zd bytes)!",
    + name, strlen(name));
    + }
    + g_strlcpy(srvres->hostname, name, sizeof(srvres->hostname));
    srvres->pref = pref;
    srvres->port = port;
    srvres->weight = weight;