--- a/ChangeLog Thu Aug 11 14:45:26 2011 +0000
+++ b/ChangeLog Thu Aug 11 16:08:40 2011 +0000
@@ -16,6 +16,9 @@
string buffer overrun bugs.
(The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer,
+ * Change some filename manipulations in filectl.c to use MAXPATHLEN + instead of arbitrary length constants. (The Electronic Frontier + Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum) * Fixed searching for buddies in public directory. (Tomasz Wasilczyk)
--- a/libpurple/plugins/filectl.c Thu Aug 11 14:45:26 2011 +0000
+++ b/libpurple/plugins/filectl.c Thu Aug 11 16:08:40 2011 +0000
@@ -40,12 +40,12 @@
+ char filename[MAXPATHLEN]; char *command, *arg1, *arg2;
- sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir());
+ snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); file = g_fopen(filename, "r+");
while (fgets(buffer, sizeof(buffer), file)) {
@@ -144,9 +144,9 @@
/* most of this was taken from Bash v2.04 by the FSF */
+ char filename[MAXPATHLEN]; - sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir());
+ snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); if ((g_stat(filename, &finfo) == 0) && (finfo.st_size > 0))
@@ -160,9 +160,9 @@
/* most of this was taken from Bash v2.04 by the FSF */
+ char filename[MAXPATHLEN]; - sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir());
+ snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); if ((g_stat(filename, &finfo) == 0) && (finfo.st_size > 0))