pidgin/ljfisher-ssl-client-auth

Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.

2011-07-17, Ethan Blanton
e1b3f14fba94
Parents be5a056fa36d
Children 116ec59ce4ea
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.

Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
1 files changed, 2 insertions(+), 2 deletions(-)
  • +2 -2
    libpurple/protocols/mxit/cipher.c
    • --- a/libpurple/protocols/mxit/cipher.c Sun Jul 17 17:48:47 2011 +0000
    +++ b/libpurple/protocols/mxit/cipher.c Sun Jul 17 20:36:15 2011 +0000
    @@ -84,12 +84,12 @@
    pass[sizeof( pass ) - 1] = '\0';
    /* build the custom AES encryption key */
    - strcpy( key, INITIAL_KEY );
    + g_strlcpy( key, INITIAL_KEY, sizeof( key ) );
    memcpy( key, session->clientkey, strlen( session->clientkey ) );
    ExpandKey( (unsigned char*) key, (unsigned char*) exkey );
    /* build the custom data to be encrypted */
    - strcpy( pass, SECRET_HEADER );
    + g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) );
    strcat( pass, session->acc->password );
    /* pad the secret data */