pidgin/ljfisher-ssl-client-auth

Parents be5a056fa36d
Children 116ec59ce4ea
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.

Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
--- a/libpurple/protocols/mxit/cipher.c Sun Jul 17 17:48:47 2011 +0000
+++ b/libpurple/protocols/mxit/cipher.c Sun Jul 17 20:36:15 2011 +0000
@@ -84,12 +84,12 @@
pass[sizeof( pass ) - 1] = '\0';
/* build the custom AES encryption key */
- strcpy( key, INITIAL_KEY );
+ g_strlcpy( key, INITIAL_KEY, sizeof( key ) );
memcpy( key, session->clientkey, strlen( session->clientkey ) );
ExpandKey( (unsigned char*) key, (unsigned char*) exkey );
/* build the custom data to be encrypted */
- strcpy( pass, SECRET_HEADER );
+ g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) );
strcat( pass, session->acc->password );
/* pad the secret data */