$NetBSD: patch-au,v 1.2 2007/07/19 00:43:40 lkundrak Exp $

Part of a fix for CVE-2007-3713.

--- src/hooks/jabberhook.cc.orig	2007-07-19 02:34:54.000000000 +0200
+++ src/hooks/jabberhook.cc
@@ -36,6 +36,8 @@
 #define DEFAULT_CONFSERV "conference.jabber.org"
 #define PERIOD_KEEPALIVE 30
 
+#define NOTIFBUF 512
+
 static void jidsplit(const string &jid, string &user, string &host, string &rest) {
     int pos;
     user = jid;
@@ -887,11 +889,6 @@ void jabberhook::gotsearchresults(xmlnod
 void jabberhook::gotloggedin() {
     xmlnode x;
 
-    x = jutil_iqnew(JPACKET__GET, NS_AGENTS);
-    xmlnode_put_attrib(x, "id", "Agent List");
-    jab_send(jc, x);
-    xmlnode_free(x);
-
     x = jutil_iqnew(JPACKET__GET, NS_ROSTER);
     xmlnode_put_attrib(x, "id", "Roster");
     jab_send(jc, x);
@@ -1289,8 +1286,9 @@ void jabberhook::gotversion(const imcont
 	if(vinfo.size() > 128)
 	    vinfo.erase(128);
 
-	char buf[256];
-	sprintf(buf, _("The remote is using %s"), vinfo.c_str());
+	char buf[NOTIFBUF];
+	snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str());
+	buf[NOTIFBUF-1] = '\0';
 	em.store(imnotification(ic, buf));
     }
 }