1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
$NetBSD: patch-au,v 1.2 2007/07/19 00:43:40 lkundrak Exp $
Part of a fix for CVE-2007-3713.
--- src/hooks/jabberhook.cc.orig 2007-07-19 02:34:54.000000000 +0200
+++ src/hooks/jabberhook.cc
@@ -36,6 +36,8 @@
#define DEFAULT_CONFSERV "conference.jabber.org"
#define PERIOD_KEEPALIVE 30
+#define NOTIFBUF 512
+
static void jidsplit(const string &jid, string &user, string &host, string &rest) {
int pos;
user = jid;
@@ -887,11 +889,6 @@ void jabberhook::gotsearchresults(xmlnod
void jabberhook::gotloggedin() {
xmlnode x;
- x = jutil_iqnew(JPACKET__GET, NS_AGENTS);
- xmlnode_put_attrib(x, "id", "Agent List");
- jab_send(jc, x);
- xmlnode_free(x);
-
x = jutil_iqnew(JPACKET__GET, NS_ROSTER);
xmlnode_put_attrib(x, "id", "Roster");
jab_send(jc, x);
@@ -1289,8 +1286,9 @@ void jabberhook::gotversion(const imcont
if(vinfo.size() > 128)
vinfo.erase(128);
- char buf[256];
- sprintf(buf, _("The remote is using %s"), vinfo.c_str());
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(ic, buf));
}
}
|
