1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
$NetBSD: patch-au,v 1.1.1.1 2007/08/30 00:47:02 jnemeth Exp $
Part of a fix for CVE-2007-3713.
--- src/hooks/jabberhook.cc.orig 2007-07-19 02:34:54.000000000 +0200
+++ src/hooks/jabberhook.cc
@@ -36,6 +36,8 @@
#define DEFAULT_CONFSERV "conference.jabber.org"
#define PERIOD_KEEPALIVE 30
+#define NOTIFBUF 512
+
static void jidsplit(const string &jid, string &user, string &host, string &rest) {
int pos;
user = jid;
@@ -1289,8 +1286,9 @@ void jabberhook::gotversion(const imcont
if(vinfo.size() > 128)
vinfo.erase(128);
- char buf[256];
- sprintf(buf, _("The remote is using %s"), vinfo.c_str());
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(ic, buf));
}
}
|
