1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
$NetBSD: patch-ay,v 1.1.1.1 2007/08/30 00:47:02 jnemeth Exp $
Part of a fix for CVE-2007-3713.
--- src/hooks/ljhook.cc.orig 2005-01-07 02:27:04.000000000 +0100
+++ src/hooks/ljhook.cc
@@ -37,6 +37,8 @@ ljhook lhook;
#define PERIOD_FRIENDS 3600
+#define NOTIFBUF 512
+
ljhook::ljhook(): abstracthook(livejournal), fonline(false), sdest(0) {
fcapabs.insert(hookcapab::nochat);
}
@@ -654,7 +656,7 @@ void ljhook::messageack_cb(MessageEvent
map<string, string> nfriendof;
map<string, string>::const_iterator in;
vector<string>::iterator il;
- char buf[512];
+ char buf[NOTIFBUF];
for(i = 1; i <= count; i++) {
username = params[(string) "friendof_" + i2str(i) + "_user"];
@@ -669,8 +671,9 @@ void ljhook::messageack_cb(MessageEvent
if(!foempty) {
bd = (string) "http://" + conf.getourid(proto).server + "/users/" + in->first;
- snprintf(buf, sizeof(buf), _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"),
+ snprintf(buf, NOTIFBUF, _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"),
in->first.c_str(), in->second.c_str(), bd.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(self, buf));
}
@@ -679,8 +682,9 @@ void ljhook::messageack_cb(MessageEvent
for(il = friendof.begin(); il != friendof.end(); ) {
if(nfriendof.find(*il) == nfriendof.end()) {
bd = (string) "http://" + conf.getourid(proto).server + "/users/" + *il;
- snprintf(buf, sizeof(buf), _("The user %s has removed you from his/her friend list\n\nJournal address: %s"),
+ snprintf(buf, NOTIFBUF, _("The user %s has removed you from his/her friend list\n\nJournal address: %s"),
il->c_str(), bd.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(self, buf));
friendof.erase(il);
il = friendof.begin();
|
