Bugzilla – Attachment 22613 Details for
Bug 56630
VUL-0: CVE-2004-0500: gaim security audit
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
the fix for SLD (gaim-0.80)
gaim-0.80-msn-security.diff (text/plain), 1.23 KB, created by
Sebastian Krahmer
on 2004-08-09 17:46:31 UTC
(
hide
)
Description:
the fix for SLD (gaim-0.80)
Filename:
MIME Type:
Creator:
Sebastian Krahmer
Created:
2004-08-09 17:46:31 UTC
Size:
1.23 KB
patch
obsolete
>--- slp.c.orig 2004-08-09 11:21:34.000000000 +0200 >+++ slp.c 2004-08-09 11:21:42.000000000 +0200 >@@ -640,13 +640,17 @@ > /* It's not valid. Kill this off. */ > char temp[32]; > const char *c; >+ size_t offset; > >+ memset(temp, 0, sizeof(temp)); > /* Eww */ > if ((c = strchr(status, '\r')) || (c = strchr(status, '\n')) || > (c = strchr(status, '\0'))) > { >- strncpy(temp, status, c - status); >- temp[c - status] = '\0'; >+ offset = c - status; >+ if (offset >= sizeof(temp)) >+ offset = sizeof(temp) - 1; >+ strncpy(temp, status, offset); > } > > gaim_debug_error("msn", "Received non-OK result: %s\n", temp); >--- object.c.orig 2004-06-06 05:42:54.000000000 +0200 >+++ object.c 2004-08-09 11:30:43.000000000 +0200 >@@ -35,11 +35,17 @@ > if ((tag = strstr(str, id "=\"")) != NULL) \ > { \ > char buf[16]; \ >+ size_t offset; \ > tag += strlen(id "=\""); \ > c = strchr(tag, '"'); \ >- strncpy(buf, tag, c - tag); \ >- buf[c - tag] = '\0'; \ >- obj->field = atoi(buf); \ >+ if (c != NULL) { \ >+ memset(buf, 0, sizeof(buf)); \ >+ offset = c - tag; \ >+ if (offset >= sizeof(buf)) \ >+ offset = sizeof(buf) - 1; \ >+ strncpy(buf, tag, offset); \ >+ obj->field = atoi(buf); \ >+ } \ > } > > static GList *local_objs;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=22613">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 56630
:
21723
|
22258
|
22553
|
22593
| 22613 |
22614