# HG changeset patch
# User Ethan Blanton <elb@pidgin.im>
# Date 1313079866 0
# Node ID 32ced32caca783497e299d9e9bf5488c81ce49ae
# Parent  a48d58e0512b108b63db0e064f6181397cabd7ed
Bounds check hostname lengths for DNS SRV lookups. (EFF)

diff -r a48d58e0512b -r 32ced32caca7 libpurple/dnssrv.c
--- a/libpurple/dnssrv.c	Thu Aug 11 16:17:29 2011 +0000
+++ b/libpurple/dnssrv.c	Thu Aug 11 16:24:26 2011 +0000
@@ -428,7 +428,11 @@
 			cp += size;
 
 			srvres = g_new0(PurpleSrvResponse, 1);
-			strcpy(srvres->hostname, name);
+			if (strlen(name) > sizeof(srvres->hostname) - 1) {
+				purple_debug_error("dnssrv", "hostname is longer than available buffer ('%s', %zd bytes)!",
+				                   name, strlen(name));
+			}
+			g_strlcpy(srvres->hostname, name, sizeof(srvres->hostname));
 			srvres->pref = pref;
 			srvres->port = port;
 			srvres->weight = weight;