# HG changeset patch # User Ethan Blanton # Date 1313079449 0 # Node ID a48d58e0512b108b63db0e064f6181397cabd7ed # Parent 0d94c49f9545cdc7e80dfc0a0fdaf047c1a1427d Bounds check an OSCAR normalization. (EFF) diff -r 0d94c49f9545 -r a48d58e0512b libpurple/protocols/oscar/oscar.c --- a/libpurple/protocols/oscar/oscar.c Thu Aug 11 16:13:15 2011 +0000 +++ b/libpurple/protocols/oscar/oscar.c Thu Aug 11 16:17:29 2011 +0000 @@ -5651,7 +5651,10 @@ tmp1 = g_utf8_strdown(buf, -1); tmp2 = g_utf8_normalize(tmp1, -1, G_NORMALIZE_DEFAULT); - strcpy(buf, tmp2); + if (strlen(tmp2) > sizeof(buf) - 1) { + purple_debug_error("oscar", "normalized string exceeds buffer length!\n"); + } + g_strlcpy(buf, tmp2, sizeof(buf)); g_free(tmp2); g_free(tmp1);