changeset 32232:4ad2a0668687

Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy. Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for this patch.
author Ethan Blanton <elb@pidgin.im>
date Sun, 17 Jul 2011 20:36:15 +0000
parents e529d0b57a5f
children 5a18f4d3b062
files libpurple/protocols/mxit/cipher.c
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/mxit/cipher.c	Sun Jul 17 17:48:47 2011 +0000
+++ b/libpurple/protocols/mxit/cipher.c	Sun Jul 17 20:36:15 2011 +0000
@@ -84,12 +84,12 @@
 	pass[sizeof( pass ) - 1] = '\0';
 
 	/* build the custom AES encryption key */
-	strcpy( key, INITIAL_KEY );
+	g_strlcpy( key, INITIAL_KEY, sizeof( key ) );
 	memcpy( key, session->clientkey, strlen( session->clientkey ) );
 	ExpandKey( (unsigned char*) key, (unsigned char*) exkey );
 
 	/* build the custom data to be encrypted */
-	strcpy( pass, SECRET_HEADER );
+	g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) );
 	strcat( pass, session->acc->password );
 
 	/* pad the secret data */