Mercurial > pidgin
comparison libpurple/protocols/mxit/cipher.c @ 31774:4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
author | Ethan Blanton <elb@pidgin.im> |
---|---|
date | Sun, 17 Jul 2011 20:36:15 +0000 |
parents | 259bbfb423d4 |
children | 98ae4b8b592f |
comparison
equal
deleted
inserted
replaced
31773:e529d0b57a5f | 31774:4ad2a0668687 |
---|---|
82 memset( exkey, 0x00, sizeof( exkey ) ); | 82 memset( exkey, 0x00, sizeof( exkey ) ); |
83 memset( pass, 0x58, sizeof( pass ) ); | 83 memset( pass, 0x58, sizeof( pass ) ); |
84 pass[sizeof( pass ) - 1] = '\0'; | 84 pass[sizeof( pass ) - 1] = '\0'; |
85 | 85 |
86 /* build the custom AES encryption key */ | 86 /* build the custom AES encryption key */ |
87 strcpy( key, INITIAL_KEY ); | 87 g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); |
88 memcpy( key, session->clientkey, strlen( session->clientkey ) ); | 88 memcpy( key, session->clientkey, strlen( session->clientkey ) ); |
89 ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); | 89 ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); |
90 | 90 |
91 /* build the custom data to be encrypted */ | 91 /* build the custom data to be encrypted */ |
92 strcpy( pass, SECRET_HEADER ); | 92 g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); |
93 strcat( pass, session->acc->password ); | 93 strcat( pass, session->acc->password ); |
94 | 94 |
95 /* pad the secret data */ | 95 /* pad the secret data */ |
96 blocks = pad_secret_data( pass ); | 96 blocks = pad_secret_data( pass ); |
97 size = blocks * 16; | 97 size = blocks * 16; |