Mercurial > pidgin
comparison libpurple/protocols/mxit/cipher.c @ 31774:4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
| author | Ethan Blanton <elb@pidgin.im> |
|---|---|
| date | Sun, 17 Jul 2011 20:36:15 +0000 |
| parents | 259bbfb423d4 |
| children | 98ae4b8b592f |
comparison
equal
deleted
inserted
replaced
| 31773:e529d0b57a5f | 31774:4ad2a0668687 |
|---|---|
| 82 memset( exkey, 0x00, sizeof( exkey ) ); | 82 memset( exkey, 0x00, sizeof( exkey ) ); |
| 83 memset( pass, 0x58, sizeof( pass ) ); | 83 memset( pass, 0x58, sizeof( pass ) ); |
| 84 pass[sizeof( pass ) - 1] = '\0'; | 84 pass[sizeof( pass ) - 1] = '\0'; |
| 85 | 85 |
| 86 /* build the custom AES encryption key */ | 86 /* build the custom AES encryption key */ |
| 87 strcpy( key, INITIAL_KEY ); | 87 g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); |
| 88 memcpy( key, session->clientkey, strlen( session->clientkey ) ); | 88 memcpy( key, session->clientkey, strlen( session->clientkey ) ); |
| 89 ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); | 89 ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); |
| 90 | 90 |
| 91 /* build the custom data to be encrypted */ | 91 /* build the custom data to be encrypted */ |
| 92 strcpy( pass, SECRET_HEADER ); | 92 g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); |
| 93 strcat( pass, session->acc->password ); | 93 strcat( pass, session->acc->password ); |
| 94 | 94 |
| 95 /* pad the secret data */ | 95 /* pad the secret data */ |
| 96 blocks = pad_secret_data( pass ); | 96 blocks = pad_secret_data( pass ); |
| 97 size = blocks * 16; | 97 size = blocks * 16; |