Mercurial > pidgin
diff libpurple/protocols/mxit/cipher.c @ 31774:4ad2a0668687
Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy.
Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for
this patch.
author | Ethan Blanton <elb@pidgin.im> |
---|---|
date | Sun, 17 Jul 2011 20:36:15 +0000 |
parents | 259bbfb423d4 |
children | 98ae4b8b592f |
line wrap: on
line diff
--- a/libpurple/protocols/mxit/cipher.c Sun Jul 17 17:48:47 2011 +0000 +++ b/libpurple/protocols/mxit/cipher.c Sun Jul 17 20:36:15 2011 +0000 @@ -84,12 +84,12 @@ pass[sizeof( pass ) - 1] = '\0'; /* build the custom AES encryption key */ - strcpy( key, INITIAL_KEY ); + g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); memcpy( key, session->clientkey, strlen( session->clientkey ) ); ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); /* build the custom data to be encrypted */ - strcpy( pass, SECRET_HEADER ); + g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); strcat( pass, session->acc->password ); /* pad the secret data */