Mercurial > pidgin
diff src/util.c @ 9804:fe268cb602cb
[gaim-migrate @ 10672]
Fix 2 insanely rare but maybe-still-possible buffer overflows.
committer: Tailor Script <tailor@pidgin.im>
author | Mark Doliner <mark@kingant.net> |
---|---|
date | Sat, 21 Aug 2004 20:11:42 +0000 |
parents | 3e7e294f56f3 |
children | 5206fb21e358 |
line wrap: on
line diff
--- a/src/util.c Sat Aug 21 17:46:14 2004 +0000 +++ b/src/util.c Sat Aug 21 20:11:42 2004 +0000 @@ -2616,7 +2616,7 @@ * if we make sure that there is indeed a \n in our header. */ if (p && g_strstr_len(p, data_len - (p - data), "\n")) { - sscanf(p, "Content-Length: %d", (int *)&content_len); + sscanf(p, "Content-Length: %ud", &content_len); gaim_debug_misc("parse_content_len", "parsed %d\n", content_len); } @@ -2828,11 +2828,18 @@ static char buf[BUF_LEN]; guint i, j = 0; char *bum; + char hex[3]; g_return_val_if_fail(str != NULL, NULL); + /* + * XXX - This check could be removed and buf could be made + * dynamically allocated, but this is easier. + */ + if (strlen(str) >= BUF_LEN) + return NULL; + for (i = 0; i < strlen(str); i++) { - char hex[3]; if (str[i] != '%') buf[j++] = str[i];