# HG changeset patch # User Ethan Blanton # Date 1313078920 0 # Node ID 32ef245fd1f63d36d290e423e762afe420cca8e8 # Parent 727edf2625f59b13db4897e9d963975657cc79a2 Use MAXPATHLEN instead of 256 for some path buffer sizes diff -r 727edf2625f5 -r 32ef245fd1f6 ChangeLog --- a/ChangeLog Thu Aug 11 14:45:26 2011 +0000 +++ b/ChangeLog Thu Aug 11 16:08:40 2011 +0000 @@ -16,6 +16,9 @@ string buffer overrun bugs. (The Electronic Frontier Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum) + * Change some filename manipulations in filectl.c to use MAXPATHLEN + instead of arbitrary length constants. (The Electronic Frontier + Foundation, Dan Auerbach, Chris Palmer, Jacob Appelbaum) Gadu-Gadu: * Fixed searching for buddies in public directory. (Tomasz Wasilczyk) diff -r 727edf2625f5 -r 32ef245fd1f6 libpurple/plugins/filectl.c --- a/libpurple/plugins/filectl.c Thu Aug 11 14:45:26 2011 +0000 +++ b/libpurple/plugins/filectl.c Thu Aug 11 16:08:40 2011 +0000 @@ -40,12 +40,12 @@ run_commands() { struct stat finfo; - char filename[256]; + char filename[MAXPATHLEN]; char buffer[1024]; char *command, *arg1, *arg2; FILE *file; - sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); + snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); file = g_fopen(filename, "r+"); while (fgets(buffer, sizeof(buffer), file)) { @@ -144,9 +144,9 @@ { /* most of this was taken from Bash v2.04 by the FSF */ struct stat finfo; - char filename[256]; + char filename[MAXPATHLEN]; - sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); + snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); if ((g_stat(filename, &finfo) == 0) && (finfo.st_size > 0)) run_commands(); @@ -160,9 +160,9 @@ { /* most of this was taken from Bash v2.04 by the FSF */ struct stat finfo; - char filename[256]; + char filename[MAXPATHLEN]; - sprintf(filename, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); + snprintf(filename, MAXPATHLEN, "%s" G_DIR_SEPARATOR_S "control", purple_user_dir()); if ((g_stat(filename, &finfo) == 0) && (finfo.st_size > 0)) {