# HG changeset patch # User Ethan Blanton # Date 1310934975 0 # Node ID 4ad2a0668687eaed82d9f410591b29c552e965ca # Parent e529d0b57a5f737f1639be127d387a386db0c9aa Changed a strcpy in the mxit prpl to a bounds-checked g_strlcpy. Thanks to the Electronic Frontier Foundation (https://www.eff.org/) for this patch. diff -r e529d0b57a5f -r 4ad2a0668687 libpurple/protocols/mxit/cipher.c --- a/libpurple/protocols/mxit/cipher.c Sun Jul 17 17:48:47 2011 +0000 +++ b/libpurple/protocols/mxit/cipher.c Sun Jul 17 20:36:15 2011 +0000 @@ -84,12 +84,12 @@ pass[sizeof( pass ) - 1] = '\0'; /* build the custom AES encryption key */ - strcpy( key, INITIAL_KEY ); + g_strlcpy( key, INITIAL_KEY, sizeof( key ) ); memcpy( key, session->clientkey, strlen( session->clientkey ) ); ExpandKey( (unsigned char*) key, (unsigned char*) exkey ); /* build the custom data to be encrypted */ - strcpy( pass, SECRET_HEADER ); + g_strlcpy( pass, SECRET_HEADER, sizeof( pass ) ); strcat( pass, session->acc->password ); /* pad the secret data */