# HG changeset patch
# User Richard Laager <rlaager@wiktel.com>
# Date 1133951932 0
# Node ID 4e045668b9d02bd2b149226c81d71a61ff76c96d
# Parent  1112a9ef2cc61736704c9f39858b4669e6188e4f
[gaim-migrate @ 14694]
Smashing the stack is neither fun nor profitable! Having room for the NUL terminator is a good idea.

committer: Tailor Script <tailor@pidgin.im>

diff -r 1112a9ef2cc6 -r 4e045668b9d0 plugins/ciphertest.c
--- a/plugins/ciphertest.c	Wed Dec 07 09:16:25 2005 +0000
+++ b/plugins/ciphertest.c	Wed Dec 07 10:38:52 2005 +0000
@@ -64,7 +64,7 @@
 cipher_test_md5() {
 	GaimCipher *cipher;
 	GaimCipherContext *context;
-	gchar digest[32];
+	gchar digest[33];
 	gboolean ret;
 	gint i = 0;
 
@@ -121,7 +121,7 @@
 cipher_test_sha1() {
 	GaimCipher *cipher;
 	GaimCipherContext *context;
-	gchar digest[40];
+	gchar digest[41];
 	gint i = 0;
 	gboolean ret;
 
diff -r 1112a9ef2cc6 -r 4e045668b9d0 src/cipher.c
--- a/src/cipher.c	Wed Dec 07 09:16:25 2005 +0000
+++ b/src/cipher.c	Wed Dec 07 10:38:52 2005 +0000
@@ -1635,7 +1635,8 @@
 	if(!gaim_cipher_context_digest(context, sizeof(digest), digest, &dlen))
 		return FALSE;
 
-	if(in_len < dlen * 2)
+	/* in_len must be greater than dlen * 2 so we have room for the NUL. */
+	if(in_len <= dlen * 2)
 		return FALSE;
 
 	for(n = 0; n < dlen; n++)
@@ -1791,7 +1792,7 @@
 {
 	GaimCipher *cipher;
 	GaimCipherContext *context;
-	gchar hash[32]; /* We only support MD5. */
+	gchar hash[33]; /* We only support MD5. */
 
 	g_return_val_if_fail(username != NULL, NULL);
 	g_return_val_if_fail(realm    != NULL, NULL);
@@ -1857,7 +1858,7 @@
 {
 	GaimCipher *cipher;
 	GaimCipherContext *context;
-	gchar hash2[32]; /* We only support MD5. */
+	static gchar hash2[33]; /* We only support MD5. */
 
 	g_return_val_if_fail(method      != NULL, NULL);
 	g_return_val_if_fail(digest_uri  != NULL, NULL);
diff -r 1112a9ef2cc6 -r 4e045668b9d0 src/cipher.h
--- a/src/cipher.h	Wed Dec 07 09:16:25 2005 +0000
+++ b/src/cipher.h	Wed Dec 07 10:38:52 2005 +0000
@@ -386,6 +386,12 @@
  */
 gpointer gaim_cipher_context_get_data(GaimCipherContext *context);
 
+/*@}*/
+/*****************************************************************************/
+/** @name Gaim Cipher HTTP Digest Helper Functions							 */
+/*****************************************************************************/
+/*@{*/
+
 /**
  * Calculates a session key for HTTP Digest authentation
  *