Mercurial > pidgin

changeset 31787:32ced32caca7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Bounds check hostname lengths for DNS SRV lookups. (EFF)
author Ethan Blanton <elb@pidgin.im>
date Thu, 11 Aug 2011 16:24:26 +0000
parents a48d58e0512b
children f70353405940
files libpurple/dnssrv.c
diffstat 1 files changed, 5 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/dnssrv.c	Thu Aug 11 16:17:29 2011 +0000
+++ b/libpurple/dnssrv.c	Thu Aug 11 16:24:26 2011 +0000
@@ -428,7 +428,11 @@
 			cp += size;
 
 			srvres = g_new0(PurpleSrvResponse, 1);
-			strcpy(srvres->hostname, name);
+			if (strlen(name) > sizeof(srvres->hostname) - 1) {
+				purple_debug_error("dnssrv", "hostname is longer than available buffer ('%s', %zd bytes)!",
+				                   name, strlen(name));
+			}
+			g_strlcpy(srvres->hostname, name, sizeof(srvres->hostname));
 			srvres->pref = pref;
 			srvres->port = port;
 			srvres->weight = weight;