Mercurial > pidgin
changeset 30288:d9e94339ca3b
For safety, rather use g_strlcpy() and snprintf() where possible.
author | andrew.victor@mxit.com |
---|---|
date | Mon, 19 Jul 2010 09:52:08 +0000 |
parents | c2b3bfb2fe35 |
children | 8c586dbcae2d |
files | libpurple/protocols/mxit/actions.c libpurple/protocols/mxit/protocol.c libpurple/protocols/mxit/roster.c |
diffstat | 3 files changed, 47 insertions(+), 31 deletions(-) [+] |
line wrap: on
line diff
--- a/libpurple/protocols/mxit/actions.c Mon Jul 19 08:56:03 2010 +0000 +++ b/libpurple/protocols/mxit/actions.c Mon Jul 19 09:52:08 2010 +0000 @@ -125,7 +125,7 @@ acount++; /* update birthday */ - strcpy( profile->birthday, bday ); + g_strlcpy( profile->birthday, bday, sizeof( profile->birthday ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_BIRTHDATE, CP_PROFILE_TYPE_UTF8, profile->birthday ); g_string_append( attributes, attrib ); acount++; @@ -141,7 +141,7 @@ if ( !name ) profile->title[0] = '\0'; else - strcpy( profile->title, name ); + g_strlcpy( profile->title, name, sizeof( profile->title ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_TITLE, CP_PROFILE_TYPE_UTF8, profile->title ); g_string_append( attributes, attrib ); acount++; @@ -151,7 +151,7 @@ if ( !name ) profile->firstname[0] = '\0'; else - strcpy( profile->firstname, name ); + g_strlcpy( profile->firstname, name, sizeof( profile->firstname ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_FIRSTNAME, CP_PROFILE_TYPE_UTF8, profile->firstname ); g_string_append( attributes, attrib ); acount++; @@ -161,7 +161,7 @@ if ( !name ) profile->lastname[0] = '\0'; else - strcpy( profile->lastname, name ); + g_strlcpy( profile->lastname, name, sizeof( profile->lastname ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_LASTNAME, CP_PROFILE_TYPE_UTF8, profile->lastname ); g_string_append( attributes, attrib ); acount++; @@ -171,7 +171,7 @@ if ( !name ) profile->email[0] = '\0'; else - strcpy( profile->email, name ); + g_strlcpy( profile->email, name, sizeof( profile->email ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_EMAIL, CP_PROFILE_TYPE_UTF8, profile->email ); g_string_append( attributes, attrib ); acount++; @@ -181,7 +181,7 @@ if ( !name ) profile->mobilenr[0] = '\0'; else - strcpy( profile->mobilenr, name ); + g_strlcpy( profile->mobilenr, name, sizeof( profile->mobilenr ) ); g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_MOBILENR, CP_PROFILE_TYPE_UTF8, profile->mobilenr ); g_string_append( attributes, attrib ); acount++;
--- a/libpurple/protocols/mxit/protocol.c Mon Jul 19 08:56:03 2010 +0000 +++ b/libpurple/protocols/mxit/protocol.c Mon Jul 19 09:52:08 2010 +0000 @@ -445,7 +445,7 @@ packet->headerlen = 0; /* create generic packet header */ - hlen = sprintf( header, "id=%s%c", session->acc->username, CP_REC_TERM ); /* client msisdn */ + hlen = snprintf( header, sizeof( header ), "id=%s%c", session->acc->username, CP_REC_TERM ); /* client msisdn */ if ( session->http ) { /* http connection only */ @@ -642,7 +642,8 @@ locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE ); /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%i%c%s%c" /* "ms"=password\1version\1maxreplyLen\1name\1 */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%i%c%s%c" /* "ms"=password\1version\1maxreplyLen\1name\1 */ "%s%c%i%c%s%c%s%c" /* dateOfBirth\1gender\1location\1capabilities\1 */ "%s%c%i%c%s%c%s", /* dc\1features\1dialingcode\1locale */ session->encpwd, CP_FLD_TERM, MXIT_CP_VERSION, CP_FLD_TERM, CP_MAX_FILESIZE, CP_FLD_TERM, profile->nickname, CP_FLD_TERM, @@ -670,7 +671,8 @@ locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE ); /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%i%c" /* "ms"=password\1version\1getContacts\1 */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%i%c" /* "ms"=password\1version\1getContacts\1 */ "%s%c%s%c%i%c" /* capabilities\1dc\1features\1 */ "%s%c%s%c" /* dialingcode\1locale\1 */ "%i%c%i%c%i", /* maxReplyLen\1protocolVer\1lastRosterUpdate */ @@ -711,7 +713,8 @@ markuped_msg = g_strdup( msg ); /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%i%c%i", /* "ms"=jid\1msg\1type\1flags */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%i%c%i", /* "ms"=jid\1msg\1type\1flags */ to, CP_FLD_TERM, markuped_msg, CP_FLD_TERM, msgtype, CP_FLD_TERM, CP_MSG_MARKUP | CP_MSG_EMOTICON ); @@ -737,7 +740,8 @@ int datalen; unsigned int i; - datalen = sprintf( data, "ms=%s%c%i", /* "ms="mxitid\1nr_attributes */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%i", /* "ms="mxitid\1nr_attributes */ (username ? username : ""), CP_FLD_TERM, nr_attrib); /* add attributes */ @@ -767,7 +771,8 @@ parts = g_strsplit( attributes, "\01", ( MXIT_MAX_ATTRIBS * 3 ) ); /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%i", /* "ms"=password\1nr_attibutes */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%i", /* "ms"=password\1nr_attibutes */ ( password ) ? password : "", CP_FLD_TERM, nr_attrib ); @@ -797,7 +802,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%i%c", /* "ms"=show\1status */ + datalen = snprintf( data, sizeof( data ), + "ms=%i%c", /* "ms"=show\1status */ presence, CP_FLD_TERM ); @@ -822,7 +828,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%i", /* "ms"=mood */ + datalen = snprintf( data, sizeof( data ), + "ms=%i", /* "ms"=mood */ mood ); @@ -845,7 +852,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%s%c%i%c%s", /* "ms"=group\1username\1alias\1type\1msg */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%s%c%i%c%s", /* "ms"=group\1username\1alias\1type\1msg */ groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias, CP_FLD_TERM, MXIT_TYPE_MXIT, CP_FLD_TERM, "" ); @@ -867,7 +875,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s", /* "ms"=username */ + datalen = snprintf( data, sizeof( data ), + "ms=%s", /* "ms"=username */ username ); @@ -889,7 +898,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%s", /* "ms"=username\1group\1alias */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%s", /* "ms"=username\1group\1alias */ username, CP_FLD_TERM, "", CP_FLD_TERM, alias ); @@ -910,7 +920,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s", /* "ms"=username */ + datalen = snprintf( data, sizeof( data ), + "ms=%s", /* "ms"=username */ username ); @@ -933,7 +944,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%s", /* "ms"=groupname\1username\1alias */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%s", /* "ms"=groupname\1username\1alias */ groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias ); @@ -954,7 +966,8 @@ int datalen; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s", /* "ms"=splashId */ + datalen = snprintf( data, sizeof( data ), + "ms=%s", /* "ms"=splashId */ splashid ); @@ -979,7 +992,8 @@ purple_debug_info( MXIT_PLUGIN_ID, "mxit_send_msgevent: to=%s id=%s event=%i\n", to, id, event ); /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%s%c%i", /* "ms"=contactAddress \1 id \1 event */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%s%c%i", /* "ms"=contactAddress \1 id \1 event */ to, CP_FLD_TERM, id, CP_FLD_TERM, event ); @@ -1003,7 +1017,8 @@ int i; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%i", /* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%i", /* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */ groupname, CP_FLD_TERM, nr_usernames ); @@ -1032,7 +1047,8 @@ int i; /* convert the packet to a byte stream */ - datalen = sprintf( data, "ms=%s%c%i", /* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */ + datalen = snprintf( data, sizeof( data ), + "ms=%s%c%i", /* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */ roomid, CP_FLD_TERM, nr_usernames ); @@ -1456,9 +1472,9 @@ /* build up a new contact info struct */ contact = g_new0( struct contact, 1 ); - strcpy( contact->username, rec->fields[0]->data ); + g_strlcpy( contact->username, rec->fields[0]->data, sizeof( contact->username ) ); mxit_strip_domain( contact->username ); /* remove dummy domain */ - strcpy( contact->alias, rec->fields[1]->data ); + g_strlcpy( contact->alias, rec->fields[1]->data, sizeof( contact->alias ) ); contact->type = atoi( rec->fields[2]->data ); if ( rec->fcount >= 5 ) { @@ -1509,10 +1525,10 @@ /* build up a new contact info struct */ contact = g_new0( struct contact, 1 ); - strcpy( contact->groupname, rec->fields[0]->data ); - strcpy( contact->username, rec->fields[1]->data ); + g_strlcpy( contact->groupname, rec->fields[0]->data, sizeof( contact->groupname ) ); + g_strlcpy( contact->username, rec->fields[1]->data, sizeof( contact->username ) ); mxit_strip_domain( contact->username ); /* remove dummy domain */ - strcpy( contact->alias, rec->fields[2]->data ); + g_strlcpy( contact->alias, rec->fields[2]->data, sizeof( contact->alias ) ); contact->presence = atoi( rec->fields[3]->data ); contact->type = atoi( rec->fields[4]->data ); @@ -2018,12 +2034,12 @@ return 0; } else { - sprintf( errmsg, _( "Login error: %s (%i)" ), errdesc, packet->errcode ); + snprintf( errmsg, sizeof( errmsg ), _( "Login error: %s (%i)" ), errdesc, packet->errcode ); purple_connection_error( session->con, errmsg ); return -1; } case CP_CMD_LOGOUT : - sprintf( errmsg, _( "Logout error: %s (%i)" ), errdesc, packet->errcode ); + snprintf( errmsg, sizeof( errmsg ), _( "Logout error: %s (%i)" ), errdesc, packet->errcode ); purple_connection_error_reason( session->con, PURPLE_CONNECTION_ERROR_NAME_IN_USE, _( errmsg ) ); return -1; case CP_CMD_CONTACT :
--- a/libpurple/protocols/mxit/roster.c Mon Jul 19 08:56:03 2010 +0000 +++ b/libpurple/protocols/mxit/roster.c Mon Jul 19 09:52:08 2010 +0000 @@ -358,7 +358,7 @@ * So if this MXit contact isn't in a group, pretend it is. */ if ( *contact->groupname == '\0' ) { - strcpy( contact->groupname, MXIT_DEFAULT_GROUP ); + g_strlcpy( contact->groupname, MXIT_DEFAULT_GROUP, sizeof( contact->groupname ) ); } /* find or create a group for this contact */