changeset 30288:d9e94339ca3b

For safety, rather use g_strlcpy() and snprintf() where possible.
author andrew.victor@mxit.com
date Mon, 19 Jul 2010 09:52:08 +0000
parents c2b3bfb2fe35
children 8c586dbcae2d
files libpurple/protocols/mxit/actions.c libpurple/protocols/mxit/protocol.c libpurple/protocols/mxit/roster.c
diffstat 3 files changed, 47 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/mxit/actions.c	Mon Jul 19 08:56:03 2010 +0000
+++ b/libpurple/protocols/mxit/actions.c	Mon Jul 19 09:52:08 2010 +0000
@@ -125,7 +125,7 @@
 		acount++;
 
 		/* update birthday */
-		strcpy( profile->birthday, bday );
+		g_strlcpy( profile->birthday, bday, sizeof( profile->birthday ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_BIRTHDATE, CP_PROFILE_TYPE_UTF8, profile->birthday );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -141,7 +141,7 @@
 		if ( !name )
 			profile->title[0] = '\0';
 		else
-			strcpy( profile->title, name );
+			g_strlcpy( profile->title, name, sizeof( profile->title ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_TITLE, CP_PROFILE_TYPE_UTF8, profile->title );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -151,7 +151,7 @@
 		if ( !name )
 			profile->firstname[0] = '\0';
 		else
-			strcpy( profile->firstname, name );
+			g_strlcpy( profile->firstname, name, sizeof( profile->firstname ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_FIRSTNAME, CP_PROFILE_TYPE_UTF8, profile->firstname );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -161,7 +161,7 @@
 		if ( !name )
 			profile->lastname[0] = '\0';
 		else
-			strcpy( profile->lastname, name );
+			g_strlcpy( profile->lastname, name, sizeof( profile->lastname ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_LASTNAME, CP_PROFILE_TYPE_UTF8, profile->lastname );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -171,7 +171,7 @@
 		if ( !name )
 			profile->email[0] = '\0';
 		else
-			strcpy( profile->email, name );
+			g_strlcpy( profile->email, name, sizeof( profile->email ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_EMAIL, CP_PROFILE_TYPE_UTF8, profile->email );
 		g_string_append( attributes, attrib );
 		acount++;
@@ -181,7 +181,7 @@
 		if ( !name )
 			profile->mobilenr[0] = '\0';
 		else
-			strcpy( profile->mobilenr, name );
+			g_strlcpy( profile->mobilenr, name, sizeof( profile->mobilenr ) );
 		g_snprintf( attrib, sizeof( attrib ), "\01%s\01%i\01%s", CP_PROFILE_MOBILENR, CP_PROFILE_TYPE_UTF8, profile->mobilenr );
 		g_string_append( attributes, attrib );
 		acount++;
--- a/libpurple/protocols/mxit/protocol.c	Mon Jul 19 08:56:03 2010 +0000
+++ b/libpurple/protocols/mxit/protocol.c	Mon Jul 19 09:52:08 2010 +0000
@@ -445,7 +445,7 @@
 	packet->headerlen = 0;
 
 	/* create generic packet header */
-	hlen = sprintf( header,	"id=%s%c", session->acc->username, CP_REC_TERM );			/* client msisdn */
+	hlen = snprintf( header, sizeof( header ), "id=%s%c", session->acc->username, CP_REC_TERM );			/* client msisdn */
 
 	if ( session->http ) {
 		/* http connection only */
@@ -642,7 +642,8 @@
 	locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c%s%c"		/* "ms"=password\1version\1maxreplyLen\1name\1 */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c%s%c"		/* "ms"=password\1version\1maxreplyLen\1name\1 */
 								"%s%c%i%c%s%c%s%c"			/* dateOfBirth\1gender\1location\1capabilities\1 */
 								"%s%c%i%c%s%c%s",			/* dc\1features\1dialingcode\1locale */
 								session->encpwd, CP_FLD_TERM, MXIT_CP_VERSION, CP_FLD_TERM, CP_MAX_FILESIZE, CP_FLD_TERM, profile->nickname, CP_FLD_TERM,
@@ -670,7 +671,8 @@
 	locale = purple_account_get_string( session->acc, MXIT_CONFIG_LOCALE, MXIT_DEFAULT_LOCALE );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c"			/* "ms"=password\1version\1getContacts\1 */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c"			/* "ms"=password\1version\1getContacts\1 */
 								"%s%c%s%c%i%c"				/* capabilities\1dc\1features\1 */
 								"%s%c%s%c"					/* dialingcode\1locale\1 */
 								"%i%c%i%c%i",				/* maxReplyLen\1protocolVer\1lastRosterUpdate */
@@ -711,7 +713,8 @@
 		markuped_msg = g_strdup( msg );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i%c%i",		/* "ms"=jid\1msg\1type\1flags */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i%c%i",		/* "ms"=jid\1msg\1type\1flags */
 								to, CP_FLD_TERM, markuped_msg, CP_FLD_TERM, msgtype, CP_FLD_TERM, CP_MSG_MARKUP | CP_MSG_EMOTICON
 	);
 
@@ -737,7 +740,8 @@
 	int				datalen;
 	unsigned int	i;
 
-	datalen = sprintf( data,	"ms=%s%c%i",		/* "ms="mxitid\1nr_attributes */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",		/* "ms="mxitid\1nr_attributes */
 								(username ? username : ""), CP_FLD_TERM, nr_attrib);
 
 	/* add attributes */
@@ -767,7 +771,8 @@
 	parts = g_strsplit( attributes, "\01", ( MXIT_MAX_ATTRIBS * 3 ) );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=password\1nr_attibutes  */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=password\1nr_attibutes  */
 								( password ) ? password : "", CP_FLD_TERM, nr_attrib
 	);
 
@@ -797,7 +802,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%i%c",					/* "ms"=show\1status */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%i%c",					/* "ms"=show\1status */
 								presence, CP_FLD_TERM
 	);
 
@@ -822,7 +828,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%i",	/* "ms"=mood */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%i",	/* "ms"=mood */
 								mood
 	);
 
@@ -845,7 +852,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s%c%i%c%s",	/* "ms"=group\1username\1alias\1type\1msg */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s%c%i%c%s",	/* "ms"=group\1username\1alias\1type\1msg */
 								groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias,
 								CP_FLD_TERM, MXIT_TYPE_MXIT, CP_FLD_TERM, ""
 	);
@@ -867,7 +875,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=username */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=username */
 								username
 	);
 
@@ -889,7 +898,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s",	/* "ms"=username\1group\1alias */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s",	/* "ms"=username\1group\1alias */
 								username, CP_FLD_TERM, "", CP_FLD_TERM, alias
 	);
 
@@ -910,7 +920,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=username */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=username */
 								username
 	);
 
@@ -933,7 +944,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%s",	/* "ms"=groupname\1username\1alias */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%s",	/* "ms"=groupname\1username\1alias */
 								groupname, CP_FLD_TERM, username, CP_FLD_TERM, alias
 	);
 
@@ -954,7 +966,8 @@
 	int			datalen;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s",	/* "ms"=splashId */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s",	/* "ms"=splashId */
 								splashid
 	);
 
@@ -979,7 +992,8 @@
 	purple_debug_info( MXIT_PLUGIN_ID, "mxit_send_msgevent: to=%s id=%s event=%i\n", to, id, event );
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%s%c%i",		/* "ms"=contactAddress \1 id \1 event */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%s%c%i",		/* "ms"=contactAddress \1 id \1 event */
 								to, CP_FLD_TERM, id, CP_FLD_TERM, event
 	);
 
@@ -1003,7 +1017,8 @@
 	int			i;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=roomname\1nr_jids\1jid0\1..\1jidN */
 								groupname, CP_FLD_TERM, nr_usernames
 	);
 
@@ -1032,7 +1047,8 @@
 	int			i;
 
 	/* convert the packet to a byte stream */
-	datalen = sprintf( data,	"ms=%s%c%i",	/* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */
+	datalen = snprintf( data, sizeof( data ),
+								"ms=%s%c%i",	/* "ms"=roomid\1nr_jids\1jid0\1..\1jidN */
 								roomid, CP_FLD_TERM, nr_usernames
 	);
 
@@ -1456,9 +1472,9 @@
 		/* build up a new contact info struct */
 		contact = g_new0( struct contact, 1 );
 
-		strcpy( contact->username, rec->fields[0]->data );
+		g_strlcpy( contact->username, rec->fields[0]->data, sizeof( contact->username ) );
 		mxit_strip_domain( contact->username );				/* remove dummy domain */
-		strcpy( contact->alias, rec->fields[1]->data );
+		g_strlcpy( contact->alias, rec->fields[1]->data, sizeof( contact->alias ) );
 		contact->type = atoi( rec->fields[2]->data );
 
 		if ( rec->fcount >= 5 ) {
@@ -1509,10 +1525,10 @@
 		/* build up a new contact info struct */
 		contact = g_new0( struct contact, 1 );
 
-		strcpy( contact->groupname, rec->fields[0]->data );
-		strcpy( contact->username, rec->fields[1]->data );
+		g_strlcpy( contact->groupname, rec->fields[0]->data, sizeof( contact->groupname ) );
+		g_strlcpy( contact->username, rec->fields[1]->data, sizeof( contact->username ) );
 		mxit_strip_domain( contact->username );				/* remove dummy domain */
-		strcpy( contact->alias, rec->fields[2]->data );
+		g_strlcpy( contact->alias, rec->fields[2]->data, sizeof( contact->alias ) );
 
 		contact->presence = atoi( rec->fields[3]->data );
 		contact->type = atoi( rec->fields[4]->data );
@@ -2018,12 +2034,12 @@
 					return 0;
 				}
 				else {
-					sprintf( errmsg, _( "Login error: %s (%i)" ), errdesc, packet->errcode );
+					snprintf( errmsg, sizeof( errmsg ), _( "Login error: %s (%i)" ), errdesc, packet->errcode );
 					purple_connection_error( session->con, errmsg );
 					return -1;
 				}
 		case CP_CMD_LOGOUT :
-				sprintf( errmsg, _( "Logout error: %s (%i)" ), errdesc, packet->errcode );
+				snprintf( errmsg, sizeof( errmsg ), _( "Logout error: %s (%i)" ), errdesc, packet->errcode );
 				purple_connection_error_reason( session->con, PURPLE_CONNECTION_ERROR_NAME_IN_USE, _( errmsg ) );
 				return -1;
 		case CP_CMD_CONTACT :
--- a/libpurple/protocols/mxit/roster.c	Mon Jul 19 08:56:03 2010 +0000
+++ b/libpurple/protocols/mxit/roster.c	Mon Jul 19 09:52:08 2010 +0000
@@ -358,7 +358,7 @@
 	 * So if this MXit contact isn't in a group, pretend it is.
 	 */
 	if ( *contact->groupname == '\0' ) {
-		strcpy( contact->groupname, MXIT_DEFAULT_GROUP );
+		g_strlcpy( contact->groupname, MXIT_DEFAULT_GROUP, sizeof( contact->groupname ) );
 	}
 
 	/* find or create a group for this contact */