46 lines
1.8 KiB
Text
46 lines
1.8 KiB
Text
$NetBSD: patch-ay,v 1.1 2007/07/19 00:43:43 lkundrak Exp $
|
|
|
|
Part of a fix for CVE-2007-3713.
|
|
|
|
--- src/hooks/ljhook.cc.orig 2005-01-07 02:27:04.000000000 +0100
|
|
+++ src/hooks/ljhook.cc
|
|
@@ -37,6 +37,8 @@ ljhook lhook;
|
|
|
|
#define PERIOD_FRIENDS 3600
|
|
|
|
+#define NOTIFBUF 512
|
|
+
|
|
ljhook::ljhook(): abstracthook(livejournal), fonline(false), sdest(0) {
|
|
fcapabs.insert(hookcapab::nochat);
|
|
}
|
|
@@ -654,7 +656,7 @@ void ljhook::messageack_cb(MessageEvent
|
|
map<string, string> nfriendof;
|
|
map<string, string>::const_iterator in;
|
|
vector<string>::iterator il;
|
|
- char buf[512];
|
|
+ char buf[NOTIFBUF];
|
|
|
|
for(i = 1; i <= count; i++) {
|
|
username = params[(string) "friendof_" + i2str(i) + "_user"];
|
|
@@ -669,8 +671,9 @@ void ljhook::messageack_cb(MessageEvent
|
|
if(!foempty) {
|
|
bd = (string) "http://" + conf.getourid(proto).server + "/users/" + in->first;
|
|
|
|
- sprintf(buf, _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"),
|
|
+ snprintf(buf, NOTIFBUF, _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"),
|
|
in->first.c_str(), in->second.c_str(), bd.c_str());
|
|
+ buf[NOTIFBUF-1] = '\0';
|
|
|
|
em.store(imnotification(self, buf));
|
|
}
|
|
@@ -679,8 +682,9 @@ void ljhook::messageack_cb(MessageEvent
|
|
for(il = friendof.begin(); il != friendof.end(); ) {
|
|
if(nfriendof.find(*il) == nfriendof.end()) {
|
|
bd = (string) "http://" + conf.getourid(proto).server + "/users/" + *il;
|
|
- sprintf(buf, _("The user %s has removed you from his/her friend list\n\nJournal address: %s"),
|
|
+ snprintf(buf, NOTIFBUF, _("The user %s has removed you from his/her friend list\n\nJournal address: %s"),
|
|
il->c_str(), bd.c_str());
|
|
+ buf[NOTIFBUF-1] = '\0';
|
|
em.store(imnotification(self, buf));
|
|
friendof.erase(il);
|
|
il = friendof.begin();
|