[pkg-otr-team] [irssi-plugin-otr] 117/167: Protected against a possible malicious translation problem
Holger Levsen
holger at moszumanska.debian.org
Mon Mar 3 21:55:37 UTC 2014
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to tag 4.0.0
in repository irssi-plugin-otr.
commit 54c2e526bd8e0b758d1eb3e17225aced9b41ea55
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date: Fri Jun 22 22:20:58 2012 -0400
Protected against a possible malicious translation problem
Thanks to Jacob Appelbaum for pointing it out!
---
gtk-dialog.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/gtk-dialog.c b/gtk-dialog.c
index 5a78984..b51f094 100644
--- a/gtk-dialog.c
+++ b/gtk-dialog.c
@@ -669,7 +669,8 @@ static void add_to_vbox_verify_fingerprint(GtkWidget *vbox,
vfd = vrfy_fingerprint_data_new(fprint);
- strcpy(our_hash, _("[none]"));
+ strncpy(our_hash, _("[none]"), 44);
+ our_hash[44] = '\0';
otrl_privkey_fingerprint(otrg_plugin_userstate, our_hash,
context->accountname, context->protocol);
@@ -1394,7 +1395,8 @@ static void verify_fingerprint(GtkWindow *parent, Fingerprint *fprint)
context->username);
vfd = vrfy_fingerprint_data_new(fprint);
- strcpy(our_hash, _("[none]"));
+ strncpy(our_hash, _("[none]"), 44);
+ our_hash[44] = '\0';
otrl_privkey_fingerprint(otrg_plugin_userstate, our_hash,
context->accountname, context->protocol);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-otr/packages/irssi-plugin-otr.git
More information about the Pkg-otr-team
mailing list