[pkg-otr-team] [irssi-plugin-otr] 139/167: Prevented potential buffer overflow from overlong translations in account_menu_changed_cb()

Holger Levsen holger at moszumanska.debian.org
Mon Mar 3 21:55:39 UTC 2014 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to tag 4.0.0
in repository irssi-plugin-otr.

commit 3c6cd37b22af194f16ce52ec2c3ef3398a0d0587
Author: Ian Goldberg <iang at cs.uwaterloo.ca>
Date:   Thu Jul 19 09:03:55 2012 -0400

    Prevented potential buffer overflow from overlong translations in account_menu_changed_cb()
    
    Thanks to Paul Wouters <paul at cypherpunks.ca> for the report.
---
 gtk-ui.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/gtk-ui.c b/gtk-ui.c
index f42a2df..1d33172 100644
--- a/gtk-ui.c
+++ b/gtk-ui.c
@@ -89,7 +89,7 @@ static void account_menu_changed_cb(GtkWidget *item, PurpleAccount *account,
     const char *accountname;
     const char *protocol;
     GtkWidget *fprint = ui_layout.fprint_label;
-    char s[100];
+    char *s = NULL;
     char *fingerprint;
 
     if (account) {
@@ -100,23 +100,26 @@ static void account_menu_changed_cb(GtkWidget *item, PurpleAccount *account,
 		fingerprint_buf, accountname, protocol);
 
 	if (fingerprint) {
-	    sprintf(s, _("Fingerprint: %.80s"), fingerprint);
+	    s = g_strdup_printf(_("Fingerprint: %.80s"), fingerprint);
 	    if (ui_layout.generate_button)
 		gtk_widget_set_sensitive(ui_layout.generate_button, 0);
 	} else {
-	    sprintf(s, _("No key present"));
+	    s = g_strdup(_("No key present"));
 	    if (ui_layout.generate_button)
 		gtk_widget_set_sensitive(ui_layout.generate_button, 1);
 	}
     } else {
-	sprintf(s, _("No account available"));
+	s = g_strdup(_("No account available"));
 	if (ui_layout.generate_button)
 	    gtk_widget_set_sensitive(ui_layout.generate_button, 0);
     }
     if (fprint) {
-	gtk_label_set_text(GTK_LABEL(fprint), s);
+	gtk_label_set_text(GTK_LABEL(fprint), s ? s : "");
 	gtk_widget_show(fprint);
     }
+    if (s) {
+	g_free(s);
+    }
 }
 
 /* Call this function when the DSA key is updated; it will redraw the

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-otr/packages/irssi-plugin-otr.git

More information about the Pkg-otr-team mailing list