Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 58320 Details for
Bug 91862
net-im/gaim buffer overflow (CAN-2005-126{1|2})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
gaim-long_url.patch
gaim-long_url.patch (text/plain), 3.83 KB, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2005-05-08 00:52:45 UTC
(
hide
)
Description:
gaim-long_url.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2005-05-08 00:52:45 UTC
Size:
3.83 KB
patch
obsolete
>=================================================================== >RCS file: /cvsroot/gaim/gaim/src/util.c,v >retrieving revision 1.325.2.19 >retrieving revision 1.325.2.20 >diff -u -r1.325.2.19 -r1.325.2.20 >--- gaim/gaim/src/util.c 2005/04/28 04:02:10 1.325.2.19 >+++ gaim/gaim/src/util.c 2005/05/06 00:13:37 1.325.2.20 >@@ -1410,8 +1410,7 @@ > gaim_markup_linkify(const char *text) > { > const char *c, *t, *q = NULL; >- char *tmp, *tmpurlbuf; >- char url_buf[BUF_LEN * 4]; >+ char *tmp, *tmpurlbuf, *url_buf; > gunichar g; > gboolean inside_html = FALSE; > int inside_paren = 0; >@@ -1467,11 +1466,11 @@ > t--; > } > >- strncpy(url_buf, c, t - c); >- url_buf[t - c] = 0; >+ url_buf = g_strndup(c, t - c); > tmpurlbuf = gaim_unescape_html(url_buf); > g_string_append_printf(ret, "<A HREF=\"%s\">%s</A>", > tmpurlbuf, url_buf); >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > break; >@@ -1500,12 +1499,12 @@ > if ((*(t - 1) == ')' && (inside_paren > 0))) { > t--; > } >- strncpy(url_buf, c, t - c); >- url_buf[t - c] = 0; >+ url_buf = g_strndup(c, t - c); > tmpurlbuf = gaim_unescape_html(url_buf); > g_string_append_printf(ret, > "<A HREF=\"http://%s\">%s</A>", tmpurlbuf, > url_buf); >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > break; >@@ -1524,11 +1523,11 @@ > if ((*(t - 1) == ')' && (inside_paren > 0))) { > t--; > } >- strncpy(url_buf, c, t - c); >- url_buf[t - c] = 0; >+ g_strndup(c, t - c); > tmpurlbuf = gaim_unescape_html(url_buf); > g_string_append_printf(ret, "<A HREF=\"%s\">%s</A>", > tmpurlbuf, url_buf); >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > break; >@@ -1551,12 +1550,12 @@ > if ((*(t - 1) == ')' && (inside_paren > 0))) { > t--; > } >- strncpy(url_buf, c, t - c); >- url_buf[t - c] = 0; >+ url_buf = g_strndup(c, t - c); > tmpurlbuf = gaim_unescape_html(url_buf); > g_string_append_printf(ret, > "<A HREF=\"ftp://%s\">%s</A>", tmpurlbuf, > url_buf); >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > break; >@@ -1572,11 +1571,11 @@ > if (badchar(*t) || badentity(t)) { > if (*(t - 1) == '.') > t--; >- strncpy(url_buf, c, t - c); >- url_buf[t - c] = 0; >+ url_buf = g_strndup(c, t - c); > tmpurlbuf = gaim_unescape_html(url_buf); > g_string_append_printf(ret, "<A HREF=\"%s\">%s</A>", > tmpurlbuf, url_buf); >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > break; >@@ -1590,15 +1589,15 @@ > int flag; > GString *gurl_buf; > const char illegal_chars[] = "!@#$%^&*()[]{}/|\\<>\":;\r\n \0"; >- url_buf[0] = 0; > > if (strchr(illegal_chars,*(c - 1)) || strchr(illegal_chars, *(c + 1))) > flag = 0; >- else >+ else { > flag = 1; >+ gurl_buf = g_string_new(""); >+ } > > t = c; >- gurl_buf = g_string_new(""); > while (flag) { > /* iterate backwards grabbing the local part of an email address */ > g = g_utf8_get_char(t); >@@ -1626,11 +1625,13 @@ > if (badchar(*t) || (g >= 127) || (*t == ')') || badentity(t)) { > char *d; > >- strcpy(url_buf, gurl_buf->str); >+ url_buf = g_string_free(gurl_buf, FALSE); > > /* strip off trailing periods */ >- for (d = url_buf + strlen(url_buf) - 1; *d == '.'; d--, t--) >- *d = '\0'; >+ if (strlen(url_buf) > 0) { >+ for (d = url_buf + strlen(url_buf) - 1; *d == '.'; d--, t--) >+ *d = '\0'; >+ } > > tmpurlbuf = gaim_unescape_html(url_buf); > if (gaim_email_is_valid(tmpurlbuf)) { >@@ -1639,6 +1640,7 @@ > } else { > g_string_append(ret, url_buf); > } >+ g_free(url_buf); > g_free(tmpurlbuf); > c = t; > >@@ -1648,7 +1650,6 @@ > t = g_utf8_find_next_char(t, NULL); > } > } >- g_string_free(gurl_buf, TRUE); > } > > if(*c == ')' && !inside_html) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=58320">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 91862
: 58320
