Menu
▾
▴
[Gaim-devel] Trivial patch: sprintf -> snprintf
|
From: William T. M. <wt...@du...> - 2002-09-29 20:38:53
|
Hi, While working with the Oscar prpl I came across a few places that used sprintf with a fixed-size buffer. I don't think this is a big deal because the untrusted data usually passes through the BOS server, which probably places restrictions on the lengths of screennames and the like. However, it doesn't appear that Gaim checks the lengths of incoming TLVs, and now that direct TCP connections to other clients are supported, I think it's important to handle any outside data carefully. The attached patch changes the sprintf()s to snprintf()s. Also, if this is not the best place for someone without CVS commit access to send these sorts of small patches, just let me know. -- Wil |
