On Tue, Oct 22, 2002 at 04:16:34AM +0000, Michael Shields wrote:
> There are a number of problems with the handling of the $http_proxy
> ($HTTP_PROXY, $HTTPPROXY, $http_proxy_user, &c.) environment variables
> in the current CVS tree.
>
> The code is broken; gaimrc_parse_proxy_uri() uses strcmp(), a string
> comparison function, when it should use strcpy(). Because of this the
> proxy variables are never actually initialized; they contain random
> memory junk. This makes gaim unusable.
>
> Fixed-size buffers are used to read unlimited-size environment
> variables, creating potential buffer overflows. This could make gaim
> crash or become erratic if these environment variables are too long.
>
> The attached patch fixes these problems, and at the same time makes
> gaimrc_read_proxy() easier to read and saves calls to g_getenv().
> Both parts of the patch need to be applied, since otherwise
> gaimrc_parse_proxy_uri()'s overwrites its own argument and fails.
>
> Please cc me on replies; I am not on gaim-devel. Thanks.
Sigh! Pitiful. We'll be sure to hunt down the guy who did it.
We should lay off of him, though, because he was probably asked by a
Debian maintainer or somebody to fix it, and had no methods for
testing, and was up late doing it instead of homework. I'd imagine
that's the case, anyway. I'll take care of this personally. You can
all get back to work.
Christian
--
Christian Hammond <> The GNUpdate Project
ch...@gn... <> http://www.gnupdate.org/
Windows 98: 32 bit extensions and a graphical shell for a 16 bit patch
to an 8 bit operating system originally coded for a 4 bit microprocessor,
written by a 2 bit company that can't stand 1 bit of competition.
|
