tags 438511 + patch done I've prepared a patch against the latest version of centerim currently in Debian, based on the Fedora diff posted here. I've mostly just ported the diff straight over; the changes look reasonable within the local context, but I'm not at all familiar with this codebase, so there may be other similar potential overflows that are not fixed by this patch. -- mithrandi, i Ainil en-Balandor, a faer Ambar
#! /bin/sh /usr/share/dpatch/dpatch-run ## fedora-security-patch.dpatch by <[EMAIL PROTECTED]> ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: No description.
@DPATCH@
diff -urNad centerim-4.22.1~/src/hooks/abstracthook.cc
centerim-4.22.1/src/hooks/abstracthook.cc
--- centerim-4.22.1~/src/hooks/abstracthook.cc 2007-06-14 00:44:04.000000000
+0200
+++ centerim-4.22.1/src/hooks/abstracthook.cc 2007-08-21 22:10:58.959262015
+0200
@@ -40,6 +40,8 @@
#include <time.h>
+#define NOTIFBUF 512
+
time_t timer_current = time(0);
abstracthook::abstracthook(protocolname aproto)
@@ -342,7 +344,7 @@
void abstracthook::log(logevent ev, ...) {
va_list ap;
- char buf[512];
+ char buf[NOTIFBUF];
static map<logevent, string> lst;
if(lst.empty()) {
@@ -357,7 +359,8 @@
}
va_start(ap, ev);
- vsprintf(buf, lst[ev].c_str(), ap);
+ vsnprintf(buf, NOTIFBUF, lst[ev].c_str(), ap);
+ buf[NOTIFBUF-1] = '\0';
va_end(ap);
face.log((string) "+ [" + conf.getprotocolname(proto) + "] " + buf);
@@ -754,7 +757,7 @@
if(id > 24 || id < -24) {
return "Unspecified";
} else {
- char buf[32];
+ static char buf[32];
sprintf(buf, "GMT %s%d:%s", id > 0 ? "-" : "+", abs(id/2), id % 2 == 0
? "00" : "30");
return buf;
}
diff -urNad centerim-4.22.1~/src/hooks/aimhook.cc
centerim-4.22.1/src/hooks/aimhook.cc
--- centerim-4.22.1~/src/hooks/aimhook.cc 2007-08-21 22:10:58.459347743
+0200
+++ centerim-4.22.1/src/hooks/aimhook.cc 2007-08-21 22:10:58.959262015
+0200
@@ -32,6 +32,8 @@
#include "imlogger.h"
#include "eventmanager.h"
+#define NOTIFBUF 512
+
aimhook ahook;
aimhook::aimhook()
@@ -293,8 +295,9 @@
fname = conf.getconfigfname("aim-profile");
if(access(fname.c_str(), R_OK)) {
- char sbuf[512];
- sprintf(sbuf, _("I do really enjoy the default AIM profile of centerim
%s."), VERSION);
+ char sbuf[NOTIFBUF];
+ snprintf(sbuf, NOTIFBUF, _("I do really enjoy the default AIM profile
of centerim %s."), VERSION);
+ sbuf[NOTIFBUF-1] = '\0';
profile.info = sbuf;
saveprofile();
}
diff -urNad centerim-4.22.1~/src/hooks/irchook.cc
centerim-4.22.1/src/hooks/irchook.cc
--- centerim-4.22.1~/src/hooks/irchook.cc 2007-08-21 22:10:58.459347743
+0200
+++ centerim-4.22.1/src/hooks/irchook.cc 2007-08-21 22:10:58.959262015
+0200
@@ -35,6 +35,8 @@
#include <iterator>
+#define NOTIFBUF 512
+
// ----------------------------------------------------------------------------
irchook irhook;
@@ -610,11 +612,12 @@
void irchook::channelfatal(string room, const char *fmt, ...) {
va_list ap;
- char buf[1024];
+ char buf[NOTIFBUF];
vector<channelInfo>::iterator i;
va_start(ap, fmt);
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, NOTIFBUF, fmt, ap);
+ buf[NOTIFBUF-1] = '\0';
va_end(ap);
if(room.substr(0, 1) != "#")
@@ -1197,7 +1200,7 @@
void irchook::nickchanged(void *connection, void *cli, ...) {
va_list ap;
icqcontact *c;
- char buf[100];
+ char buf[NOTIFBUF];
va_start(ap, cli);
char *oldnick = va_arg(ap, char *);
@@ -1219,7 +1222,8 @@
}
- sprintf(buf, _("The user has changed their nick from %s to %s"),
oldnick, newnick);
+ snprintf(buf, NOTIFBUF, _("The user has changed their nick from %s
to %s"), oldnick, newnick);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(c, buf));
}
}
@@ -1255,18 +1259,20 @@
void irchook::subreply(void *conn, void *cli, const char * const nick,
const char * const command, const char * const args) {
- char buf[512];
+ char buf[NOTIFBUF];
if(!strcmp(command, "PING")) {
map<string, time_t>::iterator i = irhook.pingtime.find(up(nick));
if(i != irhook.pingtime.end()) {
- sprintf(buf, _("PING reply from the user: %d second(s)"),
time(0)-i->second);
+ snprintf(buf, NOTIFBUF, _("PING reply from the user: %d
second(s)"), time(0)-i->second);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(nick, irc), buf));
}
} else if(!strcmp(command, "VERSION")) {
- sprintf(buf, _("The remote is using %s"), args);
+ snprintf(buf, NOTIFBUF, _("The remote is using %s"), args);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(nick, irc), buf));
}
@@ -1379,8 +1385,9 @@
if(strlen(email))
uname += (string) " (" + email + ")";
- char buf[512];
- sprintf(buf, _("%s has joined."), uname.c_str());
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("%s has joined."), uname.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(room, irc), buf));
}
}
@@ -1397,15 +1404,17 @@
if(conf.getourid(irc).nickname != who) {
string text;
string text2;
- char buf[512];
+ char buf[NOTIFBUF];
- sprintf(buf, _("%s has left"), who); text = buf;
+ snprintf(buf, NOTIFBUF, _("%s has left"), who); text = buf;
+ buf[NOTIFBUF-1] = '\0';
if(reason)
if(strlen(reason)) {
if(strlen(reason) > 450) reason[450] = 0;
text2 = irhook.rushtmlconv( "wk", reason );
- sprintf(buf, _("reason: %s"), text2.c_str() );
+ snprintf(buf, NOTIFBUF, _("reason: %s"), text2.c_str());
+ buf[NOTIFBUF-1] = '\0';
text += (string) "; " + buf + ".";
}
@@ -1425,13 +1434,15 @@
if(conf.getourid(irc).nickname != who) {
string text;
- char buf[512];
+ char buf[NOTIFBUF];
- sprintf(buf, _("%s has been kicked by %s"), who, by); text = buf;
+ snprintf(buf, NOTIFBUF, _("%s has been kicked by %s"), who, by); text =
buf;
+ buf[NOTIFBUF-1] = '\0';
if(reason)
if(strlen(reason)) {
- sprintf(buf, _("reason: %s"), reason);
+ snprintf(buf, NOTIFBUF, _("reason: %s"), reason);
+ buf[NOTIFBUF-1] = '\0';
text += (string) "; " + buf + ".";
}
@@ -1454,14 +1465,16 @@
return;
string text;
- char buf[1024];
+ char buf[NOTIFBUF];
text = irhook.rushtmlconv( "wk", topic );
- sprintf(buf, _("Channel topic now is: %s"), text.c_str());
+ snprintf(buf, NOTIFBUF, _("Channel topic now is: %s"), text.c_str());
+ buf[NOTIFBUF-1] = '\0';
text = buf;
if(author)
if(strlen(author)) {
- sprintf(buf, _("set by %s"), author);
+ snprintf(buf, NOTIFBUF, _("set by %s"), author);
+ buf[NOTIFBUF-1] = '\0';
text += (string) "; " + buf + ".";
}
@@ -1478,8 +1491,9 @@
va_end(ap);
if(by) {
- char buf[512];
- sprintf(buf, _("%s has been opped by %s."), who, by);
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("%s has been opped by %s."), who, by);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(room, irc), buf));
}
}
@@ -1494,8 +1508,9 @@
va_end(ap);
if(by) {
- char buf[512];
- sprintf(buf, _("%s has been deopped by %s."), who, by);
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("%s has been deopped by %s."), who, by);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(room, irc), buf));
}
}
@@ -1508,10 +1523,10 @@
char *by = va_arg(ap, char *);
va_end(ap);
- char buf[512];
- if(by) sprintf(buf, _("%s has opped us."), by);
- else strcpy(buf, _("you are an op here"));
-
+ char buf[NOTIFBUF];
+ if(by) snprintf(buf, NOTIFBUF, _("%s has opped us."), by);
+ else strncpy(buf, _("you are an op here"), NOTIFBUF);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(room, irc), buf));
}
@@ -1523,8 +1538,9 @@
char *by = va_arg(ap, char *);
va_end(ap);
- char buf[512];
- sprintf(buf, _("%s has deopped us."), by);
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("%s has deopped us."), by);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(imcontact(room, irc), buf));
}
diff -urNad centerim-4.22.1~/src/hooks/jabberhook.cc
centerim-4.22.1/src/hooks/jabberhook.cc
--- centerim-4.22.1~/src/hooks/jabberhook.cc 2007-08-21 22:10:58.459347743
+0200
+++ centerim-4.22.1/src/hooks/jabberhook.cc 2007-08-21 22:10:58.959262015
+0200
@@ -36,6 +36,8 @@
#define DEFAULT_CONFSERV "conference.jabber.org"
#define PERIOD_KEEPALIVE 30
+#define NOTIFBUF 512
+
static void jidsplit(const string &jid, string &user, string &host, string
&rest) {
int pos;
user = jid;
@@ -1431,8 +1433,9 @@
if(vinfo.size() > 128)
vinfo.erase(128);
- char buf[256];
- sprintf(buf, _("The remote is using %s"), vinfo.c_str());
+ char buf[NOTIFBUF];
+ snprintf(buf, NOTIFBUF, _("The remote is using %s"), vinfo.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(ic, buf));
}
}
diff -urNad centerim-4.22.1~/src/hooks/ljhook.cc
centerim-4.22.1/src/hooks/ljhook.cc
--- centerim-4.22.1~/src/hooks/ljhook.cc 2007-06-14 00:44:04.000000000
+0200
+++ centerim-4.22.1/src/hooks/ljhook.cc 2007-08-21 22:10:58.959262015 +0200
@@ -37,6 +37,8 @@
#define PERIOD_FRIENDS 3600
+#define NOTIFBUF 512
+
ljhook::ljhook(): abstracthook(livejournal), fonline(false), sdest(0) {
fcapabs.insert(hookcapab::nochat);
}
@@ -654,7 +656,7 @@
map<string, string> nfriendof;
map<string, string>::const_iterator in;
vector<string>::iterator il;
- char buf[512];
+ char buf[NOTIFBUF];
for(i = 1; i <= count; i++) {
username = params[(string) "friendof_" + i2str(i) + "_user"];
@@ -669,8 +671,9 @@
if(!foempty) {
bd = (string) "http://"; + conf.getourid(proto).server +
"/users/" + in->first;
- snprintf(buf, sizeof(buf), _("The user %s (%s) has added
you to his/her friend list\n\nJournal address: %s"),
+ snprintf(buf, NOTIFBUF, _("The user %s (%s) has added you
to his/her friend list\n\nJournal address: %s"),
in->first.c_str(), in->second.c_str(), bd.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(self, buf));
}
@@ -679,8 +682,9 @@
for(il = friendof.begin(); il != friendof.end(); ) {
if(nfriendof.find(*il) == nfriendof.end()) {
bd = (string) "http://"; + conf.getourid(proto).server +
"/users/" + *il;
- snprintf(buf, sizeof(buf), _("The user %s has removed you
from his/her friend list\n\nJournal address: %s"),
+ snprintf(buf, NOTIFBUF, _("The user %s has removed you from
his/her friend list\n\nJournal address: %s"),
il->c_str(), bd.c_str());
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(self, buf));
friendof.erase(il);
il = friendof.begin();
diff -urNad centerim-4.22.1~/src/hooks/yahoohook.cc
centerim-4.22.1/src/hooks/yahoohook.cc
--- centerim-4.22.1~/src/hooks/yahoohook.cc 2007-08-21 22:10:58.459347743
+0200
+++ centerim-4.22.1/src/hooks/yahoohook.cc 2007-08-21 22:10:58.959262015
+0200
@@ -47,6 +47,8 @@
#define PERIOD_REFRESH 60
#define PERIOD_CLOSE 6
+#define NOTIFBUF 512
+
int yahoohook::yfd::connection_tags = 0;
char pager_host[255], pager_port[255], filetransfer_host[255],
@@ -852,7 +854,7 @@
icqconf::imaccount acc = conf.getourid(yahoo);
string confname = (string) "#" + room, inviter, text;
vector<string>::iterator ic;
- char buf[1024];
+ char buf[NOTIFBUF];
int i;
imcontact cont(confname, yahoo);
@@ -864,10 +866,11 @@
inviter.erase(i);
}
- sprintf(buf, _("The user %s has invited you to the %s conference, the
topic there is: %s"),
+ snprintf(buf, NOTIFBUF, _("The user %s has invited you to the %s
conference, the topic there is: %s"),
yhook.rusconv("wk", inviter).c_str(),
yhook.rusconv("wk", room).c_str(),
yhook.rusconv("wk", msg).c_str());
+ buf[NOTIFBUF-1] = '\0';
text = (string) buf + "\n\n" + _("Current conference members are: ");
yhook.confmembers[room].push_back(inviter);
@@ -896,20 +899,22 @@
void yahoohook::conf_userdecline(int id, char *who, char *room, char *msg) {
icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
- char buf[512];
+ char buf[NOTIFBUF];
if(c) {
- sprintf(buf, _("The user %s has declined your invitation to join the
conference"), who);
+ snprintf(buf, NOTIFBUF, _("The user %s has declined your invitation to
join the conference"), who);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(c, buf));
}
}
void yahoohook::conf_userjoin(int id, char *who, char *room) {
icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
- char buf[512];
+ char buf[NOTIFBUF];
if(c) {
- sprintf(buf, _("The user %s has joined the conference"), who);
+ snprintf(buf, NOTIFBUF, _("The user %s has joined the conference"),
who);
+ buf[NOTIFBUF-1] = '\0';
if(find(yhook.confmembers[room].begin(), yhook.confmembers[room].end(),
who) == yhook.confmembers[room].end())
yhook.confmembers[room].push_back(who);
@@ -920,11 +925,12 @@
void yahoohook::conf_userleave(int id, char *who, char *room) {
icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
- char buf[512];
+ char buf[NOTIFBUF];
vector<string>::iterator im;
if(c) {
- sprintf(buf, _("The user %s has left the conference"), who);
+ snprintf(buf, NOTIFBUF, _("The user %s has left the conference"), who);
+ buf[NOTIFBUF-1] = '\0';
em.store(imnotification(c, buf));
im = find(yhook.confmembers[room].begin(),
yhook.confmembers[room].end(), who);
@@ -989,10 +995,11 @@
}
void yahoohook::mail_notify(int id, char *from, char *subj, int cnt) {
- char buf[1024];
+ char buf[NOTIFBUF];
if(from && subj) {
- sprintf(buf, _("+ [yahoo] e-mail from %s, %s"), from, subj);
+ snprintf(buf, NOTIFBUF, _("+ [yahoo] e-mail from %s, %s"), from, subj);
+ buf[NOTIFBUF-1] = '\0';
face.log(buf);
clist.get(contactroot)->playsound(imevent::email);
}
@@ -1146,11 +1153,12 @@
int yahoohook::ylog(char *fmt, ...) {
if(conf.getdebug()) {
- char buf[512];
+ char buf[NOTIFBUF];
va_list ap;
va_start(ap, fmt);
- vsprintf(buf, fmt, ap);
+ vsnprintf(buf, NOTIFBUF, fmt, ap);
+ buf[NOTIFBUF-1] = '\0';
va_end(ap);
face.log(buf);
signature.asc
Description: Digital signature
