head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q2:1.1.0.44 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.42 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.40 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.38 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.36 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.34 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.32 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.30 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.28 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.26 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.24 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.22 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.20 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.18 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.16 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.14 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.12 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.10 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.8 pkgsrc-2008Q1:1.1.0.6 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.4 pkgsrc-2007Q4-base:1.1 pkgsrc-2007Q3:1.1.0.2 pkgsrc-2007Q3-base:1.1; locks; strict; comment @# @; 1.2 date 2012.07.14.22.12.43; author dholland; state dead; branches; next 1.1; 1.1 date 2007.07.19.00.43.43; author lkundrak; state Exp; branches; next ; desc @@ 1.2 log @Remove chat/centericq as promised. This has not been buildable for years due to C++ standards drift and has been superseded by centerim. @ text @$NetBSD: patch-ay,v 1.1 2007/07/19 00:43:43 lkundrak Exp $ Part of a fix for CVE-2007-3713. --- src/hooks/ljhook.cc.orig 2005-01-07 02:27:04.000000000 +0100 +++ src/hooks/ljhook.cc @@@@ -37,6 +37,8 @@@@ ljhook lhook; #define PERIOD_FRIENDS 3600 +#define NOTIFBUF 512 + ljhook::ljhook(): abstracthook(livejournal), fonline(false), sdest(0) { fcapabs.insert(hookcapab::nochat); } @@@@ -654,7 +656,7 @@@@ void ljhook::messageack_cb(MessageEvent map nfriendof; map::const_iterator in; vector::iterator il; - char buf[512]; + char buf[NOTIFBUF]; for(i = 1; i <= count; i++) { username = params[(string) "friendof_" + i2str(i) + "_user"]; @@@@ -669,8 +671,9 @@@@ void ljhook::messageack_cb(MessageEvent if(!foempty) { bd = (string) "http://" + conf.getourid(proto).server + "/users/" + in->first; - sprintf(buf, _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"), + snprintf(buf, NOTIFBUF, _("The user %s (%s) has added you to his/her friend list\n\nJournal address: %s"), in->first.c_str(), in->second.c_str(), bd.c_str()); + buf[NOTIFBUF-1] = '\0'; em.store(imnotification(self, buf)); } @@@@ -679,8 +682,9 @@@@ void ljhook::messageack_cb(MessageEvent for(il = friendof.begin(); il != friendof.end(); ) { if(nfriendof.find(*il) == nfriendof.end()) { bd = (string) "http://" + conf.getourid(proto).server + "/users/" + *il; - sprintf(buf, _("The user %s has removed you from his/her friend list\n\nJournal address: %s"), + snprintf(buf, NOTIFBUF, _("The user %s has removed you from his/her friend list\n\nJournal address: %s"), il->c_str(), bd.c_str()); + buf[NOTIFBUF-1] = '\0'; em.store(imnotification(self, buf)); friendof.erase(il); il = friendof.begin(); @ 1.1 log @Fix horrific number of buffer overflows, CVE-2007-3713. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @