head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q2:1.1.0.44
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.42
	pkgsrc-2012Q1-base:1.1
	pkgsrc-2011Q4:1.1.0.40
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.38
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.36
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.34
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.32
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.30
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.28
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.26
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.24
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.22
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.20
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.18
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.16
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.14
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.12
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.10
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.8
	pkgsrc-2008Q1:1.1.0.6
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.4
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.2
	pkgsrc-2007Q3-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2012.07.14.22.12.43;	author dholland;	state dead;
branches;
next	1.1;

1.1
date	2007.07.19.00.43.43;	author lkundrak;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove chat/centericq as promised. This has not been buildable for
years due to C++ standards drift and has been superseded by centerim.
@
text
@$NetBSD: patch-az,v 1.1 2007/07/19 00:43:43 lkundrak Exp $

Part of a fix for CVE-2007-3713.

--- src/hooks/yahoohook.cc.orig	2007-07-19 02:24:38.000000000 +0200
+++ src/hooks/yahoohook.cc
@@@@ -47,6 +47,8 @@@@
 #define PERIOD_REFRESH          60
 #define PERIOD_CLOSE            6
 
+#define NOTIFBUF 512
+
 int yahoohook::yfd::connection_tags = 0;
 
 char pager_host[255], pager_port[255], filetransfer_host[255],
@@@@ -844,7 +846,7 @@@@ void yahoohook::got_conf_invite(int id, 
     icqconf::imaccount acc = conf.getourid(yahoo);
     string confname = (string) "#" + room, inviter, text;
     vector<string>::iterator ic;
-    char buf[1024];
+    char buf[NOTIFBUF];
     int i;
 
     imcontact cont(confname, yahoo);
@@@@ -856,10 +858,11 @@@@ void yahoohook::got_conf_invite(int id, 
 	inviter.erase(i);
     }
 
-    sprintf(buf, _("The user %s has invited you to the %s conference, the topic there is: %s"),
+    snprintf(buf, NOTIFBUF, _("The user %s has invited you to the %s conference, the topic there is: %s"),
 	yhook.rusconv("wk", inviter).c_str(),
 	yhook.rusconv("wk", room).c_str(),
 	yhook.rusconv("wk", msg).c_str());
+    buf[NOTIFBUF-1] = '\0';
 
     text = (string) buf + "\n\n" + _("Current conference members are: ");
     yhook.confmembers[room].push_back(inviter);
@@@@ -888,20 +891,22 @@@@ void yahoohook::got_conf_invite(int id, 
 
 void yahoohook::conf_userdecline(int id, char *who, char *room, char *msg) {
     icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
-    char buf[512];
+    char buf[NOTIFBUF];
 
     if(c) {
-	sprintf(buf, _("The user %s has declined your invitation to join the conference"), who);
+	snprintf(buf, NOTIFBUF, _("The user %s has declined your invitation to join the conference"), who);
+	buf[NOTIFBUF-1] = '\0';
 	em.store(imnotification(c, buf));
     }
 }
 
 void yahoohook::conf_userjoin(int id, char *who, char *room) {
     icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
-    char buf[512];
+    char buf[NOTIFBUF];
 
     if(c) {
-	sprintf(buf, _("The user %s has joined the conference"), who);
+	snprintf(buf, NOTIFBUF, _("The user %s has joined the conference"), who);
+	buf[NOTIFBUF-1] = '\0';
 
 	if(find(yhook.confmembers[room].begin(), yhook.confmembers[room].end(), who) == yhook.confmembers[room].end())
 	    yhook.confmembers[room].push_back(who);
@@@@ -912,11 +917,12 @@@@ void yahoohook::conf_userjoin(int id, ch
 
 void yahoohook::conf_userleave(int id, char *who, char *room) {
     icqcontact *c = clist.get(imcontact((string) "#" + room, yahoo));
-    char buf[512];
+    char buf[NOTIFBUF];
     vector<string>::iterator im;
 
     if(c) {
-	sprintf(buf, _("The user %s has left the conference"), who);
+	snprintf(buf, NOTIFBUF, _("The user %s has left the conference"), who);
+	buf[NOTIFBUF-1] = '\0';
 	em.store(imnotification(c, buf));
 
 	im = find(yhook.confmembers[room].begin(), yhook.confmembers[room].end(), who);
@@@@ -981,10 +987,11 @@@@ void yahoohook::game_notify(int id, char
 }
 
 void yahoohook::mail_notify(int id, char *from, char *subj, int cnt) {
-    char buf[1024];
+    char buf[NOTIFBUF];
 
     if(from && subj) {
-	sprintf(buf, _("+ [yahoo] e-mail from %s, %s"), from, subj);
+	snprintf(buf, NOTIFBUF, _("+ [yahoo] e-mail from %s, %s"), from, subj);
+	buf[NOTIFBUF-1] = '\0';
 	face.log(buf);
 	clist.get(contactroot)->playsound(imevent::email);
     }
@@@@ -1138,11 +1145,12 @@@@ void yahoohook::webcam_data_request(int 
 
 int yahoohook::ylog(char *fmt, ...) {
     if(conf.getdebug()) {
-	char buf[512];
+	char buf[NOTIFBUF];
 	va_list ap;
 
 	va_start(ap, fmt);
-	vsprintf(buf, fmt, ap);
+	vsnprintf(buf, NOTIFBUF, fmt, ap);
+	buf[NOTIFBUF-1] = '\0';
 	va_end(ap);
 
 	face.log(buf);
@


1.1
log
@Fix horrific number of buffer overflows, CVE-2007-3713.
Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
@