Mercurial > pidgin
comparison src/protocols/novell/nmrtf.c @ 9804:fe268cb602cb
[gaim-migrate @ 10672]
Fix 2 insanely rare but maybe-still-possible buffer overflows.
committer: Tailor Script <tailor@pidgin.im>
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Sat, 21 Aug 2004 20:11:42 +0000 |
| parents | 54fb1f466953 |
| children |
comparison
equal
deleted
inserted
replaced
| 9803:4d9d4940454b | 9804:fe268cb602cb |
|---|---|
| 504 int status = NMRTF_OK; | 504 int status = NMRTF_OK; |
| 505 guchar ch; | 505 guchar ch; |
| 506 gboolean param_set = FALSE; | 506 gboolean param_set = FALSE; |
| 507 gboolean is_neg = FALSE; | 507 gboolean is_neg = FALSE; |
| 508 int param = 0; | 508 int param = 0; |
| 509 char *pch; | |
| 510 char keyword[30]; | 509 char keyword[30]; |
| 511 char parameter[20]; | 510 char parameter[20]; |
| 511 int i; | |
| 512 | 512 |
| 513 keyword[0] = '\0'; | 513 keyword[0] = '\0'; |
| 514 parameter[0] = '\0'; | 514 parameter[0] = '\0'; |
| 515 if ((status = rtf_get_char(ctx, &ch)) != NMRTF_OK) | 515 if ((status = rtf_get_char(ctx, &ch)) != NMRTF_OK) |
| 516 return status; | 516 return status; |
| 521 keyword[1] = '\0'; | 521 keyword[1] = '\0'; |
| 522 return rtf_dispatch_control(ctx, keyword, 0, param_set); | 522 return rtf_dispatch_control(ctx, keyword, 0, param_set); |
| 523 } | 523 } |
| 524 | 524 |
| 525 /* parse keyword */ | 525 /* parse keyword */ |
| 526 for (pch = keyword; isalpha(ch); rtf_get_char(ctx, &ch)) { | 526 for (i = 0; isalpha(ch) && (i < sizeof(keyword) - 1); rtf_get_char(ctx, &ch)) { |
| 527 *pch = (char) ch; | 527 keyword[i] = (char) ch; |
| 528 pch++; | 528 i++; |
| 529 } | 529 } |
| 530 *pch = '\0'; | 530 keyword[i] = '\0'; |
| 531 | 531 |
| 532 /* check for '-' indicated a negative parameter value */ | 532 /* check for '-' indicated a negative parameter value */ |
| 533 if (ch == '-') { | 533 if (ch == '-') { |
| 534 is_neg = TRUE; | 534 is_neg = TRUE; |
| 535 if ((status = rtf_get_char(ctx, &ch)) != NMRTF_OK) | 535 if ((status = rtf_get_char(ctx, &ch)) != NMRTF_OK) |
| 538 | 538 |
| 539 /* check for numerical param */ | 539 /* check for numerical param */ |
| 540 if (isdigit(ch)) { | 540 if (isdigit(ch)) { |
| 541 | 541 |
| 542 param_set = TRUE; | 542 param_set = TRUE; |
| 543 for (pch = parameter; isdigit(ch); rtf_get_char(ctx, &ch)) { | 543 for (i = 0; isdigit(ch) && (i < sizeof(parameter) - 1); rtf_get_char(ctx, &ch)) { |
| 544 *pch = (char) ch; | 544 parameter[i] = (char) ch; |
| 545 pch++; | 545 i++; |
| 546 } | 546 } |
| 547 *pch = '\0'; | 547 parameter[i] = '\0'; |
| 548 | 548 |
| 549 ctx->param = param = atoi(parameter); | 549 ctx->param = param = atoi(parameter); |
| 550 if (is_neg) | 550 if (is_neg) |
| 551 ctx->param = param = -param; | 551 ctx->param = param = -param; |
| 552 } | 552 } |