On Fri, Feb 15, 2002 at 08:32:30PM +0100, Martin Schulze <[EMAIL PROTECTED]> wrote:
> Hi!
>
> Sorry for stepping in so late.
>
> Jon Keating wrote:
>> This crash occurred when a static buffer of 1024 bytes overflowed. This is
>> fixed in the latest version of licq in the CVS and should be in the next CVS
>> daily snapshot. The CVS copy of licq uses the new v8 protocol (otherwise
>> known as OSCAR) while the latest release does not. If for some reason you do
>> not want to use the CVS copy, use the attached patch, and when prompted for
>> file to patch enter the full path to icqd-chat.cpp (i.e.
>> /home/user/licq/src/icqd-chat.cpp)
>>
>
> I thought that I was blind, but reformatting and diff seems to reveal
> that I'm not. Are you sure this patch is actually useful? All that
> it changes is convert spaces to tab characters, indent one line and
> add a trailing space after a bracket.
>
> I doubt this is able to fix a buffer overflow.
>
> 1247a1248,1253
>> if (strlen(u->linebuf) > 1000) // stop a little early
>> {
>> u->linebuf[1000] = '\0';
>> PushChatEvent(new CChatEvent(CHAT_NEWLINE, u, u->linebuf));
>> u->linebuf[0] = '\0';
>> }
> 1547a1548,1553
>> if (strlen(u->linebuf) > 1000) // stop a little early
>> {
>> u->linebuf[1000] = '\0';
>> PushChatEvent(new CChatEvent(CHAT_NEWLINE, u, u->linebuf));
>> u->linebuf[0] = '\0';
>> }
>
> Would you mind providing the real patch?
This is the real patch: it adds the same code in two different places.
--
Tim van Erven <[EMAIL PROTECTED]>
_______________________________________________
Licq-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/licq-devel
