On Mon, Dec 08, 2008 at 11:33:37PM +0000, Simon Huggins wrote: > Hi, > > We had a user in Debian who was having problems with the > xfce4-mpc-plugin and a long password. It turned out that passwords > longer than about 30 characters were causing buffer overflows. > > I looked into it and found a few problems. There are lots of sprintfs > into buffers with strings which contain untrusted input. > > I've fixed some in the attached patch against 0.3.3 although I want it > to be reviewed at some point. > > I also couldn't see a nice way to return an error message back to the > user and I'm not really a GTK coder in anyway :) > > You may well choose to fix these issues in a different way in which case > we'd love to see the patch to get it into Debian. > > Anyway, if you have some time to review the patch it'd be great.
Patch is great, i always wanted to get back on it and fix this ugly code. There are probably others in simple-libmpd.c... Atm, i have no internet connection, and my svn trees are in boxes, so i cant commit it/integrate it now... hopefully in some weeks. I just have to remember i have to do it. Thanks a lot. Landry _______________________________________________ Pkg-xfce-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/pkg-xfce-devel
