From a2c69a5b0dbc56fbb85c6a9901795a61fa2d71cd Mon Sep 17 00:00:00 2001 From: naddy Date: Sun, 20 Jun 2004 16:27:49 +0000 Subject: [PATCH] Update to 0.90. Partial audit for string handling. From: Andrew Dalgleish --- net/bitlbee/Makefile | 30 +- net/bitlbee/distinfo | 9 +- net/bitlbee/patches/patch-bitlbee_c | 141 ++++++++ net/bitlbee/patches/patch-bitlbee_h | 29 +- net/bitlbee/patches/patch-commands_c | 107 ++++++ net/bitlbee/patches/patch-conf_c | 16 + net/bitlbee/patches/patch-configure | 19 +- net/bitlbee/patches/patch-crypting_c | 74 +++++ net/bitlbee/patches/patch-ini_c | 49 +++ net/bitlbee/patches/patch-irc_c | 164 ++++++++++ net/bitlbee/patches/patch-nick_c | 65 ++++ .../patches/patch-protocols_jabber_jabber_c | 65 ++++ .../patches/patch-protocols_jabber_lib_h | 11 + .../patches/patch-protocols_jabber_pool_c | 31 ++ .../patches/patch-protocols_msn_msn_util_c | 19 ++ net/bitlbee/patches/patch-protocols_msn_ns_c | 32 ++ .../patches/patch-protocols_msn_passport_c | 79 +++++ net/bitlbee/patches/patch-protocols_msn_sb_c | 26 ++ net/bitlbee/patches/patch-protocols_nogaim_c | 48 +++ .../patches/patch-protocols_oscar_oscar_c | 30 ++ .../patch-protocols_oscar_oscar_util_c | 13 + .../patches/patch-protocols_oscar_ssi_c | 36 +++ net/bitlbee/patches/patch-protocols_util_c | 47 +++ .../patches/patch-protocols_yahoo_libyahoo2_c | 304 ++++++++++++++++++ .../patches/patch-protocols_yahoo_yahoo_c | 57 ++++ .../patch-protocols_yahoo_yahoo_httplib_c | 67 ++++ .../patch-protocols_yahoo_yahoo_util_c | 17 + net/bitlbee/patches/patch-url_c | 89 +++++ net/bitlbee/patches/patch-utils_bitlbeed_c | 21 ++ net/bitlbee/pkg/DESCR | 5 +- net/bitlbee/pkg/PLIST | 3 +- 31 files changed, 1676 insertions(+), 27 deletions(-) create mode 100644 net/bitlbee/patches/patch-bitlbee_c create mode 100644 net/bitlbee/patches/patch-commands_c create mode 100644 net/bitlbee/patches/patch-conf_c create mode 100644 net/bitlbee/patches/patch-crypting_c create mode 100644 net/bitlbee/patches/patch-ini_c create mode 100644 net/bitlbee/patches/patch-irc_c create mode 100644 net/bitlbee/patches/patch-nick_c create mode 100644 net/bitlbee/patches/patch-protocols_jabber_jabber_c create mode 100644 net/bitlbee/patches/patch-protocols_jabber_lib_h create mode 100644 net/bitlbee/patches/patch-protocols_jabber_pool_c create mode 100644 net/bitlbee/patches/patch-protocols_msn_msn_util_c create mode 100644 net/bitlbee/patches/patch-protocols_msn_ns_c create mode 100644 net/bitlbee/patches/patch-protocols_msn_passport_c create mode 100644 net/bitlbee/patches/patch-protocols_msn_sb_c create mode 100644 net/bitlbee/patches/patch-protocols_nogaim_c create mode 100644 net/bitlbee/patches/patch-protocols_oscar_oscar_c create mode 100644 net/bitlbee/patches/patch-protocols_oscar_oscar_util_c create mode 100644 net/bitlbee/patches/patch-protocols_oscar_ssi_c create mode 100644 net/bitlbee/patches/patch-protocols_util_c create mode 100644 net/bitlbee/patches/patch-protocols_yahoo_libyahoo2_c create mode 100644 net/bitlbee/patches/patch-protocols_yahoo_yahoo_c create mode 100644 net/bitlbee/patches/patch-protocols_yahoo_yahoo_httplib_c create mode 100644 net/bitlbee/patches/patch-protocols_yahoo_yahoo_util_c create mode 100644 net/bitlbee/patches/patch-url_c create mode 100644 net/bitlbee/patches/patch-utils_bitlbeed_c diff --git a/net/bitlbee/Makefile b/net/bitlbee/Makefile index b7bac443021..34970085921 100644 --- a/net/bitlbee/Makefile +++ b/net/bitlbee/Makefile @@ -1,10 +1,9 @@ -# $OpenBSD: Makefile,v 1.10 2004/02/01 07:12:39 pvalchev Exp $ +# $OpenBSD: Makefile,v 1.11 2004/06/20 16:27:49 naddy Exp $ -COMMENT= "IRC proxy to connect to ICQ, AOL, MSN and Jabber" +COMMENT= "IRC proxy to connect to AIM, ICQ, Jabber, MSN and Yahoo" -DISTNAME= bitlbee-0.83 +DISTNAME= bitlbee-0.90 CATEGORIES= net -#PKGNAME= ${DISTNAME}p1 HOMEPAGE= http://bitlbee.org @@ -18,14 +17,11 @@ PERMIT_DISTFILES_FTP= Yes MASTER_SITES= http://get.bitlbee.org/src/ -MASTER_SITES0= http://get.bitlbee.org/fink/ -PATCHFILES= bitlbee-0.83-1-darwin.patch:0 -PATCH_DIST_STRIP= -p1 DB_DIR?= /var/bitlbee ETCDIR= ${SYSCONFDIR}/bitlbee EXAMPLEDIR= ${PREFIX}/share/examples/bitlbee -DOCS= ${FILESDIR}/user-guide.html +DOCS= ${WRKSRC}/doc/user-guide.html DOCDIR= ${PREFIX}/share/doc/bitlbee/ BITLBEEUSER= _bitlbee BITLBEEGROUP= _bitlbee @@ -33,7 +29,19 @@ ID= 509 SUBST_VARS= DB_DIR ETCDIR EXAMPLEDIR DOCDIR \ BITLBEEUSER BITLBEEGROUP ID -LIB_DEPENDS= soup-2.0.0.0::devel/libsoup +LIB_DEPENDS= glib-2.0.0.0::devel/glib2 + +# I am told gnutls does not build on all arches +# This is only used for connecting to MSN, so I've added a no_msn FLAVOR +FLAVORS= no_msn +FLAVOR?= + +.if ${FLAVOR:L:Mno_msn} +CONFIGURE_ARGS+= --msn=0 +.else +LIB_DEPENDS+= gnutls.8::security/gnutls +.endif + CONFIGURE_STYLE= simple CONFIGURE_ARGS+= --bindir=${PREFIX}/libexec \ @@ -49,6 +57,10 @@ FAKE_TARGET= install install-etc NO_REGRESS= Yes +# Make sure we use the system snprintf +post-extract: + @rm -f ${WRKSRC}/protocols/snprintf.c + post-install: ${INSTALL_DATA_DIR} ${DOCDIR} ${INSTALL_DATA} ${DOCS} ${DOCDIR} diff --git a/net/bitlbee/distinfo b/net/bitlbee/distinfo index 51f6dfeebfb..5d855a08bdf 100644 --- a/net/bitlbee/distinfo +++ b/net/bitlbee/distinfo @@ -1,6 +1,3 @@ -MD5 (bitlbee-0.83-1-darwin.patch) = 2750a59c02fe963187c479e039edde29 -MD5 (bitlbee-0.83.tar.gz) = d379bb7e6b9e89d8af50d6e1114ee22e -RMD160 (bitlbee-0.83-1-darwin.patch) = 348c511c31dea2d36bba5b5d3f43bfb0fbb993a5 -RMD160 (bitlbee-0.83.tar.gz) = 4e5ea7714be3fbfc6823614b46d245bd9f934eec -SHA1 (bitlbee-0.83-1-darwin.patch) = 01f4bbaf7c5f4748828ebcc12e1d4b8ebf32afb6 -SHA1 (bitlbee-0.83.tar.gz) = f553b7b2f5dcc9d453602b99015a1573b3c63bad +MD5 (bitlbee-0.90.tar.gz) = b6a7093651141e95b6ac78bf3eec95f3 +RMD160 (bitlbee-0.90.tar.gz) = 0c9925704935f5a63c26bc0b4eb393c45fc8b051 +SHA1 (bitlbee-0.90.tar.gz) = 18e4daf9f3efe0d3514635398e015612cb6eb924 diff --git a/net/bitlbee/patches/patch-bitlbee_c b/net/bitlbee/patches/patch-bitlbee_c new file mode 100644 index 00000000000..a59b09fb08f --- /dev/null +++ b/net/bitlbee/patches/patch-bitlbee_c @@ -0,0 +1,141 @@ +$OpenBSD: patch-bitlbee_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- bitlbee.c.orig 2004-05-28 08:31:48.000000000 +1000 ++++ bitlbee.c 2004-06-09 22:14:42.000000000 +1000 +@@ -314,12 +314,13 @@ int bitlbee_load( irc_t *irc, char* pass + if( irc->status == USTATUS_IDENTIFIED ) + return( 1 ); + +- g_snprintf( s, 511, "%s%s", irc->nick, ".accounts" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".accounts" ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL ); + fp = fopen( path, "r" ); + g_free( path ); + if( !fp ) return( 0 ); + ++ COMPILE_TIME_ASSERT(32 < sizeof(s)); + fscanf( fp, "%32[^\n]s", s ); + if( setpass( irc, password, s ) < 0 ) + return( -1 ); +@@ -328,6 +329,7 @@ int bitlbee_load( irc_t *irc, char* pass + account command will not work otherwise. */ + irc->status = USTATUS_IDENTIFIED; + ++ COMPILE_TIME_ASSERT(511 < sizeof(s)); + while( fscanf( fp, "%511[^\n]s", s ) > 0 ) + { + fgetc( fp ); +@@ -337,12 +339,14 @@ int bitlbee_load( irc_t *irc, char* pass + } + fclose( fp ); + +- g_snprintf( s, 511, "%s%s", irc->nick, ".nicks" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".nicks" ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL ); + fp = fopen( path, "r" ); + g_free( path ); + if( !fp ) return( 0 ); +- while( fscanf( fp, "%s %d %s", s, &proto, nick ) > 0 ) ++ COMPILE_TIME_ASSERT(511 < sizeof(s)); ++ COMPILE_TIME_ASSERT(24 < sizeof(nick)); ++ while( fscanf( fp, "%511s %d %24s", s, &proto, nick ) > 0 ) + { + http_decode( s ); + nick_set( irc, s, proto, nick ); +@@ -351,7 +355,7 @@ int bitlbee_load( irc_t *irc, char* pass + + if( set_getint( IRC, "auto_connect" ) ) + { +- strcpy( s, "account on" ); /* Can't do this directly because r_c_s alters the string */ ++ strlcpy( s, "account on", sizeof(s) ); /* Can't do this directly because r_c_s alters the string */ + root_command_string( irc, ru, s ); + } + +@@ -391,16 +395,16 @@ int bitlbee_save( irc_t *irc ) + return( 0 ); + } + +- g_snprintf( s, 511, "%s%s", irc->nick, ".nicks~" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".nicks~" ); + path = g_build_path(G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL); + fp = fopen( path, "w" ); + if( !fp ) return( 0 ); + while( n ) + { +- strcpy( s, n->handle ); +- s[169] = 0; /* Prevent any overflow (169 ~ 512 / 3) */ +- http_encode( s ); +- g_snprintf( s + strlen( s ), 510 - strlen( s ), " %d %s", n->proto, n->nick ); ++ strlcpy( s, n->handle, sizeof(s) ); ++ s[sizeof(s)/3] = 0; /* Prevent any overflow when expanding to %02X */ ++ http_encode( s, sizeof(s) ); ++ g_snprintf( s + strlen( s ), sizeof(s)-strlen( s ), " %d %s", n->proto, n->nick ); + if( fprintf( fp, "%s\n", s ) != strlen( s ) + 1 ) + { + irc_usermsg( irc, "fprintf() wrote too little. Disk full?" ); +@@ -412,7 +416,7 @@ int bitlbee_save( irc_t *irc ) + } + fclose( fp ); + +- g_snprintf( s, 512, "%s%s", irc->nick, ".nicks" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".nicks" ); + old_path = g_build_path(G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL); + if( unlink( old_path ) != 0 ) + { +@@ -435,7 +439,7 @@ int bitlbee_save( irc_t *irc ) + g_free( old_path ); + + +- g_snprintf( s, 511, "%s%s", irc->nick, ".accounts~" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".accounts~" ); + path = g_build_path(G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL); + fp = fopen( path, "w" ); + if( !fp ) return( 0 ); +@@ -509,7 +513,7 @@ int bitlbee_save( irc_t *irc ) + } + fclose( fp ); + +- g_snprintf( s, 512, "%s%s", irc->nick, ".accounts" ); ++ g_snprintf( s, sizeof(s), "%s%s", irc->nick, ".accounts" ); + old_path = g_build_path(G_DIR_SEPARATOR_S, global.conf->configdir, s, NULL); + if( unlink( old_path ) != 0 ) + { +@@ -600,8 +604,9 @@ void http_decode( char *s ) + { + char *t; + int i, j, k; ++ size_t s_len = strlen(s) + 1; + +- t = bitlbee_alloc( strlen( s ) + 1 ); ++ t = bitlbee_alloc(s_len); + + for( i = j = 0; s[i]; i ++, j ++ ) + { +@@ -625,24 +630,24 @@ void http_decode( char *s ) + } + t[j] = 0; + +- strcpy( s, t ); ++ strlcpy( s, t, s_len ); + g_free( t ); + } + + /* Warning: This one explodes the string. Worst-cases can make the string 3x its original size! */ + /* This fuction is safe, but make sure you call it safely as well! */ +-void http_encode( char *s ) ++void http_encode( char *s, size_t s_len ) + { + char *t; + int i, j; + + t = g_strdup( s ); + +- for( i = j = 0; t[i]; i ++, j ++ ) ++ for( i = j = 0; t[i] && j < s_len -1; i ++, j ++ ) + { + if( t[i] <= ' ' || ((unsigned char *)t)[i] >= 128 || t[i] == '%' ) + { +- sprintf( s + j, "%%%02X", t[i] ); ++ g_snprintf( s + j, s_len - j, "%%%02X", t[i] ); + j += 2; + } + else diff --git a/net/bitlbee/patches/patch-bitlbee_h b/net/bitlbee/patches/patch-bitlbee_h index 418dfa3cedb..89c1cbb5d09 100644 --- a/net/bitlbee/patches/patch-bitlbee_h +++ b/net/bitlbee/patches/patch-bitlbee_h @@ -1,8 +1,8 @@ -$OpenBSD: patch-bitlbee_h,v 1.2 2003/10/16 15:00:17 naddy Exp $ +$OpenBSD: patch-bitlbee_h,v 1.3 2004/06/20 16:27:49 naddy Exp $ Use a more usefull name for the server ---- bitlbee.h.orig 2003-10-15 14:42:47.000000000 +0200 -+++ bitlbee.h 2003-10-15 15:56:58.000000000 +0200 -@@ -51,7 +51,7 @@ +--- bitlbee.h.orig 2004-05-19 05:36:42.000000000 +1000 ++++ bitlbee.h 2004-06-09 22:13:56.000000000 +1000 +@@ -79,7 +79,7 @@ #define _( x ) x @@ -11,3 +11,24 @@ Use a more usefull name for the server #define ROOT_CHAN "#bitlbee" #define ROOT_FN "User manager" +@@ -131,7 +131,7 @@ int root_command( irc_t *irc, char *comm + int bitlbee_load( irc_t *irc, char *password ); + int bitlbee_save( irc_t *irc ); + double gettime( void ); +-G_MODULE_EXPORT void http_encode( char *s ); ++G_MODULE_EXPORT void http_encode( char *s, size_t s_len ); + G_MODULE_EXPORT void http_decode( char *s ); + + void *bitlbee_alloc(size_t size); +@@ -143,4 +143,11 @@ extern irc_t *IRC; + extern global_t global; + extern GList *connection_list; + ++#define COMPILE_TIME_ASSERT(ex) do {\ ++typedef char COMPILE_TIME_ASSERTION_FAILURE[(ex) ? 1 : -1];\ ++} while(0) ++ ++#define FILE_SCOPED_COMPILE_TIME_ASSERT(ex) \ ++extern char COMPILE_TIME_ASSERTION_FAILURE[(ex) ? 1 : -1]; ++ + #endif diff --git a/net/bitlbee/patches/patch-commands_c b/net/bitlbee/patches/patch-commands_c new file mode 100644 index 00000000000..3fa5841aa79 --- /dev/null +++ b/net/bitlbee/patches/patch-commands_c @@ -0,0 +1,107 @@ +$OpenBSD: patch-commands_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- commands.c.orig 2004-05-12 21:36:25.000000000 +1000 ++++ commands.c 2004-06-08 19:59:37.000000000 +1000 +@@ -63,8 +63,8 @@ int cmd_help( irc_t *irc, char **cmd ) + memset( param, 0, sizeof(param) ); + for ( i = 1; (cmd[i] != NULL && ( strlen(param) < (sizeof(param)-1) ) ); i++ ) { + if ( i != 1 ) // prepend space except for the first parameter +- strcat(param, " "); +- strncat( param, cmd[i], sizeof(param) - strlen(param) - 1 ); ++ strlcat(param, " ", sizeof(param)); ++ strlcat( param, cmd[i], sizeof(param)); + } + + s = help_get( &(global.help), param ); +@@ -111,6 +111,7 @@ int cmd_register( irc_t *irc, char **cmd + { + int checkie; + char *path, *file; ++ size_t file_len; + + if( global.conf->authmode == AUTHMODE_REGISTERED ) + { +@@ -118,17 +119,18 @@ int cmd_register( irc_t *irc, char **cmd + return( 0 ); + } + +- file = (char *) bitlbee_alloc( strlen( irc->nick ) + strlen( ".accounts" ) + 1 ); ++ file_len = strlen( irc->nick ) + strlen( ".accounts" ) + 1; ++ file = (char *) bitlbee_alloc( file_len ); + +- strcpy( file, irc->nick ); +- strcat( file, ".accounts" ); ++ strlcpy( file, irc->nick, file_len ); ++ strlcat( file, ".accounts", file_len ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, file, NULL ); + + checkie = g_file_test( path, G_FILE_TEST_EXISTS ) ? 0 : -1 ; + g_free( path ); + +- strcpy( file, irc->nick ); +- strcat( file, ".nicks" ); ++ strlcpy( file, irc->nick, file_len ); ++ strlcat( file, ".nicks", file_len ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, file, NULL ); + + checkie += g_file_test( path, G_FILE_TEST_EXISTS ) ? 0 : -1; +@@ -154,11 +156,13 @@ int cmd_drop( irc_t *irc, char **cmd ) + { + char *path, *file, s[512]; + FILE *fp; ++ size_t file_len; + +- file = (char *) bitlbee_alloc( strlen( irc->nick ) + strlen( ".accounts" ) + 1 ); ++ file_len = strlen( irc->nick ) + strlen( ".accounts" ) + 1; ++ file = (char *) bitlbee_alloc( file_len ); + +- strcpy( file, irc->nick ); +- strcat( file, ".accounts" ); ++ strlcpy( file, irc->nick, file_len ); ++ strlcat( file, ".accounts", file_len ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, file, NULL ); + + fp = fopen( path, "r" ); +@@ -170,6 +174,7 @@ int cmd_drop( irc_t *irc, char **cmd ) + return( 0 ); + } + ++ COMPILE_TIME_ASSERT(32 < sizeof(s)); + fscanf( fp, "%32[^\n]s", s ); + fclose( fp ); + if( setpass( irc, cmd[1], s ) < 0 ) +@@ -183,8 +188,8 @@ int cmd_drop( irc_t *irc, char **cmd ) + unlink( path ); + g_free( path ); + +- strcpy( file, irc->nick ); +- strcat( file, ".nicks" ); ++ strlcpy( file, irc->nick, file_len ); ++ strlcat( file, ".nicks", file_len ); + path = g_build_path( G_DIR_SEPARATOR_S, global.conf->configdir, file, NULL ); + + unlink( path ); +@@ -676,21 +681,21 @@ int cmd_blist( irc_t *irc, char **cmd ) + + if( online == 1 ) for( u = irc->users; u; u = u->next ) if( u->gc && u->online && !u->away ) + { +- g_snprintf( s, 63, "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); ++ g_snprintf( s, sizeof(s), "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); + irc_usermsg( irc, "%-16.16s %-40.40s %s", u->nick, s, "Online" ); + n_online ++; + } + + if( away == 1 ) for( u = irc->users; u; u = u->next ) if( u->gc && u->online && u->away ) + { +- g_snprintf( s, 63, "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); ++ g_snprintf( s, sizeof(s), "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); + irc_usermsg( irc, "%-16.16s %-40.40s %s", u->nick, s, u->away ); + n_away ++; + } + + if( offline == 1 ) for( u = irc->users; u; u = u->next ) if( u->gc && !u->online ) + { +- g_snprintf( s, 63, "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); ++ g_snprintf( s, sizeof(s), "%s@%s (%s)", u->user, u->host, proto_name[u->gc->user->protocol] ); + irc_usermsg( irc, "%-16.16s %-40.40s %s", u->nick, s, "Offline" ); + n_offline ++; + } diff --git a/net/bitlbee/patches/patch-conf_c b/net/bitlbee/patches/patch-conf_c new file mode 100644 index 00000000000..6d462e4cc7c --- /dev/null +++ b/net/bitlbee/patches/patch-conf_c @@ -0,0 +1,16 @@ +$OpenBSD: patch-conf_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- conf.c.orig 2004-04-05 06:50:52.000000000 +1000 ++++ conf.c 2004-06-09 21:17:00.000000000 +1000 +@@ -131,9 +131,10 @@ conf_t *conf_load( int argc, char *argv[ + + if( conf->configdir[strlen(conf->configdir)-1] != '/' ) + { +- char *s = bitlbee_alloc( strlen( conf->configdir ) + 2 ); ++ size_t s_len = strlen( conf->configdir ) + 2 ; ++ char *s = bitlbee_alloc( s_len ); + +- sprintf( s, "%s/", conf->configdir ); ++ g_snprintf( s, s_len, "%s/", conf->configdir ); + g_free( conf->configdir ); + conf->configdir = s; + } diff --git a/net/bitlbee/patches/patch-configure b/net/bitlbee/patches/patch-configure index c44fe53ca0b..205fd7a1cf2 100644 --- a/net/bitlbee/patches/patch-configure +++ b/net/bitlbee/patches/patch-configure @@ -1,10 +1,19 @@ -$OpenBSD: patch-configure,v 1.3 2003/11/18 21:19:22 naddy Exp $ ---- configure.orig 2003-11-01 07:30:41.000000000 +0100 -+++ configure 2003-11-01 07:30:54.000000000 +0100 -@@ -99,8 +99,6 @@ EOF - if [ "$debug" = "1" ]; then +$OpenBSD: patch-configure,v 1.4 2004/06/20 16:27:49 naddy Exp $ +--- configure.orig 2004-05-19 07:02:29.000000000 +1000 ++++ configure 2004-06-08 20:01:18.000000000 +1000 +@@ -82,6 +82,8 @@ CONFIG=$config + + ARCH=$arch + CPU=$cpu ++#define HAVE_SNPRINTF ++#define HAVE_VSNPRINTF + OUTFILE=bitlbee + + DESTDIR= +@@ -107,8 +109,6 @@ if [ "$debug" = "1" ]; then echo 'CFLAGS=-g' >> Makefile.settings echo 'DEBUG=1' >> Makefile.settings + echo '#define DEBUG' >> config.h -else - echo 'CFLAGS=-O3' >> Makefile.settings; fi diff --git a/net/bitlbee/patches/patch-crypting_c b/net/bitlbee/patches/patch-crypting_c new file mode 100644 index 00000000000..744b440dac5 --- /dev/null +++ b/net/bitlbee/patches/patch-crypting_c @@ -0,0 +1,74 @@ +$OpenBSD: patch-crypting_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- crypting.c.orig 2004-05-05 00:25:36.000000000 +1000 ++++ crypting.c 2004-06-08 20:08:19.000000000 +1000 +@@ -111,11 +111,15 @@ char *hashpass (irc_t *irc) { + int i; + char digits[3]; + char *rv; ++ size_t rv_len; + + if (irc->password == NULL) return (NULL); + +- rv = (char *)g_malloc (33); +- memset (rv, 0, 33); ++ rv_len = 33; ++ rv = (char *)g_malloc (rv_len); ++ if (!rv) return NULL; ++ ++ memset (rv, 0, rv_len); + + md5_init (&md5state); + md5_append (&md5state, irc->password, strlen (irc->password)); +@@ -124,7 +128,7 @@ char *hashpass (irc_t *irc) { + for (i = 0; i < 16; i++) { + /* Build a hash of the pass */ + g_snprintf (digits, sizeof (digits), "%02x", digest[i]); +- strcat (rv, digits); ++ strlcat (rv, digits, rv_len); + } + + return (rv); +@@ -133,11 +137,15 @@ char *hashpass (irc_t *irc) { + char *obfucrypt (irc_t *irc, char *line) { + int i, j; + char *rv; ++ size_t rv_len; + + if (irc->password == NULL) return (NULL); + +- rv = (char *)g_malloc (strlen (line) + 1); +- memset (rv, '\0', strlen (line) + 1); ++ rv_len = strlen (line) + 1; ++ rv = (char *)g_malloc (rv_len); ++ if (!rv) return NULL; ++ ++ memset (rv, 0, rv_len); + + i = j = 0; + while (*line) { +@@ -158,11 +166,15 @@ char *obfucrypt (irc_t *irc, char *line) + char *deobfucrypt (irc_t *irc, char *line) { + int i, j; + char *rv; ++ size_t rv_len; + + if (irc->password == NULL) return (NULL); + +- rv = (char *)g_malloc (strlen (line) + 1); +- memset (rv, '\0', strlen (line) + 1); ++ rv_len = strlen (line) + 1; ++ rv = (char *)g_malloc (rv_len); ++ if (!rv) return NULL; ++ ++ memset (rv, 0, rv_len); + + i = j = 0; + while (*line) { +@@ -224,6 +236,7 @@ int main( int argc, char *argv[] ) + return( main( 0, NULL ) ); + } + ++ COMPILE_TIME_ASSERTION(255 < sizeof(s)); + while( fscanf( stdin, "%[^\n]255s", line ) > 0 ) + { + char *out; diff --git a/net/bitlbee/patches/patch-ini_c b/net/bitlbee/patches/patch-ini_c new file mode 100644 index 00000000000..b11dbcf4ad1 --- /dev/null +++ b/net/bitlbee/patches/patch-ini_c @@ -0,0 +1,49 @@ +$OpenBSD: patch-ini_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- ini.c.orig 2004-04-05 02:57:31.000000000 +1000 ++++ ini.c 2004-06-08 20:10:54.000000000 +1000 +@@ -47,28 +47,31 @@ int ini_read( ini_t *file ) + while( !feof( file->fp ) ) + { + *s = 0; ++ COMPILE_TIME_ASSERT(127 < sizeof(s)); + fscanf( file->fp, "%127[^\n#]s", s ); + fscanf( file->fp, "%*[^\n]s" ); + fgetc( file->fp ); /* Skip newline */ + file->line ++; + if( strchr( s, '=' ) ) + { +- sscanf( s, "%[^ =]s", key ); ++ COMPILE_TIME_ASSERT(127 < sizeof(key)); ++ sscanf( s, "%127[^ =]s", key ); + if( ( t = strchr( key, '.' ) ) ) + { + *t = 0; +- strcpy( file->section, key ); ++ strlcpy( file->section, key, sizeof(file->section) ); + t ++; + } + else + { +- strcpy( file->section, file->c_section ); ++ strlcpy( file->section, file->c_section, sizeof(file->section) ); + t = key; + } +- sscanf( t, "%s", file->key ); ++ COMPILE_TIME_ASSERT(127 < sizeof(file->key)); ++ sscanf( t, "%127s", file->key ); + t = strchr( s, '=' ) + 1; + for( i = 0; t[i] == ' '; i ++ ); +- strcpy( file->value, &t[i] ); ++ strlcpy( file->value, &t[i], sizeof(file->value) ); + for( i = strlen( file->value ) - 1; file->value[i] == 32; i -- ) + file->value[i] = 0; + +@@ -76,7 +79,7 @@ int ini_read( ini_t *file ) + } + else if( ( t = strchr( s, '[' ) ) ) + { +- strcpy( file->c_section, t + 1 ); ++ strlcpy( file->c_section, t + 1, sizeof(file->c_section) ); + t = strchr( file->c_section, ']' ); + *t = 0; + } diff --git a/net/bitlbee/patches/patch-irc_c b/net/bitlbee/patches/patch-irc_c new file mode 100644 index 00000000000..982174b9d33 --- /dev/null +++ b/net/bitlbee/patches/patch-irc_c @@ -0,0 +1,164 @@ +$OpenBSD: patch-irc_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- irc.c.orig 2004-05-15 23:15:12.000000000 +1000 ++++ irc.c 2004-06-09 22:09:00.000000000 +1000 +@@ -44,7 +44,7 @@ irc_t *irc_new( int fd ) + + irc->userhash = g_hash_table_new( g_str_hash, g_str_equal ); + +- strcpy( irc->umode, UMODE ); ++ strlcpy( irc->umode, UMODE, sizeof(irc->umode) ); + irc->mynick = g_strdup( ROOT_NICK ); + irc->channel = g_strdup( ROOT_CHAN ); + +@@ -299,7 +299,7 @@ int irc_fill_buffer( irc_t *irc ) + + while( select( irc->fd + 1, readfds, NULL, NULL, tv ) > 0 ) + { +- st = read( irc->fd, line, 255 ); ++ st = read( irc->fd, line, sizeof(line)-1); + if( st <= 0 ) + return( 0 ); + line[st]='\0'; +@@ -307,8 +307,9 @@ int irc_fill_buffer( irc_t *irc ) + irc->readbuffer = g_strdup( line ); + else + { +- irc->readbuffer = bitlbee_realloc(irc->readbuffer, strlen( irc->readbuffer ) + strlen ( line ) + 1 ); +- strcpy( ( irc->readbuffer+strlen( irc->readbuffer ) ), line ); ++ size_t new_len = strlen(irc->readbuffer) + strlen(line) + 1; ++ irc->readbuffer = bitlbee_realloc(irc->readbuffer, new_len); ++ strlcat( irc->readbuffer, line, new_len ); + } + } + return 1; +@@ -370,8 +371,9 @@ int irc_write_buffer( irc_t *irc ) + } + else + { +- temp = bitlbee_alloc( size - st + 1 ); +- strcpy( temp, ( irc->sendbuffer + st ) ); ++ size_t new_len = size - st + 1; ++ temp = bitlbee_alloc( new_len ); ++ strlcpy( temp, ( irc->sendbuffer + st ), new_len ); + g_free( irc->sendbuffer ); + irc->sendbuffer = temp; + } +@@ -735,8 +737,8 @@ int irc_exec( irc_t *irc, char **cmd ) + * cares? + */ + +- strcat( buff, u->nick ); +- strcat( buff, " " ); ++ strlcat( buff, u->nick, sizeof(buff) ); ++ strlcat( buff, " ", sizeof(buff) ); + } + } + +@@ -845,7 +847,7 @@ void irc_reply( irc_t *irc, int code, ch + va_list params; + + va_start( params, format ); +- g_vsnprintf( text, IRC_MAX_LINE, format, params ); ++ g_vsnprintf( text, sizeof(text), format, params ); + va_end( params ); + irc_write( irc, ":%s %03d %s %s", irc->myhost, code, irc->nick?irc->nick:"*", text ); + +@@ -888,9 +890,10 @@ void irc_vawrite( irc_t *irc, char *form + if( irc->quit ) + return; + +- g_vsnprintf( line, IRC_MAX_LINE - 3, format, params ); ++ /* allow 2 for \r\n */ ++ g_vsnprintf( line, sizeof(line)-2, format, params ); + +- strcat( line, "\r\n" ); ++ strlcat( line, "\r\n", sizeof(line) ); + + if( irc->sendbuffer != NULL ) { + size=strlen( irc->sendbuffer ) + strlen( line ); +@@ -910,7 +913,7 @@ void irc_vawrite( irc_t *irc, char *form + } + #endif + irc->sendbuffer=bitlbee_realloc( irc->sendbuffer, size + 1 ); +- strcpy( ( irc->sendbuffer + strlen( irc->sendbuffer ) ), line ); ++ strlcat( irc->sendbuffer, line, size+1 ); + } + else + irc->sendbuffer = g_strdup(line); +@@ -1080,15 +1083,19 @@ void irc_motd( irc_t *irc ) + irc_reply( irc, 375, ":- %s Message Of The Day - ", irc->myhost ); + while( read( fd, linebuf + len, 1 ) == 1 ) + { +- if( linebuf[len] == '\n' || len == max ) ++ /* If we have a LF, output the line and START AGAIN */ ++ if( linebuf[len] == '\n') + { + linebuf[len] = 0; + irc_reply( irc, 372, ":- %s", linebuf ); + len = 0; ++ continue; + } +- else if( linebuf[len] == '%' ) ++ ++ if( linebuf[len] == '%' ) + { +- read( fd, linebuf + len, 1 ); ++ if (read( fd, linebuf + len, 1 ) != 1) ++ break; + if( linebuf[len] == 'h' ) + add = irc->myhost; + else if( linebuf[len] == 'v' ) +@@ -1097,14 +1104,30 @@ void irc_motd( irc_t *irc ) + add = irc->nick; + else + add = "%"; +- +- strncpy( linebuf + len, add, max - len ); ++ ++ /* If the expanded string would be too long, output the line */ ++ if ((len + strlen(add)) > max) { ++ linebuf[len] = 0; ++ irc_reply( irc, 372, ":- %s", linebuf ); ++ len = 0; ++ } ++ ++ /* Append the string to the line */ ++ strlcpy( linebuf + len, add, max - len ); + while( linebuf[++len] ); + } +- else if( len < max ) ++ else + { + len ++; + } ++ ++ /* If we have reached the maximum, output the line */ ++ if( len == max ) ++ { ++ linebuf[len] = 0; ++ irc_reply( irc, 372, ":- %s", linebuf ); ++ len = 0; ++ } + } + irc_reply( irc, 376, ":End of MOTD" ); + closesocket( fd ); +@@ -1367,8 +1390,8 @@ int buddy_send_handler( irc_t *irc, user + u->sendbuf = bitlbee_realloc( u->sendbuf, u->sendbuf_len ); + } + +- strcat( u->sendbuf, msg ); +- strcat( u->sendbuf, "\n" ); ++ strlcat( u->sendbuf, msg, u->sendbuf_len ); ++ strlcat( u->sendbuf, "\n", u->sendbuf_len ); + + if( u->sendbuf_timer > 0 ) + g_source_remove( u->sendbuf_timer ); +@@ -1432,7 +1455,7 @@ int irc_msgfrom( irc_t *irc, char *nick, + + if( !u->is_private && nick_cmp( u->nick, irc->mynick ) != 0 ) + { +- int len = strlen( irc->nick) + 3; ++ size_t len = strlen( irc->nick) + 3; + prefix = bitlbee_alloc( len ); + g_snprintf( prefix, len, "%s%s", irc->nick, set_getstr( irc, "to_char" ) ); + prefix[len-1] = 0; diff --git a/net/bitlbee/patches/patch-nick_c b/net/bitlbee/patches/patch-nick_c new file mode 100644 index 00000000000..0a660f722ad --- /dev/null +++ b/net/bitlbee/patches/patch-nick_c @@ -0,0 +1,65 @@ +$OpenBSD: patch-nick_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- nick.c.orig 2004-05-12 17:58:27.000000000 +1000 ++++ nick.c 2004-06-09 22:04:54.000000000 +1000 +@@ -66,7 +66,7 @@ char *nick_get( irc_t *irc, char *handle + + while( n && !*nick ) + if( ( n->proto == proto ) && ( g_ascii_strcasecmp( n->handle, handle ) == 0 ) ) +- strcpy( nick, n->nick ); ++ strlcpy( nick, n->nick, sizeof(nick) ); + else + n = n->next; + +@@ -74,7 +74,7 @@ char *nick_get( irc_t *irc, char *handle + { + char *s; + +- g_snprintf( nick, MAX_NICK_LENGTH, "%s", handle ); ++ g_snprintf( nick, sizeof(nick), "%s", handle ); + if( ( s = strchr( nick, '@' ) ) ) + while( *s ) + *(s++) = 0; +@@ -83,7 +83,7 @@ char *nick_get( irc_t *irc, char *handle + use the realname instead. */ + for( s = nick; *s && isdigit( *s ); s ++ ); + if( !*s && realname && *realname ) +- g_snprintf( nick, MAX_NICK_LENGTH, "%s", realname ); ++ g_snprintf( nick, sizeof(nick), "%s", realname ); + + nick_strip( nick ); + nick_lc( nick ); +@@ -114,7 +114,7 @@ char *nick_get( irc_t *irc, char *handle + "Good luck, and please don't forget to paste the lines up here " + "in #bitlbee on OFTC or in a mail to wilmer@gaast.net" ); + +- g_snprintf( nick, MAX_NICK_LENGTH + 1, "xx%x", rand() ); ++ g_snprintf( nick, sizeof(nick), "xx%x", rand() ); + + break; + } +@@ -238,8 +238,8 @@ int nick_cmp( char *a, char *b ) + { + char aa[1024] = "", bb[1024] = ""; + +- strncpy( aa, a, sizeof( aa ) - 1 ); +- strncpy( bb, b, sizeof( bb ) - 1 ); ++ strlcpy( aa, a, sizeof( aa ) ); ++ strlcpy( bb, b, sizeof( bb ) ); + if( nick_lc( aa ) && nick_lc( bb ) ) + { + return( strcmp( aa, bb ) ); +@@ -253,10 +253,11 @@ int nick_cmp( char *a, char *b ) + char *nick_dup( char *nick ) + { + char *cp; ++ size_t cp_len = MAX_NICK_LENGTH +1; + +- cp = bitlbee_alloc( MAX_NICK_LENGTH + 1 ); +- memset( cp, 0, MAX_NICK_LENGTH + 1 ); +- strncpy( cp, nick, MAX_NICK_LENGTH ); ++ cp = bitlbee_alloc( cp_len ); ++ memset( cp, 0, cp_len ); ++ strlcpy( cp, nick, cp_len ); + + return( cp ); + } diff --git a/net/bitlbee/patches/patch-protocols_jabber_jabber_c b/net/bitlbee/patches/patch-protocols_jabber_jabber_c new file mode 100644 index 00000000000..1c9937339a2 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_jabber_jabber_c @@ -0,0 +1,65 @@ +$OpenBSD: patch-protocols_jabber_jabber_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/jabber/jabber.c.orig 2004-05-23 22:24:02.000000000 +1000 ++++ protocols/jabber/jabber.c 2004-06-09 21:18:06.000000000 +1000 +@@ -281,7 +281,7 @@ static char *gjab_getsid(gjconn gjc) + + static char *gjab_getid(gjconn gjc) + { +- g_snprintf(gjc->idbuf, 8, "%d", gjc->id++); ++ g_snprintf(gjc->idbuf, sizeof(gjc->idbuf), "%d", gjc->id++); + return &gjc->idbuf[0]; + } + +@@ -366,10 +366,11 @@ static void gjab_auth(gjconn gjc) + xmlnode_insert_cdata(z, gjc->user->resource, -1); + + if (gjc->sid) { ++ size_t hash_len = strlen(gjc->sid) + strlen(gjc->pass) + 1; + z = xmlnode_insert_tag(y, "digest"); +- hash = pmalloc(x->p, strlen(gjc->sid) + strlen(gjc->pass) + 1); +- strcpy(hash, gjc->sid); +- strcat(hash, gjc->pass); ++ hash = pmalloc(x->p, hash_len); ++ strlcpy(hash, gjc->sid, hash_len); ++ strlcat(hash, gjc->pass, hash_len); + hash = shahash(hash); + xmlnode_insert_cdata(z, hash, 40); + } else { +@@ -1268,8 +1269,7 @@ static void jabber_handlebuddy(gjconn gj + serv_got_update(GJ_GC(gjc), buddyname, 1, 0, signon, idle, uc, 0); + } + } else if(name != NULL && strcmp(b->show, name)) { +- strncpy(b->show, name, BUDDY_ALIAS_MAXLEN); +- b->show[BUDDY_ALIAS_MAXLEN - 1] = '\0'; /* cheap safety feature */ ++ strlcpy(b->show, name, BUDDY_ALIAS_MAXLEN); + handle_buddy_rename(b, buddyname); + } + } +@@ -1416,7 +1416,7 @@ static void jabber_handlelast(gjconn gjc + xmlnode_put_attrib(x, "to", from); + xmlnode_put_attrib(x, "id", id); + querytag = xmlnode_get_tag(x, "query"); +- g_snprintf(idle_time, sizeof idle_time, "%ld", jd->idle ? time(NULL) - jd->idle : 0); ++ g_snprintf(idle_time, sizeof idle_time, "%ld", jd->idle ? time(NULL) - jd->idle : 0L); + xmlnode_put_attrib(querytag, "seconds", idle_time); + + gjab_send(gjc, x); +@@ -2498,7 +2498,7 @@ static xmlnode insert_tag_to_parent_tag( + /* + * Descend? + */ +- char *grand_parent = strcpy(g_malloc(strlen(parent_tag) + 1), parent_tag); ++ char *grand_parent = g_strdup(parent_tag); + char *parent; + + if((parent = strrchr(grand_parent, '/')) != NULL) { +@@ -2655,8 +2655,7 @@ static void jabber_setup_set_info(struct + /#* + * Get existing, XML-formatted, user info + *#/ +- if((user_info = g_malloc(strlen(tmp->user_info) + 1)) != NULL) { +- strcpy(user_info, tmp->user_info); ++ if((user_info = g_strdup(tmp->user_info)) != NULL) { + x_vc_data = xmlstr2xmlnode(user_info); + } + diff --git a/net/bitlbee/patches/patch-protocols_jabber_lib_h b/net/bitlbee/patches/patch-protocols_jabber_lib_h new file mode 100644 index 00000000000..77dcc20f86e --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_jabber_lib_h @@ -0,0 +1,11 @@ +$OpenBSD: patch-protocols_jabber_lib_h,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/jabber/lib.h.orig 2004-04-15 00:55:58.000000000 +1000 ++++ protocols/jabber/lib.h 2004-05-30 13:55:30.000000000 +1000 +@@ -2,6 +2,7 @@ + #include + #include + #include ++#include + #include + #include + #include diff --git a/net/bitlbee/patches/patch-protocols_jabber_pool_c b/net/bitlbee/patches/patch-protocols_jabber_pool_c new file mode 100644 index 00000000000..bd1b70a5e33 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_jabber_pool_c @@ -0,0 +1,31 @@ +$OpenBSD: patch-protocols_jabber_pool_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/jabber/pool.c.orig 2004-04-15 00:55:58.000000000 +1000 ++++ protocols/jabber/pool.c 2004-06-08 22:21:12.000000000 +1000 +@@ -76,8 +76,8 @@ pool _pool_new(char *zone) + #ifdef POOL_DEBUG + p->lsize = -1; + p->zone[0] = '\0'; +- strcat(p->zone,zone); +- sprintf(p->name,"%X",p); ++ strlcat(p->zone,zone, sizeof(p->zone)); ++ snprintf(p->name, sizeof(p->name),"%X",p); + + if(pool__disturbed == NULL) + { +@@ -213,12 +213,14 @@ void *pmalloco(pool p, int size) + char *pstrdup(pool p, const char *src) + { + char *ret; ++ size_t len; + + if(src == NULL) + return NULL; + +- ret = pmalloc(p,strlen(src) + 1); +- strcpy(ret,src); ++ len = strlen(src) + 1; ++ ret = pmalloc(p, len); ++ strlcpy(ret,src, len); + + return ret; + } diff --git a/net/bitlbee/patches/patch-protocols_msn_msn_util_c b/net/bitlbee/patches/patch-protocols_msn_msn_util_c new file mode 100644 index 00000000000..11de00705a1 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_msn_msn_util_c @@ -0,0 +1,19 @@ +$OpenBSD: patch-protocols_msn_msn_util_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/msn/msn_util.c.orig 2004-05-04 06:02:52.000000000 +1000 ++++ protocols/msn/msn_util.c 2004-06-09 19:13:17.000000000 +1000 +@@ -77,9 +77,12 @@ int msn_buddy_list_add( struct gaim_conn + if( g_strcasecmp( l->data, who ) == 0 ) + return( 1 ); + +- realname = g_new0( char, strlen( realname_ ) * 3 + 1 ); +- strcpy( realname, realname_ ); +- http_encode( realname ); ++ { ++ size_t len = strlen( realname_ ) * 3 + 1; ++ realname = g_new0( char, len ); ++ strlcpy( realname, realname_, len ); ++ http_encode( realname, len ); ++ } + + g_snprintf( buf, sizeof( buf ), "ADD %d %s %s %s\r\n", ++md->trId, list, who, realname ); + if( msn_write( gc, buf, strlen( buf ) ) ) diff --git a/net/bitlbee/patches/patch-protocols_msn_ns_c b/net/bitlbee/patches/patch-protocols_msn_ns_c new file mode 100644 index 00000000000..df880b08a80 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_msn_ns_c @@ -0,0 +1,32 @@ +$OpenBSD: patch-protocols_msn_ns_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/msn/ns.c.orig 2004-05-15 23:00:53.000000000 +1000 ++++ protocols/msn/ns.c 2004-06-09 22:01:38.000000000 +1000 +@@ -218,8 +218,7 @@ static int msn_ns_command( gpointer data + { + http_decode( cmd[4] ); + +- strncpy( gc->displayname, cmd[4], sizeof( gc->displayname ) ); +- gc->displayname[sizeof(gc->displayname)-1] = 0; ++ strlcpy( gc->displayname, cmd[4], sizeof( gc->displayname ) ); + + set_login_progress( gc, 1, "Authenticated, getting buddy list" ); + +@@ -342,7 +341,7 @@ static int msn_ns_command( gpointer data + + g_snprintf( buf, sizeof( buf ), "QRY %d %s %d\r\n", ++md->trId, QRY_NAME, 32 ); + for( i = 0; i < 16; i ++ ) +- g_snprintf( buf + strlen( buf ), 3, "%02x", digest[i] ); ++ g_snprintf( buf + strlen( buf ), sizeof(buf)-strlen(buf), "%02x", digest[i] ); + + return( msn_write( gc, buf, strlen( buf ) ) ); + } +@@ -502,8 +501,7 @@ static int msn_ns_command( gpointer data + if( g_strcasecmp( cmd[3], gc->username ) == 0 ) + { + http_decode( cmd[4] ); +- strncpy( gc->displayname, cmd[4], sizeof( gc->displayname ) ); +- gc->displayname[sizeof(gc->displayname)-1] = 0; ++ strlcpy( gc->displayname, cmd[4], sizeof( gc->displayname ) ); + } + else + { diff --git a/net/bitlbee/patches/patch-protocols_msn_passport_c b/net/bitlbee/patches/patch-protocols_msn_passport_c new file mode 100644 index 00000000000..cb06eaf0bd3 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_msn_passport_c @@ -0,0 +1,79 @@ +$OpenBSD: patch-protocols_msn_passport_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/msn/passport.c.orig 2004-04-29 22:30:18.000000000 +1000 ++++ protocols/msn/passport.c 2004-06-09 19:16:38.000000000 +1000 +@@ -67,23 +67,30 @@ int passport_get_id( gpointer data, char + + static char *passport_create_header( char *reply, char *email, char *pwd ) + { +- char *buffer = g_new0( char, 2048 ); ++ size_t buffer_len = 2048; ++ char *buffer = g_new0( char, buffer_len); + char *currenttoken; + char *email_enc, *pwd_enc; + +- email_enc = g_new0( char, strlen( email ) * 3 + 1 ); +- strcpy( email_enc, email ); +- http_encode( email_enc ); +- +- pwd_enc = g_new0( char, strlen( pwd ) * 3 + 1 ); +- strcpy( pwd_enc, pwd ); +- http_encode( pwd_enc ); ++ { ++ size_t len = strlen( email ) * 3 + 1; ++ email_enc = g_new0( char, len ); ++ strlcpy( email_enc, email, len ); ++ http_encode( email_enc, len); ++ } ++ ++ { ++ size_t len = strlen( pwd ) * 3 + 1; ++ pwd_enc = g_new0( char, len ); ++ strlcpy( pwd_enc, pwd, len ); ++ http_encode( pwd_enc, len ); ++ } + + currenttoken = strstr( reply, "lc=" ); + if( currenttoken == NULL ) + return( NULL ); + +- g_snprintf( buffer, 2048, ++ g_snprintf( buffer, buffer_len, + "Authorization: Passport1.4 OrgVerb=GET," + "OrgURL=http%%3A%%2F%%2Fmessenger%%2Emsn%%2Ecom," + "sign-in=%s,pwd=%s,%s", email_enc, pwd_enc, +@@ -191,7 +198,7 @@ static int passport_get_id_from( gpointe + rep->func = func; + rep->redirects = 4; + +- strncpy( server, url, 512 ); ++ strlcpy( server, url, sizeof(server)); + dummy = strchr( server, '/' ); + if( dummy ) + *dummy = 0; +@@ -232,14 +239,14 @@ static void passport_get_id_connected( g + return; + } + +- memset( buffer, 0, PPG_BUFFERSIZE + 1 ); ++ memset( buffer, 0, sizeof(buffer)); + +- strncpy( server, rep->url, 512 ); ++ strlcpy( server, rep->url, sizeof(server)); + dummy = strchr( server, '/' ); + if( dummy == NULL ) + goto end; + +- g_snprintf( buffer, PPG_BUFFERSIZE - 1, "GET %s HTTP/1.0\r\n" ++ g_snprintf( buffer, sizeof(buffer), "GET %s HTTP/1.0\r\n" + "%s\r\n\r\n", dummy, rep->header ); + + ssl_write( ssl, buffer, strlen( buffer ) ); +@@ -280,7 +287,7 @@ static void passport_get_id_connected( g + g_free( rep->url ); + rep->url = g_strdup( dummy ); + +- strncpy( server, dummy, sizeof( server ) - 1 ); ++ strlcpy( server, dummy, sizeof( server )); + dummy = strchr( server, '/' ); + if( dummy ) *dummy = 0; + diff --git a/net/bitlbee/patches/patch-protocols_msn_sb_c b/net/bitlbee/patches/patch-protocols_msn_sb_c new file mode 100644 index 00000000000..4ee39665607 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_msn_sb_c @@ -0,0 +1,26 @@ +$OpenBSD: patch-protocols_msn_sb_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/msn/sb.c.orig 2004-04-25 19:52:35.000000000 +1000 ++++ protocols/msn/sb.c 2004-06-09 19:18:09.000000000 +1000 +@@ -122,10 +122,11 @@ int msn_sb_sendmessage( struct msn_switc + if( sb->ready ) + { + char cmd[1024]; +- char *buf = g_new0( char, sizeof( MSN_MESSAGE_HEADERS ) + strlen( text ) * 2 ); ++ size_t buf_len = sizeof( MSN_MESSAGE_HEADERS ) + strlen( text ) * 2; ++ char *buf = g_new0( char, buf_len); + int i = strlen( MSN_MESSAGE_HEADERS ), j; + +- strcpy( buf, MSN_MESSAGE_HEADERS ); ++ strlcpy( buf, MSN_MESSAGE_HEADERS, buf_len ); + for( j = 0; text[j]; j ++ ) + { + if( text[j] == '\n' ) +@@ -592,7 +593,7 @@ static int msn_sb_message( gpointer data + } + else + { +- strcpy( buf, "<< \x02""BitlBee\x02"" - Corrupted MSN filetransfer invitation message >>" ); ++ strlcpy( buf, "<< \x02""BitlBee\x02"" - Corrupted MSN filetransfer invitation message >>", sizeof(buf) ); + } + + if( name ) g_free( name ); diff --git a/net/bitlbee/patches/patch-protocols_nogaim_c b/net/bitlbee/patches/patch-protocols_nogaim_c new file mode 100644 index 00000000000..5306d4354f8 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_nogaim_c @@ -0,0 +1,48 @@ +$OpenBSD: patch-protocols_nogaim_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/nogaim.c.orig 2004-05-29 06:05:06.000000000 +1000 ++++ protocols/nogaim.c 2004-06-09 21:25:22.000000000 +1000 +@@ -468,8 +468,8 @@ void add_buddy( struct gaim_connection * + /* Buddy seems to exist already. Let's ignore this request then... */ + } + +- memset( nick, 0, MAX_NICK_LENGTH + 1 ); +- strcpy( nick, nick_get( gc->irc, handle, gc->protocol, realname ) ); ++ memset( nick, 0, sizeof(nick)); ++ strlcpy( nick, nick_get( gc->irc, handle, gc->protocol, realname ), sizeof(nick) ); + + u = user_add( gc->irc, nick ); + +@@ -513,8 +513,8 @@ struct buddy *find_buddy( struct gaim_co + return( NULL ); + + memset( b, 0, sizeof( b ) ); +- strncpy( b->name, handle, 80 ); +- strncpy( b->show, u->realname, BUDDY_ALIAS_MAXLEN ); ++ strlcpy( b->name, handle, sizeof(b->name)); ++ strlcpy( b->show, u->realname, sizeof(b->show)); + b->present = u->online; + b->gc = u->gc; + +@@ -818,8 +818,11 @@ struct conversation *serv_got_joined_cha + c->gc = gc; + c->title = g_strdup( handle ); + +- s = bitlbee_alloc( 16 ); +- sprintf( s, "#chat_%03d", gc->irc->c_id++ ); ++ { ++ size_t s_len = 16; ++ s = bitlbee_alloc( s_len); ++ g_snprintf( s, s_len, "#chat_%03d", gc->irc->c_id++ ); ++ } + c->channel = g_strdup( s ); + g_free( s ); + +@@ -995,7 +998,7 @@ char *set_eval_away_devoice( irc_t *irc, + count = 0; + } + +- sprintf( list + strlen( list ), " %s", u->nick ); ++ g_snprintf( list + strlen( list ), sizeof(list)-strlen(list), " %s", u->nick ); + count ++; + } + u = u->next; diff --git a/net/bitlbee/patches/patch-protocols_oscar_oscar_c b/net/bitlbee/patches/patch-protocols_oscar_oscar_c new file mode 100644 index 00000000000..826c4ef68e2 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_oscar_oscar_c @@ -0,0 +1,30 @@ +$OpenBSD: patch-protocols_oscar_oscar_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/oscar/oscar.c.orig 2004-05-19 05:30:36.000000000 +1000 ++++ protocols/oscar/oscar.c 2004-06-09 21:19:12.000000000 +1000 +@@ -304,7 +304,7 @@ static void oscar_callback(gpointer data + c->inpa = 0; + c->fd = -1; + aim_conn_kill(odata->sess, &conn); +- sprintf(buf, _("You have been disconnected from chat room %s."), c->name); ++ g_snprintf(buf, sizeof(buf), _("You have been disconnected from chat room %s."), c->name); + do_error_dialog(buf, _("Chat Error!")); + } else if (conn->type == AIM_CONN_TYPE_CHATNAV) { + if (odata->cnpa > 0) +@@ -1428,7 +1428,7 @@ static int gaim_parse_msgerr(aim_session + destn = va_arg(ap, char *); + va_end(ap); + +- sprintf(buf, _("Your message to %s did not get sent: %s"), destn, ++ g_snprintf(buf, sizeof(buf), _("Your message to %s did not get sent: %s"), destn, + (reason < msgerrreasonlen) ? msgerrreason[reason] : _("Reason unknown")); + do_error_dialog(buf, _("Gaim - Error")); + +@@ -1446,7 +1446,7 @@ static int gaim_parse_locerr(aim_session + destn = va_arg(ap, char *); + va_end(ap); + +- sprintf(buf, _("User information for %s unavailable: %s"), destn, ++ g_snprintf(buf, sizeof(buf), _("User information for %s unavailable: %s"), destn, + (reason < msgerrreasonlen) ? msgerrreason[reason] : _("Reason unknown")); + do_error_dialog(buf, _("Gaim - Error")); + diff --git a/net/bitlbee/patches/patch-protocols_oscar_oscar_util_c b/net/bitlbee/patches/patch-protocols_oscar_oscar_util_c new file mode 100644 index 00000000000..1b194d45adb --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_oscar_oscar_util_c @@ -0,0 +1,13 @@ +$OpenBSD: patch-protocols_oscar_oscar_util_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/oscar/oscar_util.c.orig 2004-05-19 05:44:58.000000000 +1000 ++++ protocols/oscar/oscar_util.c 2004-06-09 21:12:06.000000000 +1000 +@@ -87,8 +87,7 @@ faim_export char *aimutil_itemidx(char * + toReturn = g_strdup(""); + } else { + if (next == NULL) { +- toReturn = g_malloc((strlen(last) + 1) * sizeof(char)); +- strcpy(toReturn, last); ++ toReturn = g_strdup(last); + } else { + toReturn = g_malloc((next - last + 1) * sizeof(char)); + memcpy(toReturn, last, (next - last)); diff --git a/net/bitlbee/patches/patch-protocols_oscar_ssi_c b/net/bitlbee/patches/patch-protocols_oscar_ssi_c new file mode 100644 index 00000000000..2012e6ec918 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_oscar_ssi_c @@ -0,0 +1,36 @@ +$OpenBSD: patch-protocols_oscar_ssi_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/oscar/ssi.c.orig 2004-05-19 05:26:49.000000000 +1000 ++++ protocols/oscar/ssi.c 2004-06-09 21:18:29.000000000 +1000 +@@ -46,11 +46,7 @@ static struct aim_ssi_item *aim_ssi_item + + /* Set the name */ + if (name) { +- if (!(newitem->name = (char *)g_malloc((strlen(name)+1)*sizeof(char)))) { +- g_free(newitem); +- return NULL; +- } +- strcpy(newitem->name, name); ++ newitem->name = g_strdup(name); + } else + newitem->name = NULL; + +@@ -413,9 +409,7 @@ faim_export int aim_ssi_cleanlist(aim_se + if (!cur) { + for (parentgroup=sess->ssi.items; ((parentgroup) && (parentgroup->type!=AIM_SSI_TYPE_GROUP) && (parentgroup->gid==0x0000)); parentgroup=parentgroup->next); + if (!parentgroup) { +- char *newgroup; +- newgroup = (char*)g_malloc(strlen("Unknown")*sizeof(char)); +- strcpy(newgroup, "Unknown"); ++ char *newgroup = g_strdup("Unknown"); + aim_ssi_addgroups(sess, conn, &newgroup, 1); + } + } +@@ -1393,7 +1387,7 @@ faim_internal int ssi_modfirst(aim_sessi + mod->toolid = 0x0110; + mod->toolversion = 0x047b; + mod->flags = 0; +- strncpy(mod->name, "ssi", sizeof(mod->name)); ++ strlcpy(mod->name, "ssi", sizeof(mod->name)); + mod->snachandler = snachandler; + mod->shutdown = ssi_shutdown; + diff --git a/net/bitlbee/patches/patch-protocols_util_c b/net/bitlbee/patches/patch-protocols_util_c new file mode 100644 index 00000000000..7e7ad172378 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_util_c @@ -0,0 +1,47 @@ +$OpenBSD: patch-protocols_util_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/util.c.orig 2004-03-18 07:21:12.000000000 +1100 ++++ protocols/util.c 2004-06-09 19:29:44.000000000 +1000 +@@ -131,14 +131,15 @@ char *str_to_utf8(unsigned char *in) + void strip_linefeed(gchar *text) + { + int i, j; +- gchar *text2 = g_malloc(strlen(text) + 1); ++ size_t text_len = strlen(text) + 1; ++ gchar *text2 = g_malloc(text_len); + + for (i = 0, j = 0; text[i]; i++) + if (text[i] != '\r') + text2[j++] = text[i]; + text2[j] = '\0'; + +- strcpy(text, text2); ++ strlcpy(text, text2, text_len); + g_free(text2); + } + +@@ -238,7 +239,6 @@ char *normalize(const char *s) + + u = t = g_strdup(s); + +- strcpy(t, s); + g_strdown(t); + + while (*t && (x < BUF_LEN - 1)) { +@@ -301,7 +301,8 @@ static htmlentity_t ent[] = + void strip_html( char *in ) + { + char *start = in; +- char *out = g_malloc( strlen( in ) + 1 ); ++ size_t in_len = strlen( in ) + 1; ++ char *out = g_malloc(in_len); + char *s = out, *cs; + int i; + int matched; +@@ -344,6 +345,6 @@ void strip_html( char *in ) + } + } + +- strcpy( start, out ); ++ strlcpy( start, out, in_len ); + g_free( out ); + } diff --git a/net/bitlbee/patches/patch-protocols_yahoo_libyahoo2_c b/net/bitlbee/patches/patch-protocols_yahoo_libyahoo2_c new file mode 100644 index 00000000000..2c5d6a3e73a --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_yahoo_libyahoo2_c @@ -0,0 +1,304 @@ +$OpenBSD: patch-protocols_yahoo_libyahoo2_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/yahoo/libyahoo2.c.orig 2004-03-26 10:11:09.000000000 +1100 ++++ protocols/yahoo/libyahoo2.c 2004-06-09 21:14:22.000000000 +1000 +@@ -626,7 +626,7 @@ static void yahoo_packet_read(struct yah + } + } + +-static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data) ++static void yahoo_packet_write(struct yahoo_packet *pkt, unsigned char *data, size_t data_len) + { + YList *l; + int pos = 0; +@@ -636,12 +636,12 @@ static void yahoo_packet_write(struct ya + unsigned char buf[100]; + + snprintf((char *)buf, sizeof(buf), "%d", pair->key); +- strcpy((char *)data + pos, (char *)buf); ++ strlcpy((char *)data + pos, (char *)buf, data_len - pos); + pos += strlen((char *)buf); + data[pos++] = 0xc0; + data[pos++] = 0x80; + +- strcpy((char *)data + pos, pair->value); ++ strlcpy((char *)data + pos, pair->value, data_len - pos); + pos += strlen(pair->value); + data[pos++] = 0xc0; + data[pos++] = 0x80; +@@ -750,7 +750,7 @@ static void yahoo_send_packet(struct yah + pos += yahoo_put32(data + pos, pkt->status); + pos += yahoo_put32(data + pos, pkt->id); + +- yahoo_packet_write(pkt, data + pos); ++ yahoo_packet_write(pkt, data + pos, len - pos); + + yahoo_packet_dump(data, len); + +@@ -1549,8 +1549,10 @@ static void yahoo_process_auth_pre_0x0b( + char *crypt_result; + unsigned char *password_hash = malloc(25); + unsigned char *crypt_hash = malloc(25); +- unsigned char *hash_string_p = malloc(50 + strlen(sn)); +- unsigned char *hash_string_c = malloc(50 + strlen(sn)); ++ size_t p_len = 50 + strlen(sn); ++ size_t c_len = 50 + strlen(sn); ++ unsigned char *hash_string_p = malloc(p_len); ++ unsigned char *hash_string_c = malloc(c_len); + + char checksum; + +@@ -1577,37 +1579,37 @@ static void yahoo_process_auth_pre_0x0b( + switch (sv) { + case 0: + checksum = seed[seed[7] % 16]; +- snprintf((char *)hash_string_p, strlen(sn) + 50, ++ snprintf((char *)hash_string_p, p_len, + "%c%s%s%s", checksum, password_hash, yd->user, seed); +- snprintf((char *)hash_string_c, strlen(sn) + 50, ++ snprintf((char *)hash_string_c, c_len, + "%c%s%s%s", checksum, crypt_hash, yd->user, seed); + break; + case 1: + checksum = seed[seed[9] % 16]; +- snprintf((char *)hash_string_p, strlen(sn) + 50, ++ snprintf((char *)hash_string_p, p_len, + "%c%s%s%s", checksum, yd->user, seed, password_hash); +- snprintf((char *)hash_string_c, strlen(sn) + 50, ++ snprintf((char *)hash_string_c, c_len, + "%c%s%s%s", checksum, yd->user, seed, crypt_hash); + break; + case 2: + checksum = seed[seed[15] % 16]; +- snprintf((char *)hash_string_p, strlen(sn) + 50, ++ snprintf((char *)hash_string_p, p_len, + "%c%s%s%s", checksum, seed, password_hash, yd->user); +- snprintf((char *)hash_string_c, strlen(sn) + 50, ++ snprintf((char *)hash_string_c, c_len, + "%c%s%s%s", checksum, seed, crypt_hash, yd->user); + break; + case 3: + checksum = seed[seed[1] % 16]; +- snprintf((char *)hash_string_p, strlen(sn) + 50, ++ snprintf((char *)hash_string_p, p_len, + "%c%s%s%s", checksum, yd->user, password_hash, seed); +- snprintf((char *)hash_string_c, strlen(sn) + 50, ++ snprintf((char *)hash_string_c, c_len, + "%c%s%s%s", checksum, yd->user, crypt_hash, seed); + break; + case 4: + checksum = seed[seed[3] % 16]; +- snprintf((char *)hash_string_p, strlen(sn) + 50, ++ snprintf((char *)hash_string_p, p_len, + "%c%s%s%s", checksum, password_hash, seed, yd->user); +- snprintf((char *)hash_string_c, strlen(sn) + 50, ++ snprintf((char *)hash_string_c, c_len, + "%c%s%s%s", checksum, crypt_hash, seed, yd->user); + break; + } +@@ -1931,29 +1933,29 @@ static void yahoo_process_auth_0x0b(stru + lookup &= 0x1f; + if (lookup >= strlen(alphabet1)) + break; +- sprintf(byte, "%c", alphabet1[lookup]); +- strcat(resp_6, byte); +- strcat(resp_6, "="); ++ snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]); ++ strlcat(resp_6, byte, sizeof(resp_6)); ++ strlcat(resp_6, "=", sizeof(resp_6)); + + lookup = (val >> 0x06); + lookup &= 0x1f; + if (lookup >= strlen(alphabet2)) + break; +- sprintf(byte, "%c", alphabet2[lookup]); +- strcat(resp_6, byte); ++ snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); ++ strlcat(resp_6, byte, sizeof(resp_6)); + + lookup = (val >> 0x01); + lookup &= 0x1f; + if (lookup >= strlen(alphabet2)) + break; +- sprintf(byte, "%c", alphabet2[lookup]); +- strcat(resp_6, byte); ++ snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); ++ strlcat(resp_6, byte, sizeof(resp_6)); + + lookup = (val & 0x01); + if (lookup >= strlen(delimit_lookup)) + break; +- sprintf(byte, "%c", delimit_lookup[lookup]); +- strcat(resp_6, byte); ++ snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]); ++ strlcat(resp_6, byte, sizeof(resp_6)); + } + + /* Our second authentication response is based off +@@ -2020,29 +2022,29 @@ static void yahoo_process_auth_0x0b(stru + lookup &= 0x1f; + if (lookup >= strlen(alphabet1)) + break; +- sprintf(byte, "%c", alphabet1[lookup]); +- strcat(resp_96, byte); +- strcat(resp_96, "="); ++ snprintf(byte, sizeof(byte), "%c", alphabet1[lookup]); ++ strlcat(resp_96, byte, sizeof(resp_96)); ++ strlcat(resp_96, "=", sizeof(resp_96)); + + lookup = (val >> 0x06); + lookup &= 0x1f; + if (lookup >= strlen(alphabet2)) + break; +- sprintf(byte, "%c", alphabet2[lookup]); +- strcat(resp_96, byte); ++ snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); ++ strlcat(resp_96, byte, sizeof(resp_96)); + + lookup = (val >> 0x01); + lookup &= 0x1f; + if (lookup >= strlen(alphabet2)) + break; +- sprintf(byte, "%c", alphabet2[lookup]); +- strcat(resp_96, byte); ++ snprintf(byte, sizeof(byte), "%c", alphabet2[lookup]); ++ strlcat(resp_96, byte, sizeof(resp_96)); + + lookup = (val & 0x01); + if (lookup >= strlen(delimit_lookup)) + break; +- sprintf(byte, "%c", delimit_lookup[lookup]); +- strcat(resp_96, byte); ++ snprintf(byte, sizeof(byte), "%c", delimit_lookup[lookup]); ++ strlcat(resp_96, byte, sizeof(resp_96)); + } + + pack = yahoo_packet_new(YAHOO_SERVICE_AUTHRESP, yd->initial_status, yd->session_id); +@@ -3063,11 +3065,9 @@ static void yahoo_process_yab_connection + if(yab->nname) { + bud->real_name = strdup(yab->nname); + } else if(yab->fname && yab->lname) { +- bud->real_name = y_new0(char, +- strlen(yab->fname)+ +- strlen(yab->lname)+2 +- ); +- sprintf(bud->real_name, "%s %s", ++ size_t len = strlen(yab->fname) + strlen(yab->lname) + 2; ++ bud->real_name = y_new0(char, len); ++ snprintf(bud->real_name, len, "%s %s", + yab->fname, yab->lname); + } else if(yab->fname) { + bud->real_name = strdup(yab->fname); +@@ -3666,7 +3666,7 @@ void yahoo_get_yab(int id) + yid->yd = yd; + yid->type = YAHOO_CONNECTION_YAB; + +- snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?ab2=0"); ++ snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?ab2=0"); + + snprintf(buff, sizeof(buff), "Y=%s; T=%s", + yd->cookie_y, yd->cookie_t); +@@ -3693,63 +3693,63 @@ void yahoo_set_yab(int id, struct yab * + yid->type = YAHOO_CONNECTION_YAB; + yid->yd = yd; + +- strncpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size); ++ strlcpy(url, "http://insider.msg.yahoo.com/ycontent/?addab2=0", size); + + if(yab->dbid) { + /* change existing yab */ + char tmp[32]; +- strncat(url, "&ee=1&ow=1&id=", size - strlen(url)); ++ strlcat(url, "&ee=1&ow=1&id=", sizeof(url)); + snprintf(tmp, sizeof(tmp), "%d", yab->dbid); +- strncat(url, tmp, size - strlen(url)); ++ strlcat(url, tmp, sizeof(url)); + } + + if(yab->fname) { +- strncat(url, "&fn=", size - strlen(url)); ++ strlcat(url, "&fn=", sizeof(url)); + temp = yahoo_urlencode(yab->fname); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } + if(yab->lname) { +- strncat(url, "&ln=", size - strlen(url)); ++ strlcat(url, "&ln=", sizeof(url)); + temp = yahoo_urlencode(yab->lname); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } +- strncat(url, "&yid=", size - strlen(url)); ++ strlcat(url, "&yid=", sizeof(url)); + temp = yahoo_urlencode(yab->id); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + if(yab->nname) { +- strncat(url, "&nn=", size - strlen(url)); ++ strlcat(url, "&nn=", sizeof(url)); + temp = yahoo_urlencode(yab->nname); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } + if(yab->email) { +- strncat(url, "&e=", size - strlen(url)); ++ strlcat(url, "&e=", sizeof(url)); + temp = yahoo_urlencode(yab->email); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } + if(yab->hphone) { +- strncat(url, "&hp=", size - strlen(url)); ++ strlcat(url, "&hp=", sizeof(url)); + temp = yahoo_urlencode(yab->hphone); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } + if(yab->wphone) { +- strncat(url, "&wp=", size - strlen(url)); ++ strlcat(url, "&wp=", sizeof(url)); + temp = yahoo_urlencode(yab->wphone); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } + if(yab->mphone) { +- strncat(url, "&mp=", size - strlen(url)); ++ strlcat(url, "&mp=", sizeof(url)); + temp = yahoo_urlencode(yab->mphone); +- strncat(url, temp, size - strlen(url)); ++ strlcat(url, temp, sizeof(url)); + free(temp); + } +- strncat(url, "&pp=0", size - strlen(url)); ++ strlcat(url, "&pp=0", sizeof(url)); + + snprintf(buff, sizeof(buff), "Y=%s; T=%s", + yd->cookie_y, yd->cookie_t); +@@ -4120,9 +4120,9 @@ void yahoo_get_chatrooms(int id, int cha + yid->type = YAHOO_CONNECTION_CHATCAT; + + if (chatroomid == 0) { +- snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatcat=0"); ++ snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatcat=0"); + } else { +- snprintf(url, 1024, "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid); ++ snprintf(url, sizeof(url), "http://insider.msg.yahoo.com/ycontent/?chatroom_%d=0",chatroomid); + } + + snprintf(buff, sizeof(buff), "Y=%s; T=%s", yd->cookie_y, yd->cookie_t); +@@ -4357,7 +4357,7 @@ static void yahoo_search_internal(int id + while((p = strchr(ctext, ' '))) + *p = '+'; + +- snprintf(url, 1024, "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s", ++ snprintf(url, sizeof(url), "http://members.yahoo.com/interests?.oc=m&.kw=%s&.sb=%d&.g=%d&.ar=0%s%s%s", + ctext, t, g, photo ? "&.p=y" : "", yahoo_only ? "&.pg=y" : "", + startpos ? buff : ""); + diff --git a/net/bitlbee/patches/patch-protocols_yahoo_yahoo_c b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_c new file mode 100644 index 00000000000..aeb7a75fda5 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_c @@ -0,0 +1,57 @@ +$OpenBSD: patch-protocols_yahoo_yahoo_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/yahoo/yahoo.c.orig 2004-05-11 21:43:50.000000000 +1000 ++++ protocols/yahoo/yahoo.c 2004-06-09 20:27:32.000000000 +1000 +@@ -350,8 +350,11 @@ static int byahoo_chat_open( struct gaim + char *roomname; + YList *members; + +- roomname = g_new0( char, strlen( gc->username ) + 16 ); +- g_snprintf( roomname, strlen( gc->username ) + 16, "%s-Bee-%d", gc->username, byahoo_chat_id ); ++ { ++ size_t len = strlen( gc->username ) + 16; ++ roomname = g_new0( char, len); ++ g_snprintf( roomname, len, "%s-Bee-%d", gc->username, byahoo_chat_id ); ++ } + + c = serv_got_joined_chat( gc, ++byahoo_chat_id, roomname ); + add_chat_buddy( c, gc->username ); +@@ -503,13 +506,17 @@ void ext_yahoo_login_response( int id, i + + if( url && *url ) + { +- s = g_malloc( strlen( "Error %d (%s). See %s for more information." ) + strlen( url ) + strlen( errstr ) + 16 ); +- sprintf( s, "Error %d (%s). See %s for more information.", succ, errstr, url ); ++ const char format[] = "Error %d (%s). See %s for more information."; ++ size_t s_len = strlen(format) + strlen( url ) + strlen( errstr ) + 16; ++ s = g_malloc( s_len); ++ snprintf( s, s_len, format, succ, errstr, url ); + } + else + { +- s = g_malloc( strlen( "Error %d (%s)" ) + strlen( errstr ) + 16 ); +- sprintf( s, "Error %d (%s)", succ, errstr ); ++ const char format[] = "Error %d (%s)"; ++ size_t s_len = strlen(format) + strlen( errstr ) + 16; ++ s = g_malloc(s_len); ++ snprintf( s, s_len, format, succ, errstr ); + } + + if( yd->logged_in ) +@@ -710,7 +717,7 @@ int ext_yahoo_connect(char *host, int po + if(!(server = gethostbyname(host))) { + return -1; + } +- strncpy(last_host, host, 255); ++ strlcpy(last_host, host, sizeof(last_host)); + } + + if((servfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { +@@ -772,7 +779,7 @@ void ext_yahoo_got_conf_invite( int id, + if( g_ascii_strcasecmp( m->data, gc->username ) != 0 ) + add_chat_buddy( inv->c, m->data ); + +- g_snprintf( txt, 1024, "Got an invitation to chatroom %s from %s: %s", room, who, msg ); ++ g_snprintf( txt, sizeof(txt), "Got an invitation to chatroom %s from %s: %s", room, who, msg ); + + do_ask_dialog( gc, txt, inv, byahoo_accept_conf, byahoo_reject_conf ); + } diff --git a/net/bitlbee/patches/patch-protocols_yahoo_yahoo_httplib_c b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_httplib_c new file mode 100644 index 00000000000..ed542c74258 --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_httplib_c @@ -0,0 +1,67 @@ +$OpenBSD: patch-protocols_yahoo_yahoo_httplib_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/yahoo/yahoo_httplib.c.orig 2004-03-18 07:21:12.000000000 +1100 ++++ protocols/yahoo/yahoo_httplib.c 2004-06-09 20:32:18.000000000 +1000 +@@ -101,7 +101,7 @@ int yahoo_tcp_readline(char *ptr, int ma + } + + static int url_to_host_port_path(const char *url, +- char *host, int *port, char *path) ++ char *host, size_t host_len, int *port, char *path, size_t path_len) + { + char *urlcopy=NULL; + char *slash=NULL; +@@ -136,13 +136,13 @@ static int url_to_host_port_path(const c + } + + if(!slash) { +- strcpy(path, "/"); ++ strlcpy(path, "/", path_len); + } else { +- strcpy(path, slash); ++ strlcpy(path, slash, path_len); + *slash = 0; + } + +- strcpy(host, urlcopy); ++ strlcpy(host, urlcopy, host_len); + + FREE(urlcopy); + +@@ -159,8 +159,9 @@ char *yahoo_urlencode(const char *instr) + int ipos=0, bpos=0; + char *str = NULL; + int len = strlen(instr); ++ size_t str_len = 3*len + 1; + +- if(!(str = y_new(char, 3*len + 1) )) ++ if(!(str = y_new(char, str_len) )) + return ""; + + while(instr[ipos]) { +@@ -169,7 +170,7 @@ char *yahoo_urlencode(const char *instr) + if(!instr[ipos]) + break; + +- snprintf(&str[bpos], 4, "%%%.2x", instr[ipos]); ++ snprintf(&str[bpos], str_len - bpos, "%%%.2x", instr[ipos]); + bpos+=3; + ipos++; + } +@@ -318,7 +319,7 @@ void yahoo_http_post(int id, const char + char path[255]; + char buff[1024]; + +- if(!url_to_host_port_path(url, host, &port, path)) ++ if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path))) + return; + + snprintf(buff, sizeof(buff), +@@ -343,7 +344,7 @@ void yahoo_http_get(int id, const char * + char path[255]; + char buff[1024]; + +- if(!url_to_host_port_path(url, host, &port, path)) ++ if(!url_to_host_port_path(url, host, sizeof(host), &port, path, sizeof(path))) + return; + + snprintf(buff, sizeof(buff), diff --git a/net/bitlbee/patches/patch-protocols_yahoo_yahoo_util_c b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_util_c new file mode 100644 index 00000000000..24c046cd74e --- /dev/null +++ b/net/bitlbee/patches/patch-protocols_yahoo_yahoo_util_c @@ -0,0 +1,17 @@ +$OpenBSD: patch-protocols_yahoo_yahoo_util_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- protocols/yahoo/yahoo_util.c.orig 2004-02-09 04:23:29.000000000 +1100 ++++ protocols/yahoo/yahoo_util.c 2004-06-09 20:33:34.000000000 +1000 +@@ -46,11 +46,11 @@ char * y_string_append(char * string, ch + + if(new_string == NULL) { + new_string = y_new(char, size); +- strcpy(new_string, string); ++ strlcpy(new_string, string, size); + FREE(string); + } + +- strcat(new_string, append); ++ strlcat(new_string, append, size); + + return new_string; + } diff --git a/net/bitlbee/patches/patch-url_c b/net/bitlbee/patches/patch-url_c new file mode 100644 index 00000000000..b1dd9b12cd2 --- /dev/null +++ b/net/bitlbee/patches/patch-url_c @@ -0,0 +1,89 @@ +$OpenBSD: patch-url_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- url.c.orig 2004-04-05 03:06:56.000000000 +1000 ++++ url.c 2004-06-09 20:37:14.000000000 +1000 +@@ -35,7 +35,7 @@ int url_set( url_t *url, char *set_url ) + if( ( i = strstr( set_url, "://" ) ) == NULL ) + { + url->proto = PROTO_DEFAULT; +- strncpy( s, set_url, MAX_STRING ); ++ strlcpy( s, set_url, sizeof(s)); + } + else + { +@@ -49,22 +49,22 @@ int url_set( url_t *url, char *set_url ) + { + return( 0 ); + } +- strncpy( s, i + 3, MAX_STRING ); ++ strlcpy( s, i + 3, sizeof(s)); + } + + /* Split */ + if( ( i = strchr( s, '/' ) ) == NULL ) + { +- strcpy( url->dir, "/" ); ++ strlcpy(url->dir, "/", sizeof(url->dir)); + } + else + { + *i = 0; +- g_snprintf( url->dir, MAX_STRING, "/%s", i + 1 ); ++ g_snprintf( url->dir, sizeof(url->dir), "/%s", i + 1 ); + if( url->proto == PROTO_HTTP ) +- http_encode( url->dir ); ++ http_encode( url->dir, sizeof(url->dir) ); + } +- strncpy( url->host, s, MAX_STRING ); ++ strlcpy( url->host, s, sizeof(url->host)); + j = strchr( url->dir, '?' ); + if( j != NULL ) + *j = 0; +@@ -74,22 +74,22 @@ int url_set( url_t *url, char *set_url ) + *j = '?'; + if( i == NULL ) + { +- strcpy( url->file, url->dir ); +- strcpy( url->dir, "/" ); ++ strlcpy( url->file, url->dir, sizeof(url->file) ); ++ strlcpy( url->dir, "/", sizeof(url->dir) ); + } + else + { +- strcpy( url->file, i + 1 ); +- strcat( url->dir, "/" ); ++ strlcpy( url->file, i + 1, sizeof(url->file) ); ++ strlcat( url->dir, "/", sizeof(url->dir) ); + } + + /* Check for username in host field */ + if( strrchr( url->host, '@' ) != NULL ) + { +- strncpy( url->user, url->host, MAX_STRING ); ++ strlcpy( url->user, url->host, sizeof(url->user)); + i = strrchr( url->user, '@' ); + *i = 0; +- strcpy( url->host, i + 1 ); ++ strlcpy( url->host, i + 1, sizeof(url->host) ); + *url->pass = 0; + } + /* If not: Fill in defaults */ +@@ -97,8 +97,8 @@ int url_set( url_t *url, char *set_url ) + { + if( url->proto == PROTO_FTP ) + { +- strcpy( url->user, "anonymous" ); +- strcpy( url->pass, "-p.artmaps@lintux.cx" ); ++ strlcpy( url->user, "anonymous", sizeof(url->user) ); ++ strlcpy( url->pass, "-p.artmaps@lintux.cx", sizeof(url->pass) ); + } + else + { +@@ -110,7 +110,7 @@ int url_set( url_t *url, char *set_url ) + if( ( i = strchr( url->user, ':' ) ) != NULL ) + { + *i = 0; +- strcpy( url->pass, i + 1 ); ++ strlcpy( url->pass, i + 1, sizeof(url->pass) ); + } + /* Port number? */ + if( ( i = strchr( url->host, ':' ) ) != NULL ) diff --git a/net/bitlbee/patches/patch-utils_bitlbeed_c b/net/bitlbee/patches/patch-utils_bitlbeed_c new file mode 100644 index 00000000000..0bb70e537b6 --- /dev/null +++ b/net/bitlbee/patches/patch-utils_bitlbeed_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-utils_bitlbeed_c,v 1.1 2004/06/20 16:27:49 naddy Exp $ +--- utils/bitlbeed.c.orig 2004-05-15 22:23:20.000000000 +1000 ++++ utils/bitlbeed.c 2004-06-09 20:38:47.000000000 +1000 +@@ -352,14 +352,14 @@ void log( char *fmt, ... ) + memset( line, 0, MAX_LOG_LEN ); + + tm = time( NULL ); +- strcpy( line, ctime( &tm ) ); ++ strlcpy( line, ctime( &tm ), sizeof(line) ); + l = strlen( line ); + line[l-1] = ' '; + + va_start( params, fmt ); +- vsnprintf( line + l, MAX_LOG_LEN - l - 2, fmt, params ); ++ vsnprintf( line + l, sizeof(line) - l - 2, fmt, params ); + va_end( params ); +- strcat( line, "\n" ); ++ strlcat( line, "\n", sizeof(line) ); + + fprintf( logfile, "%s", line ); + } diff --git a/net/bitlbee/pkg/DESCR b/net/bitlbee/pkg/DESCR index c81b1dc5c98..795a493bbf8 100644 --- a/net/bitlbee/pkg/DESCR +++ b/net/bitlbee/pkg/DESCR @@ -2,7 +2,8 @@ Bitlbee is a proxy which accepts connections from any irc-client and allows you to communicate using following instant messaging protocols. - - ICQ - AIM - - MSN + - ICQ - Jabber + - MSN + - Yahoo diff --git a/net/bitlbee/pkg/PLIST b/net/bitlbee/pkg/PLIST index 65600766d86..2df1a1609aa 100644 --- a/net/bitlbee/pkg/PLIST +++ b/net/bitlbee/pkg/PLIST @@ -1,5 +1,6 @@ -@comment $OpenBSD: PLIST,v 1.5 2003/12/31 16:03:30 naddy Exp $ +@comment $OpenBSD: PLIST,v 1.6 2004/06/20 16:27:49 naddy Exp $ libexec/bitlbee +man/man5/bitlbee.conf.5 man/man8/bitlbee.8 share/bitlbee/help.txt share/doc/bitlbee/user-guide.html