From 75b76dedf1257789ca2d5c74af363606928fbc6a Mon Sep 17 00:00:00 2001
From: Tobias Mueller <tobiasmue@svn.gnome.org>
Date: Wed, 12 Dec 2007 23:08:15 +0000
Subject: Patch by evilninjasquirrel@hotbrev.com

2007-12-13  Tobias Mueller  <tobiasmue@svn.gnome.org>
        Patch by evilninjasquirrel@hotbrev.com

        ** Fixes bug 474043
        * plugins/exchange-operations/exchange-operations.c:
        * plugins/exchange-operations/exchange-operations.h
        Prevent buffer overflows, by introducing a fourth parameter to
        exchange_operations_tokenize_string - a max size to copy



svn path=/trunk/; revision=34692
---
 plugins/exchange-operations/ChangeLog             |  9 +++++++++
 plugins/exchange-operations/exchange-operations.c | 10 +++++-----
 plugins/exchange-operations/exchange-operations.h |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/plugins/exchange-operations/ChangeLog b/plugins/exchange-operations/ChangeLog
index f6e55929b1..bdf2c34b6f 100644
--- a/plugins/exchange-operations/ChangeLog
+++ b/plugins/exchange-operations/ChangeLog
@@ -1,3 +1,12 @@
+2007-12-13  Tobias Mueller  <tobiasmue@svn.gnome.org>
+	Patch by evilninjasquirrel@hotbrev.com
+	
+	** Fixes bug 474043
+	* plugins/exchange-operations/exchange-operations.c:
+	* plugins/exchange-operations/exchange-operations.h
+	Prevent buffer overflows, by introducing a fourth parameter to
+	exchange_operations_tokenize_string - a max size to copy
+
 2007-12-04  David Turner  <cillian64@googlemail.com>
 
 	** Fix for bug #466241
diff --git a/plugins/exchange-operations/exchange-operations.c b/plugins/exchange-operations/exchange-operations.c
index b407a3ab8b..3b2758e700 100644
--- a/plugins/exchange-operations/exchange-operations.c
+++ b/plugins/exchange-operations/exchange-operations.c
@@ -72,11 +72,11 @@ exchange_is_offline (gint *mode)
 
 /* FIXME: See if a GLib variant of this function available */
 gboolean
-exchange_operations_tokenize_string (char **string, char *token, char delimit)
+exchange_operations_tokenize_string (char **string, char *token, char delimit, unsigned int maxsize)
 {
-	int i=0;
+	unsigned int i=0;
 	char *str=*string;
-	while (*str!=delimit && *str!='\0') {
+	while (*str!=delimit && *str!='\0' && i<maxsize-1) {
 		token[i++]=*str++;
 	}
 	while (*str==delimit)
@@ -97,7 +97,7 @@ exchange_operations_cta_add_node_to_tree (GtkTreeStore *store, GtkTreeIter *pare
 	gchar *uri;
 	gboolean status, found;
 
-	exchange_operations_tokenize_string (&luri, nodename, '/');
+	exchange_operations_tokenize_string (&luri, nodename, '/', sizeof(nodename));
 
        	if (!nodename[0]) {
 		return TRUE;
@@ -153,7 +153,7 @@ exchange_operations_cta_select_node_from_tree (GtkTreeStore *store, GtkTreeIter
 	if (!luri)
 		return;
 
-	exchange_operations_tokenize_string (&luri, nodename, '/');
+	exchange_operations_tokenize_string (&luri, nodename, '/', sizeof(nodename));
        	if (!nodename[0]) {
 		return;
 	}
diff --git a/plugins/exchange-operations/exchange-operations.h b/plugins/exchange-operations/exchange-operations.h
index 1648661fca..e64080c3d7 100644
--- a/plugins/exchange-operations/exchange-operations.h
+++ b/plugins/exchange-operations/exchange-operations.h
@@ -42,7 +42,7 @@ int e_plugin_lib_enable (EPluginLib *eplib, int enable);
 ExchangeAccount *exchange_operations_get_exchange_account (void);
 ExchangeConfigListenerStatus exchange_is_offline (gint *mode);
 
-gboolean exchange_operations_tokenize_string (char **string, char *token, char delimit);
+gboolean exchange_operations_tokenize_string (char **string, char *token, char delimit, unsigned int maxsize);
 
 gboolean exchange_operations_cta_add_node_to_tree (GtkTreeStore *store, GtkTreeIter *parent, const char *nuri);
 void exchange_operations_cta_select_node_from_tree (GtkTreeStore *store, GtkTreeIter *parent, const char *nuri, const char *ruri, GtkTreeSelection *selection) ;
-- 
cgit v1.2.3