Patch by evilninjasquirrel@hotbrev.com

2007-12-13  Tobias Mueller  <tobiasmue@svn.gnome.org>
        Patch by evilninjasquirrel@hotbrev.com

        ** Fixes bug 474043
        * plugins/exchange-operations/exchange-operations.c:
        * plugins/exchange-operations/exchange-operations.h
        Prevent buffer overflows, by introducing a fourth parameter to
        exchange_operations_tokenize_string - a max size to copy



svn path=/trunk/; revision=34692

1 files changed, 5 insertions, 5 deletions

diff --git a/plugins/exchange-operations/exchange-operations.c b/plugins/exchange-operations/exchange-operations.c
index b407a3ab8b..3b2758e700 100644
--- a/plugins/exchange-operations/exchange-operations.c
+++ b/plugins/exchange-operations/exchange-operations.c
@@ -72,11 +72,11 @@ exchange_is_offline (gint *mode)
 
 /* FIXME: See if a GLib variant of this function available */
 gboolean
-exchange_operations_tokenize_string (char **string, char *token, char delimit)
+exchange_operations_tokenize_string (char **string, char *token, char delimit, unsigned int maxsize)
 {
-	int i=0;
+	unsigned int i=0;
 	char *str=*string;
-	while (*str!=delimit && *str!='\0') {
+	while (*str!=delimit && *str!='\0' && i<maxsize-1) {
 		token[i++]=*str++;
 	}
 	while (*str==delimit)
@@ -97,7 +97,7 @@ exchange_operations_cta_add_node_to_tree (GtkTreeStore *store, GtkTreeIter *pare
 	gchar *uri;
 	gboolean status, found;
 
-	exchange_operations_tokenize_string (&luri, nodename, '/');
+	exchange_operations_tokenize_string (&luri, nodename, '/', sizeof(nodename));
 
        	if (!nodename[0]) {
 		return TRUE;
@@ -153,7 +153,7 @@ exchange_operations_cta_select_node_from_tree (GtkTreeStore *store, GtkTreeIter
 	if (!luri)
 		return;
 
-	exchange_operations_tokenize_string (&luri, nodename, '/');
+	exchange_operations_tokenize_string (&luri, nodename, '/', sizeof(nodename));
        	if (!nodename[0]) {
 		return;
 	}