diff options
| author | George Hazan <george.hazan@gmail.com> | 2015-04-10 14:43:19 +0000 |
|---|---|---|
| committer | George Hazan <george.hazan@gmail.com> | 2015-04-10 14:43:19 +0000 |
| commit | a95fb39f8e85ad7c2feb30b9797f292d02e07c18 (patch) | |
| tree | 4a21c6de18e84733fe7e03a1e00996042e92527e | |
| parent | 77a9ce1c7510cdf66bf038300ce57952748a3e05 (diff) | |
fix for possible buffer overrun
git-svn-id: http://svn.miranda-ng.org/main/trunk@12737 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
| -rw-r--r-- | plugins/OpenSSL/src/ssl_openssl.cpp | 7 | ||||
| -rw-r--r-- | src/core/stdssl/src/netlibssl.cpp | 7 |
2 files changed, 6 insertions, 8 deletions
diff --git a/plugins/OpenSSL/src/ssl_openssl.cpp b/plugins/OpenSSL/src/ssl_openssl.cpp index 4e910d24ea..7884af8da4 100644 --- a/plugins/OpenSSL/src/ssl_openssl.cpp +++ b/plugins/OpenSSL/src/ssl_openssl.cpp @@ -258,17 +258,16 @@ static void ReportSslError(SECURITY_STATUS scRet, int line, bool showPopup = fal return; case SEC_E_INVALID_TOKEN: - _tcscpy(szMsgBuf, TranslateT("Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package")); + _tcsncpy_s(szMsgBuf, TranslateT("Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"), _TRUNCATE); break; case CERT_E_CN_NO_MATCH: case SEC_E_WRONG_PRINCIPAL: - _tcscpy(szMsgBuf, TranslateT("Host we are connecting to is not the one certificate was issued for")); + _tcsncpy_s(szMsgBuf, TranslateT("Host we are connecting to is not the one certificate was issued for"), _TRUNCATE); break; default: - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, scRet, LANG_USER_DEFAULT, szMsgBuf, SIZEOF(szMsgBuf), NULL); + FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, scRet, LANG_USER_DEFAULT, szMsgBuf, SIZEOF(szMsgBuf), NULL); } TCHAR szMsgBuf2[512]; diff --git a/src/core/stdssl/src/netlibssl.cpp b/src/core/stdssl/src/netlibssl.cpp index 6a5a9e8980..9da09b7b0b 100644 --- a/src/core/stdssl/src/netlibssl.cpp +++ b/src/core/stdssl/src/netlibssl.cpp @@ -71,17 +71,16 @@ static void ReportSslError(SECURITY_STATUS scRet, int line, bool showPopup = fal return;
case SEC_E_INVALID_TOKEN:
- _tcscpy(szMsgBuf, TranslateT("Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"));
+ _tcsncpy_s(szMsgBuf, TranslateT("Client cannot decode host message. Possible causes: host does not support SSL or requires not existing security package"), _TRUNCATE);
break;
case CERT_E_CN_NO_MATCH:
case SEC_E_WRONG_PRINCIPAL:
- _tcscpy(szMsgBuf, TranslateT("Host we are connecting to is not the one certificate was issued for"));
+ _tcsncpy_s(szMsgBuf, TranslateT("Host we are connecting to is not the one certificate was issued for"), _TRUNCATE);
break;
default:
- FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
- NULL, scRet, LANG_USER_DEFAULT, szMsgBuf, SIZEOF(szMsgBuf), NULL);
+ FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, scRet, LANG_USER_DEFAULT, szMsgBuf, SIZEOF(szMsgBuf), NULL);
}
TCHAR szMsgBuf2[512];
|