From 6bf05d34ba416ec14f651c22cba8710e52125907 Mon Sep 17 00:00:00 2001
From: Tobias Weimer <wishmaster51@googlemail.com>
Date: Tue, 21 Apr 2015 19:15:27 +0000
Subject: New_GPG: - Fixed some buffer overruns (char caps[0x10]; and
 strcpy(cap.caps, "GPG FileTransfer"); )

git-svn-id: http://svn.miranda-ng.org/main/trunk@13018 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c
---
 plugins/New_GPG/src/main.cpp      | 18 +++++++++---------
 plugins/New_GPG/src/messages.cpp  |  7 ++++---
 plugins/New_GPG/src/options.cpp   | 32 +++++++++++++++++---------------
 plugins/New_GPG/src/utilities.cpp | 16 ++++++++--------
 4 files changed, 38 insertions(+), 35 deletions(-)

(limited to 'plugins/New_GPG/src')

diff --git a/plugins/New_GPG/src/main.cpp b/plugins/New_GPG/src/main.cpp
index a29d698c53..e2981a0344 100755
--- a/plugins/New_GPG/src/main.cpp
+++ b/plugins/New_GPG/src/main.cpp
@@ -182,7 +182,7 @@ static INT_PTR CALLBACK DlgProcFirstRun(HWND hwndDlg,UINT msg,WPARAM wParam,LPAR
 								p2 = out.find_first_not_of(" ", p+5);
 								p = out.find("<", p2);
 								p++;
-								p2 = out.find(">", p);
+								//p2 = out.find(">", p);
 								//
 								continue; //does not add to key list
 							}
@@ -1296,7 +1296,7 @@ static INT_PTR CALLBACK DlgProcNewKeyDialog(HWND hwndDlg, UINT msg, WPARAM wPara
 			SetDlgItemText(hwndDlg, ID_IMPORT, tmp[0]?TranslateT("Replace"):TranslateT("Accept"));
 			mir_free(tmp);
 			tmp = new TCHAR [256];
-			mir_sntprintf(tmp, SIZEOF(tmp),TranslateT("Received key from %s"), CallService(MS_CLIST_GETCONTACTDISPLAYNAME, hContact, (LPARAM)GCDNF_TCHAR));
+			mir_sntprintf(tmp, 255,TranslateT("Received key from %s"), CallService(MS_CLIST_GETCONTACTDISPLAYNAME, hContact, GCDNF_TCHAR));
 			SetDlgItemText(hwndDlg, IDC_KEY_FROM, tmp);
 			delete [] tmp;
 		}
@@ -2245,8 +2245,8 @@ void InitCheck()
 		ICQ_CUSTOMCAP cap;
 		cap.cbSize = sizeof(ICQ_CUSTOMCAP);
 		cap.hIcon = 0;
-		strcpy(cap.name, "GPG Key AutoExchange");
-		strcpy(cap.caps, "GPG AutoExchange");
+		strncpy(cap.name, "GPG Key AutoExchange", MAX_CAPNAME-1);
+		strncpy(cap.caps, "GPGAutoExchange", sizeof(cap.caps)-1);
 
 		for(int i = 0; i < count; i++)
 			if( ProtoServiceExists(accounts[i]->szProtoName, PS_ICQ_ADDCAPABILITY))
@@ -2260,8 +2260,8 @@ void InitCheck()
 		ICQ_CUSTOMCAP cap;
 		cap.cbSize = sizeof(ICQ_CUSTOMCAP);
 		cap.hIcon = 0;
-		strcpy(cap.name, "GPG Encrypted FileTransfers");
-		strcpy(cap.caps, "GPG FileTransfer");
+		strncpy(cap.name, "GPG Encrypted FileTransfers", MAX_CAPNAME-1);
+		strncpy(cap.caps, "GPGFileTransfer", sizeof(cap.caps)-1);
 
 		for(int i = 0; i < count; i++)
 			if( ProtoServiceExists(accounts[i]->szProtoName, PS_ICQ_ADDCAPABILITY))
@@ -2301,10 +2301,10 @@ void ImportKey()
 		DWORD exitcode;
 		{
 			ptmp = UniGetContactSettingUtf(NULL, szGPGModuleName, "szHomePath", _T(""));
-			_tcscpy(tmp2, ptmp);
+			_tcsncpy(tmp2, ptmp, MAX_PATH-1);
 			mir_free(ptmp);
-			_tcscat(tmp2, _T("\\"));
-			_tcscat(tmp2, _T("temporary_exported.asc"));
+			_tcsncat(tmp2, _T("\\"), MAX_PATH-1);
+			_tcsncat(tmp2, _T("temporary_exported.asc"), MAX_PATH-1);
 			boost::filesystem::remove(tmp2);
 			wfstream f(tmp2, std::ios::out);
 			if(db_mc_isMeta(hContact))
diff --git a/plugins/New_GPG/src/messages.cpp b/plugins/New_GPG/src/messages.cpp
index 8e0103d9c4..0971b32335 100755
--- a/plugins/New_GPG/src/messages.cpp
+++ b/plugins/New_GPG/src/messages.cpp
@@ -538,7 +538,7 @@ INT_PTR RecvMsgSvc(WPARAM w, LPARAM l)
 			if(uin) {
 				if( ProtoServiceExists(proto, PS_ICQ_CHECKCAPABILITY)) {
 					ICQ_CUSTOMCAP cap = {0};
-					strcpy(cap.caps, "GPG AutoExchange");
+					strncpy(cap.caps, "GPGAutoExchange", sizeof(cap.caps)-1);
 					if(ProtoCallService(proto, PS_ICQ_CHECKCAPABILITY, (WPARAM)ccs->hContact, (LPARAM)&cap)) {
 						CallContactService(ccs->hContact, PSS_MESSAGE, PREF_UTF, (LPARAM)"-----PGP KEY REQUEST-----");
 						return 0;
@@ -846,7 +846,7 @@ int HookSendMsg(WPARAM w, LPARAM l)
 					if(bDebugLog)
 						debuglog<<std::string(time_str()+": info(autoexchange, icq): checking for autoexchange icq capability, name: "+toUTF8((TCHAR*)CallService(MS_CLIST_GETCONTACTDISPLAYNAME, hContact, GCDNF_TCHAR)));
 					ICQ_CUSTOMCAP cap = {0};
-					strcpy(cap.caps, "GPG AutoExchange");
+					strncpy(cap.caps, "GPGAutoExchange", sizeof(cap.caps)-1);
 					if( ProtoCallService(proto, PS_ICQ_CHECKCAPABILITY, hContact, (LPARAM)&cap)) {
 						if(bDebugLog)
 							debuglog<<std::string(time_str()+": info(autoexchange, icq): sending key requiest, name: "+toUTF8((TCHAR*)CallService(MS_CLIST_GETCONTACTDISPLAYNAME, hContact, GCDNF_TCHAR)));
@@ -905,7 +905,7 @@ int HookSendMsg(WPARAM w, LPARAM l)
 	}
 	if(isContactSecured(hContact) && (dbei->flags & DBEF_SENT)) //aggressive outgoing events filtering
 	{
-		DWORD flags;
+		DWORD flags = 0;
 		if((dbei->flags & DBEF_UTF) == DBEF_UTF)
 			flags |= PREF_UTF;
 		SendMsgSvc_func(hContact, (char*)dbei->pBlob, flags);
@@ -1004,6 +1004,7 @@ static INT_PTR CALLBACK DlgProcKeyPassword(HWND hwndDlg, UINT msg, WPARAM wParam
 					extern TCHAR *password;
 					if(IsDlgButtonChecked(hwndDlg, IDC_SAVE_PASSWORD))
 					{
+						inkeyid = UniGetContactSettingUtf(new_key_hcnt, szGPGModuleName, "InKeyID", "");
 						if(inkeyid && inkeyid[0] && BST_UNCHECKED == IsDlgButtonChecked(hwndDlg, IDC_DEFAULT_PASSWORD))
 						{
 							string dbsetting = "szKey_";
diff --git a/plugins/New_GPG/src/options.cpp b/plugins/New_GPG/src/options.cpp
index 59c21f0a43..85665d22cb 100755
--- a/plugins/New_GPG/src/options.cpp
+++ b/plugins/New_GPG/src/options.cpp
@@ -360,19 +360,21 @@ static INT_PTR CALLBACK DlgProcGpgOpts(HWND hwndDlg, UINT msg, WPARAM wParam, LP
 					  MessageBox(0, msg, TranslateT("Error"), MB_OK);
 					  GlobalFree(hMem);
 				  }
-				  memcpy(szKey, str.c_str(), str.size());
-				  szKey[str.size()] = '\0';
-				  str.clear();
-				  EmptyClipboard();
-				  GlobalUnlock(hMem);
-				  if(!SetClipboardData(CF_OEMTEXT, hMem))
-				  {
-					  GlobalFree(hMem);
-					  TCHAR msg[64];
-					  mir_sntprintf(msg, SIZEOF(msg), TranslateT("Failed write to clipboard with error %d"), GetLastError());
-					  MessageBox(0, msg, TranslateT("Error"), MB_OK);
+				  else {
+					  memcpy(szKey, str.c_str(), str.size());
+					  szKey[str.size()] = '\0';
+					  str.clear();
+					  EmptyClipboard();
+					  GlobalUnlock(hMem);
+					  if(!SetClipboardData(CF_OEMTEXT, hMem))
+					  {
+						  GlobalFree(hMem);
+						  TCHAR msg[64];
+						  mir_sntprintf(msg, SIZEOF(msg), TranslateT("Failed write to clipboard with error %d"), GetLastError());
+						  MessageBox(0, msg, TranslateT("Error"), MB_OK);
+					  }
+					  CloseClipboard();
 				  }
-				  CloseClipboard();
 			  }
 			  else
 			  {
@@ -901,10 +903,10 @@ static INT_PTR CALLBACK DlgProcLoadPublicKey(HWND hwndDlg,UINT msg,WPARAM wParam
 						{
 							MCONTACT hcnt = db_mc_tryMeta(hContact);
 							ptmp = UniGetContactSettingUtf(NULL, szGPGModuleName, "szHomePath", _T(""));
-							_tcscpy(tmp2, ptmp);
+							_tcsncpy(tmp2, ptmp, MAX_PATH-1);
 							mir_free(ptmp);
-							_tcscat(tmp2, _T("\\"));
-							_tcscat(tmp2, _T("temporary_exported.asc"));
+							_tcsncat(tmp2, _T("\\"), MAX_PATH-1);
+							_tcsncat(tmp2, _T("temporary_exported.asc"), MAX_PATH-1);
 							boost::filesystem::remove(tmp2);
 							wfstream f(tmp2, std::ios::out);
 							ptmp = UniGetContactSettingUtf(hcnt, szGPGModuleName, "GPGPubKey", _T(""));
diff --git a/plugins/New_GPG/src/utilities.cpp b/plugins/New_GPG/src/utilities.cpp
index 6fddc89a2e..ece87a569c 100755
--- a/plugins/New_GPG/src/utilities.cpp
+++ b/plugins/New_GPG/src/utilities.cpp
@@ -61,14 +61,14 @@ void GetFilePath(TCHAR *WindowTittle, char *szSetting, TCHAR *szExt, TCHAR *szEx
 	ofn.lStructSize=CDSIZEOF_STRUCT(OPENFILENAME,lpTemplateName);
 	ofn.Flags=OFN_EXPLORER;
 	ofn.lpstrTitle=TranslateW(WindowTittle);
-	_tcscpy(filter,TranslateW(szExtDesc));
+	_tcsncpy(filter,TranslateW(szExtDesc), SIZEOF(filter)-1);
 	pfilter=filter+_tcslen(filter)+1;
 	_tcscpy(pfilter, szExt);
 	pfilter[_tcslen(pfilter)+1] = '\0';
 	pfilter[_tcslen(pfilter)+2] = '\0';
 	ofn.lpstrFilter=filter;
 	tmp = UniGetContactSettingUtf(0, szGPGModuleName, szSetting, _T(""));
-	_tcscpy(str, tmp);
+	_tcsncpy(str, tmp, SIZEOF(str)-1);
 	mir_free(tmp);
 	if(_tcslen(str)< 2)
 		str[0] = '\0';
@@ -439,6 +439,7 @@ int onProtoAck(WPARAM w, LPARAM l)
 							boost::filesystem::remove(filename);
 						mir_free(filename);
 				}
+				mir_free(filename);
 			}
 		}
 		break;
@@ -544,7 +545,7 @@ INT_PTR onSendFile(WPARAM w, LPARAM l)
 			if( ProtoServiceExists(proto, PS_ICQ_CHECKCAPABILITY)) {
 				supported_proto = true;
 				ICQ_CUSTOMCAP cap = {0};
-				strcpy(cap.caps, "GPG FileTransfer");
+				strncpy(cap.caps, "GPGFileTransfer",sizeof(cap.caps)-1);
 				if( ProtoCallService(proto, PS_ICQ_CHECKCAPABILITY, (WPARAM)ccs->hContact, (LPARAM)&cap))
 					cap_found = true;
 			}
@@ -778,8 +779,7 @@ static JABBER_HANDLER_FUNC SendHandler(IJabberInterface *ji, HXML node, void *pU
 						{
 							char *proto = ji->GetModuleName();
 							char setting[64];
-							strcpy(setting, proto);
-							strcat(setting, "_KeyID");
+							mir_snprintf(setting, sizeof(setting)-1,"%s_KeyID",proto);
 							inkeyid = UniGetContactSettingUtf(NULL, szGPGModuleName, setting, "");
 							if(!inkeyid[0])
 							{
@@ -1860,10 +1860,10 @@ INT_PTR ImportGpGKeys(WPARAM w, LPARAM l)
 			DWORD exitcode;
 			{
 				ptmp = UniGetContactSettingUtf(NULL, szGPGModuleName, "szHomePath", _T(""));
-				_tcscpy(tmp2, ptmp);
+				_tcsncpy(tmp2, ptmp, MAX_PATH-1);
 				mir_free(ptmp);
-				_tcscat(tmp2, _T("\\"));
-				_tcscat(tmp2, _T("temporary_exported.asc"));
+				_tcsncat(tmp2, _T("\\"), MAX_PATH-1);
+				_tcsncat(tmp2, _T("temporary_exported.asc"), MAX_PATH-1);
 				boost::filesystem::remove(tmp2);
 				wfstream f(tmp2, std::ios::out);
 				f<<toUTF16(key).c_str();
-- 
cgit v1.2.3