Author: rmeggins
Update of /cvs/dirsec/adminserver/include
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/include
Modified Files:
i18n.h
Log Message:
Bug(s) fixed: 186280
Bug Description: adminserver: Close potential security vulnerabilities
in CGI code
Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!)
Fix Description: Most of this just involves making sure that we use
PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we
use snprintf/strncpy/strncat correctly and null terminate the buffers.
I also got rid of some dead code, unused variables, and the like. There
are a few cases that are more complex that I have specified below. In
some cases I had to change the function signature to add a size
parameter in cases where the function was copying to a given char * and
the size was assumed (in most cases this was safe but it's still dangerous).
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
Index: i18n.h
===================================================================
RCS file: /cvs/dirsec/adminserver/include/i18n.h,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- i18n.h 18 Aug 2005 19:14:21 -0000 1.4
+++ i18n.h 31 Mar 2006 22:58:21 -0000 1.5
@@ -147,7 +147,7 @@
NSAPI_PUBLIC
int
-GetFileForLanguage(char* filepath,char* language,char* existingFilepath);
+GetFileForLanguage(char* filepath,char* language,char* existingFilepath, size_t
existingSize);
/* Looks for a file in the appropriate language.