Author: rmeggins

Update of /cvs/dirsec/adminserver/include In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28761/adminserver/include

Modified Files: i18n.h Log Message: Bug(s) fixed: 186280 Bug Description: adminserver: Close potential security vulnerabilities in CGI code Reviewed by: Rob, Pete, Nathan, Noriko (Thanks!) Fix Description: Most of this just involves making sure that we use PR_snprintf/PL_strncpyz/PL_strcatn where able, or just making sure we use snprintf/strncpy/strncat correctly and null terminate the buffers. I also got rid of some dead code, unused variables, and the like. There are a few cases that are more complex that I have specified below. In some cases I had to change the function signature to add a size parameter in cases where the function was copying to a given char * and the size was assumed (in most cases this was safe but it's still dangerous). Platforms tested: Fedora Core 5 Flag Day: no Doc impact: no

Index: i18n.h =================================================================== RCS file: /cvs/dirsec/adminserver/include/i18n.h,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- i18n.h 18 Aug 2005 19:14:21 -0000 1.4 +++ i18n.h 31 Mar 2006 22:58:21 -0000 1.5 @@ -147,7 +147,7 @@

NSAPI_PUBLIC int -GetFileForLanguage(char* filepath,char* language,char* existingFilepath); +GetFileForLanguage(char* filepath,char* language,char* existingFilepath, size_t existingSize);

/* Looks for a file in the appropriate language.