diff options
| author | Daniel Atallah <datallah@pidgin.im> | 2009-05-14 21:17:11 +0000 |
|---|---|---|
| committer | Daniel Atallah <datallah@pidgin.im> | 2009-05-14 21:17:11 +0000 |
| commit | a1a345487c37f4992916155385561376577b7268 (patch) | |
| tree | 7ba11381e203365a0ee568c826dfc08b1899c0a3 | |
| parent | d9ebc9f103ffe7c147281c12a298c3c28a740c4a (diff) | |
| parent | 705af3c1025a500f21603dc3dd592c5252b52017 (diff) | |
| download | pidgin-a1a345487c37f4992916155385561376577b7268.tar.gz | |
propagate from branch 'im.pidgin.pidgin.2.5.5.veracode' (head 1c47af7fda59df394abcff57550ece1dbdb5e41a)
to branch 'im.pidgin.pidgin.2.5.6' (head 97bc1f89e32f9400a748812534407dba5d5325c0)
| -rw-r--r-- | libpurple/protocols/jabber/si.c | 34 | ||||
| -rw-r--r-- | libpurple/protocols/msn/httpconn.c | 8 | ||||
| -rw-r--r-- | libpurple/protocols/msn/oim.c | 12 | ||||
| -rw-r--r-- | libpurple/protocols/msn/soap.c | 2 | ||||
| -rw-r--r-- | libpurple/protocols/oscar/family_oservice.c | 2 | ||||
| -rw-r--r-- | libpurple/protocols/qq/utils.c | 11 |
6 files changed, 51 insertions, 18 deletions
diff --git a/libpurple/protocols/jabber/si.c b/libpurple/protocols/jabber/si.c index 02a79229c4..7e40cca3bf 100644 --- a/libpurple/protocols/jabber/si.c +++ b/libpurple/protocols/jabber/si.c @@ -354,7 +354,7 @@ jabber_si_xfer_bytestreams_send_read_again_cb(gpointer data, gint source, { PurpleXfer *xfer = data; JabberSIXfer *jsx = xfer->data; - char buffer[256]; + char buffer[42]; /* 40 for DST.ADDR + 2 bytes for port number*/ int len; char *dstaddr, *hash; const char *host; @@ -378,16 +378,19 @@ jabber_si_xfer_bytestreams_send_read_again_cb(gpointer data, gint source, jsx->rxlen += len; return; } else if(jsx->rxqueue[0] != 0x05 || jsx->rxqueue[1] != 0x01 || - jsx->rxqueue[3] != 0x03) { - purple_debug_info("jabber", "invalid socks5 stuff\n"); + jsx->rxqueue[3] != 0x03 || jsx->rxqueue[4] != 40) { + purple_debug_info("jabber", "Invalid socks5 conn req. header[0x%x,0x%x,0x%x,0x%x,0x%x]\n", + jsx->rxqueue[0], jsx->rxqueue[1], jsx->rxqueue[2], + jsx->rxqueue[3], jsx->rxqueue[4]); purple_input_remove(xfer->watcher); xfer->watcher = 0; close(source); purple_xfer_cancel_remote(xfer); return; } else if(jsx->rxlen - 5 < jsx->rxqueue[4] + 2) { - purple_debug_info("jabber", "reading umpteen more bytes\n"); - len = read(source, buffer, jsx->rxqueue[4] + 5 + 2 - jsx->rxlen); + purple_debug_info("jabber", "reading %u bytes for DST.ADDR + port num (trying to read %u now)\n", + jsx->rxqueue[4] + 2, jsx->rxqueue[4] + 2 - (jsx->rxlen - 5)); + len = read(source, buffer, jsx->rxqueue[4] + 2 - (jsx->rxlen - 5)); if(len < 0 && errno == EAGAIN) return; else if(len <= 0) { @@ -402,6 +405,7 @@ jabber_si_xfer_bytestreams_send_read_again_cb(gpointer data, gint source, jsx->rxlen += len; } + /* Have we not read all of DST.ADDR and the following 2-byte port number? */ if(jsx->rxlen - 5 < jsx->rxqueue[4] + 2) return; @@ -415,9 +419,16 @@ jabber_si_xfer_bytestreams_send_read_again_cb(gpointer data, gint source, /* Per XEP-0065, the 'host' must be SHA1(SID + from JID + to JID) */ hash = jabber_calculate_data_sha1sum(dstaddr, strlen(dstaddr)); - if(jsx->rxqueue[4] != 40 || strncmp(hash, jsx->rxqueue+5, 40) || + if(strncmp(hash, jsx->rxqueue + 5, 40) || jsx->rxqueue[45] != 0x00 || jsx->rxqueue[46] != 0x00) { - purple_debug_error("jabber", "someone connected with the wrong info!\n"); + if (jsx->rxqueue[45] != 0x00 || jsx->rxqueue[46] != 0x00) + purple_debug_error("jabber", "Got SOCKS5 BS conn with the wrong DST.PORT" + " (must be 0 - got[0x%x,0x%x]).\n", + jsx->rxqueue[45], jsx->rxqueue[46]); + else + purple_debug_error("jabber", "Got SOCKS5 BS conn with the wrong DST.ADDR" + " (expected '%s' - got '%.40s').\n", + hash, jsx->rxqueue + 5); close(source); purple_xfer_cancel_remote(xfer); g_free(hash); @@ -478,11 +489,13 @@ jabber_si_xfer_bytestreams_send_read_response_cb(gpointer data, gint source, purple_input_remove(xfer->watcher); xfer->watcher = 0; + /* If we sent a "Success", wait for a response, otherwise give up and cancel */ if (jsx->rxqueue[1] == 0x00) { xfer->watcher = purple_input_add(source, PURPLE_INPUT_READ, jabber_si_xfer_bytestreams_send_read_again_cb, xfer); g_free(jsx->rxqueue); jsx->rxqueue = NULL; + jsx->rxlen = 0; } else { close(source); purple_xfer_cancel_remote(xfer); @@ -503,6 +516,7 @@ jabber_si_xfer_bytestreams_send_read_cb(gpointer data, gint source, xfer->fd = source; + /** Try to read the SOCKS5 header */ if(jsx->rxlen < 2) { purple_debug_info("jabber", "reading those first two bytes\n"); len = read(source, buffer, 2 - jsx->rxlen); @@ -520,8 +534,9 @@ jabber_si_xfer_bytestreams_send_read_cb(gpointer data, gint source, jsx->rxlen += len; return; } else if(jsx->rxlen - 2 < jsx->rxqueue[1]) { - purple_debug_info("jabber", "reading the next umpteen bytes\n"); - len = read(source, buffer, jsx->rxqueue[1] + 2 - jsx->rxlen); + purple_debug_info("jabber", "reading %u bytes for auth methods (trying to read %u now)\n", + jsx->rxqueue[1], jsx->rxqueue[1] - (jsx->rxlen - 2)); + len = read(source, buffer, jsx->rxqueue[1] - (jsx->rxlen - 2)); if(len < 0 && errno == EAGAIN) return; else if(len <= 0) { @@ -536,6 +551,7 @@ jabber_si_xfer_bytestreams_send_read_cb(gpointer data, gint source, jsx->rxlen += len; } + /* Have we not read all the auth. method bytes? */ if(jsx->rxlen -2 < jsx->rxqueue[1]) return; diff --git a/libpurple/protocols/msn/httpconn.c b/libpurple/protocols/msn/httpconn.c index abf9963e9d..cf360ce67e 100644 --- a/libpurple/protocols/msn/httpconn.c +++ b/libpurple/protocols/msn/httpconn.c @@ -219,7 +219,13 @@ msn_httpconn_parse_data(MsnHttpConn *httpconn, const char *buf, g_free(tmp); t = strchr(full_session_id, '.'); - session_id = g_strndup(full_session_id, t - full_session_id); + if (t != NULL) + session_id = g_strndup(full_session_id, t - full_session_id); + else { + purple_debug_error("msn", "Malformed full_session_id[%s]\n", + full_session_id ? full_session_id : NULL); + session_id = g_strdup(full_session_id); + } if (session_action == NULL || strcmp(session_action, "close") != 0) { diff --git a/libpurple/protocols/msn/oim.c b/libpurple/protocols/msn/oim.c index 4e492d605f..d428ad4a22 100644 --- a/libpurple/protocols/msn/oim.c +++ b/libpurple/protocols/msn/oim.c @@ -668,9 +668,15 @@ msn_oim_report_to_user(MsnOimRecvData *rdata, const char *msg_str) if (tokens[1] != NULL) from = (const char *)tokens[1]; - start = strchr(from, '<') + 1; - end = strchr(from, '>'); - passport = g_strndup(start, end - start); + start = strchr(from, '<'); + if (start != NULL) { + start++; + end = strchr(from, '>'); + if (end != NULL) + passport = g_strndup(start, end - start); + } + if (passport == NULL) + passport = g_strdup(_("Unknown")); g_strfreev(tokens); } diff --git a/libpurple/protocols/msn/soap.c b/libpurple/protocols/msn/soap.c index 786e2f3a8e..b80c6d6fe3 100644 --- a/libpurple/protocols/msn/soap.c +++ b/libpurple/protocols/msn/soap.c @@ -434,7 +434,7 @@ msn_soap_process(MsnSoapConnection *conn) g_free(line); return; } else if (strcmp(key, "Content-Length") == 0) { - conn->body_len = atoi(value); + sscanf(value, "%" G_GSIZE_FORMAT, &(conn->body_len)); } else if (strcmp(key, "Connection") == 0) { if (strcmp(value, "close") == 0) { conn->close_when_done = TRUE; diff --git a/libpurple/protocols/oscar/family_oservice.c b/libpurple/protocols/oscar/family_oservice.c index 746f3b28a6..e11283e0fc 100644 --- a/libpurple/protocols/oscar/family_oservice.c +++ b/libpurple/protocols/oscar/family_oservice.c @@ -151,7 +151,7 @@ aim_chat_join(OscarData *od, guint16 exchange, const char *roomname, guint16 ins memset(&csi, 0, sizeof(csi)); csi.exchange = exchange; - strncpy(csi.name, roomname, sizeof(csi.name)); + g_strlcpy(csi.name, roomname, sizeof(csi.name)); csi.instance = instance; /* diff --git a/libpurple/protocols/qq/utils.c b/libpurple/protocols/qq/utils.c index cc8879af8b..178b699ee9 100644 --- a/libpurple/protocols/qq/utils.c +++ b/libpurple/protocols/qq/utils.c @@ -222,7 +222,8 @@ static gchar *strstrip(const gchar *const buffer) * The return should be freed later. */ guint8 *hex_str_to_bytes(const gchar *const buffer, gint *out_len) { - gchar *hex_str, *hex_buffer, *cursor, tmp; + gchar *hex_str, *hex_buffer, *cursor; + gchar tmp[2]; guint8 *bytes, nibble1, nibble2; gint index; @@ -242,7 +243,9 @@ guint8 *hex_str_to_bytes(const gchar *const buffer, gint *out_len) index = 0; for (cursor = hex_str; cursor < hex_str + sizeof(gchar) * (strlen(hex_str)) - 1; cursor++) { if (g_ascii_isdigit(*cursor)) { - tmp = *cursor; nibble1 = atoi(&tmp); + tmp[0] = *cursor; + tmp[1] = '\0'; + nibble1 = atoi(tmp); } else if (g_ascii_isalpha(*cursor) && (gint) *cursor - 87 < 16) { nibble1 = (gint) *cursor - 87; } else { @@ -254,7 +257,9 @@ guint8 *hex_str_to_bytes(const gchar *const buffer, gint *out_len) nibble1 = nibble1 << 4; cursor++; if (g_ascii_isdigit(*cursor)) { - tmp = *cursor; nibble2 = atoi(&tmp); + tmp[0] = *cursor; + tmp[1] = '\0'; + nibble2 = atoi(tmp); } else if (g_ascii_isalpha(*cursor) && (gint) (*cursor - 87) < 16) { nibble2 = (gint) *cursor - 87; } else { |