Mercurial > pidgin.yaz
annotate libpurple/protocols/jabber/jutil.h @ 30702:6829b27ee4c8
This patch attempts to fix four bugs in the oscar protocol plugin that
were introduced with the X-Status code in Pidgin 2.7.0.
Problem #1 (the remotely-triggerable crash):
The crash happens when a buddy sets an xstatus message containing <desc>
but no closing </desc>, or <title> but no closing </title>. The fix
is to check the result of strstr(closing_tag_name) and do nothing if it
is NULL. This is CVE-2010-2528.
Problem #2:
Fixes potential incorrect parsing of the xstatus string that could result
in an incorrect message being displayed to the libpurple user. Happens if
an xstatus message contains </desc> before <desc>, or </title> before
<title>. The fix is to start looking for the closing tag at the end
of the beginning tag rather than at the beginning of the xstatus xml.
Probably not a security problem, but definitely a bug.
Problem #3:
Fixes potential incorrect parsing of the xstatus string that could result
in the title not being shown to the libpurple user. Happens if the close
title tag appears after the desc tag in the xstatus xml, because we add a
null character at the beginning of the close title tag, so strstr() for
the desc tag would stop searching there. Probably not a security problem,
but definitely a bug.
Problem #4:
Fixes potential incorrect display of the xstatus string that could result
in an incorrect message being displayed to the libpurple user. Happens
because we reusing the 'xml' string when preparing the string for the user,
but we copy values from xml to xml. If those values overlap with themselves
or with each other then an incorrect value could be displayed. Probably not
a security problem, but definitely a bug.
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Wed, 21 Jul 2010 02:49:23 +0000 |
| parents | 9f59abd49def |
| children |
| rev | line source |
|---|---|
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
1 /** |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
2 * @file jutil.h utility functions |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
3 * |
| 15823 | 4 * purple |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
5 * |
|
28398
c585572e80dd
Remove specific copyright lines from the XMPP prpl.
Paul Aurich <paul@darkrain42.org>
parents:
27711
diff
changeset
|
6 * Purple is the legal property of its developers, whose names are too numerous |
|
c585572e80dd
Remove specific copyright lines from the XMPP prpl.
Paul Aurich <paul@darkrain42.org>
parents:
27711
diff
changeset
|
7 * to list here. Please refer to the COPYRIGHT file distributed with this |
|
c585572e80dd
Remove specific copyright lines from the XMPP prpl.
Paul Aurich <paul@darkrain42.org>
parents:
27711
diff
changeset
|
8 * source distribution. |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
9 * |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
10 * This program is free software; you can redistribute it and/or modify |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
11 * it under the terms of the GNU General Public License as published by |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
12 * the Free Software Foundation; either version 2 of the License, or |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
13 * (at your option) any later version. |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
14 * |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
15 * This program is distributed in the hope that it will be useful, |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
18 * GNU General Public License for more details. |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
19 * |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
20 * You should have received a copy of the GNU General Public License |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
21 * along with this program; if not, write to the Free Software |
|
19680
44b4e8bd759b
The FSF changed its address a while ago; our files were out of date.
John Bailey <rekkanoryo@rekkanoryo.org>
parents:
15891
diff
changeset
|
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
23 */ |
|
26563
5767b7698c73
Further standardize the sentinel style (did someone say leading _s are theoretically a reserved namespace?)
Paul Aurich <paul@darkrain42.org>
parents:
24641
diff
changeset
|
24 #ifndef PURPLE_JABBER_JUTIL_H_ |
|
5767b7698c73
Further standardize the sentinel style (did someone say leading _s are theoretically a reserved namespace?)
Paul Aurich <paul@darkrain42.org>
parents:
24641
diff
changeset
|
25 #define PURPLE_JABBER_JUTIL_H_ |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
26 |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
27 typedef struct _JabberID { |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
28 char *node; |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
29 char *domain; |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
30 char *resource; |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
31 } JabberID; |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
32 |
|
29449
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
33 typedef enum { |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
34 JABBER_BUDDY_STATE_UNKNOWN = -2, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
35 JABBER_BUDDY_STATE_ERROR = -1, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
36 JABBER_BUDDY_STATE_UNAVAILABLE = 0, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
37 JABBER_BUDDY_STATE_ONLINE, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
38 JABBER_BUDDY_STATE_CHAT, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
39 JABBER_BUDDY_STATE_AWAY, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
40 JABBER_BUDDY_STATE_XA, |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
41 JABBER_BUDDY_STATE_DND |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
42 } JabberBuddyState; |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
43 |
|
27329
b0f0579f5f22
I had to make these changes to get "make check" to run
Mark Doliner <mark@kingant.net>
parents:
27023
diff
changeset
|
44 #include "jabber.h" |
|
b0f0579f5f22
I had to make these changes to get "make check" to run
Mark Doliner <mark@kingant.net>
parents:
27023
diff
changeset
|
45 |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
46 JabberID* jabber_id_new(const char *str); |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
47 void jabber_id_free(JabberID *jid); |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
48 |
|
29110
bc1eb4dacd00
jabber: When getting info on a "bare" domain JID, interpret the value of "last"
Marcus Lundblad <ml@update.uu.se>
parents:
28506
diff
changeset
|
49 char *jabber_get_domain(const char *jid); |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
50 char *jabber_get_resource(const char *jid); |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
51 char *jabber_get_bare_jid(const char *jid); |
|
28506
2e3678cd33a0
jabber: Properly handle adding buddies that contain a resource. Closes #10151.
Paul Aurich <paul@darkrain42.org>
parents:
28398
diff
changeset
|
52 char *jabber_id_get_bare_jid(const JabberID *jid); |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
53 |
|
29110
bc1eb4dacd00
jabber: When getting info on a "bare" domain JID, interpret the value of "last"
Marcus Lundblad <ml@update.uu.se>
parents:
28506
diff
changeset
|
54 gboolean jabber_jid_is_domain(const char *jid); |
|
bc1eb4dacd00
jabber: When getting info on a "bare" domain JID, interpret the value of "last"
Marcus Lundblad <ml@update.uu.se>
parents:
28506
diff
changeset
|
55 |
| 15823 | 56 const char *jabber_normalize(const PurpleAccount *account, const char *in); |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
57 |
|
27023
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
58 /* Returns true if JID is the bare JID of our server. */ |
|
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
59 gboolean jabber_is_own_server(JabberStream *js, const char *jid); |
|
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
60 |
|
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
61 /* Returns true if JID is the bare JID of our account. */ |
|
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
62 gboolean jabber_is_own_account(JabberStream *js, const char *jid); |
|
e8795ced8c9b
Add two helper functions useful for matching the 'from' attribute on packets to either our server or our account.
Paul Aurich <paul@darkrain42.org>
parents:
26563
diff
changeset
|
63 |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
64 gboolean jabber_nodeprep_validate(const char *); |
|
27546
e90fa379fcec
Validate IPv6 identifiers in the domain portion of a JID.
Paul Aurich <paul@darkrain42.org>
parents:
27540
diff
changeset
|
65 gboolean jabber_domain_validate(const char *); |
|
15374
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
66 gboolean jabber_resourceprep_validate(const char *); |
|
5fe8042783c1
Rename gtk/ and libgaim/ to pidgin/ and libpurple/
Sean Egan <seanegan@gmail.com>
parents:
diff
changeset
|
67 |
|
29099
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
68 /** |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
69 * Apply the SASLprep profile of stringprep to the string passed in. |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
70 * |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
71 * @returns A newly allocated string containing the normalized version |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
72 * of the input, or NULL if an error occurred (the string could |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
73 * not be normalized) |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
74 */ |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
75 char *jabber_saslprep(const char *); |
|
464d022d7d6e
jabber: Add SASLprep and the username substitution called for in draft-ietf-sasl-scram-10 5.1.
Paul Aurich <paul@darkrain42.org>
parents:
28506
diff
changeset
|
76 |
|
29449
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
77 /* state -> readable name */ |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
78 const char *jabber_buddy_state_get_name(JabberBuddyState state); |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
79 /* state -> core id */ |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
80 const char *jabber_buddy_state_get_status_id(JabberBuddyState state); |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
81 /* state -> show attr (for presence stanza) */ |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
82 const char *jabber_buddy_state_get_show(JabberBuddyState state); |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
83 /* core id -> state */ |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
84 JabberBuddyState jabber_buddy_status_id_get_state(const char *id); |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
85 /* show attr (presence stanza) -> state */ |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
86 JabberBuddyState jabber_buddy_show_get_state(const char *id); |
|
73e4c14921e4
jabber: Move those functions to jutil.[ch]
Paul Aurich <paul@darkrain42.org>
parents:
29406
diff
changeset
|
87 |
|
30031
9f59abd49def
jabber: Validate the hash on incoming BoB objects (in case the CID is on the
Marcus Lundblad <ml@update.uu.se>
parents:
29449
diff
changeset
|
88 char *jabber_calculate_data_hash(gconstpointer data, size_t len, |
|
9f59abd49def
jabber: Validate the hash on incoming BoB objects (in case the CID is on the
Marcus Lundblad <ml@update.uu.se>
parents:
29449
diff
changeset
|
89 const gchar *hash_algo); |
|
26563
5767b7698c73
Further standardize the sentinel style (did someone say leading _s are theoretically a reserved namespace?)
Paul Aurich <paul@darkrain42.org>
parents:
24641
diff
changeset
|
90 #endif /* PURPLE_JABBER_JUTIL_H_ */ |