Mercurial > pidgin.yaz
comparison src/protocols/yahoo/yahoo.c @ 8118:52089b055c12
[gaim-migrate @ 8822]
"Hi over there... just found another overflow while creating
patches for gaim-cvs and 0.75 for all vulnerabilities I have
found. The new overflow is in gaim_url_parse a sscanf without
sizechecks into stackbuffers.
I think you can apply the patches directly and all vulnerabilities
are gone..." -- Stefan Esser
" Using 0.75, looking at the logs for conversations I've
had since upgrading, I discovered that the formating
(font, color, size) of the text was not showing up.
Looking at the actual HTML in the log files I discovered
that the use of tags has replaced with
tags and inline CSS, this formatting shows up fine when
viewing the logs using a browser such as Mozilla, but
not in the Gaim log viewer.
Here, I fixed my own bug in 0.75 and then fixed it in 0.76cvs
so I could give you the diff.
Actually tested it in 0.76cvs, apparently all the font handling
stuff is a bit screwy, but you might as well add my work so
when it's back to normal the log viewer is consistent with the
log files." --Douglas (douglaswth) Thrift
(18:10:53) Me: look at that html patch
(18:11:02) seanegn: I did last night
(18:11:06) Me: and?
(18:12:35) Me: can it go in?
(18:17:33) ***Me senses he is being ignored
(18:18:50) seanegn: haha, no.
(18:18:59) seanegn: It looked like it should be good. Do you want to
commit it?
(18:19:04) Me: i can do that yes
(18:19:14) Me: i'm looking at if the overflow patch compiles currently
(18:19:24) seanegn: do that one too
(18:19:27) Me: :-)
(18:19:48) seanegn: Why do I have a feeling that this conversation
(including this line) is going to be part of a commit log message?
(18:19:53) seanegn: Hi, gaim-commits!
(18:19:56) Me: lol
(18:20:25) Me: *inocently* would i do that?
(18:20:31) Me: :-P
committer: Tailor Script <tailor@pidgin.im>
| author | Luke Schierer <lschiere@pidgin.im> |
|---|---|
| date | Thu, 15 Jan 2004 23:26:07 +0000 |
| parents | d60272410bd5 |
| children | abbfed0b0050 |
comparison
equal
deleted
inserted
replaced
| 8117:e280d73ed07f | 8118:52089b055c12 |
|---|---|
| 129 | 129 |
| 130 x = 0; | 130 x = 0; |
| 131 while (pos + 1 < len) { | 131 while (pos + 1 < len) { |
| 132 if (data[pos] == 0xc0 && data[pos + 1] == 0x80) | 132 if (data[pos] == 0xc0 && data[pos + 1] == 0x80) |
| 133 break; | 133 break; |
| 134 if (x >= sizeof(key)-1) { | |
| 135 x++; | |
| 136 continue; | |
| 137 } | |
| 134 key[x++] = data[pos++]; | 138 key[x++] = data[pos++]; |
| 139 } | |
| 140 if (x >= sizeof(key)-1) { | |
| 141 x = 0; | |
| 135 } | 142 } |
| 136 key[x] = 0; | 143 key[x] = 0; |
| 137 pos += 2; | 144 pos += 2; |
| 138 pair->key = strtol(key, NULL, 10); | 145 pair->key = strtol(key, NULL, 10); |
| 139 accept = x; /* if x is 0 there was no key, so don't accept it */ | 146 accept = x; /* if x is 0 there was no key, so don't accept it */ |
| 871 #define OUT_CHARSET "utf-8" | 878 #define OUT_CHARSET "utf-8" |
| 872 | 879 |
| 873 static char *yahoo_decode(const char *text) | 880 static char *yahoo_decode(const char *text) |
| 874 { | 881 { |
| 875 char *converted; | 882 char *converted; |
| 876 char *p, *n, *new; | 883 char *p, *n, *new, *end; |
| 877 int i; | 884 int i; |
| 878 | 885 |
| 879 n = new = g_malloc(strlen (text) + 1); | 886 n = new = g_malloc(strlen (text) + 1); |
| 880 | 887 end = text + strlen(text); |
| 881 for (p = (char *)text; *p; p++, n++) { | 888 |
| 889 for (p = (char *)text; p < end; p++, n++) { | |
| 882 if (*p == '\\') { | 890 if (*p == '\\') { |
| 883 sscanf(p + 1, "%3o\n", &i); | 891 sscanf(p + 1, "%3o\n", &i); |
| 884 *n = (char)i; | 892 *n = (char)i; |
| 885 p += 3; | 893 p += 3; |
| 886 } | 894 } |
| 1906 static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) | 1914 static void yahoo_web_pending(gpointer data, gint source, GaimInputCondition cond) |
| 1907 { | 1915 { |
| 1908 GaimConnection *gc = data; | 1916 GaimConnection *gc = data; |
| 1909 GaimAccount *account = gaim_connection_get_account(gc); | 1917 GaimAccount *account = gaim_connection_get_account(gc); |
| 1910 struct yahoo_data *yd = gc->proto_data; | 1918 struct yahoo_data *yd = gc->proto_data; |
| 1911 char buf[1024], buf2[256], *i = buf, *r = buf2; | 1919 char buf[1024], buf2[256], *i = buf, *r = buf2, *rend; |
| 1912 int len, o = 0; | 1920 int len, o = 0; |
| 1913 | 1921 |
| 1914 len = read(source, buf, sizeof(buf)); | 1922 len = read(source, buf, sizeof(buf)-1); |
| 1915 if (len <= 0 || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) { | 1923 if (len <= 0 || strncmp(buf, "HTTP/1.0 302", strlen("HTTP/1.0 302"))) { |
| 1916 gaim_connection_error(gc, _("Unable to read")); | 1924 gaim_connection_error(gc, _("Unable to read")); |
| 1917 return; | 1925 return; |
| 1918 } | 1926 } |
| 1919 | 1927 buf[sizeof(buf)-1] = '\0'; |
| 1920 while ((i = strstr(i, "Set-Cookie: ")) && 0 < 2) { | 1928 buf2[0] = '\0'; |
| 1929 rend = r + sizeof(buf2); | |
| 1930 | |
| 1931 while ((i = strstr(i, "Set-Cookie: ")) && o < 2) { | |
| 1921 i += strlen("Set-Cookie: "); | 1932 i += strlen("Set-Cookie: "); |
| 1922 for (;*i != ';'; r++, i++) { | 1933 for (;*i != ';' && r < rend; r++, i++) { |
| 1923 *r = *i; | 1934 *r = *i; |
| 1935 } | |
| 1936 if (r >= rend-2) { | |
| 1937 *r = '\0'; | |
| 1938 r = buf2; | |
| 1924 } | 1939 } |
| 1925 *r=';'; | 1940 *r=';'; |
| 1926 r++; | 1941 r++; |
| 1927 *r=' '; | 1942 *r=' '; |
| 1928 r++; | 1943 r++; |
| 1929 o++; | 1944 o++; |
| 1930 } | 1945 } |
| 1931 /* Get rid of that "; " */ | 1946 /* Get rid of that "; " */ |
| 1932 *(r-2) = '\0'; | 1947 if (r > buf2) { |
| 1948 *(r-2) = '\0'; | |
| 1949 } | |
| 1933 yd->auth = g_strdup(buf2); | 1950 yd->auth = g_strdup(buf2); |
| 1934 gaim_input_remove(gc->inpa); | 1951 gaim_input_remove(gc->inpa); |
| 1935 close(source); | 1952 close(source); |
| 1936 /* Now we have our cookies to login with. I'll go get the milk. */ | 1953 /* Now we have our cookies to login with. I'll go get the milk. */ |
| 1937 if (gaim_proxy_connect(account, "wcs2.msg.dcn.yahoo.com", | 1954 if (gaim_proxy_connect(account, "wcs2.msg.dcn.yahoo.com", |
| 1974 { | 1991 { |
| 1975 GHashTable *hash = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); | 1992 GHashTable *hash = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); |
| 1976 const char *c = buf; | 1993 const char *c = buf; |
| 1977 char *d; | 1994 char *d; |
| 1978 char name[64], value[64]; | 1995 char name[64], value[64]; |
| 1996 int count = sizeof(name)-1; | |
| 1979 while ((c < (buf + len)) && (c = strstr(c, "<input "))) { | 1997 while ((c < (buf + len)) && (c = strstr(c, "<input "))) { |
| 1980 c = strstr(c, "name=\"") + strlen("name=\""); | 1998 c = strstr(c, "name=\"") + strlen("name=\""); |
| 1981 for (d = name; *c!='"'; c++, d++) | 1999 for (d = name; *c!='"' && count; c++, d++, count--) |
| 1982 *d = *c; | 2000 *d = *c; |
| 1983 *d = '\0'; | 2001 *d = '\0'; |
| 2002 count = sizeof(value)-1; | |
| 1984 d = strstr(c, "value=\"") + strlen("value=\""); | 2003 d = strstr(c, "value=\"") + strlen("value=\""); |
| 1985 if (strchr(c, '>') < d) | 2004 if (strchr(c, '>') < d) |
| 1986 break; | 2005 break; |
| 1987 for (c = d, d = value; *c!='"'; c++, d++) | 2006 for (c = d, d = value; *c!='"' && count; c++, d++, count--) |
| 1988 *d = *c; | 2007 *d = *c; |
| 1989 *d = '\0'; | 2008 *d = '\0'; |
| 1990 g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); | 2009 g_hash_table_insert(hash, g_strdup(name), g_strdup(value)); |
| 1991 } | 2010 } |
| 1992 return hash; | 2011 return hash; |