Mercurial > pidgin.yaz
comparison libpurple/protocols/jabber/usermood.c @ 20854:686a492e2b70
Protect from a buffer overrun if we get bogus data back from the request API. Fixes CID 331. There is also a fix to check that the connection returned by the request dialog is still valid before using it.
| author | Daniel Atallah <daniel.atallah@gmail.com> |
|---|---|
| date | Tue, 09 Oct 2007 23:22:20 +0000 |
| parents | ab38146f8f78 |
| children | 787b3897ba9f 7821fa7b22db fc80a99f6f40 |
comparison
equal
deleted
inserted
replaced
| 20853:1a44d1a17784 | 20854:686a492e2b70 |
|---|---|
| 24 #include "usermood.h" | 24 #include "usermood.h" |
| 25 #include "pep.h" | 25 #include "pep.h" |
| 26 #include <string.h> | 26 #include <string.h> |
| 27 #include "internal.h" | 27 #include "internal.h" |
| 28 #include "request.h" | 28 #include "request.h" |
| 29 #include "debug.h" | |
| 29 | 30 |
| 30 static const char *moodstrings[] = { | 31 static const char *moodstrings[] = { |
| 31 "afraid", | 32 "afraid", |
| 32 "amazed", | 33 "amazed", |
| 33 "angry", | 34 "angry", |
| 143 jabber_add_feature("mood", "http://jabber.org/protocol/mood", jabber_pep_namespace_only_when_pep_enabled_cb); | 144 jabber_add_feature("mood", "http://jabber.org/protocol/mood", jabber_pep_namespace_only_when_pep_enabled_cb); |
| 144 jabber_pep_register_handler("moodn", "http://jabber.org/protocol/mood", jabber_mood_cb); | 145 jabber_pep_register_handler("moodn", "http://jabber.org/protocol/mood", jabber_mood_cb); |
| 145 } | 146 } |
| 146 | 147 |
| 147 static void do_mood_set_from_fields(PurpleConnection *gc, PurpleRequestFields *fields) { | 148 static void do_mood_set_from_fields(PurpleConnection *gc, PurpleRequestFields *fields) { |
| 148 JabberStream *js = gc->proto_data; | 149 JabberStream *js; |
| 149 | 150 int max_mood_idx; |
| 150 jabber_mood_set(js, moodstrings[purple_request_fields_get_choice(fields, "mood")], purple_request_fields_get_string(fields, "text")); | 151 int selected_mood = purple_request_fields_get_choice(fields, "mood"); |
| 152 | |
| 153 if (!PURPLE_CONNECTION_IS_VALID(gc)) { | |
| 154 purple_debug_error("jabber", "Unable to set mood; account offline.\n"); | |
| 155 return; | |
| 156 } | |
| 157 | |
| 158 js = gc->proto_data; | |
| 159 | |
| 160 /* This is ugly, but protects us from unexpected values. */ | |
| 161 for (max_mood_idx = 0; moodstrings[max_mood_idx]; max_mood_idx++); | |
| 162 | |
| 163 if (selected_mood < 0 || selected_mood >= max_mood_idx) { | |
| 164 purple_debug_error("jabber", "Invalid mood index (%d) selected.\n", selected_mood); | |
| 165 return; | |
| 166 } | |
| 167 | |
| 168 jabber_mood_set(js, moodstrings[selected_mood], purple_request_fields_get_string(fields, "text")); | |
| 151 } | 169 } |
| 152 | 170 |
| 153 static void do_mood_set_mood(PurplePluginAction *action) { | 171 static void do_mood_set_mood(PurplePluginAction *action) { |
| 154 PurpleConnection *gc = (PurpleConnection *) action->context; | 172 PurpleConnection *gc = (PurpleConnection *) action->context; |
| 155 | 173 |