Mercurial > pidgin.yaz

diff libpurple/protocols/msn/nexus.c @ 23752:019d5ae3ad72

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use MIN(strlen(password), 16) for MSN because g_markup_escape_text will try to use all 16 bytes instead of stopping at NUL termination.
author Elliott Sales de Andrade <qulogic@pidgin.im>
date Sun, 10 Aug 2008 22:08:39 +0000
parents 7e2673925be6
children 25667ca518d6
line wrap: on
line diff
--- a/libpurple/protocols/msn/nexus.c	Sun Aug 10 05:11:59 2008 +0000
+++ b/libpurple/protocols/msn/nexus.c	Sun Aug 10 22:08:39 2008 +0000
@@ -379,7 +379,8 @@
 {
 	MsnSession *session = nexus->session;
 	const char *username;
-	char *password;
+	const char *password;
+	char *password_xml;
 	GString *domains;
 	char *request;
 	int i;
@@ -390,7 +391,8 @@
 	msn_session_set_login_step(session, MSN_LOGIN_STEP_GET_COOKIE);
 
 	username = purple_account_get_username(session->account);
-	password = g_markup_escape_text(purple_connection_get_password(session->account->gc), 16);
+	password = purple_connection_get_password(session->account->gc);
+	password_xml = g_markup_escape_text(password, MIN(strlen(password), 16));
 
 	purple_debug_info("msn", "Logging on %s, with policy '%s', nonce '%s'\n",
 	                  username, nexus->policy, nexus->nonce);
@@ -405,8 +407,8 @@
 		                           nexus->policy);
 	}
 
-	request = g_strdup_printf(MSN_SSO_TEMPLATE, username, password, domains->str);
-	g_free(password);
+	request = g_strdup_printf(MSN_SSO_TEMPLATE, username, password_xml, domains->str);
+	g_free(password_xml);
 	g_string_free(domains, TRUE);
 
 	soap = msn_soap_message_new(NULL, xmlnode_from_str(request, -1));