Mercurial > pidgin.yaz

diff src/protocols/oscar/tlv.c @ 3459:d82f53194f09

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 3507] DANCE! committer: Tailor Script <tailor@pidgin.im>
author Sean Egan <seanegan@gmail.com>
date Wed, 28 Aug 2002 07:24:12 +0000
parents 6d62d4520460
children e73c48cf1645
line wrap: on
line diff
--- a/src/protocols/oscar/tlv.c	Wed Aug 28 06:48:14 2002 +0000
+++ b/src/protocols/oscar/tlv.c	Wed Aug 28 07:24:12 2002 +0000
@@ -46,9 +46,9 @@
 faim_internal aim_tlvlist_t *aim_readtlvchain(aim_bstream_t *bs)
 {
 	aim_tlvlist_t *list = NULL, *cur;
-	fu16_t type, length;
-
-	while (aim_bstream_empty(bs)) {
+	
+	while (aim_bstream_empty(bs) > 0) {
+		fu16_t type, length;
 
 		type = aimbs_get16(bs);
 		length = aimbs_get16(bs);
@@ -70,13 +70,35 @@
 #endif
 		else {
 
+			if (length > aim_bstream_empty(bs)) {
+				aim_freetlvchain(&list);
+				return NULL;
+			}
+
 			cur = (aim_tlvlist_t *)malloc(sizeof(aim_tlvlist_t));
+			if (!cur) {
+				aim_freetlvchain(&list);
+				return NULL;
+			}
+
 			memset(cur, 0, sizeof(aim_tlvlist_t));
 
-			cur->tlv = createtlv();	
+			cur->tlv = createtlv();
+			if (!cur->tlv) {
+				free(cur);
+				aim_freetlvchain(&list);
+				return NULL;
+			}
 			cur->tlv->type = type;
-			if ((cur->tlv->length = length))
+			if ((cur->tlv->length = length)) {
 			       cur->tlv->value = aimbs_getraw(bs, length);	
+			       if (!cur->tlv->value) {
+				       freetlv(&cur->tlv);
+				       free(cur);
+				       aim_freetlvchain(&list);
+				       return NULL;
+			       }
+			}
 
 			cur->next = list;
 			list = cur;