view src/protocols/zephyr/ZSendPkt.c @ 14092:58c9f678b77a

[gaim-migrate @ 16717] Fix a bug reported by Jon Oberheide. If there is an extra either 1 or 3 bytes on an incoming oscar message then our ICBM parser gets into an infinite loop. This could open be caused by a malicious server or a man-in-the-middle. committer: Tailor Script <tailor@pidgin.im>
author Mark Doliner <mark@kingant.net>
date Sat, 12 Aug 2006 10:59:13 +0000
parents 7c2e2c4d45a4
children
line wrap: on
line source

/* This file is part of the Project Athena Zephyr Notification System.
 * It contains source for the ZSendPacket function.
 *
 *	Created by:	Robert French
 *
 *	Copyright (c) 1987,1991 by the Massachusetts Institute of Technology.
 *	For copying and distribution information, see the file
 *	"mit-copyright.h". 
 */

#include "internal.h"
#ifdef WIN32
#include <winsock.h>
#else
#include <sys/socket.h>
#endif

static int wait_for_hmack(ZNotice_t *notice, void *uid);

Code_t ZSendPacket(packet, len, waitforack)
    char *packet;
    int len;
    int waitforack;
{
    Code_t retval;
    struct sockaddr_in dest;
    ZNotice_t notice, acknotice;
	
    if (!packet || len < 0)
	return (ZERR_ILLVAL);

    if (len > Z_MAXPKTLEN)
	return (ZERR_PKTLEN);
    
    if (ZGetFD() < 0)
	if ((retval = ZOpenPort((unsigned short *)0)) != ZERR_NONE)
	    return (retval);

    dest = ZGetDestAddr();
	
    if (sendto(ZGetFD(), packet, len, 0, (struct sockaddr *)&dest,
	       sizeof(dest)) < 0)
	return (errno);

    if (!waitforack)
	return (ZERR_NONE);

    if ((retval = ZParseNotice(packet, len, &notice)) != ZERR_NONE)
	return (retval);
    
    retval = Z_WaitForNotice (&acknotice, wait_for_hmack, &notice.z_uid,
			      HM_TIMEOUT);
    if (retval == ETIMEDOUT)
      return ZERR_HMDEAD;
    if (retval == ZERR_NONE)
      ZFreeNotice (&acknotice);
    return retval;
}

static int wait_for_hmack(ZNotice_t *notice, void *uid)
{
    return (notice->z_kind == HMACK && ZCompareUID(&notice->z_uid, (ZUnique_Id_t *)uid));
}