# HG changeset patch # User Rob Flynn # Date 1040675572 0 # Node ID 69c049c48a96fa7f722f73864682ac3b90ac4c63 # Parent 697217b52ebdcb94aa33ec7e52d0ae1c2d4c0938 [gaim-migrate @ 4338] Matt's patch is more thorough committer: Tailor Script diff -r 697217b52ebd -r 69c049c48a96 ChangeLog --- a/ChangeLog Mon Dec 23 20:29:00 2002 +0000 +++ b/ChangeLog Mon Dec 23 20:32:52 2002 +0000 @@ -104,8 +104,8 @@ window (Thanks, Christian Hammond) * Ability to add screenname@mac.com people to AIM buddy lists (Thanks, Graham Booker) - * Fixed crashbug on empty rvous requests, thanks Brandon Scott (Xeon) for - being the first to point this out + * Fixed crashbug on empty rvous requests, thanks Brandon Scott (Xeon) and + Matt Pandina for pointing this out (Brandon) and for the patch (Matt) version 0.59 (06/24/2002): * Hungarian translation added (Thanks, Sutto Zoltan) diff -r 697217b52ebd -r 69c049c48a96 src/protocols/oscar/oscar.c --- a/src/protocols/oscar/oscar.c Mon Dec 23 20:29:00 2002 +0000 +++ b/src/protocols/oscar/oscar.c Mon Dec 23 20:32:52 2002 +0000 @@ -220,14 +220,14 @@ } static char *extract_name(const char *name) { - char *tmp; + char *tmp, *x; int i, j; - char *x; if (!name) - return NULL; - + return NULL; + x = strchr(name, '-'); + if (!x) return NULL; x = strchr(++x, '-'); if (!x) return NULL; @@ -1764,6 +1764,10 @@ struct icon_req *ir = NULL; GSList *h = od->hasicons; char *who = normalize(userinfo->sn); + + if (!args->iconlen || !args->iconsum || !args->iconstamp) + return 1; + debug_printf("%s has an icon\n", userinfo->sn); while (h) { ir = h->data; @@ -1813,6 +1817,10 @@ * means that either the incoming ICBM is corrupted or * there is something we don't understand about it. */ /* For the record, AIM Unicode is big-endian UCS-2 */ + + if (!args->msg || !args->msglen) + return 1; + tmp = g_convert(args->msg, args->msglen, "UTF-8", "UCS-2BE", NULL, &convlen, &err); if (err) { debug_printf("Unicode IM conversion: %s\n", err->message); @@ -1829,6 +1837,10 @@ if (args->icbmflags & AIM_IMFLAGS_ISO_8859_1) { debug_printf ("Received ISO-8859-1 IM\n"); } + + if (!args->msg || !args->msglen) + return 1; + tmp = g_convert(args->msg, args->msglen, "UTF-8", "ISO-8859-1", NULL, &convlen, &err); if (err) { debug_printf("ISO-8859-1 IM conversion: %s\n", err->message); @@ -1856,11 +1868,16 @@ static int incomingim_chan2(aim_session_t *sess, aim_conn_t *conn, aim_userinfo_t *userinfo, struct aim_incomingim_ch2_args *args) { struct gaim_connection *gc = sess->aux_data; + if (!args) + return 0; + debug_printf("rendezvous status %d (%s)\n", args->status, userinfo->sn); if (args->status == AIM_RENDEZVOUS_CANCEL) { struct oscar_file_transfer *oft; + if (!args->cookie) + return 1; oft = find_oft_by_cookie(gc, args->cookie); if (oft) { transfer_abort(oft->xfer, _("Buddy canceled transfer")); @@ -1881,17 +1898,14 @@ } if (args->reqclass & AIM_CAPS_CHAT) { - char *name = extract_name(args->info.chat.roominfo.name); + char *name; int *exch; - - if (!name) { - /* Well, something weird must've happened here, let's run to church */ - debug_printf("somebody tried to kick you in the balls.\n"); - return 0; - } + GList *m = NULL; + if (!args->info.chat.roominfo.name || !args->info.chat.roominfo.exchange || !args->msg) + return 1; + name = extract_name(args->info.chat.roominfo.name); exch = g_new0(int, 1); - GList *m = NULL; m = g_list_append(m, g_strdup(name ? name : args->info.chat.roominfo.name)); *exch = args->info.chat.roominfo.exchange; m = g_list_append(m, exch); @@ -1906,6 +1920,10 @@ struct oscar_file_transfer *oft; struct oscar_data *od = gc->proto_data; + if (!args->cookie || !args->verifiedip || !args->port || + !args->info.sendfile.filename || !args->info.sendfile.totsize || + !args->info.sendfile.totfiles || !args->msg || !args->reqclass) + return 1; if ((oft = find_oft_by_cookie(sess->aux_data, args->cookie))) { /* This is a request for a reverse connection, @@ -2049,6 +2067,9 @@ GError *err = NULL; int i; + if (!args->type || !args->msg || !args->uin) + return 1; + debug_printf("Received a channel 4 message of type %d.\n", args->type); /* Split up the message at the delimeter character, then convert each string to UTF-8 */