# HG changeset patch # User Mark Doliner # Date 1317800000 0 # Node ID 44fc11beefabb7c94b3989231219895f15dc353c # Parent 952120a8ee023ed98967043111827ee3f515d962# Parent f044a5bdb3c663819d014f5037e743444a8fd95f propagate from branch 'im.pidgin.pidgin.2.x.y' (head b9c74c3f836a7a1a64710fc8244c9ec1f3f21b97) to branch 'im.pidgin.pidgin' (head fcd1b3766ec3998ed589bfddde2bffefd9d99e65) diff -r f044a5bdb3c6 -r 44fc11beefab ChangeLog --- a/ChangeLog Sun Oct 02 02:37:56 2011 +0000 +++ b/ChangeLog Wed Oct 05 07:33:20 2011 +0000 @@ -19,6 +19,12 @@ to the core (and UIs) as incoming messages (Thijs Alkemade). (#14529) +version 2.10.1 (??/??/????): + SILC: + * Fix CVE-2011-3594, by UTF-8 validating incoming messages before + passing them to glib or libpurple. Identified by Diego Bauche + Madero from IOActive. (#14636) + version 2.10.0 (08/18/2011): Pidgin: * Make the max size of incoming smileys a pref instead of hardcoding it. diff -r f044a5bdb3c6 -r 44fc11beefab libpurple/protocols/gg/Makefile.am --- a/libpurple/protocols/gg/Makefile.am Sun Oct 02 02:37:56 2011 +0000 +++ b/libpurple/protocols/gg/Makefile.am Wed Oct 05 07:33:20 2011 +0000 @@ -61,11 +61,11 @@ lib/sha1.c INTGG_CFLAGS = -I$(top_srcdir)/libpurple/protocols/gg/lib -DGG_IGNORE_DEPRECATED -DUSE_INTERNAL_LIBGADU +endif if USE_GNUTLS GADU_LIBS += $(GNUTLS_LIBS) -endif - +GADU_CFLAGS += $(GNUTLS_CFLAGS) endif GGSOURCES = \ diff -r f044a5bdb3c6 -r 44fc11beefab libpurple/protocols/irc/parse.c --- a/libpurple/protocols/irc/parse.c Sun Oct 02 02:37:56 2011 +0000 +++ b/libpurple/protocols/irc/parse.c Wed Oct 05 07:33:20 2011 +0000 @@ -708,7 +708,14 @@ switch (fmt[i]) { case 'v': if (!(end = strchr(cur, ' '))) end = cur + strlen(cur); - args[i] = g_strndup(cur, end - cur); + /* This is a string of unknown encoding which we do not + * want to transcode, but it may or may not be valid + * UTF-8, so we'll salvage it. If a nick/channel/target + * field has inadvertently been marked verbatim, this + * could cause weirdness. */ + tmp = g_strndup(cur, end - cur); + args[i] = purple_utf8_salvage(tmp); + g_free(tmp); cur += end - cur; break; case 't': @@ -726,7 +733,9 @@ cur = cur + strlen(cur); break; case '*': - args[i] = g_strdup(cur); + /* Ditto 'v' above; we're going to salvage this in case + * it leaks past the IRC prpl */ + args[i] = purple_utf8_salvage(cur); cur = cur + strlen(cur); break; default: diff -r f044a5bdb3c6 -r 44fc11beefab libpurple/protocols/sametime/sametime.c --- a/libpurple/protocols/sametime/sametime.c Sun Oct 02 02:37:56 2011 +0000 +++ b/libpurple/protocols/sametime/sametime.c Wed Oct 05 07:33:20 2011 +0000 @@ -171,10 +171,10 @@ /* debugging output */ -#define DEBUG_ERROR(a...) purple_debug_error(G_LOG_DOMAIN, a) -#define DEBUG_INFO(a...) purple_debug_info(G_LOG_DOMAIN, a) -#define DEBUG_MISC(a...) purple_debug_misc(G_LOG_DOMAIN, a) -#define DEBUG_WARN(a...) purple_debug_warning(G_LOG_DOMAIN, a) +#define DEBUG_ERROR(...) purple_debug_error(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_INFO(...) purple_debug_info(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_MISC(...) purple_debug_misc(G_LOG_DOMAIN, __VA_ARGS__) +#define DEBUG_WARN(...) purple_debug_warning(G_LOG_DOMAIN, __VA_ARGS__) /** ensure non-null strings */ @@ -927,6 +927,11 @@ return NULL; } + if (!name) { + DEBUG_WARN("Can't ensure a null group\n"); + return NULL; + } + DEBUG_INFO("attempting to ensure group %s, called %s\n", NSTR(name), NSTR(alias)); @@ -2219,7 +2224,7 @@ static void ft_send(struct mwFileTransfer *ft, FILE *fp) { guchar buf[MW_FT_LEN]; - struct mwOpaque o = { .data = buf, .len = MW_FT_LEN }; + struct mwOpaque o = { MW_FT_LEN, buf }; guint32 rem; PurpleXfer *xfer; @@ -3685,49 +3690,6 @@ static void mw_prpl_login(PurpleAccount *acct); -static void prompt_host_cancel_cb(PurpleConnection *gc) { - const char *msg = _("No Sametime Community Server specified"); - purple_connection_error(gc, - PURPLE_CONNECTION_ERROR_INVALID_SETTINGS, - msg); -} - - -static void prompt_host_ok_cb(PurpleConnection *gc, const char *host) { - if(host && *host) { - PurpleAccount *acct = purple_connection_get_account(gc); - purple_account_set_string(acct, MW_KEY_HOST, host); - mw_prpl_login(acct); - - } else { - prompt_host_cancel_cb(gc); - } -} - - -static void prompt_host(PurpleConnection *gc) { - PurpleAccount *acct; - const char *msgA; - char *msg; - - acct = purple_connection_get_account(gc); - msgA = _("No host or IP address has been configured for the" - " Meanwhile account %s. Please enter one below to" - " continue logging in."); - msg = g_strdup_printf(msgA, NSTR(purple_account_get_username(acct))); - - purple_request_input(gc, _("Meanwhile Connection Setup"), - _("No Sametime Community Server Specified"), msg, - MW_PLUGIN_DEFAULT_HOST, FALSE, FALSE, NULL, - _("Connect"), G_CALLBACK(prompt_host_ok_cb), - _("Cancel"), G_CALLBACK(prompt_host_cancel_cb), - acct, NULL, NULL, - gc); - - g_free(msg); -} - - static void mw_prpl_login(PurpleAccount *account) { PurpleConnection *gc; struct mwPurplePluginData *pd; @@ -3759,7 +3721,9 @@ /* somehow, we don't have a host to connect to. Well, we need one to actually continue, so let's ask the user directly. */ g_free(user); - prompt_host(gc); + purple_connection_error_reason(gc, + PURPLE_CONNECTION_ERROR_INVALID_SETTINGS, + _("A server is required to connect this account")); return; } @@ -5790,6 +5754,7 @@ static void mw_plugin_init(PurplePlugin *plugin) { + PurpleAccountUserSplit *split; PurpleAccountOption *opt; GList *l = NULL; @@ -5800,15 +5765,15 @@ purple_prefs_add_none(MW_PRPL_OPT_BASE); purple_prefs_add_int(MW_PRPL_OPT_BLIST_ACTION, BLIST_CHOICE_DEFAULT); + /* set up account ID as user:server */ + split = purple_account_user_split_new(_("Server"), + MW_PLUGIN_DEFAULT_HOST, ':'); + mw_prpl_info.user_splits = g_list_append(mw_prpl_info.user_splits, split); + /* remove dead preferences */ purple_prefs_remove(MW_PRPL_OPT_PSYCHIC); purple_prefs_remove(MW_PRPL_OPT_SAVE_DYNAMIC); - /* host to connect to */ - opt = purple_account_option_string_new(_("Server"), MW_KEY_HOST, - MW_PLUGIN_DEFAULT_HOST); - l = g_list_append(l, opt); - /* port to connect to */ opt = purple_account_option_int_new(_("Port"), MW_KEY_PORT, MW_PLUGIN_DEFAULT_PORT); diff -r f044a5bdb3c6 -r 44fc11beefab libpurple/protocols/silc/ops.c --- a/libpurple/protocols/silc/ops.c Sun Oct 02 02:37:56 2011 +0000 +++ b/libpurple/protocols/silc/ops.c Wed Oct 05 07:33:20 2011 +0000 @@ -408,9 +408,16 @@ } if (flags & SILC_MESSAGE_FLAG_UTF8) { - tmp = g_markup_escape_text((const char *)message, -1); + const char *msg = (const char *)message; + char *salvaged = NULL; + if (!g_utf8_validate((const char *)message, -1, NULL)) { + salvaged = purple_utf8_salvage((const char *)message); + msg = salvaged; + } + tmp = g_markup_escape_text(msg, -1); /* Send to Purple */ serv_got_im(gc, sender->nickname, tmp, 0, time(NULL)); + g_free(salvaged); g_free(tmp); } }