Mercurial > pidgin.yaz

changeset 20854:686a492e2b70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Protect from a buffer overrun if we get bogus data back from the request API. Fixes CID 331. There is also a fix to check that the connection returned by the request dialog is still valid before using it.
author Daniel Atallah <daniel.atallah@gmail.com>
date Tue, 09 Oct 2007 23:22:20 +0000
parents 1a44d1a17784
children cfaf74ec93dc
files libpurple/protocols/jabber/usermood.c
diffstat 1 files changed, 21 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/usermood.c	Tue Oct 09 23:09:05 2007 +0000
+++ b/libpurple/protocols/jabber/usermood.c	Tue Oct 09 23:22:20 2007 +0000
@@ -26,6 +26,7 @@
 #include <string.h>
 #include "internal.h"
 #include "request.h"
+#include "debug.h"
 
 static const char *moodstrings[] = {
 	"afraid",
@@ -145,9 +146,26 @@
 }
 
 static void do_mood_set_from_fields(PurpleConnection *gc, PurpleRequestFields *fields) {
-	JabberStream *js = gc->proto_data;
-	
-	jabber_mood_set(js, moodstrings[purple_request_fields_get_choice(fields, "mood")], purple_request_fields_get_string(fields, "text"));
+	JabberStream *js;
+	int max_mood_idx;
+	int selected_mood = purple_request_fields_get_choice(fields, "mood");
+
+	if (!PURPLE_CONNECTION_IS_VALID(gc)) {
+		purple_debug_error("jabber", "Unable to set mood; account offline.\n");
+		return;
+	}
+
+	js = gc->proto_data;
+
+	/* This is ugly, but protects us from unexpected values. */
+	for (max_mood_idx = 0; moodstrings[max_mood_idx]; max_mood_idx++);
+
+	if (selected_mood < 0 || selected_mood >= max_mood_idx) {
+		purple_debug_error("jabber", "Invalid mood index (%d) selected.\n", selected_mood);
+		return;
+	}
+
+	jabber_mood_set(js, moodstrings[selected_mood], purple_request_fields_get_string(fields, "text"));
 }
 
 static void do_mood_set_mood(PurplePluginAction *action) {