Mercurial > pidgin.yaz

changeset 6306:69c9b6e63a98

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
[gaim-migrate @ 6805] This fixes a crash sending toc messages with certain characters. I broke it in the great constification of 0.64cvs. http://sourceforge.net/tracker/?group_id=235&atid=100235&func=detail&aid=775318 committer: Tailor Script <tailor@pidgin.im>
author Mark Doliner <mark@kingant.net>
date Sat, 26 Jul 2003 15:57:07 +0000
parents 1fbdca69a25e
children 55588b222901
files src/protocols/toc/toc.c
diffstat 1 files changed, 89 insertions(+), 75 deletions(-) [+]
line wrap: on
line diff
--- a/src/protocols/toc/toc.c	Sat Jul 26 13:14:05 2003 +0000
+++ b/src/protocols/toc/toc.c	Sat Jul 26 15:57:07 2003 +0000
@@ -288,35 +288,45 @@
 	}
 }
 
-static int escape_message(char *msg)
+char *escape_message(const char *msg)
 {
-	char *c, *cpy;
-	int cnt = 0;
-	/* Assumes you have a buffer able to cary at least BUF_LEN * 2 bytes */
-	if (strlen(msg) > BUF_LEN) {
-		debug_printf("Warning:  truncating message to 2048 bytes\n");
-		msg[2047] = '\0';
-	}
+	char *ret;
+	int i, j;
+
+	if (!msg)
+		return NULL;
 
-	cpy = g_strdup(msg);
-	c = cpy;
-	while (*c) {
-		switch (*c) {
-		case '$':
-		case '[':
-		case ']':
-		case '(':
-		case ')':
-			msg[cnt++] = '\\';
-			/* Fall through */
-		default:
-			msg[cnt++] = *c;
+	/* Calculate the length after escaping */
+	for (i=0, j=0; msg[i]; i++)
+		switch (msg[i]) {
+			case '$':
+			case '[':
+			case ']':
+			case '(':
+			case ')':
+				j++;
+			default:
+				j++;
 		}
-		c++;
-	}
-	msg[cnt] = '\0';
-	g_free(cpy);
-	return cnt;
+
+	/* Allocate a string */
+	ret = (char *)malloc((j+1) * sizeof(char));
+
+	/* Copy the string */
+	for (i=0, j=0; msg[i]; i++)
+		switch (msg[i]) {
+			case '$':
+			case '[':
+			case ']':
+			case '(':
+			case ')':
+				ret[j++] = '\\';
+			default:
+				ret[j++] = msg[i];
+			}
+	ret[j] = '\0';
+
+	return ret;
 }
 
 /*
@@ -332,100 +342,104 @@
 		return NULL;
 
 	/* Calculate the length after escaping */
-	i = 0;
-	j = 0;
-	while (msg[i++])
+	for (i=0, j=0; msg[i]; i++)
 		switch (msg[i]) {
-		case '\n':
-			j += 4;
-			break;
-		case '{':
-		case '}':
-		case '\\':
-		case '"':
-			j += 1;
-		default:
-			j += 1;
+			case '\n':
+				j += 4;
+				break;
+			case '{':
+			case '}':
+			case '\\':
+			case '"':
+				j += 1;
+			default:
+				j += 1;
 		}
 
 	/* Allocate a string */
 	ret = (char *)malloc((j+1) * sizeof(char));
 
 	/* Copy the string */
-	i = 0;
-	j = 0;
-	while (msg[i]) {
+	for (i=0, j=0; msg[i]; i++)
 		switch (msg[i]) {
-		case '\n':
-			ret[j] = '<';
-			ret[j+1] = 'B';
-			ret[j+2] = 'R';
-			ret[j+3] = '>';
-			j += 4;
-			break;
-		case '{':
-		case '}':
-		case '\\':
-		case '"':
-			ret[j] = '\\';
-			j++;
-		default:
-			ret[j] = msg[i];
-			j++;
+			case '\n':
+				ret[j++] = '<';
+				ret[j++] = 'B';
+				ret[j++] = 'R';
+				ret[j++] = '>';
+				break;
+			case '{':
+			case '}':
+			case '\\':
+			case '"':
+				ret[j++] = '\\';
+			default:
+				ret[j++] = msg[i];
 		}
-		i++;
-	}
 	ret[j] = '\0';
 
 	return ret;
 }
 
-static int sflap_send(GaimConnection *gc, char *buf, int olen, int type)
+static int sflap_send(GaimConnection *gc, const char *buf, int olen, int type)
 {
+	struct toc_data *tdt = (struct toc_data *)gc->proto_data;
 	int len;
 	int slen = 0;
+	int ret;
 	struct sflap_hdr hdr;
-	char obuf[MSG_LEN];
-	struct toc_data *tdt = (struct toc_data *)gc->proto_data;
+	char *escaped, *obuf;
 
 	if (tdt->state == STATE_PAUSE)
 		/* TOC has given us the PAUSE message; sending could cause a disconnect
 		 * so we just return here like everything went through fine */
 		return 0;
 
-	if (olen < 0)
-		len = escape_message(buf);
-	else
+	if (olen < 0) {
+		escaped = escape_message(buf);
+		len = strlen(buf);
+	} else {
+		escaped = g_memdup(buf, olen);
 		len = olen;
+	}
 
-	/* One _last_ 2048 check here!  This shouldn't ever
-	   * get hit though, hopefully.  If it gets hit on an IM
-	   * It'll lose the last " and the message won't go through,
-	   * but this'll stop a segfault. */
+	/*
+	 * One _last_ 2048 check here!  This shouldn't ever
+	 * get hit though, hopefully.  If it gets hit on an IM
+	 * It'll lose the last " and the message won't go through,
+	 * but this'll stop a segfault.
+	 */
 	if (len > MSG_LEN) {
 		debug_printf("message too long, truncating\n");
-		buf[MSG_LEN - 1] = '\0';
+		escaped[MSG_LEN - 1] = '\0';
 		len = MSG_LEN;
 	}
 
 	if (olen < 0)
-		debug_printf("TOC C: %s\n", buf);
+		debug_printf("TOC C: %s\n", escaped);
 
 	hdr.ast = '*';
 	hdr.type = type;
 	hdr.seqno = htons(tdt->seqno++ & 0xffff);
 	hdr.len = htons(len + (type == TYPE_SIGNON ? 0 : 1));
 
+	obuf = (char *)malloc((sizeof(hdr)+len+1) * sizeof(char));
 	memcpy(obuf, &hdr, sizeof(hdr));
 	slen += sizeof(hdr);
-	memcpy(&obuf[slen], buf, len);
+
+	memcpy(&obuf[slen], escaped, len);
 	slen += len;
+
 	if (type != TYPE_SIGNON) {
 		obuf[slen] = '\0';
 		slen += 1;
 	}
 
-	return toc_write(tdt->toc_fd, obuf, slen);
+	ret = toc_write(tdt->toc_fd, obuf, slen);
+	free(obuf);
+	free(escaped);
+
+	return ret;
 }
 
 static int wait_reply(GaimConnection *gc, char *buffer, size_t buflen)
@@ -1124,7 +1138,7 @@
 {
 	char buf[BUF_LEN * 2];
 	g_snprintf(buf, BUF_LONG, "toc_change_passwd %s %s", orig, new);
-	sflap_send(g, buf, strlen(buf), TYPE_DATA);
+	sflap_send(g, buf, -1, TYPE_DATA);
 }
 
 static void toc_add_buddy(GaimConnection *g, const char *name)