Mercurial > pidgin.yaz

changeset 27276:7f43d6779764

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Apply [9bac0a540156fb1848eedd61c8630737dee752c7] here as well. I should actually have committed this here first, then plucked to 2.5.8, but by the time I realized this it was too late to fix. Refs #9483.
author John Bailey <rekkanoryo@rekkanoryo.org>
date Sat, 27 Jun 2009 18:50:48 +0000
parents 916f266aca98
children 2eee06628764
files libpurple/protocols/oscar/bstream.c libpurple/protocols/oscar/oscar.c
diffstat 2 files changed, 21 insertions(+), 11 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/oscar/bstream.c	Sat Jun 27 17:50:49 2009 +0000
+++ b/libpurple/protocols/oscar/bstream.c	Sat Jun 27 18:50:48 2009 +0000
@@ -161,15 +161,19 @@
 	return aimutil_getle32(bs->data + bs->offset - 4);
 }
 
+static void byte_stream_getrawbuf_nocheck(ByteStream *bs, guint8 *buf, int len)
+{
+	memcpy(buf, bs->data + bs->offset, len);
+	bs->offset += len;
+}
+
 int byte_stream_getrawbuf(ByteStream *bs, guint8 *buf, int len)
 {
 
 	if (byte_stream_empty(bs) < len)
 		return 0;
 
-	memcpy(buf, bs->data + bs->offset, len);
-	bs->offset += len;
-
+	byte_stream_getrawbuf_nocheck(bs, buf, len);
 	return len;
 }
 
@@ -177,12 +181,12 @@
 {
 	guint8 *ob;
 
+	if (byte_stream_empty(bs) < len)
+		return NULL;
+
 	ob = g_malloc(len);
 
-	if (byte_stream_getrawbuf(bs, ob, len) < len) {
-		g_free(ob);
-		return NULL;
-	}
+	byte_stream_getrawbuf_nocheck(bs, ob, len);
 
 	return ob;
 }
@@ -191,12 +195,12 @@
 {
 	char *ob;
 
+	if (byte_stream_empty(bs) < len)
+		return NULL;
+
 	ob = g_malloc(len + 1);
 
-	if (byte_stream_getrawbuf(bs, (guint8 *)ob, len) < len) {
-		g_free(ob);
-		return NULL;
-	}
+	byte_stream_getrawbuf_nocheck(bs, (guint8 *)ob, len);
 
 	ob[len] = '\0';
 
--- a/libpurple/protocols/oscar/oscar.c	Sat Jun 27 17:50:49 2009 +0000
+++ b/libpurple/protocols/oscar/oscar.c	Sat Jun 27 18:50:48 2009 +0000
@@ -2905,9 +2905,15 @@
 			/* From libicq2000-0.3.2/src/ICQ.cpp */
 			byte_stream_init(&qbs, (guint8 *)args->msg, args->msglen);
 			byte_stream_advance(&qbs, 21);
+			/* expected:	01 00 00 20 00 0e 28 f6 00 11 e7 d3 11 bc f3 00 04 ac 96 9d c2 | 00 00 | 06 00 00 00 | 49 43 51 53 43 53 ...*/
+			/* unexpected:	00 00 26 00 81 1a 18 bc 0e 6c 18 47 a5 91 6f 18 dc c7 6f 1a | 00 00 | 0d 00 00 00 | 49 43 51 57 65 62 4d 65 73 73 61 67 65 ... */
 			smstype = byte_stream_getle16(&qbs);
+			if (smstype != 0)
+				break;
 			taglen = byte_stream_getle32(&qbs);
 			tagstr = byte_stream_getstr(&qbs, taglen);
+			if (tagstr == NULL)
+				break;
 			byte_stream_advance(&qbs, 3);
 			byte_stream_advance(&qbs, 4);
 			smslen = byte_stream_getle32(&qbs);