changeset 28875:8464e695c62b

Fixes a bad MSN bug where passwords with multi-byte utf8 characters near the 16 byte mark would cause a segmentation fault due to chopping the multi-byte character and turning the string into invalidate utf8. Thanks to Shaun Lindsay at Meebo for tracking this down and fixing it.
author Mark Doliner <mark@kingant.net>
date Wed, 04 Nov 2009 18:41:21 +0000
parents e7bb163434c7
children cf9ea9f2c0bb
files COPYRIGHT ChangeLog libpurple/protocols/msn/nexus.c
diffstat 3 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/COPYRIGHT	Thu Oct 22 01:21:25 2009 +0000
+++ b/COPYRIGHT	Wed Nov 04 18:41:21 2009 +0000
@@ -268,6 +268,7 @@
 Ambrose C. Li
 Nicolas Lichtmaier
 Wesley Lin
+Shaun Lindsay
 Artem Litvinovich
 Josh Littlefield
 Daniel Ljungborg
--- a/ChangeLog	Thu Oct 22 01:21:25 2009 +0000
+++ b/ChangeLog	Wed Nov 04 18:41:21 2009 +0000
@@ -14,6 +14,8 @@
 	MSN:
 	* Don't forget display names for buddies.
 	* Fix a random crash that might occur when idle.
+	* Fix a crash when logging in with some long non-ASCII passwords.
+	  (Shaun Lindsay)
 
 	XMPP:
 	* Users connecting to Google Talk now have an "Initiate Chat" context menu
--- a/libpurple/protocols/msn/nexus.c	Thu Oct 22 01:21:25 2009 +0000
+++ b/libpurple/protocols/msn/nexus.c	Wed Nov 04 18:41:21 2009 +0000
@@ -399,7 +399,14 @@
 
 	username = purple_account_get_username(session->account);
 	password = purple_connection_get_password(session->account->gc);
-	password_xml = g_markup_escape_text(password, MIN(strlen(password), 16));
+	if (g_utf8_strlen(password, -1) > 16) {
+		/* max byte size for 16 utf8 characters is 64 + 1 for the null */
+		gchar truncated[65];
+		g_utf8_strncpy(truncated, password, 16);
+		password_xml = g_markup_escape_text(truncated, -1);
+	} else {
+		password_xml = g_markup_escape_text(password, -1);
+	}
 
 	purple_debug_info("msn", "Logging on %s, with policy '%s', nonce '%s'\n",
 	                  username, nexus->policy, nexus->nonce);