Mercurial > pidgin
comparison libpurple/protocols/msn/msg.c @ 32797:aacfb71133cc
Fix a possible MSN remote crash
Incoming messages with certain characters or character encodings
can cause clients to crash. The fix is for the contents of all
incoming plaintext messages are converted to UTF-8 and validated
before used.
This was reported to us by Fabian Yamaguchi and this patch was written
by Elliott Sales de Andrade (maybe with small, insignificant changes by me)
| author | Mark Doliner <mark@kingant.net> |
|---|---|
| date | Mon, 07 May 2012 03:18:08 +0000 |
| parents | cf702c6ab9e7 |
| children | fa666e7f747e |
comparison
equal
deleted
inserted
replaced
| 32796:5ae7e1f36b43 | 32797:aacfb71133cc |
|---|---|
| 255 msg->body = g_malloc(msg->body_len + 1); | 255 msg->body = g_malloc(msg->body_len + 1); |
| 256 memcpy(msg->body, tmp, msg->body_len); | 256 memcpy(msg->body, tmp, msg->body_len); |
| 257 msg->body[msg->body_len] = '\0'; | 257 msg->body[msg->body_len] = '\0'; |
| 258 } | 258 } |
| 259 | 259 |
| 260 if ((!content_type || !strcmp(content_type, "text/plain")) | 260 if (msg->body && content_type && purple_str_has_prefix(content_type, "text/")) { |
| 261 && msg->charset == NULL) { | 261 char *body = NULL; |
| 262 char *body = g_convert(msg->body, msg->body_len, "UTF-8", | 262 |
| 263 "ISO-8859-1", NULL, &msg->body_len, NULL); | 263 if (msg->charset == NULL || g_str_equal(msg->charset, "UTF-8")) { |
| 264 g_free(msg->body); | 264 /* Charset is UTF-8 */ |
| 265 msg->body = body; | 265 if (!g_utf8_validate(msg->body, msg->body_len, NULL)) { |
| 266 msg->charset = g_strdup("UTF-8"); | 266 purple_debug_warning("msn", "Message contains invalid " |
| 267 "UTF-8. Attempting to salvage.\n"); | |
| 268 body = purple_utf8_salvage(msg->body); | |
| 269 payload_len = strlen(body); | |
| 270 } | |
| 271 } else { | |
| 272 /* Charset is something other than UTF-8 */ | |
| 273 GError *err = NULL; | |
| 274 body = g_convert(msg->body, msg->body_len, "UTF-8", | |
| 275 msg->charset, NULL, &payload_len, &err); | |
| 276 if (!body || err) { | |
| 277 purple_debug_warning("msn", "Unable to convert message from " | |
| 278 "%s to UTF-8: %s\n", msg->charset, | |
| 279 err ? err->message : "Unknown error"); | |
| 280 if (err) | |
| 281 g_error_free(err); | |
| 282 | |
| 283 /* Fallback to ISO-8859-1 */ | |
| 284 g_free(body); | |
| 285 body = g_convert(msg->body, msg->body_len, "UTF-8", | |
| 286 "ISO-8859-1", NULL, &payload_len, NULL); | |
| 287 if (!body) { | |
| 288 g_free(msg->body); | |
| 289 msg->body = NULL; | |
| 290 msg->body_len = 0; | |
| 291 } | |
| 292 } | |
| 293 } | |
| 294 | |
| 295 if (body) { | |
| 296 g_free(msg->body); | |
| 297 msg->body = body; | |
| 298 msg->body_len = payload_len; | |
| 299 msn_message_set_charset(msg, "UTF-8"); | |
| 300 } | |
| 267 } | 301 } |
| 268 | 302 |
| 269 g_free(tmp_base); | 303 g_free(tmp_base); |
| 270 } | 304 } |
| 271 | 305 |