Mercurial > pidgin

diff libpurple/protocols/oscar/family_bart.c @ 32774:069919a0896c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Validate utf8 for a few random strings that we read, in case AOL or ICQ decide to start sending us non-utf8
author Mark Doliner <mark@kingant.net>
date Thu, 03 May 2012 09:28:11 +0000
parents 11c54d781835
children
line wrap: on
line diff
--- a/libpurple/protocols/oscar/family_bart.c	Thu May 03 08:36:47 2012 +0000
+++ b/libpurple/protocols/oscar/family_bart.c	Thu May 03 09:28:11 2012 +0000
@@ -143,6 +143,12 @@
 	guint8 iconcsumtype, iconcsumlen, *iconcsum, *icon;
 
 	bn = byte_stream_getstr(bs, byte_stream_get8(bs));
+	if (!g_utf8_validate(bn, -1, NULL)) {
+		purple_debug_warning("oscar", "Received SNAC %04hx/%04hx with "
+				"invalid UTF-8 buddy name.\n", snac->family, snac->subtype);
+		g_free(bn);
+		return 1;
+	}
 	flags = byte_stream_get16(bs);
 	iconcsumtype = byte_stream_get8(bs);
 	iconcsumlen = byte_stream_get8(bs);