Mercurial > pidgin

view doc/gtkconv-signals.dox @ 30273:6829b27ee4c8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This patch attempts to fix four bugs in the oscar protocol plugin that were introduced with the X-Status code in Pidgin 2.7.0. Problem #1 (the remotely-triggerable crash): The crash happens when a buddy sets an xstatus message containing <desc> but no closing </desc>, or <title> but no closing </title>. The fix is to check the result of strstr(closing_tag_name) and do nothing if it is NULL. This is CVE-2010-2528. Problem #2: Fixes potential incorrect parsing of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens if an xstatus message contains </desc> before <desc>, or </title> before <title>. The fix is to start looking for the closing tag at the end of the beginning tag rather than at the beginning of the xstatus xml. Probably not a security problem, but definitely a bug. Problem #3: Fixes potential incorrect parsing of the xstatus string that could result in the title not being shown to the libpurple user. Happens if the close title tag appears after the desc tag in the xstatus xml, because we add a null character at the beginning of the close title tag, so strstr() for the desc tag would stop searching there. Probably not a security problem, but definitely a bug. Problem #4: Fixes potential incorrect display of the xstatus string that could result in an incorrect message being displayed to the libpurple user. Happens because we reusing the 'xml' string when preparing the string for the user, but we copy values from xml to xml. If those values overlap with themselves or with each other then an incorrect value could be displayed. Probably not a security problem, but definitely a bug.
author Mark Doliner <mark@kingant.net>
date Wed, 21 Jul 2010 02:49:23 +0000
parents 0d8061bbfc1d
children 02a2e8183b1d
line wrap: on
line source

/** @page gtkconv-signals GtkConv Signals

 @signals
  @signal conversation-dragging
  @signal conversation-timestamp
  @signal displaying-im-msg
  @signal displayed-im-msg
  @signal displaying-chat-msg
  @signal displayed-chat-msg
  @signal conversation-switched
  @signal conversation-hiding
  @signal conversation-displayed
 @endsignals

 @see gtkconv.h

 <hr>

 @signaldef conversation-dragging
  @signalproto
void (*conversation_dragging)(PidginWindow *source, PidginWindow *destination);
  @endsignalproto
  @signaldesc
   Emitted when a conversation is being drag and dropped between windows.
  @param source The window where the conversation is.
  @param destination The window where the conversation will be moved to.
 @endsignaldef

 @signaldef conversation-timestamp
  @signalproto
char *(*conversation_timestamp)(PurpleConversation *conv, time_t when,
                                gboolean show_date);
  @endsignalproto
  @signaldesc
   Emitted to allow plugins to customize the timestamp on a message.
  @param conv      The conversation the message belongs to.
  @param when      The time to be converted to a string.
  @param show_date Whether the date should be displayed.
  @return A textual representation of the time, or @c NULL to use a
          default format.
 @endsignaldef


 @signaldef displaying-im-msg
  @signalproto
gboolean (*displaying_im_msg)(PurpleAccount *account, const char *who,
                              char **message, PurpleConversation *conv,
                              PurpleMessageFlags flags);
  @endsignalproto
  @signaldesc
   Emitted just before a message is displayed in an IM conversation.
   @a message is a pointer to a string, so the plugin can replace the
   message that will be displayed. This can also be used to cancel displaying
   a message by returning @c TRUE.
  @note
   Make sure to free @a *message before you replace it!
  @param account The account.
  @param who     The name of the user.
  @param message A pointer to the message.
  @param conv    The conversation.
  @param flags   Flags for this message.
  @return @c TRUE if the message should be canceled, or @c FALSE otherwise.
 @endsignaldef

 @signaldef displayed-im-msg
  @signalproto
void (*displayed_im_msg)(PurpleAccount *account, const char *who,
                         char *message, PurpleConversation *conv,
                         PurpleMessageFlags flags);
  @endsignalproto
  @signaldesc
   Emitted after a message is displayed in an IM conversation.
  @param account The account.
  @param who     The name of the user.
  @param message The message.
  @param conv    The conversation.
  @param flags   Flags for this message.
 @endsignaldef

 @signaldef displaying-chat-msg
  @signalproto
gboolean (*displaying_chat_msg)(PurpleAccount *account, const char *who,
                                char **message, PurpleConversation *conv,
                                PurpleMessageFlags flags);
  @endsignalproto
  @signaldesc
   Emitted just before a message is displayed in a chat.
   @a message is a pointer to a string, so the plugin can replace the
   message that will be displayed. This can also be used to cancel displaying
   a message by returning @c TRUE.
  @note
   Make sure to free @a *message before you replace it!
  @param account The account the message is being displayed and sent on.
  @param who     The name of the user.
  @param message A pointer to the message that will be displayed and sent.
  @param conv    The conversation the message is being displayed and sent on.
  @param flags   Flags for this message.
  @return @c TRUE if the message should be canceled, or @c FALSE otherwise.
 @endsignaldef

 @signaldef displayed-chat-msg
  @signalproto
void (*displayed_chat_msg)(PurpleAccount *account, const char *who,
                           char *message, PurpleConversation *conv,
                           PurpleMessageFlags flags);
  @endsignalproto
  @signaldesc
   Emitted after a message is displayed in a chat conversation.
  @param account The account the message is being displayed and sent on.
  @param who     The name of the user.
  @param message A pointer to the message that will be displayed and sent.
  @param conv    The conversation the message is being displayed and sent on.
  @param flags   Flags for this message.
 @endsignaldef

 @signaldef conversation-switched
  @signalproto
void (*conversation_switched)(PurpleConversation *conv);
  @endsignalproto
  @signaldesc
   Emitted when a window switched from one conversation to another.
  @param new_conv The now active conversation.
 @endsignaldef

 @signaldef conversation-hiding
  @signalproto
void (*conversation_hiding)(PidginConversation *gtkconv);
  @endsignalproto
  @signaldesc
   Emitted immediately before an existing conversation is hidden.
  @param gtkconv  The PidginConversation
  @since 2.2.0
 @endsignaldef

 @signaldef conversation-displayed
  @signalproto
void (*conversation_displayed)(PidginConversation *gtkconv);
  @endsignalproto
  @signaldesc
   Emitted right after the Pidgin UI is attached to a new or a hidden conversation.
  @param gtkconv  The PidginConversation
  @since 2.2.0
 @endsignaldef

*/
// vim: syntax=c.doxygen tw=75 et