Mercurial > pidgin
view libpurple/protocols/jabber/oob.c @ 20852:6cc03752fe59
Fix CID 337, null pointer deref. Also plug a leak.
author | Daniel Atallah <daniel.atallah@gmail.com> |
---|---|
date | Tue, 09 Oct 2007 23:01:11 +0000 |
parents | 44b4e8bd759b |
children | 050052891c55 |
line wrap: on
line source
/* * purple - Jabber Protocol Plugin * * Copyright (C) 2003, Nathan Walp <faceprint@faceprint.com> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA * */ #include "internal.h" #include "debug.h" #include "ft.h" #include "util.h" #include "jabber.h" #include "iq.h" #include "oob.h" typedef struct _JabberOOBXfer { char *address; int port; char *page; GString *headers; char *iq_id; JabberStream *js; gchar *write_buffer; gsize written_len; guint writeh; } JabberOOBXfer; static void jabber_oob_xfer_init(PurpleXfer *xfer) { JabberOOBXfer *jox = xfer->data; purple_xfer_start(xfer, -1, jox->address, jox->port); } static void jabber_oob_xfer_free(PurpleXfer *xfer) { JabberOOBXfer *jox = xfer->data; jox->js->oob_file_transfers = g_list_remove(jox->js->oob_file_transfers, xfer); g_string_free(jox->headers, TRUE); g_free(jox->address); g_free(jox->page); g_free(jox->iq_id); g_free(jox->write_buffer); if(jox->writeh) purple_input_remove(jox->writeh); g_free(jox); xfer->data = NULL; } static void jabber_oob_xfer_end(PurpleXfer *xfer) { JabberOOBXfer *jox = xfer->data; JabberIq *iq; iq = jabber_iq_new(jox->js, JABBER_IQ_RESULT); xmlnode_set_attrib(iq->node, "to", xfer->who); jabber_iq_set_id(iq, jox->iq_id); jabber_iq_send(iq); jabber_oob_xfer_free(xfer); } static void jabber_oob_xfer_request_send(gpointer data, gint source, PurpleInputCondition cond) { PurpleXfer *xfer = data; JabberOOBXfer *jox = xfer->data; int len, total_len = strlen(jox->write_buffer); len = write(xfer->fd, jox->write_buffer + jox->written_len, total_len - jox->written_len); if(len < 0 && errno == EAGAIN) return; else if(len < 0) { purple_debug(PURPLE_DEBUG_ERROR, "jabber", "Write error on oob xfer!\n"); purple_input_remove(jox->writeh); purple_xfer_cancel_local(xfer); } jox->written_len += len; if(jox->written_len == total_len) { purple_input_remove(jox->writeh); g_free(jox->write_buffer); jox->write_buffer = NULL; } } static void jabber_oob_xfer_start(PurpleXfer *xfer) { JabberOOBXfer *jox = xfer->data; if(jox->write_buffer == NULL) { jox->write_buffer = g_strdup_printf( "GET /%s HTTP/1.1\r\nHost: %s\r\n\r\n", jox->page, jox->address); jox->written_len = 0; } jox->writeh = purple_input_add(xfer->fd, PURPLE_INPUT_WRITE, jabber_oob_xfer_request_send, xfer); jabber_oob_xfer_request_send(xfer, xfer->fd, PURPLE_INPUT_WRITE); } static gssize jabber_oob_xfer_read(guchar **buffer, PurpleXfer *xfer) { JabberOOBXfer *jox = xfer->data; char test[2048]; char *tmp, *lenstr; int len; if((len = read(xfer->fd, test, sizeof(test))) > 0) { jox->headers = g_string_append_len(jox->headers, test, len); if((tmp = strstr(jox->headers->str, "\r\n\r\n"))) { *tmp = '\0'; lenstr = strstr(jox->headers->str, "Content-Length: "); if(lenstr) { int size; sscanf(lenstr, "Content-Length: %d", &size); purple_xfer_set_size(xfer, size); } purple_xfer_set_read_fnc(xfer, NULL); tmp += 4; *buffer = (unsigned char*) g_strdup(tmp); return strlen(tmp); } return 0; } else if (errno != EAGAIN) { purple_debug(PURPLE_DEBUG_ERROR, "jabber", "Read error on oob xfer!\n"); purple_xfer_cancel_local(xfer); } return 0; } static void jabber_oob_xfer_recv_error(PurpleXfer *xfer, const char *code) { JabberOOBXfer *jox = xfer->data; JabberIq *iq; xmlnode *y, *z; iq = jabber_iq_new(jox->js, JABBER_IQ_ERROR); xmlnode_set_attrib(iq->node, "to", xfer->who); jabber_iq_set_id(iq, jox->iq_id); y = xmlnode_new_child(iq->node, "error"); xmlnode_set_attrib(y, "code", code); if(!strcmp(code, "406")) { z = xmlnode_new_child(y, "not-acceptable"); xmlnode_set_attrib(y, "type", "modify"); xmlnode_set_namespace(z, "urn:ietf:params:xml:ns:xmpp-stanzas"); } else if(!strcmp(code, "404")) { z = xmlnode_new_child(y, "not-found"); xmlnode_set_attrib(y, "type", "cancel"); xmlnode_set_namespace(z, "urn:ietf:params:xml:ns:xmpp-stanzas"); } jabber_iq_send(iq); jabber_oob_xfer_free(xfer); } static void jabber_oob_xfer_recv_denied(PurpleXfer *xfer) { jabber_oob_xfer_recv_error(xfer, "406"); } static void jabber_oob_xfer_recv_canceled(PurpleXfer *xfer) { jabber_oob_xfer_recv_error(xfer, "404"); } void jabber_oob_parse(JabberStream *js, xmlnode *packet) { JabberOOBXfer *jox; PurpleXfer *xfer; char *filename; char *url; const char *type; xmlnode *querynode, *urlnode; if(!(type = xmlnode_get_attrib(packet, "type")) || strcmp(type, "set")) return; if(!(querynode = xmlnode_get_child(packet, "query"))) return; if(!(urlnode = xmlnode_get_child(querynode, "url"))) return; url = xmlnode_get_data(urlnode); jox = g_new0(JabberOOBXfer, 1); purple_url_parse(url, &jox->address, &jox->port, &jox->page, NULL, NULL); g_free(url); jox->js = js; jox->headers = g_string_new(""); jox->iq_id = g_strdup(xmlnode_get_attrib(packet, "id")); xfer = purple_xfer_new(js->gc->account, PURPLE_XFER_RECEIVE, xmlnode_get_attrib(packet, "from")); if (xfer) { xfer->data = jox; if(!(filename = g_strdup(g_strrstr(jox->page, "/")))) filename = g_strdup(jox->page); purple_xfer_set_filename(xfer, filename); g_free(filename); purple_xfer_set_init_fnc(xfer, jabber_oob_xfer_init); purple_xfer_set_end_fnc(xfer, jabber_oob_xfer_end); purple_xfer_set_request_denied_fnc(xfer, jabber_oob_xfer_recv_denied); purple_xfer_set_cancel_recv_fnc(xfer, jabber_oob_xfer_recv_canceled); purple_xfer_set_read_fnc(xfer, jabber_oob_xfer_read); purple_xfer_set_start_fnc(xfer, jabber_oob_xfer_start); js->oob_file_transfers = g_list_append(js->oob_file_transfers, xfer); purple_xfer_request(xfer); } }