A few changes to our code to handle chunked transfer-encodings (technically required for http 1.1 clients, but I guess it hasn't been a problem until now?) * Most importantly, check that the size of this chunk is less than the size of the data remaining in the buffer. Otherwise malicious servers could cause us to crash * Handle reading chunks that have a semi-colon after them. It seems like maybe this is allowed but almost never used? * Assume len is non-NULL (it always is in our case) * Add some comments

libpurple/protocols/null/nullprpl.c
pidgin/plugins/crazychat/cc_pidgin_plugin.c