# HG changeset patch # User Stu Tomlinson # Date 1123788348 0 # Node ID 5ea38c98ff30f5901c98f369acbbdc6fdc4cdfa2 # Parent 7d5e8bed801872d041a00d6eb2c1a98cd0101443 [gaim-migrate @ 13380] Patch 1256826 from Federico Schwindt to ensure msg->body is always nul terminated (even though strictly it shouldn't need to be, it's safer like this). Plus a fix by me for one case where we were assuming it was already nul terminated. committer: Tailor Script diff -r 7d5e8bed8018 -r 5ea38c98ff30 src/protocols/msn/msg.c --- a/src/protocols/msn/msg.c Thu Aug 11 15:53:09 2005 +0000 +++ b/src/protocols/msn/msg.c Thu Aug 11 19:25:48 2005 +0000 @@ -187,7 +187,8 @@ if (body_len > 0) { msg->body_len = len - (tmp - body); - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); tmp += body_len; } } @@ -300,7 +301,8 @@ /* Import the body. */ if (body_len > 0) { msg->body_len = body_len; - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); tmp += body_len; } @@ -315,7 +317,8 @@ { if (payload_len - (tmp - tmp_base) > 0) { msg->body_len = payload_len - (tmp - tmp_base); - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); } } @@ -511,7 +514,8 @@ if (data != NULL && len > 0) { - msg->body = g_memdup(data, len); + msg->body = g_malloc0(len + 1); + memcpy(msg->body, data, len); msg->body_len = len; } else diff -r 7d5e8bed8018 -r 5ea38c98ff30 src/protocols/msn/slp.c --- a/src/protocols/msn/slp.c Thu Aug 11 15:53:09 2005 +0000 +++ b/src/protocols/msn/slp.c Thu Aug 11 19:25:48 2005 +0000 @@ -787,15 +787,21 @@ MsnSlpLink *slplink; MsnObject *obj; char **tokens; - char *smile; - const char *who, *sha1c; + char *smile, *body_str; + const char *body, *who, *sha1c; + size_t body_len; GaimConversation *conversation; GaimConnection *gc; session = cmdproc->servconn->session; - tokens = g_strsplit(msg->body, "\t", 2); + body = msn_message_get_bin_data(msg, &body_len); + body_str = g_strndup(body, body_len); + + tokens = g_strsplit(body_str, "\t", 2); + + g_free(body_str); smile = tokens[0]; obj = msn_object_new_from_string(gaim_url_decode(tokens[1]));