# HG changeset patch # User Elliott Sales de Andrade # Date 1304633976 0 # Node ID dfc2a8e98430e5afc84a5c5f2c25feffdef49d23 # Parent 506b77a27a532f9e41abd622fe1e857176469392 The TLV list should be padded to a multiple of 4. diff -r 506b77a27a53 -r dfc2a8e98430 libpurple/protocols/msn/tlv.c --- a/libpurple/protocols/msn/tlv.c Thu May 05 21:49:21 2011 +0000 +++ b/libpurple/protocols/msn/tlv.c Thu May 05 22:19:36 2011 +0000 @@ -54,9 +54,21 @@ guint8 type, length; msn_tlv_t *tlv; - if (bs_len < 2) { - msn_tlvlist_free(list); - return NULL; + if (bs_len == 3 && *bs == 0) { + /* Padding to multiple of 4 */ + break; + } else if (bs_len == 2 && *bs == 0) { + /* Padding to multiple of 4 */ + break; + } else if (bs_len == 1) { + if (*bs == 0) { + /* Padding to multiple of 4 */ + break; + } else { + /* TLV is not small enough to fit here */ + msn_tlvlist_free(list); + return NULL; + } } type = msn_pop8(bs); @@ -330,7 +342,15 @@ bytes_left -= (tlv->length + 2); } - *out_len = total_len - bytes_left; + /* Align length to multiple of 4 */ + total_len = total_len - bytes_left; + bytes_left = 4 - total_len % 4; + if (bytes_left != 4) + memset(tmp, 0, bytes_left); + else + bytes_left = 0; + + *out_len = total_len + bytes_left; return buf; }