Mercurial > pidgin
changeset 11235:5ea38c98ff30
[gaim-migrate @ 13380]
Patch 1256826 from Federico Schwindt to ensure msg->body is always nul
terminated (even though strictly it shouldn't need to be, it's safer
like this). Plus a fix by me for one case where we were assuming it was
already nul terminated.
committer: Tailor Script <tailor@pidgin.im>
| author | Stu Tomlinson <stu@nosnilmot.com> |
|---|---|
| date | Thu, 11 Aug 2005 19:25:48 +0000 |
| parents | 7d5e8bed8018 |
| children | fd6d96ef5c6d |
| files | src/protocols/msn/msg.c src/protocols/msn/slp.c |
| diffstat | 2 files changed, 17 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/src/protocols/msn/msg.c Thu Aug 11 15:53:09 2005 +0000 +++ b/src/protocols/msn/msg.c Thu Aug 11 19:25:48 2005 +0000 @@ -187,7 +187,8 @@ if (body_len > 0) { msg->body_len = len - (tmp - body); - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); tmp += body_len; } } @@ -300,7 +301,8 @@ /* Import the body. */ if (body_len > 0) { msg->body_len = body_len; - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); tmp += body_len; } @@ -315,7 +317,8 @@ { if (payload_len - (tmp - tmp_base) > 0) { msg->body_len = payload_len - (tmp - tmp_base); - msg->body = g_memdup(tmp, msg->body_len); + msg->body = g_malloc0(msg->body_len + 1); + memcpy(msg->body, tmp, msg->body_len); } } @@ -511,7 +514,8 @@ if (data != NULL && len > 0) { - msg->body = g_memdup(data, len); + msg->body = g_malloc0(len + 1); + memcpy(msg->body, data, len); msg->body_len = len; } else
--- a/src/protocols/msn/slp.c Thu Aug 11 15:53:09 2005 +0000 +++ b/src/protocols/msn/slp.c Thu Aug 11 19:25:48 2005 +0000 @@ -787,15 +787,21 @@ MsnSlpLink *slplink; MsnObject *obj; char **tokens; - char *smile; - const char *who, *sha1c; + char *smile, *body_str; + const char *body, *who, *sha1c; + size_t body_len; GaimConversation *conversation; GaimConnection *gc; session = cmdproc->servconn->session; - tokens = g_strsplit(msg->body, "\t", 2); + body = msn_message_get_bin_data(msg, &body_len); + body_str = g_strndup(body, body_len); + + tokens = g_strsplit(body_str, "\t", 2); + + g_free(body_str); smile = tokens[0]; obj = msn_object_new_from_string(gaim_url_decode(tokens[1]));