changeset 31550:dfc2a8e98430

The TLV list should be padded to a multiple of 4.
author Elliott Sales de Andrade <qulogic@pidgin.im>
date Thu, 05 May 2011 22:19:36 +0000
parents 506b77a27a53
children f518effe7395
files libpurple/protocols/msn/tlv.c
diffstat 1 files changed, 24 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/msn/tlv.c	Thu May 05 21:49:21 2011 +0000
+++ b/libpurple/protocols/msn/tlv.c	Thu May 05 22:19:36 2011 +0000
@@ -54,9 +54,21 @@
 		guint8 type, length;
 		msn_tlv_t *tlv;
 
-		if (bs_len < 2) {
-			msn_tlvlist_free(list);
-			return NULL;
+		if (bs_len == 3 && *bs == 0) {
+			/* Padding to multiple of 4 */
+			break;
+		} else if (bs_len == 2 && *bs == 0) {
+			/* Padding to multiple of 4 */
+			break;
+		} else if (bs_len == 1) {
+			if (*bs == 0) {
+				/* Padding to multiple of 4 */
+				break;
+			} else {
+				/* TLV is not small enough to fit here */
+				msn_tlvlist_free(list);
+				return NULL;
+			}
 		}
 
 		type = msn_pop8(bs);
@@ -330,7 +342,15 @@
 		bytes_left -= (tlv->length + 2);
 	}
 
-	*out_len = total_len - bytes_left;
+	/* Align length to multiple of 4 */
+	total_len = total_len - bytes_left;
+	bytes_left = 4 - total_len % 4;
+	if (bytes_left != 4)
+		memset(tmp, 0, bytes_left);
+	else
+		bytes_left = 0;
+
+	*out_len = total_len + bytes_left;
 
 	return buf;
 }