im.pidgin.pidgin: 62ac0eb5b2ae2fda530b7230c8a903cc5ecd4513

datallah at pidgin.im datallah at pidgin.im
Tue Oct 9 19:51:14 EDT 2007 

-----------------------------------------------------------------
Revision: 62ac0eb5b2ae2fda530b7230c8a903cc5ecd4513
Ancestor: a976c1dbb1135583dc67c67af14aa684fd4e18ee
Author: datallah at pidgin.im
Date: 2007-10-09T23:22:20
Branch: im.pidgin.pidgin

Modified files:
        libpurple/protocols/jabber/usermood.c

ChangeLog: 

Protect from a buffer overrun if we get bogus data back from the request API. Fixes CID 331.  There is also a fix to check that the connection returned by the request dialog is still valid before using it.

-------------- next part --------------
============================================================
--- libpurple/protocols/jabber/usermood.c	5d8556a2035f4c81ad41dae42e3e04a1a9c4dce9
+++ libpurple/protocols/jabber/usermood.c	3d7f011435230f89499454118f49919bc8ab7937
@@ -26,6 +26,7 @@
 #include <string.h>
 #include "internal.h"
 #include "request.h"
+#include "debug.h"
 
 static const char *moodstrings[] = {
 	"afraid",
@@ -145,9 +146,26 @@ static void do_mood_set_from_fields(Purp
 }
 
 static void do_mood_set_from_fields(PurpleConnection *gc, PurpleRequestFields *fields) {
-	JabberStream *js = gc->proto_data;
-	
-	jabber_mood_set(js, moodstrings[purple_request_fields_get_choice(fields, "mood")], purple_request_fields_get_string(fields, "text"));
+	JabberStream *js;
+	int max_mood_idx;
+	int selected_mood = purple_request_fields_get_choice(fields, "mood");
+
+	if (!PURPLE_CONNECTION_IS_VALID(gc)) {
+		purple_debug_error("jabber", "Unable to set mood; account offline.\n");
+		return;
+	}
+
+	js = gc->proto_data;
+
+	/* This is ugly, but protects us from unexpected values. */
+	for (max_mood_idx = 0; moodstrings[max_mood_idx]; max_mood_idx++);
+
+	if (selected_mood < 0 || selected_mood >= max_mood_idx) {
+		purple_debug_error("jabber", "Invalid mood index (%d) selected.\n", selected_mood);
+		return;
+	}
+
+	jabber_mood_set(js, moodstrings[selected_mood], purple_request_fields_get_string(fields, "text"));
 }
 
 static void do_mood_set_mood(PurplePluginAction *action) {

More information about the Commits mailing list