pidgin.2.5.8: 9bac0a54: Fix misparsing an incoming ICQ Web Messa...

Fri Jun 26 20:15:40 EDT 2009

-----------------------------------------------------------------
Revision: 9bac0a540156fb1848eedd61c8630737dee752c7
Ancestor: 7bd5ee15fbd0e8700c106be8e8700f3b1193a4a9
Author: rekkanoryo at pidgin.im
Date: 2009-06-26T21:52:21
Branch: im.pidgin.pidgin.2.5.8
URL: http://d.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7

Modified files:
        ChangeLog libpurple/protocols/oscar/bstream.c
        libpurple/protocols/oscar/oscar.c

ChangeLog: 

Fix misparsing an incoming ICQ Web Message as an incomig SMS message.  Fixes #9483.

-------------- next part --------------
============================================================

--- ChangeLog	8d227b3f853ff8ea5bbcd34824dbc981a0050a9c
+++ ChangeLog	aa8c36a829e396668fb255c9dc10dc53c715a8fe
@@ -1,6 +1,9 @@ version 2.5.8 (06/26/2009):
 Pidgin and Finch: The Pimpin' Penguin IM Clients That're Good for the Soul
 
 version 2.5.8 (06/26/2009):
+	ICQ:
+	* Fix misparsing a web message as an SMS message.
+
 	MySpace:
 	* Accounts with empty buddy lists are now properly marked as connected.
 	* Fix receiving messages from users of MySpace IM's web client.
============================================================
--- libpurple/protocols/oscar/bstream.c	103f791a9418375427bbfcf3e4942c2813827e94
+++ libpurple/protocols/oscar/bstream.c	fa113b56e1f55400f2c10106562a3632948fe3bb
@@ -161,15 +161,19 @@ guint32 byte_stream_getle32(ByteStream *
 	return aimutil_getle32(bs->data + bs->offset - 4);
 }
 
+static void byte_stream_getrawbuf_nocheck(ByteStream *bs, guint8 *buf, int len)
+{
+	memcpy(buf, bs->data + bs->offset, len);
+	bs->offset += len;
+}
+
 int byte_stream_getrawbuf(ByteStream *bs, guint8 *buf, int len)
 {
 
 	if (byte_stream_empty(bs) < len)
 		return 0;
 
-	memcpy(buf, bs->data + bs->offset, len);
-	bs->offset += len;
-
+	byte_stream_getrawbuf_nocheck(bs, buf, len);
 	return len;
 }
 
@@ -177,12 +181,12 @@ guint8 *byte_stream_getraw(ByteStream *b
 {
 	guint8 *ob;
 
+	if (byte_stream_empty(bs) < len)
+		return NULL;
+
 	ob = g_malloc(len);
 
-	if (byte_stream_getrawbuf(bs, ob, len) < len) {
-		g_free(ob);
-		return NULL;
-	}
+	byte_stream_getrawbuf_nocheck(bs, ob, len);
 
 	return ob;
 }
@@ -191,12 +195,12 @@ char *byte_stream_getstr(ByteStream *bs,
 {
 	char *ob;
 
+	if (byte_stream_empty(bs) < len)
+		return NULL;
+
 	ob = g_malloc(len + 1);
 
-	if (byte_stream_getrawbuf(bs, (guint8 *)ob, len) < len) {
-		g_free(ob);
-		return NULL;
-	}
+	byte_stream_getrawbuf_nocheck(bs, (guint8 *)ob, len);
 
 	ob[len] = '\0';
 
============================================================
--- libpurple/protocols/oscar/oscar.c	56f5cf0d31fa40cfc20cfbdcd6bf6f9ad47a0a3c
+++ libpurple/protocols/oscar/oscar.c	9a8a780ae397645361ff064973524d4e9ee1449d
@@ -2829,9 +2829,15 @@ incomingim_chan4(OscarData *od, FlapConn
 			/* From libicq2000-0.3.2/src/ICQ.cpp */
 			byte_stream_init(&qbs, (guint8 *)args->msg, args->msglen);
 			byte_stream_advance(&qbs, 21);
+			/* expected:	01 00 00 20 00 0e 28 f6 00 11 e7 d3 11 bc f3 00 04 ac 96 9d c2 | 00 00 | 06 00 00 00 | 49 43 51 53 43 53 ...*/
+			/* unexpected:	00 00 26 00 81 1a 18 bc 0e 6c 18 47 a5 91 6f 18 dc c7 6f 1a | 00 00 | 0d 00 00 00 | 49 43 51 57 65 62 4d 65 73 73 61 67 65 ... */
 			smstype = byte_stream_getle16(&qbs);
+			if (smstype != 0)
+				break;
 			taglen = byte_stream_getle32(&qbs);
 			tagstr = byte_stream_getstr(&qbs, taglen);
+			if (tagstr == NULL)
+				break;
 			byte_stream_advance(&qbs, 3);
 			byte_stream_advance(&qbs, 4);
 			smslen = byte_stream_getle32(&qbs);
