pidgin: aa056474: I never liked randomly poking at offsets...
qulogic at pidgin.im
qulogic at pidgin.im
Sun Feb 28 00:53:08 EST 2010
-----------------------------------------------------------------
Revision: aa056474065ea41aee1d6b2e6a4c0d2877edb0e4
Ancestor: 5b319e84369e67258a74a6da61a551b50ea72421
Author: qulogic at pidgin.im
Date: 2010-02-28T02:11:57
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/aa056474065ea41aee1d6b2e6a4c0d2877edb0e4
Modified files:
libpurple/protocols/msn/slp.c libpurple/protocols/msn/slp.h
libpurple/protocols/msn/slplink.c
ChangeLog:
I never liked randomly poking at offsets. Fortunately, I was able to find
an old document by Siebe on the Internet Archive that explained (as best
possible) the FT request Context field.
Also, make the incoming request handling a bit stricter.
-------------- next part --------------
============================================================
--- libpurple/protocols/msn/slp.c d033671387f0b1b7be03a6b2d9ab0df77f87096c
+++ libpurple/protocols/msn/slp.c 83b07712450edaf1d724b79d4155fadcc2c3b766
@@ -308,8 +308,6 @@ find_valid_emoticon(PurpleAccount *accou
return NULL;
}
-#define MAX_FILE_NAME_LEN 0x226
-
static void
got_sessionreq(MsnSlpCall *slpcall, const char *branch,
const char *euf_guid, const char *context)
@@ -382,7 +380,7 @@ got_sessionreq(MsnSlpCall *slpcall, cons
/* File Transfer */
PurpleAccount *account;
PurpleXfer *xfer;
- char *bin;
+ MsnFileContext *header;
gsize bin_len;
guint32 file_size;
char *file_name;
@@ -396,15 +394,17 @@ got_sessionreq(MsnSlpCall *slpcall, cons
xfer = purple_xfer_new(account, PURPLE_XFER_RECEIVE,
slpcall->slplink->remote_user);
- if (xfer)
- {
- bin = (char *)purple_base64_decode(context, &bin_len);
- file_size = GUINT32_FROM_LE(*(gsize *)(bin + 8));
- file_name = g_convert(bin + 20, MAX_FILE_NAME_LEN, "UTF-8", "UTF-16LE",
- NULL, NULL, NULL);
+ header = (MsnFileContext *)purple_base64_decode(context, &bin_len);
+ if (bin_len >= sizeof(MsnFileContext) - 1 &&
+ header->length == sizeof(MsnFileContext) - 1 &&
+ header->version == 2) {
+ file_size = GUINT64_FROM_LE(header->file_size);
- g_free(bin);
+ file_name = g_convert((const gchar *)&header->file_name,
+ MAX_FILE_NAME_LEN * 2,
+ "UTF-8", "UTF-16LE",
+ NULL, NULL, NULL);
purple_xfer_set_filename(xfer, file_name ? file_name : "");
g_free(file_name);
@@ -424,6 +424,7 @@ got_sessionreq(MsnSlpCall *slpcall, cons
purple_xfer_request(xfer);
}
+ g_free(header);
accepted = TRUE;
============================================================
--- libpurple/protocols/msn/slp.h a4773cbad2874aa2d78c47a4e9cd907c1fee0850
+++ libpurple/protocols/msn/slp.h e93fe47209aa2cfc90cf4b618212471d1b2bd94d
@@ -30,6 +30,25 @@
#include "session.h"
#include "slpcall.h"
+#define MAX_FILE_NAME_LEN 260 /* MAX_PATH in Windows */
+
+/**
+ * The context data for a file transfer request
+ */
+#pragma pack(push,1) /* Couldn't they have made it the right size? */
+typedef struct
+{
+ guint32 length; /*< Length of header */
+ guint32 version; /*< MSN version */
+ guint64 file_size; /*< Size of file */
+ guint32 type; /*< Transfer type */
+ gunichar2 file_name[MAX_FILE_NAME_LEN]; /*< Self-explanatory */
+ gchar unknown1[30]; /*< Used somehow for background sharing */
+ guint32 unknown2; /*< Possibly for background sharing as well */
+ gchar preview[1]; /*< File preview data, 96x96 PNG */
+} MsnFileContext;
+#pragma pack(pop)
+
MsnSlpCall * msn_slp_sip_recv(MsnSlpLink *slplink,
const char *body);
============================================================
--- libpurple/protocols/msn/slplink.c c73150501a8bbf5457e799d7bf8b2d6b1ecfd5bf
+++ libpurple/protocols/msn/slplink.c c86fbf7c17625a6e9c9e4b7f3db8c508d3a91bb0
@@ -658,74 +658,51 @@ msn_slplink_process_msg(MsnSlpLink *slpl
}
}
-typedef struct
-{
- guint32 length;
- guint32 unk1;
- guint32 file_size;
- guint32 unk2;
- guint32 unk3;
-} MsnContextHeader;
-
-#define MAX_FILE_NAME_LEN 0x226
-
static gchar *
gen_context(PurpleXfer *xfer, const char *file_name, const char *file_path)
{
gsize size = 0;
- MsnContextHeader header;
+ MsnFileContext header;
gchar *u8 = NULL;
- guchar *base;
- guchar *n;
gchar *ret;
gunichar2 *uni = NULL;
glong currentChar = 0;
- glong uni_len = 0;
- gsize len;
+ glong len = 0;
size = purple_xfer_get_size(xfer);
- if(!file_name) {
+ if (!file_name) {
gchar *basename = g_path_get_basename(file_path);
u8 = purple_utf8_try_convert(basename);
g_free(basename);
file_name = u8;
}
- uni = g_utf8_to_utf16(file_name, -1, NULL, &uni_len, NULL);
+ uni = g_utf8_to_utf16(file_name, -1, NULL, &len, NULL);
- if(u8) {
+ if (u8) {
g_free(u8);
file_name = NULL;
u8 = NULL;
}
- len = sizeof(MsnContextHeader) + MAX_FILE_NAME_LEN + 4;
+ header.length = GUINT32_TO_LE(sizeof(MsnFileContext));
+ header.version = GUINT32_TO_LE(2); /* V.3 contains additional unnecessary data */
+ header.file_size = GUINT64_TO_LE(size);
+ header.type = GUINT32_TO_LE(1); /* No file preview */
- header.length = GUINT32_TO_LE(len);
- header.unk1 = GUINT32_TO_LE(2);
- header.file_size = GUINT32_TO_LE(size);
- header.unk2 = GUINT32_TO_LE(0);
- header.unk3 = GUINT32_TO_LE(0);
-
- base = g_malloc(len + 1);
- n = base;
-
- memcpy(n, &header, sizeof(MsnContextHeader));
- n += sizeof(MsnContextHeader);
-
- memset(n, 0x00, MAX_FILE_NAME_LEN);
- for(currentChar = 0; currentChar < uni_len; currentChar++) {
- *((gunichar2 *)n + currentChar) = GUINT16_TO_LE(uni[currentChar]);
+ len = MIN(len, MAX_FILE_NAME_LEN);
+ for (currentChar = 0; currentChar < len; currentChar++) {
+ header.file_name[currentChar] = GUINT16_TO_LE(uni[currentChar]);
}
- n += MAX_FILE_NAME_LEN;
+ memset(&header.file_name[currentChar], 0x00, (MAX_FILE_NAME_LEN - currentChar) * 2);
- memset(n, 0xFF, 4);
- n += 4;
+ memset(&header.unknown1, 0, sizeof(header.unknown1));
+ header.unknown2 = GUINT32_TO_LE(0xffffffff);
+ header.preview[0] = '\0';
g_free(uni);
- ret = purple_base64_encode(base, len);
- g_free(base);
+ ret = purple_base64_encode((const guchar *)&header, sizeof(MsnFileContext));
return ret;
}
More information about the Commits
mailing list