pidgin: 910f5b33: Validate utf8 for a few random strings t...

markdoliner at pidgin.im markdoliner at pidgin.im
Thu May 3 05:30:48 EDT 2012 

----------------------------------------------------------------------
Revision: 910f5b335b379782205ae24d4bc165e88898e9f0
Parent:   350fa7c81e15102909ca445a00b5fd44662d7fbd
Author:   markdoliner at pidgin.im
Date:     05/03/12 05:28:11
Branch:   im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/910f5b335b379782205ae24d4bc165e88898e9f0

Changelog: 

Validate utf8 for a few random strings that we read, in case AOL or ICQ
decide to start sending us non-utf8

Changes against parent 350fa7c81e15102909ca445a00b5fd44662d7fbd

  patched  libpurple/protocols/oscar/family_auth.c
  patched  libpurple/protocols/oscar/family_bart.c
  patched  libpurple/protocols/oscar/family_icbm.c
  patched  libpurple/protocols/oscar/oscar.c
  patched  libpurple/protocols/oscar/oscar.h

-------------- next part --------------
============================================================
--- libpurple/protocols/oscar/oscar.c	08b7efeee1b85e5f47d8aefe2a2ec0ad0495b38a
+++ libpurple/protocols/oscar/oscar.c	14a266a7ca0e893f864957b9a27566669f800eaa
@@ -55,8 +55,6 @@
 
 #define AIMHASHDATA "http://pidgin.im/aim_data.php3"
 
-#define OSCAR_CONNECT_STEPS 6
-
 static guint64 purple_caps =
 	OSCAR_CAPABILITY_CHAT
 		| OSCAR_CAPABILITY_BUDDYICON
@@ -89,7 +87,6 @@ static int purple_parse_auth_resp  (Osca
 
 /* Only used when connecting with the old-style BUCP login */
 static int purple_parse_auth_resp  (OscarData *, FlapConnection *, FlapFrame *, ...);
-static int purple_parse_login      (OscarData *, FlapConnection *, FlapFrame *, ...);
 static int purple_parse_auth_securid_request(OscarData *, FlapConnection *, FlapFrame *, ...);
 
 static int purple_handle_redirect  (OscarData *, FlapConnection *, FlapFrame *, ...);
@@ -673,7 +670,6 @@ oscar_login(PurpleAccount *account)
 
 	/* These are only needed when connecting with the old-style BUCP login */
 	oscar_data_addhandler(od, SNAC_FAMILY_AUTH, 0x0003, purple_parse_auth_resp, 0);
-	oscar_data_addhandler(od, SNAC_FAMILY_AUTH, 0x0007, purple_parse_login, 0);
 	oscar_data_addhandler(od, SNAC_FAMILY_AUTH, SNAC_SUBTYPE_AUTH_SECURID_REQUEST, purple_parse_auth_securid_request, 0);
 
 	oscar_data_addhandler(od, SNAC_FAMILY_BART, SNAC_SUBTYPE_BART_RESPONSE, purple_icon_parseicon, 0);
@@ -1232,39 +1228,7 @@ purple_parse_auth_securid_request(OscarD
 	return 1;
 }
 
-/**
- * Only used when connecting with the old-style BUCP login.
- */
 static int
-purple_parse_login(OscarData *od, FlapConnection *conn, FlapFrame *fr, ...)
-{
-	PurpleConnection *gc;
-	PurpleAccount *account;
-	ClientInfo aiminfo = CLIENTINFO_PURPLE_AIM;
-	ClientInfo icqinfo = CLIENTINFO_PURPLE_ICQ;
-	va_list ap;
-	char *key;
-	gboolean truncate_pass;
-
-	gc = od->gc;
-	account = purple_connection_get_account(gc);
-
-	va_start(ap, fr);
-	key = va_arg(ap, char *);
-	truncate_pass = va_arg(ap, int);
-	va_end(ap);
-
-	aim_send_login(od, conn, purple_account_get_username(account),
-			purple_connection_get_password(gc), truncate_pass,
-			od->icq ? &icqinfo : &aiminfo, key,
-			purple_account_get_bool(account, "allow_multiple_logins", OSCAR_DEFAULT_ALLOW_MULTIPLE_LOGINS));
-
-	purple_connection_update_progress(gc, _("Password sent"), 2, OSCAR_CONNECT_STEPS);
-
-	return 1;
-}
-
-static int
 purple_handle_redirect(OscarData *od, FlapConnection *conn, FlapFrame *fr, ...)
 {
 	PurpleConnection *gc = od->gc;
============================================================
--- libpurple/protocols/oscar/family_auth.c	d5403088f01bc954b50db9abfa1b76e165320215
+++ libpurple/protocols/oscar/family_auth.c	fe16c22464520397a12d40858f777fdbca16af64
@@ -27,6 +27,7 @@
  */
 
 #include "oscar.h"
+#include "oscarcommon.h"
 
 #include <ctype.h>
 
@@ -506,14 +507,29 @@ keyparse(OscarData *od, FlapConnection *
 static int
 keyparse(OscarData *od, FlapConnection *conn, aim_module_t *mod, FlapFrame *frame, aim_modsnac_t *snac, ByteStream *bs)
 {
-	int keylen, ret = 1;
-	aim_rxcallback_t userfunc;
+	int keylen;
 	char *keystr;
 	GSList *tlvlist;
 	gboolean truncate_pass;
+	PurpleConnection *gc;
+	PurpleAccount *account;
+	ClientInfo aiminfo = CLIENTINFO_PURPLE_AIM;
+	ClientInfo icqinfo = CLIENTINFO_PURPLE_ICQ;
 
+	gc = od->gc;
+	account = purple_connection_get_account(gc);
+
 	keylen = byte_stream_get16(bs);
 	keystr = byte_stream_getstr(bs, keylen);
+	if (!g_utf8_validate(keystr, -1, NULL)) {
+		purple_debug_warning("oscar", "Received SNAC %04hx/%04hx with "
+				"invalid UTF-8 keystr.\n", snac->family, snac->subtype);
+		purple_connection_error(gc, PURPLE_CONNECTION_ERROR_OTHER_ERROR,
+				_("Received unexpected response from server"));
+		g_free(keystr);
+		return 1;
+	}
+
 	tlvlist = aim_tlvlist_read(bs);
 
 	/*
@@ -527,13 +543,18 @@ keyparse(OscarData *od, FlapConnection *
 	 * for the netscape network.  This SNAC had a type 0x0058 TLV with length 10.
 	 * Data is 0x0007 0004 3e19 ae1e 0006 0004 0000 0005 */
 
-	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
-		ret = userfunc(od, conn, frame, keystr, (int)truncate_pass);
+	aim_send_login(od, conn, purple_account_get_username(account),
+			purple_connection_get_password(gc), truncate_pass,
+			od->icq ? &icqinfo : &aiminfo, keystr,
+			purple_account_get_bool(account, "allow_multiple_logins", OSCAR_DEFAULT_ALLOW_MULTIPLE_LOGINS));
 
+	purple_connection_update_progress(gc,
+			_("Password sent"), 2, OSCAR_CONNECT_STEPS);
+
 	g_free(keystr);
 	aim_tlvlist_free(tlvlist);
 
-	return ret;
+	return 1;
 }
 
 /**
============================================================
--- libpurple/protocols/oscar/family_bart.c	74cf4f06f2bbd2f94835679c2c0628bae9141cdf
+++ libpurple/protocols/oscar/family_bart.c	5a0f2f751601d12b4165562ff9781abc2619694e
@@ -143,6 +143,12 @@ parseicon(OscarData *od, FlapConnection 
 	guint8 iconcsumtype, iconcsumlen, *iconcsum, *icon;
 
 	bn = byte_stream_getstr(bs, byte_stream_get8(bs));
+	if (!g_utf8_validate(bn, -1, NULL)) {
+		purple_debug_warning("oscar", "Received SNAC %04hx/%04hx with "
+				"invalid UTF-8 buddy name.\n", snac->family, snac->subtype);
+		g_free(bn);
+		return 1;
+	}
 	flags = byte_stream_get16(bs);
 	iconcsumtype = byte_stream_get8(bs);
 	iconcsumlen = byte_stream_get8(bs);
============================================================
--- libpurple/protocols/oscar/family_icbm.c	f9be0fa2a0b7599e18e043ea944e4d30e22bf6be
+++ libpurple/protocols/oscar/family_icbm.c	dc4ef77bd3620a890cbd3a6fa41d4d031ddaef4a
@@ -2095,6 +2095,12 @@ static int mtn_receive(OscarData *od, Fl
 	channel = byte_stream_get16(bs);
 	bnlen = byte_stream_get8(bs);
 	bn = byte_stream_getstr(bs, bnlen);
+	if (!g_utf8_validate(bn, -1, NULL)) {
+		purple_debug_warning("oscar", "Received SNAC %04hx/%04hx with "
+				"invalid UTF-8 buddy name.\n", snac->family, snac->subtype);
+		g_free(bn);
+		return 1;
+	}
 	event = byte_stream_get16(bs);
 
 	if ((userfunc = aim_callhandler(od, snac->family, snac->subtype)))
============================================================
--- libpurple/protocols/oscar/oscar.h	8b6e13f7541a791a32d10b78cff2c8f65f0ea43e
+++ libpurple/protocols/oscar/oscar.h	17504cfb87d28ea5edfbe1a0461c04032ebc705d
@@ -114,6 +114,8 @@ extern "C" {
 
 #define AIM_MD5_STRING "AOL Instant Messenger (SM)"
 
+#define OSCAR_CONNECT_STEPS 6
+
 /*
  * Client info.  Filled in by the client and passed in to
  * aim_send_login().  The information ends up getting passed to OSCAR

More information about the Commits mailing list