/pidgin/main: b0345c25f886: Validate incoming Yahoo strings as U...
Mark Doliner
mark at kingant.net
Tue Jan 28 10:38:13 EST 2014
Changeset: b0345c25f886bca307e174d13815c8abbb5a2736
Author: Mark Doliner <mark at kingant.net>
Date: 2014-01-19 11:30 -0800
Branch: release-2.x.y
URL: https://hg.pidgin.im/pidgin/main/rev/b0345c25f886
Description:
Validate incoming Yahoo strings as UTF-8 before using them.
diffstat:
libpurple/protocols/yahoo/libymsg.c | 348 +++++++++++++++++++++++-----
libpurple/protocols/yahoo/yahoo_aliases.c | 19 +-
libpurple/protocols/yahoo/yahoo_filexfer.c | 176 ++++++++++++--
libpurple/protocols/yahoo/yahoo_friend.c | 7 +-
libpurple/protocols/yahoo/yahoo_picture.c | 42 +++-
libpurple/protocols/yahoo/yahoochat.c | 110 +++++++-
6 files changed, 578 insertions(+), 124 deletions(-)
diffs (truncated from 1165 to 300 lines):
diff --git a/libpurple/protocols/yahoo/libymsg.c b/libpurple/protocols/yahoo/libymsg.c
--- a/libpurple/protocols/yahoo/libymsg.c
+++ b/libpurple/protocols/yahoo/libymsg.c
@@ -21,6 +21,12 @@
*
*/
+/*
+ * Note: When handling the list of struct yahoo_pair's from an incoming
+ * packet the value might not be UTF-8. You should either validate that
+ * it is UTF-8 using g_utf8_validate() or use yahoo_string_decode().
+ */
+
#include "internal.h"
#include "account.h"
@@ -592,14 +598,24 @@ static void yahoo_process_list_15(Purple
yd->current_list15_grp = yahoo_string_decode(gc, pair->value, FALSE);
break;
case 7: /* buddy's s/n */
- g_free(temp);
- temp = g_strdup(purple_normalize(account, pair->value));
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ g_free(temp);
+ temp = g_strdup(purple_normalize(account, pair->value));
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 241: /* user on federated network */
fed = strtol(pair->value, NULL, 10);
break;
case 59: /* somebody told cookies come here too, but im not sure */
- yahoo_process_cookie(yd, pair->value);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ yahoo_process_cookie(yd, pair->value);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 317: /* Stealth Setting */
stealth = strtol(pair->value, NULL, 10);
@@ -662,22 +678,42 @@ static void yahoo_process_list(PurpleCon
g_string_append(yd->tmp_serv_blist, pair->value);
break;
case 88:
- if (!yd->tmp_serv_ilist)
- yd->tmp_serv_ilist = g_string_new(pair->value);
- else
- g_string_append(yd->tmp_serv_ilist, pair->value);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ if (!yd->tmp_serv_ilist)
+ yd->tmp_serv_ilist = g_string_new(pair->value);
+ else
+ g_string_append(yd->tmp_serv_ilist, pair->value);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 89:
- yd->profiles = g_strsplit(pair->value, ",", -1);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ yd->profiles = g_strsplit(pair->value, ",", -1);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 59: /* cookies, yum */
- yahoo_process_cookie(yd, pair->value);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ yahoo_process_cookie(yd, pair->value);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case YAHOO_SERVICE_PRESENCE_PERM:
- if (!yd->tmp_serv_plist)
- yd->tmp_serv_plist = g_string_new(pair->value);
- else
- g_string_append(yd->tmp_serv_plist, pair->value);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ if (!yd->tmp_serv_plist)
+ yd->tmp_serv_plist = g_string_new(pair->value);
+ else
+ g_string_append(yd->tmp_serv_plist, pair->value);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_list "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
}
}
@@ -700,6 +736,12 @@ static void yahoo_process_list(PurpleCon
grp = yahoo_string_decode(gc, split[0], FALSE);
buddies = g_strsplit(split[1], ",", -1);
for (bud = buddies; bud && *bud; bud++) {
+ if (!g_utf8_validate(*bud, -1, NULL)) {
+ purple_debug_warning("yahoo", "yahoo_process_list "
+ "got non-UTF-8 string for bud\n");
+ continue;
+ }
+
norm_bud = g_strdup(purple_normalize(account, *bud));
f = yahoo_friend_find_or_new(gc, norm_bud);
@@ -794,14 +836,26 @@ static void yahoo_process_notify(PurpleC
while (l) {
struct yahoo_pair *pair = l->data;
- if (pair->key == 4 || pair->key == 1)
- from = pair->value;
+ if (pair->key == 4 || pair->key == 1) {
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ from = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_notify "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
+ }
if (pair->key == 49)
msg = pair->value;
if (pair->key == 13)
stat = pair->value;
- if (pair->key == 14)
- game = pair->value;
+ if (pair->key == 14) {
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ game = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_notify "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
+ }
if (pair->key == 11)
val_11 = strtol(pair->value, NULL, 10);
if (pair->key == 241)
@@ -905,10 +959,15 @@ static void yahoo_process_sms_message(Pu
while (l != NULL) {
struct yahoo_pair *pair = l->data;
if (pair->key == 4) {
- sms = g_new0(struct _yahoo_im, 1);
- sms->from = g_strdup_printf("+%s", pair->value);
- sms->time = time(NULL);
- sms->utf8 = TRUE;
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ sms = g_new0(struct _yahoo_im, 1);
+ sms->from = g_strdup_printf("+%s", pair->value);
+ sms->time = time(NULL);
+ sms->utf8 = TRUE;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_sms_message "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
}
if (pair->key == 14) {
if (sms)
@@ -917,8 +976,14 @@ static void yahoo_process_sms_message(Pu
if (pair->key == 68)
if(sms)
g_hash_table_insert(yd->sms_carrier, g_strdup(sms->from), g_strdup(pair->value));
- if (pair->key == 16)
- server_msg = pair->value;
+ if (pair->key == 16) {
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ server_msg = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_sms_message "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
+ }
l = l->next;
}
@@ -972,13 +1037,18 @@ static void yahoo_process_message(Purple
while (l != NULL) {
struct yahoo_pair *pair = l->data;
if (pair->key == 4 || pair->key == 1) {
- im = g_new0(struct _yahoo_im, 1);
- list = g_slist_append(list, im);
- im->from = pair->value;
- im->time = time(NULL);
- im->utf8 = TRUE;
- im->fed = YAHOO_FEDERATION_NONE;
- im->fed_from = g_strdup(im->from);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ im = g_new0(struct _yahoo_im, 1);
+ list = g_slist_append(list, im);
+ im->from = pair->value;
+ im->time = time(NULL);
+ im->utf8 = TRUE;
+ im->fed = YAHOO_FEDERATION_NONE;
+ im->fed_from = g_strdup(im->from);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_message "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
}
if (im && pair->key == 5)
im->active_id = pair->value;
@@ -1034,7 +1104,7 @@ static void yahoo_process_message(Purple
}
}
/* IMV key */
- if (im && pair->key == 63)
+ if (im && pair->key == 63 && g_utf8_validate(pair->value, -1, NULL))
{
/* Check for the Doodle IMV, no IMvironment for federated buddies */
if (im->from != NULL && im->fed == YAHOO_FEDERATION_NONE)
@@ -1170,10 +1240,22 @@ static void yahoo_process_sysmessage(Pur
while (l) {
struct yahoo_pair *pair = l->data;
- if (pair->key == 5)
- me = pair->value;
- if (pair->key == 14)
- msg = pair->value;
+ if (pair->key == 5) {
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ me = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_sysmessage "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
+ }
+ if (pair->key == 14) {
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ msg = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_process_sysmessage "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
+ }
l = l->next;
}
@@ -1331,7 +1413,12 @@ static void yahoo_buddy_auth_req_15(Purp
switch (pair->key) {
case 4:
- temp = pair->value;
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ temp = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 13:
response = strtol(pair->value, NULL, 10);
@@ -1386,22 +1473,42 @@ static void yahoo_buddy_auth_req_15(Purp
switch (pair->key) {
case 4:
- temp = pair->value;
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ temp = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 5:
- add_req->id = g_strdup(pair->value);
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ add_req->id = g_strdup(pair->value);
+ } else {
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 14:
msg = pair->value;
break;
case 216:
- firstname = pair->value;
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ firstname = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
case 241:
add_req->fed = strtol(pair->value, NULL, 10);
break;
case 254:
- lastname = pair->value;
+ if (g_utf8_validate(pair->value, -1, NULL)) {
+ lastname = pair->value;
+ } else {
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
+ "got non-UTF-8 string for key %d\n", pair->key);
+ }
break;
More information about the Commits
mailing list