gaim/gaim

- Fixed a segfault that occurred when a key/value pair had no value (i.e.,
gtk1-stable
2002-11-23, Christian Hammond
00a3f86702ba
Parents 504b25e09e10
Children 63bbc9ce1dc0
- Fixed a segfault that occurred when a key/value pair had no value (i.e.,
in the mail notification packets that the Yahoo server is sending out).
- Skip over a garbage character in mail notification packets that's causing
the sender name key/value pair to be ignored.
- Some code cleanups, which should optimize it (though not noticeably so)
and make it easier to read. Thanks go to ZuperDee for this.
1 files changed, 16 insertions(+), 10 deletions(-)
  • +16 -10
    src/protocols/yahoo/yahoo.c
    • --- a/src/protocols/yahoo/yahoo.c Mon Nov 11 21:04:33 2002 -0500
    +++ b/src/protocols/yahoo/yahoo.c Sat Nov 23 13:50:47 2002 -0500
    @@ -259,19 +259,20 @@
    pair->key = strtol(key, NULL, 10);
    accept = x; /* if x is 0 there was no key, so don't accept it */
    - if (accept)
    + if (len - pos + 1 <= 0) {
    + /* Truncated. Garbage or something. */
    + accept = 0;
    + }
    +
    + if (accept) {
    value = g_malloc(len - pos + 1);
    - x = 0;
    - while (pos + 1 < len) {
    - if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
    - break;
    - if (accept)
    + x = 0;
    + while (pos + 1 < len) {
    + if (data[pos] == 0xc0 && data[pos + 1] == 0x80)
    + break;
    value[x++] = data[pos++];
    - }
    - if (accept)
    + }
    value[x] = 0;
    - pos += 2;
    - if (accept) {
    pair->value = g_strdup(value);
    g_free(value);
    pkt->hash = g_slist_append(pkt->hash, pair);
    @@ -279,6 +280,11 @@
    } else {
    g_free(pair);
    }
    + pos += 2;
    +
    + /* Skip over garbage we've noticed in the mail notifications */
    + if (data[0] == '9' && data[pos] == 0x01)
    + pos++;
    }
    }