gaim/gaim

Patch 1256826 from Federico Schwindt to ensure msg->body is always nul
oldstatus
2005-08-11, Stu Tomlinson
b167d3fb6631
Parents 5244279de6bd
Children 68d0483601b7
Patch 1256826 from Federico Schwindt to ensure msg->body is always nul
terminated (even though strictly it shouldn't need to be, it's safer
like this). Plus a fix by me for one case where we were assuming it was
already nul terminated.
3 files changed, 18 insertions(+), 7 deletions(-)
  • +1 -0
    COPYRIGHT
  • +8 -4
    src/protocols/msn/msg.c
  • +9 -3
    src/protocols/msn/slp.c
    • --- a/COPYRIGHT Thu Aug 11 11:54:10 2005 -0400
    +++ b/COPYRIGHT Thu Aug 11 15:25:27 2005 -0400
    @@ -161,6 +161,7 @@
    Carsten Schaar
    Luke Schierer
    Evan Schoenberg
    +Federico Schwindt
    Torrey Searle
    Don Seiler
    Leonardo Serra
    --- a/src/protocols/msn/msg.c Thu Aug 11 11:54:10 2005 -0400
    +++ b/src/protocols/msn/msg.c Thu Aug 11 15:25:27 2005 -0400
    @@ -187,7 +187,8 @@
    if (body_len > 0) {
    msg->body_len = len - (tmp - body);
    - msg->body = g_memdup(tmp, msg->body_len);
    + msg->body = g_malloc0(msg->body_len + 1);
    + memcpy(msg->body, tmp, msg->body_len);
    tmp += body_len;
    }
    }
    @@ -300,7 +301,8 @@
    /* Import the body. */
    if (body_len > 0) {
    msg->body_len = body_len;
    - msg->body = g_memdup(tmp, msg->body_len);
    + msg->body = g_malloc0(msg->body_len + 1);
    + memcpy(msg->body, tmp, msg->body_len);
    tmp += body_len;
    }
    @@ -315,7 +317,8 @@
    {
    if (payload_len - (tmp - tmp_base) > 0) {
    msg->body_len = payload_len - (tmp - tmp_base);
    - msg->body = g_memdup(tmp, msg->body_len);
    + msg->body = g_malloc0(msg->body_len + 1);
    + memcpy(msg->body, tmp, msg->body_len);
    }
    }
    @@ -511,7 +514,8 @@
    if (data != NULL && len > 0)
    {
    - msg->body = g_memdup(data, len);
    + msg->body = g_malloc0(len + 1);
    + memcpy(msg->body, data, len);
    msg->body_len = len;
    }
    else
    --- a/src/protocols/msn/slp.c Thu Aug 11 11:54:10 2005 -0400
    +++ b/src/protocols/msn/slp.c Thu Aug 11 15:25:27 2005 -0400
    @@ -782,12 +782,18 @@
    MsnSlpLink *slplink;
    MsnObject *obj;
    char **tokens;
    - char *smile;
    - const char *who;
    + char *body_str, *smile;
    + const char *body, *who;
    + size_t body_len;
    session = cmdproc->servconn->session;
    - tokens = g_strsplit(msg->body, "\t", 2);
    + body = msn_message_get_bin_data(msg, &body_len);
    + body_str = g_strndup(body, body_len);
    +
    + tokens = g_strsplit(body_str, "\t", 2);
    +
    + g_free(body_str);
    smile = tokens[0];
    obj = msn_object_new_from_string(gaim_url_decode(tokens[1]));