--- a/src/protocols/msn/msg.c Mon Jun 06 18:31:42 2005 -0400
+++ b/src/protocols/msn/msg.c Wed Jun 08 17:31:20 2005 -0400
@@ -205,7 +205,10 @@
/* TODO? some clients use \r delimiters instead of \r\n, the official client
* doesn't send such messages, but does handle receiving them. We'll just
* avoid crashing for now */
- g_return_if_fail(end != NULL); elems = g_strsplit(tmp, "\r\n", 0);
@@ -252,6 +255,7 @@
+ /* Proceed to the end of the "\r\n\r\n" */ /* Now we *should* be at the body. */
@@ -262,6 +266,12 @@
+ if (payload_len - (tmp - tmp_base) < sizeof(header)) { msg->msnslp_message = TRUE;
@@ -279,24 +289,28 @@
msg->msnslp_header.ack_sub_id = GUINT32_FROM_LE(header.ack_sub_id);
msg->msnslp_header.ack_size = GUINT64_FROM_LE(header.ack_size);
- msg->body_len = payload_len - (tmp - tmp_base) - sizeof(footer);+ body_len = payload_len - (tmp - tmp_base) - sizeof(footer);
+ msg->body_len = body_len; msg->body = g_memdup(tmp, msg->body_len);
- memcpy(&footer, tmp, sizeof(footer));- msg->msnslp_footer.value = GUINT32_FROM_BE(footer.value);+ memcpy(&footer, tmp, sizeof(footer)); + msg->msnslp_footer.value = GUINT32_FROM_BE(footer.value); - msg->body_len = payload_len - (tmp - tmp_base);- msg->body = g_memdup(tmp, msg->body_len);+ if (payload_len - (tmp - tmp_base) > 0) { + msg->body_len = payload_len - (tmp - tmp_base); + msg->body = g_memdup(tmp, msg->body_len); 