It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
Testing Done:
Compiled
Reviewed at https://reviews.imfreedom.org/r/1357/
/*
* purple
*
* File: win32dep.c
* Date: June, 2002
* Description: Windows dependant code for Purple
*
* Copyright (C) 2002-2003, Herman Bloggs <hermanator12002@yahoo.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
*
*/
#define _WIN32_IE 0x501
#include"internal.h"
#include<winuser.h>
#include"debug.h"
#include"notify.h"
/*
* LOCALS
*/
staticchar*app_data_dir=NULL,*install_dir=NULL,
*lib_dir=NULL,*locale_dir=NULL;
staticHINSTANCElibpurpledll_hInstance=NULL;
/*
* PUBLIC CODE
*/
/* Escape windows dir separators. This is needed when paths are saved,
and on being read back have their '\' chars used as an escape char.
Returns an allocated string which needs to be freed.
*/
char*wpurple_escape_dirsep(constchar*filename){
intsepcount=0;
constchar*tmp=filename;
char*ret;
intcnt=0;
g_return_val_if_fail(filename!=NULL,NULL);
while(*tmp){
if(*tmp=='\\')
sepcount++;
tmp++;
}
ret=g_malloc0(strlen(filename)+sepcount+1);
while(*filename){
ret[cnt]=*filename;
if(*filename=='\\')
ret[++cnt]='\\';
filename++;
cnt++;
}
ret[cnt]='\0';
returnret;
}
/* Determine whether the specified dll contains the specified procedure.