This add a static inline version of `g_memdup2` if the version of glib we're
compiling against doesn't have the function.
GHSL-2021-045 was originally reported to glib at
https://gitlab.gnome.org/GNOME/glib/-/issues/2319.
More information about the entire situation can be found on the gnome
desktop-devel-list at
https://mail.gnome.org/archives/desktop-devel-list/2021-February/msg00000.html
Testing Done:
Compiled and ran tests locally.
Reviewed at https://reviews.imfreedom.org/r/483/
/*
* Purple's oscar protocol plugin
* This file is the legal property of its developers.
* Please see the AUTHORS file distributed alongside this file.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA
*/
/*
* Family 0x0017 - Authentication.
*
* Deals with the authorizer for SNAC-based login, and also old-style
* non-SNAC login.
*
*/
#include"oscar.h"
#include<ctype.h>
#include"cipher.h"
/* #define USE_XOR_FOR_ICQ */
#ifdef USE_XOR_FOR_ICQ
/**
* Encode a password using old XOR method
*
* This takes a const pointer to a (null terminated) string
* containing the unencoded password. It also gets passed
* an already allocated buffer to store the encoded password.
* This buffer should be the exact length of the password without
* the null. The encoded password buffer /is not %NULL terminated/.
*
* The encoding_table seems to be a fixed set of values. We'll
* hope it doesn't change over time!
*
* This is only used for the XOR method, not the better MD5 method.
aim_tlvlist_add_32(&tlvlist,0x0014,distrib);/* distribution chan */
aim_tlvlist_add_str(&tlvlist,0x000f,ci->lang);
aim_tlvlist_add_str(&tlvlist,0x000e,ci->country);
aim_tlvlist_write(&frame->data,&tlvlist);
g_free(password_encoded);
aim_tlvlist_free(tlvlist);
flap_connection_send(conn,frame);
return0;
}
#endif
/*
* Subtype 0x0002
*
* This is the initial login request packet.
*
* NOTE!! If you want/need to make use of the aim_sendmemblock() function,
* then the client information you send here must exactly match the
* executable that you're pulling the data from.
*
* Java AIM 1.1.19:
* clientstring = "AOL Instant Messenger (TM) version 1.1.19 for Java built 03/24/98, freeMem 215871 totalMem 1048567, i686, Linus, #2 SMP Sun Feb 11 03:41:17 UTC 2001 2.4.1-ac9, IBM Corporation, 1.1.8, 45.3, Tue Mar 27 12:09:17 PST 2001"
* clientid = 0x0001
* major = 0x0001
* minor = 0x0001
* point = (not sent)
* build = 0x0013
* unknown= (not sent)
*
* AIM for Linux 1.1.112:
* clientstring = "AOL Instant Messenger (SM)"
* clientid = 0x1d09
* major = 0x0001
* minor = 0x0001
* point = 0x0001
* build = 0x0070
* unknown= 0x0000008b
* serverstore = 0x01
*
* @param truncate_pass Truncate the password to 8 characters. This
* usually happens for AOL accounts. We are told that we
* should truncate it if the 0x0017/0x0007 SNAC contains
* a TLV of type 0x0026 with data 0x0000.
* @param allow_multiple_logins Allow multiple logins? If TRUE, the AIM
* server will prompt the user when multiple logins occur. If
* FALSE, existing connections (on other clients) will be