HGKeeper

Fix non-nul terminated buffer during oscar direct connect negotiation.
release-2.x.y
2013-04-14, Mark Doliner

fe36722f772e

Parents 0b8bec51e84b
Children 0f7e07af75fc 1ea7627d768d

Fix non-nul terminated buffer during oscar direct connect negotiation.
User must have either accepted the direct connect request or initiated it
or order to trigger this.

CID 732103

1 files changed, 5 insertions(+), 3 deletions(-)

+5 -3

libpurple/protocols/oscar/odc.c

~~--- a/libpurple/protocols/oscar/odc.c Sun Apr 14 12:50:54 2013 -0700~~

+++ b/libpurple/protocols/oscar/odc.c Sun Apr 14 13:01:27 2013 -0700

@@ -266,7 +266,6 @@

* problems while parsing the binary data section then we stop

* parsing it, and the local user will see broken image icons.

*/

~~- /* TODO: Use a length argument when looking for the <binary> tag! */~~

binary_start = purple_strcasestr(msg, "<binary>");

if (binary_start == NULL)

msgend = dataend;

@@ -278,7 +277,6 @@

tmp = binary_start + 8;

/* The embedded binary markup has a mimimum length of 29 bytes */

~~- /* TODO: Use a length argument when looking for the <data> tag! */~~

while ((tmp + 29 <= dataend) &&

purple_markup_find_tag("data", tmp, &start, &tmp, &attributes))

{

@@ -463,6 +461,10 @@

if (bs->offset < bs->len)

/* Waiting for more data to arrive */

return;

+ /* TODO: Instead of null-terminating this, it would be better if we just

+ respected the length of the buffer when parsing it. But it doesn't

+ really matter and this is easy. */

+ bs->data[bs->len] = '\0';

/* We have a complete ODC/OFT frame! Handle it and continue reading */

byte_stream_rewind(bs);

@@ -612,7 +614,7 @@

}

/* We have payload data! Switch to the ODC watcher to read it. */

~~- frame->payload.data = g_new(guint8, frame->payload.len);~~

+ frame->payload.data = g_new(guint8, frame->payload.len + 1);

frame->payload.offset = 0;

conn->frame = frame;

purple_input_remove(conn->watcher_incoming);

pidgin/pidgin