|
 |
eb8e82 |
From 673800fe903588164b703e0e9be04ced78492b93 Mon Sep 17 00:00:00 2001
|
|
|
eb8e82 |
From: Eion Robb <eionrobb@gmail.com>
|
|
|
eb8e82 |
Date: Sun, 19 Feb 2017 03:13:47 +0000
|
|
|
eb8e82 |
Subject: [PATCH 1/2] Fix for crash when sending invalid xml entities separated
|
|
|
eb8e82 |
by whitespace, eg "&# 3000;"
|
|
|
eb8e82 |
|
|
|
eb8e82 |
--HG--
|
|
|
eb8e82 |
branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880
|
|
|
eb8e82 |
---
|
|
|
eb8e82 |
libpurple/util.c | 4 ++--
|
|
|
eb8e82 |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
eb8e82 |
|
|
|
eb8e82 |
diff --git a/libpurple/util.c b/libpurple/util.c
|
|
|
eb8e82 |
index 9f2a904ae688..4b8fecd2ab84 100644
|
|
|
eb8e82 |
--- a/libpurple/util.c
|
|
|
eb8e82 |
+++ b/libpurple/util.c
|
|
|
eb8e82 |
@@ -978,8 +978,8 @@ purple_markup_unescape_entity(const char *text, int *length)
|
|
|
eb8e82 |
else if(IS_ENTITY("'"))
|
|
|
eb8e82 |
pln = "\'";
|
|
|
eb8e82 |
else if(*(text+1) == '#' &&
|
|
|
eb8e82 |
- (sscanf(text, "&#%u%1[;]", £, temp) == 2 ||
|
|
|
eb8e82 |
- sscanf(text, "&#x%x%1[;]", £, temp) == 2) &&
|
|
|
eb8e82 |
+ (sscanf(text, "&#%*[^ ]%u%1[;]", £, temp) == 2 ||
|
|
|
eb8e82 |
+ sscanf(text, "&#x%*[^ ]%x%1[;]", £, temp) == 2) &&
|
|
|
eb8e82 |
pound != 0) {
|
|
|
eb8e82 |
static char buf[7];
|
|
|
eb8e82 |
int buflen = g_unichar_to_utf8((gunichar)pound, buf);
|
|
|
eb8e82 |
--
|
|
|
eb8e82 |
2.9.3
|
|
|
eb8e82 |
|
|
|
eb8e82 |
|
|
|
eb8e82 |
From 4a5ebea2ad6281bd7a223d33fac3dcd2fe5cd798 Mon Sep 17 00:00:00 2001
|
|
|
eb8e82 |
From: Eion Robb <eionrobb@gmail.com>
|
|
|
eb8e82 |
Date: Mon, 20 Feb 2017 21:05:32 +0000
|
|
|
eb8e82 |
Subject: [PATCH 2/2] Use the more robust entity processing that @dequisdequis
|
|
|
eb8e82 |
came up with
|
|
|
eb8e82 |
|
|
|
eb8e82 |
--HG--
|
|
|
eb8e82 |
branch : EionRobb/fix-for-crash-when-sending-invalid-xml-e-1487474010880
|
|
|
eb8e82 |
---
|
|
|
eb8e82 |
libpurple/util.c | 29 ++++++++++++++++++++---------
|
|
|
eb8e82 |
1 file changed, 20 insertions(+), 9 deletions(-)
|
|
|
eb8e82 |
|
|
|
eb8e82 |
diff --git a/libpurple/util.c b/libpurple/util.c
|
|
|
eb8e82 |
index 4b8fecd2ab84..cff526de0726 100644
|
|
|
eb8e82 |
--- a/libpurple/util.c
|
|
|
eb8e82 |
+++ b/libpurple/util.c
|
|
|
eb8e82 |
@@ -977,18 +977,29 @@ purple_markup_unescape_entity(const char *text, int *length)
|
|
|
eb8e82 |
pln = "\302\256"; /* or use g_unichar_to_utf8(0xae); */
|
|
|
eb8e82 |
else if(IS_ENTITY("'"))
|
|
|
eb8e82 |
pln = "\'";
|
|
|
eb8e82 |
- else if(*(text+1) == '#' &&
|
|
|
eb8e82 |
- (sscanf(text, "&#%*[^ ]%u%1[;]", £, temp) == 2 ||
|
|
|
eb8e82 |
- sscanf(text, "&#x%*[^ ]%x%1[;]", £, temp) == 2) &&
|
|
|
eb8e82 |
- pound != 0) {
|
|
|
eb8e82 |
+ else if(text[1] == '#' && g_ascii_isxdigit(text[2])) {
|
|
|
eb8e82 |
static char buf[7];
|
|
|
eb8e82 |
- int buflen = g_unichar_to_utf8((gunichar)pound, buf);
|
|
|
eb8e82 |
+ const char *start = text + 2;
|
|
|
eb8e82 |
+ char *end;
|
|
|
eb8e82 |
+ guint64 pound;
|
|
|
eb8e82 |
+ int base = 10;
|
|
|
eb8e82 |
+ int buflen;
|
|
|
eb8e82 |
+
|
|
|
eb8e82 |
+ if (*start == 'x') {
|
|
|
eb8e82 |
+ base = 16;
|
|
|
eb8e82 |
+ start++;
|
|
|
eb8e82 |
+ }
|
|
|
eb8e82 |
+
|
|
|
eb8e82 |
+ pound = g_ascii_strtoull(start, &end, base);
|
|
|
eb8e82 |
+ if (pound == 0 || pound > INT_MAX || *end != ';') {
|
|
|
eb8e82 |
+ return NULL;
|
|
|
eb8e82 |
+ }
|
|
|
eb8e82 |
+
|
|
|
eb8e82 |
+ len = (end - text) + 1;
|
|
|
eb8e82 |
+
|
|
|
eb8e82 |
+ buflen = g_unichar_to_utf8((gunichar)pound, buf);
|
|
|
eb8e82 |
buf[buflen] = '\0';
|
|
|
eb8e82 |
pln = buf;
|
|
|
eb8e82 |
-
|
|
|
eb8e82 |
- len = (*(text+2) == 'x' ? 3 : 2);
|
|
|
eb8e82 |
- while(isxdigit((gint) text[len])) len++;
|
|
|
eb8e82 |
- if(text[len] == ';') len++;
|
|
|
eb8e82 |
}
|
|
|
eb8e82 |
else
|
|
|
eb8e82 |
return NULL;
|
|
|
eb8e82 |
--
|
|
|
eb8e82 |
2.9.3
|
|
|
eb8e82 |
|