|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/libymsg.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/libymsg.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/libymsg.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/libymsg.c 2014-01-27 10:20:14.473648650 -0500
|
|
|
4133dc |
@@ -21,6 +21,12 @@
|
|
|
4133dc |
*
|
|
|
4133dc |
*/
|
|
|
4133dc |
|
|
|
4133dc |
+/*
|
|
|
4133dc |
+ * Note: When handling the list of struct yahoo_pair's from an incoming
|
|
|
4133dc |
+ * packet the value might not be UTF-8. You should either validate that
|
|
|
4133dc |
+ * it is UTF-8 using g_utf8_validate() or use yahoo_string_decode().
|
|
|
4133dc |
+ */
|
|
|
4133dc |
+
|
|
|
4133dc |
#include "internal.h"
|
|
|
4133dc |
|
|
|
4133dc |
#include "account.h"
|
|
|
4133dc |
@@ -592,14 +598,24 @@ static void yahoo_process_list_15(Purple
|
|
|
4133dc |
yd->current_list15_grp = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 7: /* buddy's s/n */
|
|
|
4133dc |
- g_free(temp);
|
|
|
4133dc |
- temp = g_strdup(purple_normalize(account, pair->value));
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ g_free(temp);
|
|
|
4133dc |
+ temp = g_strdup(purple_normalize(account, pair->value));
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 241: /* user on federated network */
|
|
|
4133dc |
fed = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 59: /* somebody told cookies come here too, but im not sure */
|
|
|
4133dc |
- yahoo_process_cookie(yd, pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ yahoo_process_cookie(yd, pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 317: /* Stealth Setting */
|
|
|
4133dc |
stealth = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -662,22 +678,42 @@ static void yahoo_process_list(PurpleCon
|
|
|
4133dc |
g_string_append(yd->tmp_serv_blist, pair->value);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 88:
|
|
|
4133dc |
- if (!yd->tmp_serv_ilist)
|
|
|
4133dc |
- yd->tmp_serv_ilist = g_string_new(pair->value);
|
|
|
4133dc |
- else
|
|
|
4133dc |
- g_string_append(yd->tmp_serv_ilist, pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ if (!yd->tmp_serv_ilist)
|
|
|
4133dc |
+ yd->tmp_serv_ilist = g_string_new(pair->value);
|
|
|
4133dc |
+ else
|
|
|
4133dc |
+ g_string_append(yd->tmp_serv_ilist, pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 89:
|
|
|
4133dc |
- yd->profiles = g_strsplit(pair->value, ",", -1);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ yd->profiles = g_strsplit(pair->value, ",", -1);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 59: /* cookies, yum */
|
|
|
4133dc |
- yahoo_process_cookie(yd, pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ yahoo_process_cookie(yd, pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case YAHOO_SERVICE_PRESENCE_PERM:
|
|
|
4133dc |
- if (!yd->tmp_serv_plist)
|
|
|
4133dc |
- yd->tmp_serv_plist = g_string_new(pair->value);
|
|
|
4133dc |
- else
|
|
|
4133dc |
- g_string_append(yd->tmp_serv_plist, pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ if (!yd->tmp_serv_plist)
|
|
|
4133dc |
+ yd->tmp_serv_plist = g_string_new(pair->value);
|
|
|
4133dc |
+ else
|
|
|
4133dc |
+ g_string_append(yd->tmp_serv_plist, pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -700,6 +736,12 @@ static void yahoo_process_list(PurpleCon
|
|
|
4133dc |
grp = yahoo_string_decode(gc, split[0], FALSE);
|
|
|
4133dc |
buddies = g_strsplit(split[1], ",", -1);
|
|
|
4133dc |
for (bud = buddies; bud && *bud; bud++) {
|
|
|
4133dc |
+ if (!g_utf8_validate(*bud, -1, NULL)) {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_list "
|
|
|
4133dc |
+ "got non-UTF-8 string for bud\n");
|
|
|
4133dc |
+ continue;
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+
|
|
|
4133dc |
norm_bud = g_strdup(purple_normalize(account, *bud));
|
|
|
4133dc |
f = yahoo_friend_find_or_new(gc, norm_bud);
|
|
|
4133dc |
|
|
|
4133dc |
@@ -794,14 +836,26 @@ static void yahoo_process_notify(PurpleC
|
|
|
4133dc |
|
|
|
4133dc |
while (l) {
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
- if (pair->key == 4 || pair->key == 1)
|
|
|
4133dc |
- from = pair->value;
|
|
|
4133dc |
+ if (pair->key == 4 || pair->key == 1) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ from = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_notify "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
if (pair->key == 49)
|
|
|
4133dc |
msg = pair->value;
|
|
|
4133dc |
if (pair->key == 13)
|
|
|
4133dc |
stat = pair->value;
|
|
|
4133dc |
- if (pair->key == 14)
|
|
|
4133dc |
- game = pair->value;
|
|
|
4133dc |
+ if (pair->key == 14) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ game = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_notify "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
if (pair->key == 11)
|
|
|
4133dc |
val_11 = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
if (pair->key == 241)
|
|
|
4133dc |
@@ -905,10 +959,15 @@ static void yahoo_process_sms_message(Pu
|
|
|
4133dc |
while (l != NULL) {
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
if (pair->key == 4) {
|
|
|
4133dc |
- sms = g_new0(struct _yahoo_im, 1);
|
|
|
4133dc |
- sms->from = g_strdup_printf("+%s", pair->value);
|
|
|
4133dc |
- sms->time = time(NULL);
|
|
|
4133dc |
- sms->utf8 = TRUE;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ sms = g_new0(struct _yahoo_im, 1);
|
|
|
4133dc |
+ sms->from = g_strdup_printf("+%s", pair->value);
|
|
|
4133dc |
+ sms->time = time(NULL);
|
|
|
4133dc |
+ sms->utf8 = TRUE;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_sms_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
}
|
|
|
4133dc |
if (pair->key == 14) {
|
|
|
4133dc |
if (sms)
|
|
|
4133dc |
@@ -917,8 +976,14 @@ static void yahoo_process_sms_message(Pu
|
|
|
4133dc |
if (pair->key == 68)
|
|
|
4133dc |
if(sms)
|
|
|
4133dc |
g_hash_table_insert(yd->sms_carrier, g_strdup(sms->from), g_strdup(pair->value));
|
|
|
4133dc |
- if (pair->key == 16)
|
|
|
4133dc |
- server_msg = pair->value;
|
|
|
4133dc |
+ if (pair->key == 16) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ server_msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_sms_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
}
|
|
|
4133dc |
|
|
|
4133dc |
@@ -972,13 +1037,18 @@ static void yahoo_process_message(Purple
|
|
|
4133dc |
while (l != NULL) {
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
if (pair->key == 4 || pair->key == 1) {
|
|
|
4133dc |
- im = g_new0(struct _yahoo_im, 1);
|
|
|
4133dc |
- list = g_slist_append(list, im);
|
|
|
4133dc |
- im->from = pair->value;
|
|
|
4133dc |
- im->time = time(NULL);
|
|
|
4133dc |
- im->utf8 = TRUE;
|
|
|
4133dc |
- im->fed = YAHOO_FEDERATION_NONE;
|
|
|
4133dc |
- im->fed_from = g_strdup(im->from);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ im = g_new0(struct _yahoo_im, 1);
|
|
|
4133dc |
+ list = g_slist_append(list, im);
|
|
|
4133dc |
+ im->from = pair->value;
|
|
|
4133dc |
+ im->time = time(NULL);
|
|
|
4133dc |
+ im->utf8 = TRUE;
|
|
|
4133dc |
+ im->fed = YAHOO_FEDERATION_NONE;
|
|
|
4133dc |
+ im->fed_from = g_strdup(im->from);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
}
|
|
|
4133dc |
if (im && pair->key == 5)
|
|
|
4133dc |
im->active_id = pair->value;
|
|
|
4133dc |
@@ -1034,7 +1104,7 @@ static void yahoo_process_message(Purple
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
/* IMV key */
|
|
|
4133dc |
- if (im && pair->key == 63)
|
|
|
4133dc |
+ if (im && pair->key == 63 && g_utf8_validate(pair->value, -1, NULL))
|
|
|
4133dc |
{
|
|
|
4133dc |
/* Check for the Doodle IMV, no IMvironment for federated buddies */
|
|
|
4133dc |
if (im->from != NULL && im->fed == YAHOO_FEDERATION_NONE)
|
|
|
4133dc |
@@ -1173,10 +1243,22 @@ static void yahoo_process_sysmessage(Pur
|
|
|
4133dc |
while (l) {
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
|
|
|
4133dc |
- if (pair->key == 5)
|
|
|
4133dc |
- me = pair->value;
|
|
|
4133dc |
- if (pair->key == 14)
|
|
|
4133dc |
- msg = pair->value;
|
|
|
4133dc |
+ if (pair->key == 5) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ me = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_sysmessage "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ if (pair->key == 14) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_sysmessage "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -1334,7 +1416,12 @@ static void yahoo_buddy_auth_req_15(Purp
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- temp = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ temp = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13:
|
|
|
4133dc |
response = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -1389,22 +1476,42 @@ static void yahoo_buddy_auth_req_15(Purp
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- temp = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ temp = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
- add_req->id = g_strdup(pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ add_req->id = g_strdup(pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14:
|
|
|
4133dc |
msg = pair->value;
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 216:
|
|
|
4133dc |
- firstname = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ firstname = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 241:
|
|
|
4133dc |
add_req->fed = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 254:
|
|
|
4133dc |
- lastname = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ lastname = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_auth_req_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -1485,10 +1592,20 @@ static void yahoo_buddy_added_us(PurpleC
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 1:
|
|
|
4133dc |
- add_req->id = g_strdup(pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ add_req->id = g_strdup(pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_added_us "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 3:
|
|
|
4133dc |
- add_req->who = g_strdup(pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ add_req->who = g_strdup(pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_added_us "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 15: /* time, for when they add us and we're offline */
|
|
|
4133dc |
break;
|
|
|
4133dc |
@@ -1540,10 +1657,20 @@ static void yahoo_buddy_denied_our_add_o
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 3:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14:
|
|
|
4133dc |
- msg = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_buddy_denied_our_add_old "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
@@ -1640,12 +1767,28 @@ static void yahoo_process_mail(PurpleCon
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
if (pair->key == 9)
|
|
|
4133dc |
count = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
- else if (pair->key == 43)
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
- else if (pair->key == 42)
|
|
|
4133dc |
- email = pair->value;
|
|
|
4133dc |
- else if (pair->key == 18)
|
|
|
4133dc |
- subj = pair->value;
|
|
|
4133dc |
+ else if (pair->key == 43) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_mail "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ } else if (pair->key == 42) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ email = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_mail "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ } else if (pair->key == 18) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ subj = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_mail "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
}
|
|
|
4133dc |
|
|
|
4133dc |
@@ -2075,10 +2218,22 @@ static void yahoo_process_auth(PurpleCon
|
|
|
4133dc |
|
|
|
4133dc |
while (l) {
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
- if (pair->key == 94)
|
|
|
4133dc |
- seed = pair->value;
|
|
|
4133dc |
- if (pair->key == 1)
|
|
|
4133dc |
- sn = pair->value;
|
|
|
4133dc |
+ if (pair->key == 94) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ seed = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_auth "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ if (pair->key == 1) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ sn = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_auth "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
if (pair->key == 13)
|
|
|
4133dc |
m = atoi(pair->value);
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
@@ -2150,10 +2305,20 @@ static void yahoo_process_ignore(PurpleC
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 0:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_ignore "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 1:
|
|
|
4133dc |
- me = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ me = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_ignore "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13:
|
|
|
4133dc |
/* 1 == ignore, 2 == unignore */
|
|
|
4133dc |
@@ -2222,8 +2387,14 @@ static void yahoo_process_authresp(Purpl
|
|
|
4133dc |
|
|
|
4133dc |
if (pair->key == 66)
|
|
|
4133dc |
err = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
- else if (pair->key == 20)
|
|
|
4133dc |
- url = pair->value;
|
|
|
4133dc |
+ else if (pair->key == 20) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_authresp "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
|
|
|
4133dc |
l = l->next;
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -2311,7 +2482,12 @@ static void yahoo_process_addbuddy(Purpl
|
|
|
4133dc |
err = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 7:
|
|
|
4133dc |
- temp = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ temp = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_addbuddy "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 65:
|
|
|
4133dc |
group = pair->value;
|
|
|
4133dc |
@@ -2468,11 +2644,16 @@ static void yahoo_p2p_process_p2pfilexfe
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
- if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
|
|
|
4133dc |
- /* from whom are we receiving the packets ?? */
|
|
|
4133dc |
- purple_debug_warning("yahoo","p2p: received data from wrong user\n");
|
|
|
4133dc |
- return;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ if(strncmp(who, p2p_data->host_username, strlen(p2p_data->host_username)) != 0) {
|
|
|
4133dc |
+ /* from whom are we receiving the packets ?? */
|
|
|
4133dc |
+ purple_debug_warning("yahoo","p2p: received data from wrong user\n");
|
|
|
4133dc |
+ return;
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_p2p_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
}
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13:
|
|
|
4133dc |
@@ -2841,15 +3022,25 @@ static void yahoo_process_p2p(PurpleConn
|
|
|
4133dc |
/* our identity */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2p "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 1:
|
|
|
4133dc |
/* who again, the master identity this time? */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 12:
|
|
|
4133dc |
- base64 = pair->value;
|
|
|
4133dc |
- /* so, this is an ip address. in base64. decoded it's in ascii.
|
|
|
4133dc |
- after strtol, it's in reversed byte order. Who thought this up?*/
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ base64 = pair->value;
|
|
|
4133dc |
+ /* so, this is an ip address. in base64. decoded it's in ascii.
|
|
|
4133dc |
+ after strtol, it's in reversed byte order. Who thought this up?*/
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2p "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13:
|
|
|
4133dc |
val_13 = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -2938,7 +3129,12 @@ static void yahoo_process_audible(Purple
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_audible "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
/* us */
|
|
|
4133dc |
@@ -2946,11 +3142,21 @@ static void yahoo_process_audible(Purple
|
|
|
4133dc |
case 230:
|
|
|
4133dc |
/* the audible, in foo.locale.bar.baz format
|
|
|
4133dc |
eg: base.tw.smiley.smiley43 */
|
|
|
4133dc |
- id = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ id = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_audible "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 231:
|
|
|
4133dc |
/* the text of the audible */
|
|
|
4133dc |
- msg = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_audible "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 232:
|
|
|
4133dc |
/* SHA-1 hash of audible SWF file (eg: 4e8691499d9c0fb8374478ff9720f4a9ea4a4915) */
|
|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_aliases.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_aliases.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_aliases.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_aliases.c 2014-01-27 10:20:14.473648650 -0500
|
|
|
4133dc |
@@ -696,8 +696,14 @@ void yahoo_process_contact_details(Purpl
|
|
|
4133dc |
struct yahoo_pair *pair = l->data;
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value; /* This is the person who sent us the details.
|
|
|
4133dc |
- But not necessarily about himself. */
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ /* This is the person who sent us the details.
|
|
|
4133dc |
+ But not necessarily about himself. */
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_contact_details "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
break;
|
|
|
4133dc |
@@ -709,8 +715,13 @@ void yahoo_process_contact_details(Purpl
|
|
|
4133dc |
and look into the xml instead to see who the information is about. */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 280:
|
|
|
4133dc |
- xml = pair->value;
|
|
|
4133dc |
- parse_contact_details(yd, who, xml);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xml = pair->value;
|
|
|
4133dc |
+ parse_contact_details(yd, who, xml);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_contact_details "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_filexfer.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_filexfer.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_filexfer.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_filexfer.c 2014-01-27 10:20:14.474648740 -0500
|
|
|
4133dc |
@@ -749,25 +749,60 @@ void yahoo_process_p2pfilexfer(PurpleCon
|
|
|
4133dc |
|
|
|
4133dc |
switch(pair->key) {
|
|
|
4133dc |
case 5: /* Get who the packet is for */
|
|
|
4133dc |
- me = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ me = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 4: /* Get who the packet is from */
|
|
|
4133dc |
- from = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ from = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 49: /* Get the type of service */
|
|
|
4133dc |
- service = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ service = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14: /* Get the 'message' of the packet */
|
|
|
4133dc |
- message = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ message = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13: /* Get the command associated with this packet */
|
|
|
4133dc |
- command = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ command = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 63: /* IMVironment name and version */
|
|
|
4133dc |
- imv = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ imv = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 64: /* Not sure, but it does vary with initialization of Doodle */
|
|
|
4133dc |
- unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ unknown = pair->value; /* So, I'll keep it (for a little while atleast) */
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_p2pfilexfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
|
|
|
4133dc |
@@ -813,16 +848,36 @@ void yahoo_process_filetransfer(PurpleCo
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- from = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ from = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
- to = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ to = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14:
|
|
|
4133dc |
- msg = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 20:
|
|
|
4133dc |
- url = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 38:
|
|
|
4133dc |
expires = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -834,10 +889,20 @@ void yahoo_process_filetransfer(PurpleCo
|
|
|
4133dc |
filesize = atol(pair->value);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 49:
|
|
|
4133dc |
- service = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ service = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 63:
|
|
|
4133dc |
- imv = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ imv = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetransfer "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -1616,20 +1681,40 @@ void yahoo_process_filetrans_15(PurpleCo
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- from = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ from = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
- to = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ to = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 265:
|
|
|
4133dc |
- xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 27:
|
|
|
4133dc |
filename_list = g_slist_prepend(filename_list, g_strdup(pair->value));
|
|
|
4133dc |
nooffiles++;
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 28:
|
|
|
4133dc |
- size_list = g_slist_prepend(size_list, g_strdup(pair->value));
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ size_list = g_slist_prepend(size_list, g_strdup(pair->value));
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 222:
|
|
|
4133dc |
val_222 = atol(pair->value);
|
|
|
4133dc |
@@ -1638,10 +1723,20 @@ void yahoo_process_filetrans_15(PurpleCo
|
|
|
4133dc |
|
|
|
4133dc |
/* check for p2p and imviron .... not sure it comes by this service packet. Since it was bundled with filexfer in old ymsg version, still keeping it. */
|
|
|
4133dc |
case 49:
|
|
|
4133dc |
- service = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ service = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 63:
|
|
|
4133dc |
- imv = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ imv = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
/* end check */
|
|
|
4133dc |
|
|
|
4133dc |
@@ -1803,7 +1898,12 @@ void yahoo_process_filetrans_info_15(Pur
|
|
|
4133dc |
to = pair->value;
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 265:
|
|
|
4133dc |
- xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 27:
|
|
|
4133dc |
filename = pair->value;
|
|
|
4133dc |
@@ -1816,10 +1916,20 @@ void yahoo_process_filetrans_info_15(Pur
|
|
|
4133dc |
/* 249 has value 1 or 2 when doing p2p transfer and value 3 when relaying through yahoo server */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 250:
|
|
|
4133dc |
- url = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 251:
|
|
|
4133dc |
- xfer_idstring_for_relay = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xfer_idstring_for_relay = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_info_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -1902,10 +2012,20 @@ void yahoo_process_filetrans_acc_15(Purp
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 251:
|
|
|
4133dc |
- xfer_idstring_for_relay = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xfer_idstring_for_relay = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 265:
|
|
|
4133dc |
- xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ xfer_peer_idstring = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 66:
|
|
|
4133dc |
val_66 = atol(pair->value);
|
|
|
4133dc |
@@ -1914,7 +2034,13 @@ void yahoo_process_filetrans_acc_15(Purp
|
|
|
4133dc |
val_249 = atol(pair->value);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 250:
|
|
|
4133dc |
- url = pair->value; /* we get a p2p url here when sending file, connected as client */
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ /* we get a p2p url here when sending file, connected as client */
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_filetrans_acc_15 "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_friend.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_friend.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_friend.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_friend.c 2014-01-27 10:20:14.474648740 -0500
|
|
|
4133dc |
@@ -158,7 +158,12 @@ void yahoo_process_presence(PurpleConnec
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 7:
|
|
|
4133dc |
- temp = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ temp = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_presence "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 31:
|
|
|
4133dc |
value = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_picture.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_picture.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_picture.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/yahoo_picture.c 2014-01-27 10:20:14.475648826 -0500
|
|
|
4133dc |
@@ -84,10 +84,20 @@ void yahoo_process_picture(PurpleConnect
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 1:
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_picture "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
- us = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ us = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_picture "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13: {
|
|
|
4133dc |
int tmp;
|
|
|
4133dc |
@@ -100,7 +110,12 @@ void yahoo_process_picture(PurpleConnect
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
case 20:
|
|
|
4133dc |
- url = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_picture "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 192:
|
|
|
4133dc |
checksum = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -154,7 +169,12 @@ void yahoo_process_picture_checksum(Purp
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_picture_checksum "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
/* us */
|
|
|
4133dc |
@@ -197,7 +217,12 @@ void yahoo_process_picture_upload(Purple
|
|
|
4133dc |
/* filename on our computer. */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 20: /* url at yahoo */
|
|
|
4133dc |
- url = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ url = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_picture_upload "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
case 38: /* timestamp */
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -225,7 +250,12 @@ void yahoo_process_avatar_update(PurpleC
|
|
|
4133dc |
|
|
|
4133dc |
switch (pair->key) {
|
|
|
4133dc |
case 4:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_avatar_upload "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 5:
|
|
|
4133dc |
/* us */
|
|
|
4133dc |
diff -up pidgin-2.10.7/libpurple/protocols/yahoo/yahoochat.c.CVE-2012-6152 pidgin-2.10.7/libpurple/protocols/yahoo/yahoochat.c
|
|
|
4133dc |
--- pidgin-2.10.7/libpurple/protocols/yahoo/yahoochat.c.CVE-2012-6152 2013-02-11 04:16:52.000000000 -0500
|
|
|
4133dc |
+++ pidgin-2.10.7/libpurple/protocols/yahoo/yahoochat.c 2014-01-27 10:20:14.475648826 -0500
|
|
|
4133dc |
@@ -156,15 +156,25 @@ void yahoo_process_conference_invite(Pur
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 50: /* inviter */
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
- g_string_append_printf(members, "%s\n", who);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ g_string_append_printf(members, "%s\n", who);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_invite "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 51: /* This user is being invited to the conference. Comes with status = 11, so we wont reach here */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 52: /* Invited users. Assuming us invited, since we got this packet */
|
|
|
4133dc |
break; /* break needed, or else we add the users to the conference before they accept the invitation */
|
|
|
4133dc |
case 53: /* members who have already joined the conference */
|
|
|
4133dc |
- g_string_append_printf(members, "%s\n", pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ g_string_append_printf(members, "%s\n", pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_invite "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 58:
|
|
|
4133dc |
g_free(msg);
|
|
|
4133dc |
@@ -220,7 +230,12 @@ void yahoo_process_conference_decline(Pu
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 54:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_decline "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14:
|
|
|
4133dc |
g_free(msg);
|
|
|
4133dc |
@@ -277,7 +292,12 @@ void yahoo_process_conference_logon(Purp
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 53:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_logon "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -309,7 +329,12 @@ void yahoo_process_conference_logoff(Pur
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 56:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_logoff "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
}
|
|
|
4133dc |
}
|
|
|
4133dc |
@@ -340,7 +365,12 @@ void yahoo_process_conference_message(Pu
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 3:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_conference_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 14:
|
|
|
4133dc |
msg = pair->value;
|
|
|
4133dc |
@@ -506,18 +536,38 @@ void yahoo_process_chat_join(PurpleConne
|
|
|
4133dc |
topic = yahoo_string_decode(gc, pair->value, TRUE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 128:
|
|
|
4133dc |
- someid = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ someid = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_join "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 108: /* number of joiners */
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 129:
|
|
|
4133dc |
- someotherid = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ someotherid = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_join "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 130:
|
|
|
4133dc |
- somebase64orhashosomething = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ somebase64orhashosomething = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_join "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 126:
|
|
|
4133dc |
- somenegativenumber = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ somenegativenumber = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_join "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 13: /* this is 1. maybe its the type of room? (normal, user created, private, etc?) */
|
|
|
4133dc |
break;
|
|
|
4133dc |
@@ -528,7 +578,12 @@ void yahoo_process_chat_join(PurpleConne
|
|
|
4133dc |
info about individual room members, (including us) */
|
|
|
4133dc |
|
|
|
4133dc |
case 109: /* the yahoo id */
|
|
|
4133dc |
- members = g_list_append(members, pair->value);
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ members = g_list_append(members, pair->value);
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_join "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 110: /* age */
|
|
|
4133dc |
break;
|
|
|
4133dc |
@@ -625,8 +680,14 @@ void yahoo_process_chat_exit(PurpleConne
|
|
|
4133dc |
g_free(room);
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, TRUE);
|
|
|
4133dc |
}
|
|
|
4133dc |
- if (pair->key == 109)
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (pair->key == 109) {
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_exit "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
+ }
|
|
|
4133dc |
}
|
|
|
4133dc |
|
|
|
4133dc |
if (who && room) {
|
|
|
4133dc |
@@ -658,10 +719,20 @@ void yahoo_process_chat_message(PurpleCo
|
|
|
4133dc |
room = yahoo_string_decode(gc, pair->value, TRUE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 109:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 117:
|
|
|
4133dc |
- msg = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ msg = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_message "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 124:
|
|
|
4133dc |
msgtype = strtol(pair->value, NULL, 10);
|
|
|
4133dc |
@@ -724,7 +795,12 @@ void yahoo_process_chat_addinvite(Purple
|
|
|
4133dc |
msg = yahoo_string_decode(gc, pair->value, FALSE);
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 119:
|
|
|
4133dc |
- who = pair->value;
|
|
|
4133dc |
+ if (g_utf8_validate(pair->value, -1, NULL)) {
|
|
|
4133dc |
+ who = pair->value;
|
|
|
4133dc |
+ } else {
|
|
|
4133dc |
+ purple_debug_warning("yahoo", "yahoo_process_chat_addinvite "
|
|
|
4133dc |
+ "got non-UTF-8 string for key %d\n", pair->key);
|
|
|
4133dc |
+ }
|
|
|
4133dc |
break;
|
|
|
4133dc |
case 118: /* us */
|
|
|
4133dc |
break;
|