|
|
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/msg.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/msn/msg.c.CVE-2013-6482 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/msn/msg.c 2014-01-29 09:20:02.125156089 -0500
|
|
|
56fe68 |
@@ -178,6 +178,8 @@ msn_message_parse_payload(MsnMessage *ms
|
|
|
56fe68 |
g_free(tmp_base);
|
|
|
56fe68 |
g_return_if_reached();
|
|
|
56fe68 |
}
|
|
|
56fe68 |
+
|
|
|
56fe68 |
+ /* NUL-terminate the end of the headers - it'll get skipped over below */
|
|
|
56fe68 |
*end = '\0';
|
|
|
56fe68 |
|
|
|
56fe68 |
/* Split the headers and parse each one */
|
|
|
56fe68 |
@@ -195,10 +197,12 @@ msn_message_parse_payload(MsnMessage *ms
|
|
|
56fe68 |
|
|
|
56fe68 |
/* The only one I care about is 'boundary' (which is folded from
|
|
|
56fe68 |
the key 'Content-Type'), so only process that. */
|
|
|
56fe68 |
- if (!strcmp(key, "boundary")) {
|
|
|
56fe68 |
+ if (!strcmp(key, "boundary") && value) {
|
|
|
56fe68 |
char *end = strchr(value, '\"');
|
|
|
56fe68 |
- *end = '\0';
|
|
|
56fe68 |
- msn_message_set_header(msg, key, value);
|
|
|
56fe68 |
+ if (end) {
|
|
|
56fe68 |
+ *end = '\0';
|
|
|
56fe68 |
+ msn_message_set_header(msg, key, value);
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
}
|
|
|
56fe68 |
|
|
|
56fe68 |
g_strfreev(tokens);
|
|
|
56fe68 |
@@ -210,18 +214,15 @@ msn_message_parse_payload(MsnMessage *ms
|
|
|
56fe68 |
key = tokens[0];
|
|
|
56fe68 |
value = tokens[1];
|
|
|
56fe68 |
|
|
|
56fe68 |
- /*if not MIME content ,then return*/
|
|
|
56fe68 |
if (!strcmp(key, "MIME-Version"))
|
|
|
56fe68 |
{
|
|
|
56fe68 |
- g_strfreev(tokens);
|
|
|
56fe68 |
- continue;
|
|
|
56fe68 |
+ /* Ignore MIME-Version header */
|
|
|
56fe68 |
}
|
|
|
56fe68 |
-
|
|
|
56fe68 |
- if (!strcmp(key, "Content-Type"))
|
|
|
56fe68 |
+ else if (!strcmp(key, "Content-Type"))
|
|
|
56fe68 |
{
|
|
|
56fe68 |
char *charset, *c;
|
|
|
56fe68 |
|
|
|
56fe68 |
- if ((c = strchr(value, ';')) != NULL)
|
|
|
56fe68 |
+ if (value && (c = strchr(value, ';')) != NULL)
|
|
|
56fe68 |
{
|
|
|
56fe68 |
if ((charset = strchr(c, '=')) != NULL)
|
|
|
56fe68 |
{
|
|
|
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/oim.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/msn/oim.c.CVE-2013-6482 2014-01-29 09:20:03.696153312 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/msn/oim.c 2014-01-29 09:20:04.713151523 -0500
|
|
|
56fe68 |
@@ -362,11 +362,12 @@ msn_oim_send_read_cb(MsnSoapMessage *req
|
|
|
56fe68 |
if (faultcode) {
|
|
|
56fe68 |
char *faultcode_str = xmlnode_get_data(faultcode);
|
|
|
56fe68 |
|
|
|
56fe68 |
- if (g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
|
|
|
56fe68 |
+ if (faultcode_str && g_str_equal(faultcode_str, "q0:AuthenticationFailed")) {
|
|
|
56fe68 |
xmlnode *challengeNode = xmlnode_get_child(faultNode,
|
|
|
56fe68 |
"detail/LockKeyChallenge");
|
|
|
56fe68 |
+ char *challenge = NULL;
|
|
|
56fe68 |
|
|
|
56fe68 |
- if (challengeNode == NULL) {
|
|
|
56fe68 |
+ if (challengeNode == NULL || (challenge = xmlnode_get_data(challengeNode)) == NULL) {
|
|
|
56fe68 |
if (oim->challenge) {
|
|
|
56fe68 |
g_free(oim->challenge);
|
|
|
56fe68 |
oim->challenge = NULL;
|
|
|
56fe68 |
@@ -384,7 +385,6 @@ msn_oim_send_read_cb(MsnSoapMessage *req
|
|
|
56fe68 |
} else {
|
|
|
56fe68 |
char buf[33];
|
|
|
56fe68 |
|
|
|
56fe68 |
- char *challenge = xmlnode_get_data(challengeNode);
|
|
|
56fe68 |
msn_handle_chl(challenge, buf);
|
|
|
56fe68 |
|
|
|
56fe68 |
g_free(oim->challenge);
|
|
|
56fe68 |
@@ -400,22 +400,23 @@ msn_oim_send_read_cb(MsnSoapMessage *req
|
|
|
56fe68 |
}
|
|
|
56fe68 |
} else {
|
|
|
56fe68 |
/* Report the error */
|
|
|
56fe68 |
- const char *str_reason;
|
|
|
56fe68 |
+ const char *str_reason = NULL;
|
|
|
56fe68 |
|
|
|
56fe68 |
- if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
|
|
|
56fe68 |
- str_reason = _("Message was not sent because the system is "
|
|
|
56fe68 |
- "unavailable. This normally happens when the "
|
|
|
56fe68 |
- "user is blocked or does not exist.");
|
|
|
56fe68 |
-
|
|
|
56fe68 |
- } else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
|
|
|
56fe68 |
- str_reason = _("Message was not sent because messages "
|
|
|
56fe68 |
- "are being sent too quickly.");
|
|
|
56fe68 |
-
|
|
|
56fe68 |
- } else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
|
|
|
56fe68 |
- str_reason = _("Message was not sent because an unknown "
|
|
|
56fe68 |
- "encoding error occurred.");
|
|
|
56fe68 |
+ if (faultcode_str) {
|
|
|
56fe68 |
+ if (g_str_equal(faultcode_str, "q0:SystemUnavailable")) {
|
|
|
56fe68 |
+ str_reason = _("Message was not sent because the system is "
|
|
|
56fe68 |
+ "unavailable. This normally happens when the "
|
|
|
56fe68 |
+ "user is blocked or does not exist.");
|
|
|
56fe68 |
+ } else if (g_str_equal(faultcode_str, "q0:SenderThrottleLimitExceeded")) {
|
|
|
56fe68 |
+ str_reason = _("Message was not sent because messages "
|
|
|
56fe68 |
+ "are being sent too quickly.");
|
|
|
56fe68 |
+ } else if (g_str_equal(faultcode_str, "q0:InvalidContent")) {
|
|
|
56fe68 |
+ str_reason = _("Message was not sent because an unknown "
|
|
|
56fe68 |
+ "encoding error occurred.");
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
+ }
|
|
|
56fe68 |
|
|
|
56fe68 |
- } else {
|
|
|
56fe68 |
+ if (str_reason == NULL) {
|
|
|
56fe68 |
str_reason = _("Message was not sent because an unknown "
|
|
|
56fe68 |
"error occurred.");
|
|
|
56fe68 |
}
|
|
|
56fe68 |
diff -up pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482 pidgin-2.10.7/libpurple/protocols/msn/soap.c
|
|
|
56fe68 |
--- pidgin-2.10.7/libpurple/protocols/msn/soap.c.CVE-2013-6482 2013-02-11 04:16:52.000000000 -0500
|
|
|
56fe68 |
+++ pidgin-2.10.7/libpurple/protocols/msn/soap.c 2014-01-29 09:20:04.714151533 -0500
|
|
|
56fe68 |
@@ -304,21 +304,25 @@ msn_soap_handle_body(MsnSoapConnection *
|
|
|
56fe68 |
if (faultcode != NULL) {
|
|
|
56fe68 |
char *faultdata = xmlnode_get_data(faultcode);
|
|
|
56fe68 |
|
|
|
56fe68 |
- if (g_str_equal(faultdata, "psf:Redirect")) {
|
|
|
56fe68 |
+ if (faultdata && g_str_equal(faultdata, "psf:Redirect")) {
|
|
|
56fe68 |
xmlnode *url = xmlnode_get_child(fault, "redirectUrl");
|
|
|
56fe68 |
|
|
|
56fe68 |
if (url) {
|
|
|
56fe68 |
char *urldata = xmlnode_get_data(url);
|
|
|
56fe68 |
- msn_soap_handle_redirect(conn, urldata);
|
|
|
56fe68 |
+ if (urldata)
|
|
|
56fe68 |
+ msn_soap_handle_redirect(conn, urldata);
|
|
|
56fe68 |
g_free(urldata);
|
|
|
56fe68 |
}
|
|
|
56fe68 |
|
|
|
56fe68 |
g_free(faultdata);
|
|
|
56fe68 |
msn_soap_message_destroy(response);
|
|
|
56fe68 |
return TRUE;
|
|
|
56fe68 |
- } else if (g_str_equal(faultdata, "wsse:FailedAuthentication")) {
|
|
|
56fe68 |
+ } else if (faultdata && g_str_equal(faultdata, "wsse:FailedAuthentication")) {
|
|
|
56fe68 |
xmlnode *reason = xmlnode_get_child(fault, "faultstring");
|
|
|
56fe68 |
- char *reasondata = xmlnode_get_data(reason);
|
|
|
56fe68 |
+ char *reasondata = NULL;
|
|
|
56fe68 |
+
|
|
|
56fe68 |
+ if (reason)
|
|
|
56fe68 |
+ reasondata = xmlnode_get_data(reason);
|
|
|
56fe68 |
|
|
|
56fe68 |
msn_soap_connection_sanitize(conn, TRUE);
|
|
|
56fe68 |
msn_session_set_error(conn->session, MSN_ERROR_AUTH,
|